From nobody Fri May 17 03:54:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1651133247670467.0186289592357; Thu, 28 Apr 2022 01:07:27 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-37-Yj-8T1rQMmuMxbty_2_nOQ-1; Thu, 28 Apr 2022 04:07:23 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6268529DD9B5; Thu, 28 Apr 2022 08:07:21 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E0B03C28131; Thu, 28 Apr 2022 08:07:16 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 826741947047; Thu, 28 Apr 2022 08:07:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 4F8321947041 for ; Wed, 27 Apr 2022 19:57:18 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 2BD9F414A7E9; Wed, 27 Apr 2022 19:57:18 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 25661414A7E7 for ; Wed, 27 Apr 2022 19:57:18 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0C3C0185A7A4 for ; Wed, 27 Apr 2022 19:57:18 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-27-yVUA8MqmMSymlLdPGoU62A-1; Wed, 27 Apr 2022 15:57:16 -0400 Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 23RH8d5l029573 for ; Wed, 27 Apr 2022 19:57:15 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3fq7w5p6ws-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 27 Apr 2022 19:57:14 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 23RJqX9r001540 for ; Wed, 27 Apr 2022 19:57:13 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma03wdc.us.ibm.com with ESMTP id 3fm939pch4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 27 Apr 2022 19:57:13 +0000 Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com [9.57.199.107]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 23RJvCCt31129988 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 27 Apr 2022 19:57:13 GMT Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DA664124054; Wed, 27 Apr 2022 19:57:12 +0000 (GMT) Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C1407124053; Wed, 27 Apr 2022 19:57:12 +0000 (GMT) Received: from amdrome3.watson.ibm.com (unknown [9.2.130.16]) by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 27 Apr 2022 19:57:12 +0000 (GMT) X-MC-Unique: Yj-8T1rQMmuMxbty_2_nOQ-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: yVUA8MqmMSymlLdPGoU62A-1 From: Niteesh Dubey To: libvir-list@redhat.com Subject: [PATCH] Support cpu0-id of Qemu QMP query-sev-capabilities Date: Wed, 27 Apr 2022 19:57:12 +0000 Message-Id: <20220427195712.3747108-1-niteesh@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ddDSG6h2rWUBCrAIQx2mpwEMdj8wgMpY X-Proofpoint-GUID: ddDSG6h2rWUBCrAIQx2mpwEMdj8wgMpY X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-27_04,2022-04-27_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 mlxlogscore=999 priorityscore=1501 bulkscore=0 clxscore=1011 lowpriorityscore=0 malwarescore=0 phishscore=0 suspectscore=0 mlxscore=0 adultscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2204270120 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-Mailman-Approved-At: Thu, 28 Apr 2022 08:07:15 +0000 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dbuono@linux.ibm.com, dovmurik@linux.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1651133249917100001 Content-Type: text/plain; charset="utf-8"; x-default="true" It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP command query-sev-capabilities as implemented by the Qemu Patch [1] which is merged to Qemu master branch and should be available with Qemu 7.1. This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD system from AMD's Key Distribution Service (KDS). Similar to cbitpos, reducedPhysBits, maxGuests & maxESGuests; the value of cpu0-id is also provided using 'virsh domcapability'. [1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.= com/ Signed-off-by: Niteesh Dubey Reviewed-by: Daniel P. Berrang=C3=A9 --- include/libvirt/libvirt-host.h | 11 +++++++++++ src/conf/domain_capabilities.c | 4 ++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 12 ++++++++++++ src/qemu/qemu_driver.c | 5 +++++ src/qemu/qemu_monitor_json.c | 6 ++++++ 6 files changed, 39 insertions(+) diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index b5cf8a4a4a..d35abbd9aa 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr; */ # define VIR_NODE_SEV_CERT_CHAIN "cert-chain" =20 +/** + * VIR_NODE_SEV_CPU0_ID: + * + * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve + * the signed CEK of the CPU from AMD's Key Distribution Service (KDS), + * as VIR_TYPED_PARAMS_STRING. + * + * Since: v8.3.1 + */ +# define VIR_NODE_SEV_CPU0_ID "cpu0-id" + /** * VIR_NODE_SEV_CBITPOS: * diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index c394a7a390..2a888da1a9 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -601,6 +601,10 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf, sev->max_guests); virBufferAsprintf(buf, "%d\n", sev->max_es_guests); + if (sev->cpu0_id !=3D NULL) { + virBufferAsprintf(buf, "%s\n", + sev->cpu0_id); + } virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "\n"); } diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 1d2f4ac7a5..f2eed80b15 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -185,6 +185,7 @@ typedef struct _virSEVCapability virSEVCapability; struct _virSEVCapability { char *pdh; char *cert_chain; + char *cpu0_id; unsigned int cbitpos; unsigned int reduced_phys_bits; unsigned int max_guests; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b91db851bb..2d3165e74a 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -1957,6 +1957,9 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst, =20 tmp->pdh =3D g_strdup(src->pdh); tmp->cert_chain =3D g_strdup(src->cert_chain); + if (src->cpu0_id !=3D NULL) { + tmp->cpu0_id =3D g_strdup(src->cpu0_id); + } =20 tmp->cbitpos =3D src->cbitpos; tmp->reduced_phys_bits =3D src->reduced_phys_bits; @@ -4693,6 +4696,11 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virB= uffer *buf) virBufferEscapeString(buf, "%s\n", sev->pdh); virBufferEscapeString(buf, "%s\n", sev->cert_chain); + if (sev->cpu0_id !=3D NULL) { + virBufferEscapeString(buf, "%s\n", + sev->cpu0_id); + } + virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "\n"); } @@ -6478,6 +6486,10 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCaps *qem= uCaps, =20 domCaps->sev->pdh =3D g_strdup(cap->pdh); domCaps->sev->cert_chain =3D g_strdup(cap->cert_chain); + if (cap->cpu0_id !=3D NULL) { + domCaps->sev->cpu0_id =3D g_strdup(cap->cpu0_id); + } + domCaps->sev->cbitpos =3D cap->cbitpos; domCaps->sev->reduced_phys_bits =3D cap->reduced_phys_bits; domCaps->sev->max_guests =3D cap->max_guests; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ee0963c30d..464c080409 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -19861,6 +19861,11 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps, VIR_NODE_SEV_CERT_CHAIN, sev->cert_chain) = < 0) goto cleanup; =20 + if ((sev->cpu0_id !=3D NULL) && + (virTypedParamsAddString(&sevParams, &n, &maxpar, + VIR_NODE_SEV_CPU0_ID, sev->cpu0_id) < 0)) + goto cleanup; + if (virTypedParamsAddUInt(&sevParams, &n, &maxpar, VIR_NODE_SEV_CBITPOS, sev->cbitpos) < 0) goto cleanup; diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 776f4ab2ea..9e611e93e8 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6400,6 +6400,7 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, virJSONValue *caps; const char *pdh =3D NULL; const char *cert_chain =3D NULL; + const char *cpu0_id =3D NULL; unsigned int cbitpos; unsigned int reduced_phys_bits; g_autoptr(virSEVCapability) capability =3D NULL; @@ -6457,6 +6458,11 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, =20 capability->cert_chain =3D g_strdup(cert_chain); =20 + cpu0_id =3D virJSONValueObjectGetString(caps, "cpu0-id"); + if (cpu0_id !=3D NULL) { + capability->cpu0_id =3D g_strdup(cpu0_id); + } + capability->cbitpos =3D cbitpos; capability->reduced_phys_bits =3D reduced_phys_bits; *capabilities =3D g_steal_pointer(&capability); --=20 2.25.1