From nobody Sun Feb 8 20:09:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639154919; cv=none; d=zohomail.com; s=zohoarc; b=W+BXjtU66t2NqFrEMuMvJR3hRN5kZfUou7jelofsn/vxxS6+fHPyB2HqBwanK5sMoPyzqkaGIhVz3ERCWopE6f3b8MQYFQwpIMN0uL1Ts/+gMs5P+IHhQbP1aqZOFvFJhaE3C1zpwv96Kuf2L+/Mde9Pz4rmy/xD8S60EdDt6VY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639154919; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ePj7wwJqYB9Lo9YL885Vb3E/k/F1zYUSWpsIhmNRv3k=; b=nmIxZbxcP1pzdanI8ow0nLTssDB6LHwD1CqGm2+QLqJFIr81dlqW8+TaBg7zZD7Sv2DTVrxMXpp1J4Y3pc43Dv1RwBBkN5yApJj9ipT+OuLNOjCZPVz+OXVAcp26xDGky8LerjQR01D7csUceVEK3mrWAIj6aMrVYrjvyaGlrwI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1639154919614796.6378139925458; Fri, 10 Dec 2021 08:48:39 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-369-kSPM0fS4OlenzbhlniNTiQ-1; Fri, 10 Dec 2021 11:48:34 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EC7B581CCFF; Fri, 10 Dec 2021 16:48:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2903F100EBAD; Fri, 10 Dec 2021 16:48:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3963718048A7; Fri, 10 Dec 2021 16:48:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BAGmQWn020214 for ; Fri, 10 Dec 2021 11:48:26 -0500 Received: by smtp.corp.redhat.com (Postfix) id 01FDD1017CF5; Fri, 10 Dec 2021 16:48:26 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.39.193.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 32B1F10114AE; Fri, 10 Dec 2021 16:47:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639154918; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ePj7wwJqYB9Lo9YL885Vb3E/k/F1zYUSWpsIhmNRv3k=; b=Lruoz8T6mvqd30n0j2g5dhDFwvw+LcbD+ZnnGcvVuNx2B6T59GLtW2xPTe8+iES1Ffk3qz FRGdCM3+Bl6GBmlP8POckvglSjVelps8Ib+nNPYGACTkFooznYBuN0iv6o2pbflo0V792h LX40a7P+s4C32+agJf/E2BrRPLuPXZ0= X-MC-Unique: kSPM0fS4OlenzbhlniNTiQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v3 10/13] qemu: report max number of SEV guests Date: Fri, 10 Dec 2021 16:47:10 +0000 Message-Id: <20211210164713.3024012-11-berrange@redhat.com> In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com> References: <20211210164713.3024012-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639154920661100001 Different CPU generations have different limits on the number of SEV/SEV-ES guests that can be run. Since both limits come from the same overall set, there is typically also BIOS config to set the tradeoff betweeen SEV and SEV-ES guest limits. This is important information to expose for a mgmt application scheduling guests to hosts. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Peter Krempa --- src/qemu/qemu_capabilities.c | 39 +++++++++++++++++++ src/qemu/qemu_driver.c | 10 +++++ .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 4 +- .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 4 +- tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 4 +- .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 4 +- .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 4 +- tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 4 +- tests/testutilsqemu.c | 21 ++++++++++ 9 files changed, 82 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 4ffd0a98a2..ddd61ecfc9 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -1897,6 +1897,8 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst, =20 tmp->cbitpos =3D src->cbitpos; tmp->reduced_phys_bits =3D src->reduced_phys_bits; + tmp->max_guests =3D src->max_guests; + tmp->max_es_guests =3D src->max_es_guests; =20 *dst =3D g_steal_pointer(&tmp); return 0; @@ -3286,6 +3288,31 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCaps *qemu= Caps, } =20 =20 +static void +virQEMUCapsGetSEVMaxGuests(virSEVCapability *caps) +{ + /* + * From Secure Encrypted Virtualization API v0.24, section 6.19.1 + * + * If the guest is SEV-ES enabled, then the ASID must be at least + * 1h and at most (MIN_SEV_ASID-1). If the guest is not SEV-ES + * enabled, then the ASID must be at least MIN_SEV_ASID and at + * most the maximum SEV ASID available. The MIN_SEV_ASID value + * is discovered by CPUID Fn8000_001F[EDX]. The maximum SEV ASID + * available is discovered by CPUID Fn8000_001F[ECX]. + */ + uint32_t min_asid, max_asid; + virHostCPUX86GetCPUID(0x8000001F, 0, NULL, NULL, + &max_asid, &min_asid); + + if (max_asid !=3D 0 && min_asid !=3D 0) { + caps->max_guests =3D max_asid - min_asid + 1; + caps->max_es_guests =3D min_asid - 1; + } else { + caps->max_guests =3D caps->max_es_guests =3D 0; + } +} + static int virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuCaps, qemuMonitor *mon) @@ -3305,6 +3332,8 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuC= aps, return 0; } =20 + virQEMUCapsGetSEVMaxGuests(caps); + virSEVCapabilitiesFree(qemuCaps->sevCapabilities); qemuCaps->sevCapabilities =3D caps; return 0; @@ -4084,6 +4113,14 @@ virQEMUCapsParseSEVInfo(virQEMUCaps *qemuCaps, xmlXP= athContextPtr ctxt) return -1; } =20 + + /* We probe this every time because the values + * can change on every reboot via firmware + * config tunables. It is cheap to query so + * lack of caching is a non-issue + */ + virQEMUCapsGetSEVMaxGuests(sev); + qemuCaps->sevCapabilities =3D g_steal_pointer(&sev); return 0; } @@ -6344,6 +6381,8 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCaps *qemu= Caps, domCaps->sev->cert_chain =3D g_strdup(cap->cert_chain); domCaps->sev->cbitpos =3D cap->cbitpos; domCaps->sev->reduced_phys_bits =3D cap->reduced_phys_bits; + domCaps->sev->max_guests =3D cap->max_guests; + domCaps->sev->max_es_guests =3D cap->max_es_guests; } =20 =20 diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ee23e10543..8ee0939295 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -19918,6 +19918,16 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps, sev->reduced_phys_bits) < 0) goto cleanup; =20 + if (virTypedParamsAddUInt(&sevParams, &n, &maxpar, + VIR_NODE_SEV_MAX_GUESTS, + sev->max_guests) < 0) + goto cleanup; + + if (virTypedParamsAddUInt(&sevParams, &n, &maxpar, + VIR_NODE_SEV_MAX_ES_GUESTS, + sev->max_es_guests) < 0) + goto cleanup; + *params =3D g_steal_pointer(&sevParams); *nparams =3D n; return 0; diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domain= capsdata/qemu_2.12.0-q35.x86_64.xml index 26816ff066..0dc5995c09 100644 --- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml @@ -205,8 +205,8 @@ 47 1 - 0 - 0 + 59 + 450 diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domain= capsdata/qemu_2.12.0-tcg.x86_64.xml index 5840a8b921..575506d852 100644 --- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml @@ -215,8 +215,8 @@ 47 1 - 0 - 0 + 59 + 450 diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincaps= data/qemu_2.12.0.x86_64.xml index 21d1b6946e..c8a5558536 100644 --- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml @@ -205,8 +205,8 @@ 47 1 - 0 - 0 + 59 + 450 diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_6.0.0-q35.x86_64.xml index 3415d44019..4595e70f61 100644 --- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml @@ -227,8 +227,8 @@ 47 1 - 0 - 0 + 59 + 450 diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_6.0.0-tcg.x86_64.xml index f58be3af6c..6b85c9c45a 100644 --- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml @@ -233,8 +233,8 @@ 47 1 - 0 - 0 + 59 + 450 diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsd= ata/qemu_6.0.0.x86_64.xml index 0a2615c519..a6fa374211 100644 --- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml @@ -227,8 +227,8 @@ 47 1 - 0 - 0 + 59 + 450 diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index 5bd1d40ad4..7f848f158e 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -143,6 +143,27 @@ virCapabilitiesHostNUMANewHost(void) return virTestCapsBuildNUMATopology(3); } =20 +void +virHostCPUX86GetCPUID(uint32_t leaf, + uint32_t extended, + uint32_t *eax, + uint32_t *ebx, + uint32_t *ecx, + uint32_t *edx) +{ + if (eax) + *eax =3D 0; + if (ebx) + *ebx =3D 0; + if (ecx) + *ecx =3D 0; + if (edx) + *edx =3D 0; + if (leaf =3D=3D 0x8000001F && extended =3D=3D 0) { + *ecx =3D 509; + *edx =3D 451; + } +} =20 static int testQemuAddGuest(virCaps *caps, --=20 2.33.1