On 04/02/2018 10:18 AM, Brijesh Singh wrote:
> QEMU version >= 2.12 provides support for launching an encrypted VMs on
> AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
> This patch adds support to query the SEV capability from the qemu.
>
> Reviewed-by: "Daniel P. Berrangé" <berrange@xxxxxxxxxx>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
> src/conf/domain_capabilities.h | 13 ++++
> src/qemu/qemu_capabilities.c | 38 +++++++++++
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_capspriv.h | 4 ++
> src/qemu/qemu_monitor.c | 9 +++
> src/qemu/qemu_monitor.h | 3 +
> src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++
> src/qemu/qemu_monitor_json.h | 3 +
> .../caps_2.12.0.x86_64.replies | 10 +++
> tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 3 +-
> 10 files changed, 156 insertions(+), 1 deletion(-)
>
I ran the changes through coverity as a last thing to do...
....
> +void
> +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
> + virSEVCapability *capabilities)
> +{
> + virSEVCapability *cap = qemuCaps->sevCapabilities;
> +
This hunk ...
> + if (cap) {
> + VIR_FREE(cap->pdh);
> + VIR_FREE(cap->cert_chain);
> + }
> +
> + VIR_FREE(qemuCaps->sevCapabilities);
... should be a virQEMUSevCapabilitiesFree() type function which can be
called from qemuMonitorJSONGetSEVCapabilities
where the function would :
if (!cap)
return;
VIR_FREE(cap->pdh);
VIR_FREE(cap->cert_chain);
VIR_FREE(capabilities);
and the callers would need to ensure to 'overwrite' sevCapabilities with
something new or NULL.
> +
> + qemuCaps->sevCapabilities = capabilities;
> +}
>
[...]
> diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
> index d80c4f1..e67f7b7 100644
> --- a/src/qemu/qemu_monitor_json.c
> +++ b/src/qemu/qemu_monitor_json.c
> @@ -6398,6 +6398,79 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
> return ret;
> }
>
> +int
> +qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
> + virSEVCapability **capabilities)
> +{
> + int ret = -1;
> + virJSONValuePtr cmd;
> + virJSONValuePtr reply = NULL;
> + virJSONValuePtr caps;
> + virSEVCapability *capability = NULL;
> + const char *pdh = NULL, *cert_chain = NULL;
> + int cbitpos, reduced_phys_bits;
> +
> + *capabilities = NULL;
> +
> + if (!(cmd = qemuMonitorJSONMakeCommand("query-sev-capabilities",
> + NULL)))
> + return -1;
> +
> + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
> + goto cleanup;
> +
> +
> + if (qemuMonitorJSONCheckError(cmd, reply) < 0)
> + goto cleanup;
> +
> + caps = virJSONValueObjectGetObject(reply, "return");
> +
> + if (virJSONValueObjectGetNumberInt(caps, "cbitpos", &cbitpos) < 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("'cbitpos' field is missing"));
> + goto cleanup;
> + }
> +
> + if (virJSONValueObjectGetNumberInt(caps, "reduced-phys-bits",
> + &reduced_phys_bits) < 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("'reduced-phys-bits' field is missing"));
> + goto cleanup;
> + }
> +
> + if (!(pdh = virJSONValueObjectGetString(caps, "pdh"))) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("'pdh' field is missing"));
> + goto cleanup;
> + }
> +
> + if (!(cert_chain = virJSONValueObjectGetString(caps, "cert-chain"))) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("'cert-chain' field is missing"));
> + goto cleanup;
> + }
> +
> + if (VIR_ALLOC(capability) < 0)
> + goto cleanup;
> +
> + if (VIR_STRDUP(capability->pdh, pdh) < 0)
> + goto cleanup;
> +
> + if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0)
> + goto cleanup;
> +
> + capability->cbitpos = cbitpos;
> + capability->reduced_phys_bits = reduced_phys_bits;
> + *capabilities = capability;
VIR_STEAL_PTR(*capabilities, capability);
> + ret = 0;
> +
> + cleanup:
virQEMUSevCapabilitiesFree(capability);
John
> + virJSONValueFree(cmd);
> + virJSONValueFree(reply);
> +
> + return ret;
> +}
> +
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
