On Fri, Apr 12, 2019 at 10:05:23AM +0200, Paolo Bonzini wrote: > On 12/04/19 09:58, Laszlo Ersek wrote: > > On 04/12/19 01:55, Singh, Brijesh wrote: > >> There are limited numbers of the SEV guests that can be run concurrently. > >> A management applications may need to know this limit so that it can place > >> SEV VMs on hosts which have suitable resources available. > >> > >> Currently, this limit is not exposed to the application. Add a new > >> 'sev-max-guest' field in the query-sev-capabilities to provide this > >> information. > >> > >> Cc: Paolo Bonzini <pbonz...@redhat.com> > >> Cc: Markus Armbruster <arm...@redhat.com> > >> Cc: Eric Blake <ebl...@redhat.com> > >> Cc: Daniel P. Berrangé <berra...@redhat.com> > >> Cc: Laszlo Ersek <ler...@redhat.com> > >> Cc: Erik Skultety <eskul...@redhat.com> > >> Cc: Tom Lendacky <thomas.lenda...@amd.com> > >> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> > >> --- > >> > >> changes since v1: > >> - document the new field and add (since 4.1) annotation. > >> > >> qapi/target.json | 9 +++++++-- > >> target/i386/sev.c | 9 +++++++-- > >> 2 files changed, 14 insertions(+), 4 deletions(-) > >> > >> diff --git a/qapi/target.json b/qapi/target.json > >> index 1d4d54b600..8cd4fc7919 100644 > >> --- a/qapi/target.json > >> +++ b/qapi/target.json > >> @@ -177,13 +177,17 @@ > >> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is > >> # enabled > >> # > >> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES > >> disabled > >> +# (since 4.1) > >> +# > >> # Since: 2.12 > >> ## > >> { 'struct': 'SevCapability', > >> 'data': { 'pdh': 'str', > >> 'cert-chain': 'str', > >> 'cbitpos': 'int', > >> - 'reduced-phys-bits': 'int'}, > >> + 'reduced-phys-bits': 'int', > >> + 'sev-max-guests': 'int'}, > >> 'if': 'defined(TARGET_I386)' } > >> > >> ## > >> @@ -200,7 +204,8 @@ > >> # > >> # -> { "execute": "query-sev-capabilities" } > >> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", > >> -# "cbitpos": 47, "reduced-phys-bits": 5}} > >> +# "cbitpos": 47, "reduced-phys-bits": 5, > >> +# "sev-max-guests" : 15}} > > > > There seems to be a superfluous space character before the colon, but I > > don't think it matters much. > > > >> # > >> ## > >> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', > >> diff --git a/target/i386/sev.c b/target/i386/sev.c > >> index cd77f6b5d4..6829586fbe 100644 > >> --- a/target/i386/sev.c > >> +++ b/target/i386/sev.c > >> @@ -488,7 +488,7 @@ sev_get_capabilities(void) > >> guchar *pdh_data = NULL; > >> guchar *cert_chain_data = NULL; > >> size_t pdh_len = 0, cert_chain_len = 0; > >> - uint32_t ebx; > >> + uint32_t ebx, ecx, edx; > >> int fd; > >> > >> fd = open(DEFAULT_SEV_DEVICE, O_RDWR); > >> @@ -507,7 +507,7 @@ sev_get_capabilities(void) > >> cap->pdh = g_base64_encode(pdh_data, pdh_len); > >> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); > >> > >> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); > >> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx); > >> cap->cbitpos = ebx & 0x3f; > >> > >> /* > >> @@ -516,6 +516,11 @@ sev_get_capabilities(void) > >> */ > >> cap->reduced_phys_bits = 1; > >> > >> + /* > >> + * The maximum number of SEV guests with SEV-ES disabled that can run > >> + * simultaneously. > >> + */ > >> + cap->sev_max_guests = ecx - edx + 1; > >> out: > >> g_free(pdh_data); > >> g_free(cert_chain_data); > >> > > > > Reviewed-by: Laszlo Ersek <ler...@redhat.com> > > As mentioned in v1, I don't think a management application should need > to run QEMU in order to figure this out.
Libvirt is already running this query-sev-capabilities command to find out information about SEV support, so from our POV this is the natural place to report the max limits. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|