On 04/11/19 19:59, Singh, Brijesh wrote:
> There are limited numbers of the SEV guests that can be run concurrently.
> A management applications may need to know this limit so that it can place
> SEV VMs on hosts which have suitable resources available.
>
> Currently, this limit is not exposed to the application. Add a new
> 'sev-max-guest' field in the query-sev-capabilities to provide this
> information.
>
> Cc: Paolo Bonzini <pbonz...@redhat.com>
> Cc: Markus Armbruster <arm...@redhat.com>
> Cc: Eric Blake <ebl...@redhat.com>
> Cc: Daniel P. Berrangé <berra...@redhat.com>
> Cc: Laszlo Ersek <ler...@redhat.com>
> Cc: Erik Skultety <eskul...@redhat.com>
> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
> ---
> qapi/target.json | 6 ++++--
> target/i386/sev.c | 6 ++++--
> 2 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/qapi/target.json b/qapi/target.json
> index 1d4d54b600..b45121d30b 100644
> --- a/qapi/target.json
> +++ b/qapi/target.json
> @@ -183,7 +183,8 @@
> 'data': { 'pdh': 'str',
> 'cert-chain': 'str',
> 'cbitpos': 'int',
> - 'reduced-phys-bits': 'int'},
> + 'reduced-phys-bits': 'int',
> + 'sev-max-guests': 'int'},
Would it be useful to make this new field optional? E.g. if it was
missing, libvirtd could assume "no limit".
Again, not sure if that's useful, but it's not hard to introduce the
field as optional now. Removing mandatory fields later is impossible.
Thanks
Laszlo
> 'if': 'defined(TARGET_I386)' }
>
> ##
> @@ -200,7 +201,8 @@
> #
> # -> { "execute": "query-sev-capabilities" }
> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
> -# "cbitpos": 47, "reduced-phys-bits": 5}}
> +# "cbitpos": 47, "reduced-phys-bits": 5,
> +# "sev-max-guests" : 15}}
> #
> ##
> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index cd77f6b5d4..bb0cd79acd 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -488,7 +488,7 @@ sev_get_capabilities(void)
> guchar *pdh_data = NULL;
> guchar *cert_chain_data = NULL;
> size_t pdh_len = 0, cert_chain_len = 0;
> - uint32_t ebx;
> + uint32_t ebx, ecx, edx;
> int fd;
>
> fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
> @@ -507,7 +507,7 @@ sev_get_capabilities(void)
> cap->pdh = g_base64_encode(pdh_data, pdh_len);
> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
>
> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx);
> cap->cbitpos = ebx & 0x3f;
>
> /*
> @@ -516,6 +516,8 @@ sev_get_capabilities(void)
> */
> cap->reduced_phys_bits = 1;
>
> + /* the maximum number of SEV guests that can run simultaneously */
> + cap->sev_max_guests = ecx - edx + 1;
> out:
> g_free(pdh_data);
> g_free(cert_chain_data);
>
