Re: [PATCH v5 01/10] qemu: provide support to query the SEV capability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 04/02/2018 10:18 AM, Brijesh Singh wrote:
> QEMU version >= 2.12 provides support for launching an encrypted VMs on
> AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
> This patch adds support to query the SEV capability from the qemu.
> 
> Reviewed-by: "Daniel P. Berrangé" <berrange@xxxxxxxxxx>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
>  src/conf/domain_capabilities.h                     | 13 ++++
>  src/qemu/qemu_capabilities.c                       | 38 +++++++++++
>  src/qemu/qemu_capabilities.h                       |  1 +
>  src/qemu/qemu_capspriv.h                           |  4 ++
>  src/qemu/qemu_monitor.c                            |  9 +++
>  src/qemu/qemu_monitor.h                            |  3 +
>  src/qemu/qemu_monitor_json.c                       | 73 ++++++++++++++++++++++
>  src/qemu/qemu_monitor_json.h                       |  3 +
>  .../caps_2.12.0.x86_64.replies                     | 10 +++
>  tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml  |  3 +-
>  10 files changed, 156 insertions(+), 1 deletion(-)
> 

I ran the changes through coverity as a last thing to do...


....

> +void
> +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
> +                              virSEVCapability *capabilities)
> +{
> +    virSEVCapability *cap = qemuCaps->sevCapabilities;
> +

This hunk ...

> +    if (cap) {
> +        VIR_FREE(cap->pdh);
> +        VIR_FREE(cap->cert_chain);
> +    }
> +
> +    VIR_FREE(qemuCaps->sevCapabilities);


... should be a virQEMUSevCapabilitiesFree() type function which can be
called from qemuMonitorJSONGetSEVCapabilities

where the function would :

    if (!cap)
        return;

    VIR_FREE(cap->pdh);
    VIR_FREE(cap->cert_chain);
    VIR_FREE(capabilities);

and the callers would need to ensure to 'overwrite' sevCapabilities with
something new or NULL.

> +
> +    qemuCaps->sevCapabilities = capabilities;
> +}
>  

[...]

> diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
> index d80c4f1..e67f7b7 100644
> --- a/src/qemu/qemu_monitor_json.c
> +++ b/src/qemu/qemu_monitor_json.c
> @@ -6398,6 +6398,79 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
>      return ret;
>  }
>  
> +int
> +qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
> +                                  virSEVCapability **capabilities)
> +{
> +    int ret = -1;
> +    virJSONValuePtr cmd;
> +    virJSONValuePtr reply = NULL;
> +    virJSONValuePtr caps;
> +    virSEVCapability *capability = NULL;
> +    const char *pdh = NULL, *cert_chain = NULL;
> +    int cbitpos, reduced_phys_bits;
> +
> +    *capabilities = NULL;
> +
> +    if (!(cmd = qemuMonitorJSONMakeCommand("query-sev-capabilities",
> +                                           NULL)))
> +        return -1;
> +
> +    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
> +        goto cleanup;
> +
> +
> +    if (qemuMonitorJSONCheckError(cmd, reply) < 0)
> +        goto cleanup;
> +
> +    caps = virJSONValueObjectGetObject(reply, "return");
> +
> +    if (virJSONValueObjectGetNumberInt(caps, "cbitpos", &cbitpos) < 0) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("'cbitpos' field is missing"));
> +        goto cleanup;
> +    }
> +
> +    if (virJSONValueObjectGetNumberInt(caps, "reduced-phys-bits",
> +                                       &reduced_phys_bits) < 0) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("'reduced-phys-bits' field is missing"));
> +        goto cleanup;
> +    }
> +
> +    if (!(pdh = virJSONValueObjectGetString(caps, "pdh"))) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("'pdh' field is missing"));
> +        goto cleanup;
> +    }
> +
> +    if (!(cert_chain = virJSONValueObjectGetString(caps, "cert-chain"))) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("'cert-chain' field is missing"));
> +        goto cleanup;
> +    }
> +
> +    if (VIR_ALLOC(capability) < 0)
> +        goto cleanup;
> +
> +    if (VIR_STRDUP(capability->pdh, pdh) < 0)
> +        goto cleanup;
> +
> +    if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0)
> +        goto cleanup;
> +
> +    capability->cbitpos = cbitpos;
> +    capability->reduced_phys_bits = reduced_phys_bits;
> +    *capabilities = capability;

VIR_STEAL_PTR(*capabilities, capability);

> +    ret = 0;
> +
> + cleanup:

    virQEMUSevCapabilitiesFree(capability);

John

> +    virJSONValueFree(cmd);
> +    virJSONValueFree(reply);
> +
> +    return ret;
> +}
> +

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux