The API can be used by application to get the SEV capability
(which includes platform certificate chain and other releated information)

Signed-off-by: Brijesh Singh <<brijesh.si...@amd.com>>
---
 include/libvirt/libvirt-host.h      | 42 +++++++++++++++++
 src/driver-hypervisor.h             |  6 +++
 src/libvirt-host.c                  | 48 +++++++++++++++++++
 src/libvirt_public.syms             |  5 ++
 src/qemu/qemu_capabilities.c        |  7 +++
 src/qemu/qemu_capabilities.h        |  4 ++
 src/qemu/qemu_driver.c              | 91 +++++++++++++++++++++++++++++++++++++
 src/remote/remote_daemon_dispatch.c | 44 ++++++++++++++++++
 src/remote/remote_driver.c          | 41 +++++++++++++++++
 src/remote/remote_protocol.x        | 22 ++++++++-
 src/remote_protocol-structs         | 13 ++++++
 11 files changed, 322 insertions(+), 1 deletion(-)

diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index 84f4858..d020597 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -432,6 +432,48 @@ typedef virNodeCPUStats *virNodeCPUStatsPtr;
 
 typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
 
+
+/**
+ *
+ * SEV Parameters
+ */
+
+/**
+ * VIR_NODE_SEV_PDH:
+ *
+ * Marco represents the Platform Diffie-Hellman key, as 
VIR_TYPED_PARAMS_STRING.
+ */
+# define VIR_NODE_SEV_PDH               "pdh"
+
+/**
+ * VIR_NODE_SEV_CERT_CHAIN:
+ *
+ * Marco represents the Platform certificate chain that includes the
+ * endorsement key (PEK), owner certificate authority (OCD) and chip
+ * endorsement key (CEK), as VIR_TYPED_PARAMS_STRING.
+ */
+# define VIR_NODE_SEV_CERT_CHAIN        "cert-chain"
+
+/**
+ * VIR_NODE_SEV_CBITPOS:
+ *
+ * Marco represents the CBit Position used by hypervisor when SEV is enabled.
+ */
+# define VIR_NODE_SEV_CBITPOS        "cbitpos"
+
+/**
+ * VIR_NODE_SEV_REDUCED_PHYS_BITS:
+ *
+ * Marco represents the number of bits we lose in physical address space
+ * when SEV is enabled in the guest.
+ */
+# define VIR_NODE_SEV_REDUCED_PHYS_BITS        "reduced-phys-bits"
+
+int virNodeGetSEVCapability (virConnectPtr conn,
+                             virTypedParameterPtr *params,
+                             int *nparams,
+                             unsigned int flags);
+
 /**
  * virConnectFlags
  *
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index aa99cbb..cb2ab9c 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1309,6 +1309,11 @@ typedef int
                                   unsigned int action,
                                   unsigned int flags);
 
+typedef int
+(*virDrvNodeGetSEVCapability)(virConnectPtr conn,
+                              virTypedParameterPtr *params,
+                              int *nparams,
+                              unsigned int flags);
 
 typedef struct _virHypervisorDriver virHypervisorDriver;
 typedef virHypervisorDriver *virHypervisorDriverPtr;
@@ -1558,6 +1563,7 @@ struct _virHypervisorDriver {
     virDrvDomainSetLifecycleAction domainSetLifecycleAction;
     virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU;
     virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
+    virDrvNodeGetSEVCapability nodeGetSEVCapability;
 };
 
 
diff --git a/src/libvirt-host.c b/src/libvirt-host.c
index 3aaf558..6c47b69 100644
--- a/src/libvirt-host.c
+++ b/src/libvirt-host.c
@@ -1639,3 +1639,51 @@ virNodeAllocPages(virConnectPtr conn,
     virDispatchError(conn);
     return -1;
 }
+
+/*
+ * virNodeGetSEVCapability:
+ * @conn: pointer to the hypervisor connection
+ * @params: where to store  SEV capabilities; output
+ * @nparams: pointer to number of SEV parameters; output
+ * @flags: extra flags; not used yet, so callers should always pass 0
+ *
+ * Get the SEV host capabilities, If hypervisor supports SEV then @params
+ * will contains PDH and certificate chain.
+ *
+ * Returns 0 in case of success, and -1 in case of failure.
+ */
+int
+virNodeGetSEVCapability(virConnectPtr conn,
+                        virTypedParameterPtr *params,
+                        int *nparams,
+                        unsigned int flags)
+{
+    VIR_DEBUG("conn=%p, params=%p, nparams=%p (%d), flags=0x%x",
+              conn, params, nparams, *nparams, flags);
+
+    virResetLastError();
+
+    virCheckConnectReturn(conn, -1);
+    virCheckNonNullArgGoto(nparams, error);
+    virCheckNonNegativeArgGoto(*nparams, error);
+    virCheckReadOnlyGoto(conn->flags, error);
+
+    if (VIR_DRV_SUPPORTS_FEATURE(conn->driver, conn,
+                                 VIR_DRV_FEATURE_TYPED_PARAM_STRING))
+        flags |= VIR_TYPED_PARAM_STRING_OKAY;
+
+    if (conn->driver->nodeGetSEVCapability) {
+        int ret;
+        ret = conn->driver->nodeGetSEVCapability(conn, params,
+                                                 nparams, flags);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+
+    virReportUnsupportedError();
+
+ error:
+    virDispatchError(conn);
+    return -1;
+}
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 958601b..438205f 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -792,4 +792,9 @@ LIBVIRT_4.4.0 {
         virConnectBaselineHypervisorCPU;
 } LIBVIRT_4.1.0;
 
+LIBVIRT_4.5.0 {
+    global:
+        virNodeGetSEVCapability;
+} LIBVIRT_4.4.0;
+
 # .... define new API here using predicted next version number ....
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5db444c..82aec96 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2080,6 +2080,13 @@ virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
 }
 
 
+virSEVCapabilityPtr
+virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps)
+{
+    return qemuCaps->sevCapabilities;
+}
+
+
 static int
 virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps,
                             qemuMonitorPtr mon)
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index ad25e6c..630ce77 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -615,4 +615,8 @@ bool virQEMUCapsGuestIsNative(virArch host,
 
 bool virQEMUCapsCPUFilterFeatures(const char *name,
                                   void *opaque);
+
+virSEVCapabilityPtr
+virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps);
+
 #endif /* __QEMU_CAPABILITIES_H__*/
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index c200c5a..0fb1aba 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -21438,6 +21438,96 @@ qemuDomainSetLifecycleAction(virDomainPtr dom,
 }
 
 
+static int
+qemuGetSEVCapabilities(virQEMUCapsPtr qemuCaps,
+                       virTypedParameterPtr *params,
+                       int *nparams,
+                       unsigned int flags)
+{
+    int maxpar = 0;
+    virSEVCapabilityPtr sev = virQEMUCapsGetSEVCapabilities(qemuCaps);
+
+    virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
+
+    if (virTypedParamsAddString(params, nparams, &maxpar,
+                    VIR_NODE_SEV_PDH, sev->pdh) < 0)
+        return -1;
+
+    if (virTypedParamsAddString(params, nparams, &maxpar,
+                    VIR_NODE_SEV_CERT_CHAIN, sev->pdh) < 0)
+        goto cleanup;
+
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                    VIR_NODE_SEV_CBITPOS, sev->cbitpos) < 0)
+        goto cleanup;
+
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                    VIR_NODE_SEV_REDUCED_PHYS_BITS,
+                    sev->reduced_phys_bits) < 0)
+        goto cleanup;
+
+    return 0;
+
+ cleanup:
+    return -1;
+}
+
+
+static int
+qemuNodeGetSEVCapability(virConnectPtr conn,
+                         virTypedParameterPtr *params,
+                         int *nparams,
+                         unsigned int flags)
+{
+    virQEMUDriverPtr driver = conn->privateData;
+    virCapsPtr caps = NULL;
+    virQEMUCapsPtr qemucaps = NULL;
+    virArch hostarch;
+    virCapsDomainDataPtr capsdata;
+    int ret = -1;
+
+    if (virNodeGetSevCapabilityEnsureACL(conn) < 0)
+        return ret;
+
+    if (!(caps = virQEMUDriverGetCapabilities(driver, true)))
+        return ret;
+
+    hostarch = virArchFromHost();
+    if (!(capsdata = virCapabilitiesDomainDataLookup(caps,
+            VIR_DOMAIN_OSTYPE_HVM, hostarch, VIR_DOMAIN_VIRT_QEMU,
+            NULL, NULL))) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Cannot find suitable emulator for %s"),
+                       virArchToString(hostarch));
+        goto UnrefCaps;
+    }
+
+    qemucaps = virQEMUCapsCacheLookup(driver->qemuCapsCache,
+                                      capsdata->emulator);
+    VIR_FREE(capsdata);
+    if (!qemucaps)
+        goto UnrefCaps;
+
+    if (!virQEMUCapsGet(qemucaps, QEMU_CAPS_SEV_GUEST)) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("QEMU does not support SEV guest"));
+        goto UnrefQemuCaps;
+    }
+
+    if (qemuGetSEVCapabilities(qemucaps, params, nparams, flags) < 0)
+        goto UnrefQemuCaps;
+
+    ret = 0;
+
+ UnrefQemuCaps:
+    virObjectUnref(qemucaps);
+ UnrefCaps:
+    virObjectUnref(caps);
+
+    return ret;
+}
+
+
 static virHypervisorDriver qemuHypervisorDriver = {
     .name = QEMU_DRIVER_NAME,
     .connectURIProbe = qemuConnectURIProbe,
@@ -21661,6 +21751,7 @@ static virHypervisorDriver qemuHypervisorDriver = {
     .domainSetLifecycleAction = qemuDomainSetLifecycleAction, /* 3.9.0 */
     .connectCompareHypervisorCPU = qemuConnectCompareHypervisorCPU, /* 4.4.0 */
     .connectBaselineHypervisorCPU = qemuConnectBaselineHypervisorCPU, /* 4.4.0 
*/
+    .nodeGetSEVCapability = qemuNodeGetSEVCapability, /* 4.5.0 */
 };
 
 
diff --git a/src/remote/remote_daemon_dispatch.c 
b/src/remote/remote_daemon_dispatch.c
index 81d0445..f974b71 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -5001,6 +5001,50 @@ remoteDispatchDomainGetDiskErrors(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 
 
 static int
+remoteDispatchNodeGetSevCapability(virNetServerPtr server ATTRIBUTE_UNUSED,
+                                   virNetServerClientPtr client 
ATTRIBUTE_UNUSED,
+                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
+                                   virNetMessageErrorPtr rerr,
+                                   remote_node_get_sev_capability_args *args,
+                                   remote_node_get_sev_capability_ret *ret)
+{
+    virTypedParameterPtr params = NULL;
+    int nparams = 0;
+    int rv = -1;
+    struct daemonClientPrivate *priv =
+        virNetServerClientGetPrivateData(client);
+
+    if (!priv->conn) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
+        goto cleanup;
+    }
+
+    if (virNodeGetSEVCapability(priv->conn, &params, &nparams, args->flags) < 
0)
+        goto cleanup;
+
+    if (nparams > REMOTE_NODE_SEV_CAPABILITY_MAX) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+        goto cleanup;
+    }
+
+
+    if (virTypedParamsSerialize(params, nparams,
+                                (virTypedParameterRemotePtr *) 
&ret->params.params_val,
+                                &ret->params.params_len,
+                                args->flags) < 0)
+        goto cleanup;
+
+    rv = 0;
+
+ cleanup:
+    if (rv < 0)
+        virNetMessageSaveError(rerr);
+    virTypedParamsFree(params, nparams);
+    return rv;
+}
+
+
+static int
 remoteDispatchNodeGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
                                       virNetServerClientPtr client 
ATTRIBUTE_UNUSED,
                                       virNetMessagePtr msg ATTRIBUTE_UNUSED,
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 3be30bd..cdc9a70 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -6776,6 +6776,46 @@ remoteNodeGetMemoryParameters(virConnectPtr conn,
     return rv;
 }
 
+
+static int
+remoteNodeGetSEVCapability(virConnectPtr conn,
+                           virTypedParameterPtr *params,
+                           int *nparams,
+                           unsigned int flags)
+{
+    int rv = -1;
+    remote_node_get_sev_capability_args args;
+    remote_node_get_sev_capability_ret ret;
+    struct private_data *priv = conn->privateData;
+
+    remoteDriverLock(priv);
+
+    args.flags = flags;
+
+    memset(&ret, 0, sizeof(ret));
+    if (call(conn, priv, 0, REMOTE_PROC_NODE_GET_SEV_CAPABILITY,
+             (xdrproc_t) xdr_remote_node_get_sev_capability_args, (char *) 
&args,
+             (xdrproc_t) xdr_remote_node_get_sev_capability_ret, (char *) 
&ret) == -1)
+        goto done;
+
+    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) 
ret.params.params_val,
+                                  ret.params.params_len,
+                                  REMOTE_NODE_SEV_CAPABILITY_MAX,
+                                  params,
+                                  nparams) < 0)
+        goto cleanup;
+
+    rv = 0;
+
+ cleanup:
+    xdr_free((xdrproc_t) xdr_remote_node_get_sev_capability_ret,
+             (char *) &ret);
+ done:
+    remoteDriverUnlock(priv);
+    return rv;
+}
+
+
 static int
 remoteNodeGetCPUMap(virConnectPtr conn,
                     unsigned char **cpumap,
@@ -8452,6 +8492,7 @@ static virHypervisorDriver hypervisor_driver = {
     .domainSetLifecycleAction = remoteDomainSetLifecycleAction, /* 3.9.0 */
     .connectCompareHypervisorCPU = remoteConnectCompareHypervisorCPU, /* 4.4.0 
*/
     .connectBaselineHypervisorCPU = remoteConnectBaselineHypervisorCPU, /* 
4.4.0 */
+    .nodeGetSEVCapability = remoteNodeGetSEVCapability, /* 4.5.0 */
 };
 
 static virNetworkDriver network_driver = {
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index a0ab7e9..a4e1166 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -253,6 +253,9 @@ const REMOTE_DOMAIN_IP_ADDR_MAX = 2048;
 /* Upper limit on number of guest vcpu information entries */
 const REMOTE_DOMAIN_GUEST_VCPU_PARAMS_MAX = 64;
 
+/* Upper limit on number of SEV parameters */
+const REMOTE_NODE_SEV_CAPABILITY_MAX = 64;
+
 /* UUID.  VIR_UUID_BUFLEN definition comes from libvirt.h */
 typedef opaque remote_uuid[VIR_UUID_BUFLEN];
 
@@ -3480,6 +3483,17 @@ struct remote_connect_baseline_hypervisor_cpu_ret {
     remote_nonnull_string cpu;
 };
 
+struct remote_node_get_sev_capability_args {
+    int nparams;
+    unsigned int flags;
+};
+
+struct remote_node_get_sev_capability_ret {
+    remote_typed_param params<REMOTE_NODE_SEV_CAPABILITY_MAX>;
+    int nparams;
+};
+
+
 /*----- Protocol. -----*/
 
 /* Define the program number, protocol version and procedure numbers here. */
@@ -6187,5 +6201,11 @@ enum remote_procedure {
      * @generate: both
      * @acl: connect:write
      */
-    REMOTE_PROC_CONNECT_BASELINE_HYPERVISOR_CPU = 394
+    REMOTE_PROC_CONNECT_BASELINE_HYPERVISOR_CPU = 394,
+
+    /**
+     * @generate: none
+     * @acl: connect:read
+     */
+    REMOTE_PROC_NODE_GET_SEV_CAPABILITY = 395
 };
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index 0c4cfc6..7705821 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -2907,6 +2907,18 @@ struct remote_connect_baseline_hypervisor_cpu_args {
 struct remote_connect_baseline_hypervisor_cpu_ret {
         remote_nonnull_string      cpu;
 };
+struct remote_node_get_sev_capability_args {
+        int         nparams;
+        u_int       flags;
+};
+struct remote_node_get_sev_capability_ret {
+        struct {
+                u_int              params_len;
+                remote_typed_param * params_val;
+        } params;
+        int                        nparams;
+};
+
 enum remote_procedure {
         REMOTE_PROC_CONNECT_OPEN = 1,
         REMOTE_PROC_CONNECT_CLOSE = 2,
@@ -3302,4 +3314,5 @@ enum remote_procedure {
         REMOTE_PROC_DOMAIN_DETACH_DEVICE_ALIAS = 392,
         REMOTE_PROC_CONNECT_COMPARE_HYPERVISOR_CPU = 393,
         REMOTE_PROC_CONNECT_BASELINE_HYPERVISOR_CPU = 394,
+        REMOTE_PROC_NODE_SEV_CAPABILITY = 395,
 };
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to