Re: [PATCH v8 02/11] conf: expose SEV feature in domain capabilities

Erik Skultety <eskultet@xxxxxxxxxx> · Thu, 7 Jun 2018 18:14:17 +0200

On Wed, Jun 06, 2018 at 12:50:08PM -0500, Brijesh Singh wrote:
> Extend hypervisor capabilities to include sev feature. When available,
> hypervisor supports launching an encrypted VM on AMD platform. The
> sev feature tag provides additional details like Platform Diffie-Hellman
> (PDH) key and certificate chain which can be used by the guest owner to
> establish a cryptographic session with the SEV firmware to negotiate
> keys used for attestation or to provide secret during launch.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
>  docs/formatdomaincaps.html.in  | 30 ++++++++++++++++++++++++++
>  docs/schemas/domaincaps.rng    | 14 ++++++++++++
>  src/conf/domain_capabilities.c | 19 ++++++++++++++++-
>  src/conf/domain_capabilities.h |  1 +
>  src/qemu/qemu_capabilities.c   | 48 +++++++++++++++++++++++++++++++++++++++++-
>  5 files changed, 110 insertions(+), 2 deletions(-)

With the diff below squashed in:
Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>

diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 54b0878b78..ec469bfb9a 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -614,6 +614,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps)
     virDomainCapsFeatureGICFormat(&buf, &caps->gic);
     virBufferAsprintf(&buf, "<vmcoreinfo supported='%s'/>\n",
                       caps->vmcoreinfo ? "yes" : "no");
+
     virBufferAsprintf(&buf, "<genid supported='%s'/>\n",
                       caps->genid ? "yes" : "no");
     virDomainCapsFeatureSEVFormat(&buf, caps->sev);
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 503ed975eb..44ce12c7b9 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -5165,7 +5165,7 @@ virQEMUCapsFillDomainFeatureGICCaps(virQEMUCapsPtr qemuCaps,
  * using the 'query-sev-capabilities' QMP command and stored in @qemuCaps
  * and convert it to a form suitable for @domCaps.
  *
- * Returns: 0 on success, <0 on failure
+ * Returns: 0 on success, -1 on failure
  */
 static int
 virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps,
@@ -5173,6 +5173,7 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps,
 {
     virSEVCapability *sev;
     virSEVCapability *cap = qemuCaps->sevCapabilities;
+    int ret = -1;

     if (!cap)
         return 0;
@@ -5181,22 +5182,19 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps,
         return -1;

     if (VIR_STRDUP(sev->pdh, cap->pdh) < 0)
-        goto out;
+        goto cleanup;

     if (VIR_STRDUP(sev->cert_chain, cap->cert_chain) < 0)
-        goto out;
+        goto cleanup;

     sev->cbitpos = cap->cbitpos;
     sev->reduced_phys_bits = cap->reduced_phys_bits;
-    domCaps->sev = sev;
+    VIR_STEAL_PTR(domCaps->sev, sev);

-    return 0;
-
- out:
-    VIR_FREE(sev->cert_chain);
-    VIR_FREE(sev->pdh);
-    VIR_FREE(sev);
-    return -1;
+    ret = 0;
+ cleanup:
+    virSEVCapabilitiesFree(sev);
+    return ret;
 }


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






