From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>,
"Singh, Brijesh" <brijesh.singh@amd.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
Markus Armbruster <armbru@redhat.com>,
Eric Blake <eblake@redhat.com>,
Erik Skultety <eskultet@redhat.com>,
"Lendacky, Thomas" <Thomas.Lendacky@amd.com>
Subject: Re: [Qemu-devel] [PATCH v2] target/i386: sev: add 'sev-max-guests' field to 'query-sev-capabilities'
Date: Fri, 12 Apr 2019 09:20:41 +0100 [thread overview]
Message-ID: <20190412082041.GA25308@redhat.com> (raw)
In-Reply-To: <0db9a2c4-7153-6fb0-a15a-23e28c81669f@redhat.com>
On Fri, Apr 12, 2019 at 10:05:23AM +0200, Paolo Bonzini wrote:
> On 12/04/19 09:58, Laszlo Ersek wrote:
> > On 04/12/19 01:55, Singh, Brijesh wrote:
> >> There are limited numbers of the SEV guests that can be run concurrently.
> >> A management applications may need to know this limit so that it can place
> >> SEV VMs on hosts which have suitable resources available.
> >>
> >> Currently, this limit is not exposed to the application. Add a new
> >> 'sev-max-guest' field in the query-sev-capabilities to provide this
> >> information.
> >>
> >> Cc: Paolo Bonzini <pbonzini@redhat.com>
> >> Cc: Markus Armbruster <armbru@redhat.com>
> >> Cc: Eric Blake <eblake@redhat.com>
> >> Cc: Daniel P. Berrangé <berrange@redhat.com>
> >> Cc: Laszlo Ersek <lersek@redhat.com>
> >> Cc: Erik Skultety <eskultet@redhat.com>
> >> Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
> >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> >> ---
> >>
> >> changes since v1:
> >> - document the new field and add (since 4.1) annotation.
> >>
> >> qapi/target.json | 9 +++++++--
> >> target/i386/sev.c | 9 +++++++--
> >> 2 files changed, 14 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/qapi/target.json b/qapi/target.json
> >> index 1d4d54b600..8cd4fc7919 100644
> >> --- a/qapi/target.json
> >> +++ b/qapi/target.json
> >> @@ -177,13 +177,17 @@
> >> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
> >> # enabled
> >> #
> >> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES disabled
> >> +# (since 4.1)
> >> +#
> >> # Since: 2.12
> >> ##
> >> { 'struct': 'SevCapability',
> >> 'data': { 'pdh': 'str',
> >> 'cert-chain': 'str',
> >> 'cbitpos': 'int',
> >> - 'reduced-phys-bits': 'int'},
> >> + 'reduced-phys-bits': 'int',
> >> + 'sev-max-guests': 'int'},
> >> 'if': 'defined(TARGET_I386)' }
> >>
> >> ##
> >> @@ -200,7 +204,8 @@
> >> #
> >> # -> { "execute": "query-sev-capabilities" }
> >> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
> >> -# "cbitpos": 47, "reduced-phys-bits": 5}}
> >> +# "cbitpos": 47, "reduced-phys-bits": 5,
> >> +# "sev-max-guests" : 15}}
> >
> > There seems to be a superfluous space character before the colon, but I
> > don't think it matters much.
> >
> >> #
> >> ##
> >> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
> >> diff --git a/target/i386/sev.c b/target/i386/sev.c
> >> index cd77f6b5d4..6829586fbe 100644
> >> --- a/target/i386/sev.c
> >> +++ b/target/i386/sev.c
> >> @@ -488,7 +488,7 @@ sev_get_capabilities(void)
> >> guchar *pdh_data = NULL;
> >> guchar *cert_chain_data = NULL;
> >> size_t pdh_len = 0, cert_chain_len = 0;
> >> - uint32_t ebx;
> >> + uint32_t ebx, ecx, edx;
> >> int fd;
> >>
> >> fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
> >> @@ -507,7 +507,7 @@ sev_get_capabilities(void)
> >> cap->pdh = g_base64_encode(pdh_data, pdh_len);
> >> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
> >>
> >> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
> >> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx);
> >> cap->cbitpos = ebx & 0x3f;
> >>
> >> /*
> >> @@ -516,6 +516,11 @@ sev_get_capabilities(void)
> >> */
> >> cap->reduced_phys_bits = 1;
> >>
> >> + /*
> >> + * The maximum number of SEV guests with SEV-ES disabled that can run
> >> + * simultaneously.
> >> + */
> >> + cap->sev_max_guests = ecx - edx + 1;
> >> out:
> >> g_free(pdh_data);
> >> g_free(cert_chain_data);
> >>
> >
> > Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
> As mentioned in v1, I don't think a management application should need
> to run QEMU in order to figure this out.
Libvirt is already running this query-sev-capabilities command to find
out information about SEV support, so from our POV this is the natural
place to report the max limits.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Lendacky, Thomas" <Thomas.Lendacky@amd.com>,
"Singh, Brijesh" <brijesh.singh@amd.com>,
Erik Skultety <eskultet@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
Markus Armbruster <armbru@redhat.com>,
Laszlo Ersek <lersek@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2] target/i386: sev: add 'sev-max-guests' field to 'query-sev-capabilities'
Date: Fri, 12 Apr 2019 09:20:41 +0100 [thread overview]
Message-ID: <20190412082041.GA25308@redhat.com> (raw)
Message-ID: <20190412082041.dYQ5YMh1vdc2FNNGDEZut84oYnOuLETcJZAei7S-EeA@z> (raw)
In-Reply-To: <0db9a2c4-7153-6fb0-a15a-23e28c81669f@redhat.com>
On Fri, Apr 12, 2019 at 10:05:23AM +0200, Paolo Bonzini wrote:
> On 12/04/19 09:58, Laszlo Ersek wrote:
> > On 04/12/19 01:55, Singh, Brijesh wrote:
> >> There are limited numbers of the SEV guests that can be run concurrently.
> >> A management applications may need to know this limit so that it can place
> >> SEV VMs on hosts which have suitable resources available.
> >>
> >> Currently, this limit is not exposed to the application. Add a new
> >> 'sev-max-guest' field in the query-sev-capabilities to provide this
> >> information.
> >>
> >> Cc: Paolo Bonzini <pbonzini@redhat.com>
> >> Cc: Markus Armbruster <armbru@redhat.com>
> >> Cc: Eric Blake <eblake@redhat.com>
> >> Cc: Daniel P. Berrangé <berrange@redhat.com>
> >> Cc: Laszlo Ersek <lersek@redhat.com>
> >> Cc: Erik Skultety <eskultet@redhat.com>
> >> Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
> >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> >> ---
> >>
> >> changes since v1:
> >> - document the new field and add (since 4.1) annotation.
> >>
> >> qapi/target.json | 9 +++++++--
> >> target/i386/sev.c | 9 +++++++--
> >> 2 files changed, 14 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/qapi/target.json b/qapi/target.json
> >> index 1d4d54b600..8cd4fc7919 100644
> >> --- a/qapi/target.json
> >> +++ b/qapi/target.json
> >> @@ -177,13 +177,17 @@
> >> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
> >> # enabled
> >> #
> >> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES disabled
> >> +# (since 4.1)
> >> +#
> >> # Since: 2.12
> >> ##
> >> { 'struct': 'SevCapability',
> >> 'data': { 'pdh': 'str',
> >> 'cert-chain': 'str',
> >> 'cbitpos': 'int',
> >> - 'reduced-phys-bits': 'int'},
> >> + 'reduced-phys-bits': 'int',
> >> + 'sev-max-guests': 'int'},
> >> 'if': 'defined(TARGET_I386)' }
> >>
> >> ##
> >> @@ -200,7 +204,8 @@
> >> #
> >> # -> { "execute": "query-sev-capabilities" }
> >> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
> >> -# "cbitpos": 47, "reduced-phys-bits": 5}}
> >> +# "cbitpos": 47, "reduced-phys-bits": 5,
> >> +# "sev-max-guests" : 15}}
> >
> > There seems to be a superfluous space character before the colon, but I
> > don't think it matters much.
> >
> >> #
> >> ##
> >> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
> >> diff --git a/target/i386/sev.c b/target/i386/sev.c
> >> index cd77f6b5d4..6829586fbe 100644
> >> --- a/target/i386/sev.c
> >> +++ b/target/i386/sev.c
> >> @@ -488,7 +488,7 @@ sev_get_capabilities(void)
> >> guchar *pdh_data = NULL;
> >> guchar *cert_chain_data = NULL;
> >> size_t pdh_len = 0, cert_chain_len = 0;
> >> - uint32_t ebx;
> >> + uint32_t ebx, ecx, edx;
> >> int fd;
> >>
> >> fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
> >> @@ -507,7 +507,7 @@ sev_get_capabilities(void)
> >> cap->pdh = g_base64_encode(pdh_data, pdh_len);
> >> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
> >>
> >> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
> >> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx);
> >> cap->cbitpos = ebx & 0x3f;
> >>
> >> /*
> >> @@ -516,6 +516,11 @@ sev_get_capabilities(void)
> >> */
> >> cap->reduced_phys_bits = 1;
> >>
> >> + /*
> >> + * The maximum number of SEV guests with SEV-ES disabled that can run
> >> + * simultaneously.
> >> + */
> >> + cap->sev_max_guests = ecx - edx + 1;
> >> out:
> >> g_free(pdh_data);
> >> g_free(cert_chain_data);
> >>
> >
> > Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
> As mentioned in v1, I don't think a management application should need
> to run QEMU in order to figure this out.
Libvirt is already running this query-sev-capabilities command to find
out information about SEV support, so from our POV this is the natural
place to report the max limits.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2019-04-12 8:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-11 23:55 [Qemu-devel] [PATCH v2] target/i386: sev: add 'sev-max-guests' field to 'query-sev-capabilities' Singh, Brijesh
2019-04-11 23:55 ` Singh, Brijesh
2019-04-12 7:58 ` Laszlo Ersek
2019-04-12 7:58 ` Laszlo Ersek
2019-04-12 8:05 ` Paolo Bonzini
2019-04-12 8:05 ` Paolo Bonzini
2019-04-12 8:20 ` Daniel P. Berrangé [this message]
2019-04-12 8:20 ` Daniel P. Berrangé
2019-04-12 12:17 ` Laszlo Ersek
2019-04-12 12:17 ` Laszlo Ersek
2019-04-12 8:21 ` Daniel P. Berrangé
2019-04-12 8:21 ` Daniel P. Berrangé
2019-04-12 8:26 ` Erik Skultety
2019-04-12 8:26 ` Erik Skultety
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190412082041.GA25308@redhat.com \
--to=berrange@redhat.com \
--cc=Thomas.Lendacky@amd.com \
--cc=armbru@redhat.com \
--cc=brijesh.singh@amd.com \
--cc=eblake@redhat.com \
--cc=eskultet@redhat.com \
--cc=lersek@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.