On 12/04/19 09:58, Laszlo Ersek wrote: > On 04/12/19 01:55, Singh, Brijesh wrote: >> There are limited numbers of the SEV guests that can be run concurrently. >> A management applications may need to know this limit so that it can place >> SEV VMs on hosts which have suitable resources available. >> >> Currently, this limit is not exposed to the application. Add a new >> 'sev-max-guest' field in the query-sev-capabilities to provide this >> information. >> >> Cc: Paolo Bonzini <pbonz...@redhat.com> >> Cc: Markus Armbruster <arm...@redhat.com> >> Cc: Eric Blake <ebl...@redhat.com> >> Cc: Daniel P. Berrangé <berra...@redhat.com> >> Cc: Laszlo Ersek <ler...@redhat.com> >> Cc: Erik Skultety <eskul...@redhat.com> >> Cc: Tom Lendacky <thomas.lenda...@amd.com> >> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> >> --- >> >> changes since v1: >> - document the new field and add (since 4.1) annotation. >> >> qapi/target.json | 9 +++++++-- >> target/i386/sev.c | 9 +++++++-- >> 2 files changed, 14 insertions(+), 4 deletions(-) >> >> diff --git a/qapi/target.json b/qapi/target.json >> index 1d4d54b600..8cd4fc7919 100644 >> --- a/qapi/target.json >> +++ b/qapi/target.json >> @@ -177,13 +177,17 @@ >> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is >> # enabled >> # >> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES >> disabled >> +# (since 4.1) >> +# >> # Since: 2.12 >> ## >> { 'struct': 'SevCapability', >> 'data': { 'pdh': 'str', >> 'cert-chain': 'str', >> 'cbitpos': 'int', >> - 'reduced-phys-bits': 'int'}, >> + 'reduced-phys-bits': 'int', >> + 'sev-max-guests': 'int'}, >> 'if': 'defined(TARGET_I386)' } >> >> ## >> @@ -200,7 +204,8 @@ >> # >> # -> { "execute": "query-sev-capabilities" } >> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", >> -# "cbitpos": 47, "reduced-phys-bits": 5}} >> +# "cbitpos": 47, "reduced-phys-bits": 5, >> +# "sev-max-guests" : 15}} > > There seems to be a superfluous space character before the colon, but I > don't think it matters much. > >> # >> ## >> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', >> diff --git a/target/i386/sev.c b/target/i386/sev.c >> index cd77f6b5d4..6829586fbe 100644 >> --- a/target/i386/sev.c >> +++ b/target/i386/sev.c >> @@ -488,7 +488,7 @@ sev_get_capabilities(void) >> guchar *pdh_data = NULL; >> guchar *cert_chain_data = NULL; >> size_t pdh_len = 0, cert_chain_len = 0; >> - uint32_t ebx; >> + uint32_t ebx, ecx, edx; >> int fd; >> >> fd = open(DEFAULT_SEV_DEVICE, O_RDWR); >> @@ -507,7 +507,7 @@ sev_get_capabilities(void) >> cap->pdh = g_base64_encode(pdh_data, pdh_len); >> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); >> >> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); >> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx); >> cap->cbitpos = ebx & 0x3f; >> >> /* >> @@ -516,6 +516,11 @@ sev_get_capabilities(void) >> */ >> cap->reduced_phys_bits = 1; >> >> + /* >> + * The maximum number of SEV guests with SEV-ES disabled that can run >> + * simultaneously. >> + */ >> + cap->sev_max_guests = ecx - edx + 1; >> out: >> g_free(pdh_data); >> g_free(cert_chain_data); >> > > Reviewed-by: Laszlo Ersek <ler...@redhat.com>
As mentioned in v1, I don't think a management application should need to run QEMU in order to figure this out. Paolo