Michael Roth <michael.r...@amd.com> writes: > Most of the current 'query-sev' command is relevant to both legacy > SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions: > > - 'policy' is a 64-bit field for SEV-SNP, not 32-bit, and > the meaning of the bit positions has changed > - 'handle' is not relevant to SEV-SNP > > To address this, this patch adds a new 'sev-type' field that can be > used as a discriminator to select between SEV and SEV-SNP-specific > fields/formats without breaking compatibility for existing management > tools (so long as management tools that add support for launching > SEV-SNP guest update their handling of query-sev appropriately).
Technically a compatibility break: query-sev can now return an object that whose member @policy has different meaning, and also lacks @handle. Matrix: Old mgmt app New mgmt app Old QEMU, SEV/SEV-ES good good(1) New QEMU, SEV/SEV-ES good(2) good New QEMU, SEV-SNP bad(3) good Notes: (1) As long as the management application can cope with absent member @sev-type. (2) As long as the management application ignores unknown member @sev-type. (3) Management application may choke on missing member @handle, or worse, misinterpret member @policy. Can only happen when something other than the management application created the SEV-SNP guest (or the user somehow made the management application create one even though it doesn't know how, say with CLI option passthrough, but that's always fragile, and I wouldn't worry about it here). I think (1) and (2) are reasonable. (3) is an issue for management applications that support attaching to existing guests. Thoughts? > > The corresponding HMP command has also been fixed up similarly. > > Signed-off-by: Michael Roth <michael.r...@amd.com> > --- > qapi/misc-target.json | 71 +++++++++++++++++++++++++++++++++--------- > target/i386/monitor.c | 29 +++++++++++++---- > target/i386/sev.c | 22 +++++++------ > target/i386/sev_i386.h | 3 ++ > 4 files changed, 95 insertions(+), 30 deletions(-) > > diff --git a/qapi/misc-target.json b/qapi/misc-target.json > index 3b05ad3dbf..80f994ff9b 100644 > --- a/qapi/misc-target.json > +++ b/qapi/misc-target.json > @@ -81,6 +81,49 @@ > 'send-update', 'receive-update' ], > 'if': 'TARGET_I386' } > > +## > +# @SevGuestType: > +# > +# An enumeration indicating the type of SEV guest being run. > +# > +# @sev: The guest is a legacy SEV or SEV-ES guest. > +# @sev-snp: The guest is an SEV-SNP guest. > +# > +# Since: 6.2 > +## > +{ 'enum': 'SevGuestType', > + 'data': [ 'sev', 'sev-snp' ], > + 'if': 'TARGET_I386' } > + > +## > +# @SevGuestInfo: > +# > +# Information specific to legacy SEV/SEV-ES guests. > +# > +# @policy: SEV policy value > +# > +# @handle: SEV firmware handle > +# > +# Since: 2.12 > +## > +{ 'struct': 'SevGuestInfo', > + 'data': { 'policy': 'uint32', > + 'handle': 'uint32' }, > + 'if': 'TARGET_I386' } > + > +## > +# @SevSnpGuestInfo: > +# > +# Information specific to SEV-SNP guests. > +# > +# @policy: SEV-SNP policy value > +# > +# Since: 6.2 > +## > +{ 'struct': 'SevSnpGuestInfo', > + 'data': { 'policy': 'uint64' }, > + 'if': 'TARGET_I386' } > + > ## > # @SevInfo: > # > @@ -94,25 +137,25 @@ > # > # @build-id: SEV FW build id > # > -# @policy: SEV policy value > -# > # @state: SEV guest state > # > -# @handle: SEV firmware handle > +# @sev-type: Type of SEV guest being run > # > # Since: 2.12 > ## > -{ 'struct': 'SevInfo', > - 'data': { 'enabled': 'bool', > - 'api-major': 'uint8', > - 'api-minor' : 'uint8', > - 'build-id' : 'uint8', > - 'policy' : 'uint32', > - 'state' : 'SevState', > - 'handle' : 'uint32' > - }, > - 'if': 'TARGET_I386' > -} > +{ 'union': 'SevInfo', > + 'base': { 'enabled': 'bool', > + 'api-major': 'uint8', > + 'api-minor' : 'uint8', > + 'build-id' : 'uint8', > + 'state' : 'SevState', > + 'sev-type' : 'SevGuestType' }, > + 'discriminator': 'sev-type', > + 'data': { > + 'sev': 'SevGuestInfo', > + 'sev-snp': 'SevSnpGuestInfo' }, > + 'if': 'TARGET_I386' } > + > > ## > # @query-sev: [...]