From nobody Sun May 12 10:48:15 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=oss.nttdata.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1708322683044988.5094179321494;
 Sun, 18 Feb 2024 22:04:43 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 4598E1D16; Mon, 19 Feb 2024 01:04:41 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 0AA261C0B;
	Mon, 19 Feb 2024 01:02:52 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 0E5821C54; Mon, 19 Feb 2024 01:02:46 -0500 (EST)
Received: from oss.nttdata.com (oss.nttdata.com [49.212.34.109])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 85C7D190F
	for <devel@lists.libvirt.org>; Mon, 19 Feb 2024 01:02:44 -0500 (EST)
Received: from fedora.. (fp5ccbe197.tkyc401.ap.nuro.jp [92.203.225.151])
	by oss.nttdata.com (Postfix) with ESMTPSA id ED21E60830;
	Mon, 19 Feb 2024 14:55:37 +0900 (JST)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-Greylist: delayed 424 seconds by postgrey-1.37 at lists.libvirt.org;
 Mon, 19 Feb 2024 01:02:44 EST
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at oss.nttdata.com
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
To: devel@lists.libvirt.org
Subject: [PATCH 1/1] Expose available AMD SEV models in domain capabilities
Date: Mon, 19 Feb 2024 14:55:00 +0900
Message-ID: <20240219055529.776371-2-kajinamit@oss.nttdata.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240219055529.776371-1-kajinamit@oss.nttdata.com>
References: <20240219055529.776371-1-kajinamit@oss.nttdata.com>
MIME-Version: 1.0
Message-ID-Hash: IMHJ77PXC6EV3JMWL6SRSAF3LVCEQWGM
X-Message-ID-Hash: IMHJ77PXC6EV3JMWL6SRSAF3LVCEQWGM
X-MailFrom: kajinamit@oss.nttdata.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
CC: Takashi Kajinami <kajinamit@oss.nttdata.com>
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/IMHJ77PXC6EV3JMWL6SRSAF3LVCEQWGM/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1708322683618100001

This introduces the new "model" field in sev elements, returned by
domain capabilities API, so that client can ensure SEV-ES is available
in this hypervisor.

Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
---
 src/conf/domain_capabilities.c |  2 +
 src/conf/domain_capabilities.h |  1 +
 src/conf/domain_conf.c         |  7 +++
 src/conf/domain_conf.h         |  8 ++++
 src/qemu/qemu_capabilities.c   | 78 ++++++++++++++++++++++++----------
 5 files changed, 74 insertions(+), 22 deletions(-)

diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 68eb3c9797..26d9b0a21c 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -654,6 +654,8 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
     if (sev->cpu0_id !=3D NULL)
         virBufferAsprintf(buf, "<cpu0Id>%s</cpu0Id>\n", sev->cpu0_id);
=20
+    ENUM_PROCESS(sev, model, virDomainSevModelTypeToString);
+
     virBufferAdjustIndent(buf, -2);
     virBufferAddLit(buf, "</sev>\n");
 }
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index fadc30cdd7..1a84ea6101 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -213,6 +213,7 @@ struct _virSEVCapability {
     unsigned int reduced_phys_bits;
     unsigned int max_guests;
     unsigned int max_es_guests;
+    virDomainCapsEnum model;
 };
=20
 typedef struct _virSGXSection virSGXSection;
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3597959e33..cf0077d584 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1509,6 +1509,13 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
               "s390-pv",
 );
=20
+VIR_ENUM_IMPL(virDomainSevModel,
+              VIR_DOMAIN_SEV_MODEL_LAST,
+              "",
+              "sev",
+              "sev-es",
+);
+
 typedef enum {
     VIR_DOMAIN_NET_VHOSTUSER_MODE_NONE,
     VIR_DOMAIN_NET_VHOSTUSER_MODE_CLIENT,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index c7e5005b3b..a06fde1032 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2854,6 +2854,13 @@ typedef enum {
     VIR_DOMAIN_LAUNCH_SECURITY_LAST,
 } virDomainLaunchSecurity;
=20
+typedef enum {
+    VIR_DOMAIN_SEV_MODEL_NONE,
+    VIR_DOMAIN_SEV_MODEL_SEV,
+    VIR_DOMAIN_SEV_MODEL_SEV_ES,
+
+    VIR_DOMAIN_SEV_MODEL_LAST,
+} virDomainSevModel;
=20
 struct _virDomainSEVDef {
     char *dh_cert;
@@ -4237,6 +4244,7 @@ VIR_ENUM_DECL(virDomainCryptoType);
 VIR_ENUM_DECL(virDomainCryptoBackend);
 VIR_ENUM_DECL(virDomainShmemModel);
 VIR_ENUM_DECL(virDomainShmemRole);
+VIR_ENUM_DECL(virDomainSevModel);
 VIR_ENUM_DECL(virDomainLaunchSecurity);
 /* from libvirt.h */
 VIR_ENUM_DECL(virDomainState);
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index e383d85920..22c9fcae6a 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3402,6 +3402,60 @@ virQEMUCapsGetSEVMaxGuests(virSEVCapability *caps)
     }
 }
=20
+
+/*
+ * Check whether AMD Secure Encrypted Virtualization (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestSEV(void)
+{
+    g_autofree char *modValue =3D NULL;
+
+    if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/=
sev") < 0)
+        return false;
+
+    if (modValue[0] !=3D '1' && modValue[0] !=3D 'Y' && modValue[0] !=3D '=
y')
+        return false;
+
+    if (virFileExists(QEMU_DEV_SEV))
+        return true;
+
+    return false;
+}
+
+
+/*
+ * Check whether AMD Secure Encrypted Virtualization-Encrypted State (x86)=
 is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestSEVES(void)
+{
+    g_autofree char *modValue =3D NULL;
+
+    if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/=
sev_es") < 0)
+        return false;
+
+    if (modValue[0] !=3D '1' && modValue[0] !=3D 'Y' && modValue[0] !=3D '=
y')
+        return false;
+
+    if (virFileExists(QEMU_DEV_SEV))
+        return true;
+
+    return false;
+}
+
+
+static void
+virQEMUCapsGetSEVModels(virSEVCapability *caps)
+{
+    if (virQEMUCapsKVMSupportsSecureGuestSEV())
+        VIR_DOMAIN_CAPS_ENUM_SET(caps->model, VIR_DOMAIN_SEV_MODEL_SEV);
+
+    if (virQEMUCapsKVMSupportsSecureGuestSEVES())
+        VIR_DOMAIN_CAPS_ENUM_SET(caps->model, VIR_DOMAIN_SEV_MODEL_SEV_ES);
+}
+
+
 static int
 virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuCaps,
                                    qemuMonitor *mon)
@@ -3422,6 +3476,7 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuC=
aps,
     }
=20
     virQEMUCapsGetSEVMaxGuests(caps);
+    virQEMUCapsGetSEVModels(caps);
=20
     virSEVCapabilitiesFree(qemuCaps->sevCapabilities);
     qemuCaps->sevCapabilities =3D caps;
@@ -5038,27 +5093,6 @@ virQEMUCapsKVMSupportsSecureGuestS390(void)
 }
=20
=20
-/*
- * Check whether AMD Secure Encrypted Virtualization (x86) is enabled
- */
-static bool
-virQEMUCapsKVMSupportsSecureGuestAMD(void)
-{
-    g_autofree char *modValue =3D NULL;
-
-    if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/=
sev") < 0)
-        return false;
-
-    if (modValue[0] !=3D '1' && modValue[0] !=3D 'Y' && modValue[0] !=3D '=
y')
-        return false;
-
-    if (virFileExists(QEMU_DEV_SEV))
-        return true;
-
-    return false;
-}
-
-
 /*
  * Check whether the secure guest functionality is enabled.
  * See the specific architecture function for details on the verifications=
 made.
@@ -5072,7 +5106,7 @@ virQEMUCapsKVMSupportsSecureGuest(void)
         return virQEMUCapsKVMSupportsSecureGuestS390();
=20
     if (ARCH_IS_X86(arch))
-        return virQEMUCapsKVMSupportsSecureGuestAMD();
+        return virQEMUCapsKVMSupportsSecureGuestSEV();
=20
     return false;
 }
--=20
2.43.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org