On 04/12/19 10:05, Paolo Bonzini wrote:
> On 12/04/19 09:58, Laszlo Ersek wrote:
>> On 04/12/19 01:55, Singh, Brijesh wrote:
>>> There are limited numbers of the SEV guests that can be run concurrently.
>>> A management applications may need to know this limit so that it can place
>>> SEV VMs on hosts which have suitable resources available.
>>>
>>> Currently, this limit is not exposed to the application. Add a new
>>> 'sev-max-guest' field in the query-sev-capabilities to provide this
>>> information.
>>>
>>> Cc: Paolo Bonzini <pbonz...@redhat.com>
>>> Cc: Markus Armbruster <arm...@redhat.com>
>>> Cc: Eric Blake <ebl...@redhat.com>
>>> Cc: Daniel P. Berrangé <berra...@redhat.com>
>>> Cc: Laszlo Ersek <ler...@redhat.com>
>>> Cc: Erik Skultety <eskul...@redhat.com>
>>> Cc: Tom Lendacky <thomas.lenda...@amd.com>
>>> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
>>> ---
>>>
>>> changes since v1:
>>> - document the new field and add (since 4.1) annotation.
>>>
>>> qapi/target.json | 9 +++++++--
>>> target/i386/sev.c | 9 +++++++--
>>> 2 files changed, 14 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/qapi/target.json b/qapi/target.json
>>> index 1d4d54b600..8cd4fc7919 100644
>>> --- a/qapi/target.json
>>> +++ b/qapi/target.json
>>> @@ -177,13 +177,17 @@
>>> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
>>> # enabled
>>> #
>>> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES
>>> disabled
>>> +# (since 4.1)
>>> +#
>>> # Since: 2.12
>>> ##
>>> { 'struct': 'SevCapability',
>>> 'data': { 'pdh': 'str',
>>> 'cert-chain': 'str',
>>> 'cbitpos': 'int',
>>> - 'reduced-phys-bits': 'int'},
>>> + 'reduced-phys-bits': 'int',
>>> + 'sev-max-guests': 'int'},
>>> 'if': 'defined(TARGET_I386)' }
>>>
>>> ##
>>> @@ -200,7 +204,8 @@
>>> #
>>> # -> { "execute": "query-sev-capabilities" }
>>> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
>>> -# "cbitpos": 47, "reduced-phys-bits": 5}}
>>> +# "cbitpos": 47, "reduced-phys-bits": 5,
>>> +# "sev-max-guests" : 15}}
>>
>> There seems to be a superfluous space character before the colon, but I
>> don't think it matters much.
>>
>>> #
>>> ##
>>> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
>>> diff --git a/target/i386/sev.c b/target/i386/sev.c
>>> index cd77f6b5d4..6829586fbe 100644
>>> --- a/target/i386/sev.c
>>> +++ b/target/i386/sev.c
>>> @@ -488,7 +488,7 @@ sev_get_capabilities(void)
>>> guchar *pdh_data = NULL;
>>> guchar *cert_chain_data = NULL;
>>> size_t pdh_len = 0, cert_chain_len = 0;
>>> - uint32_t ebx;
>>> + uint32_t ebx, ecx, edx;
>>> int fd;
>>>
>>> fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
>>> @@ -507,7 +507,7 @@ sev_get_capabilities(void)
>>> cap->pdh = g_base64_encode(pdh_data, pdh_len);
>>> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
>>>
>>> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
>>> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx);
>>> cap->cbitpos = ebx & 0x3f;
>>>
>>> /*
>>> @@ -516,6 +516,11 @@ sev_get_capabilities(void)
>>> */
>>> cap->reduced_phys_bits = 1;
>>>
>>> + /*
>>> + * The maximum number of SEV guests with SEV-ES disabled that can run
>>> + * simultaneously.
>>> + */
>>> + cap->sev_max_guests = ecx - edx + 1;
>>> out:
>>> g_free(pdh_data);
>>> g_free(cert_chain_data);
>>>
>>
>> Reviewed-by: Laszlo Ersek <ler...@redhat.com>
>
> As mentioned in v1, I don't think a management application should need
> to run QEMU in order to figure this out.
Sorry, I didn't mean to ignore your feedback; I hadn't seen it.
Thanks
Laszlo
