On 10/9/20 11:13 AM, Erik Skultety wrote:
These XML attributes have been mandatory since the introduction of SEV
support to libvirt. This design decision was based on QEMU's
requirement for these to be mandatory for migration purposes, as
differences in these values across platforms must result in the
pre-migration checks failing (not that migration with SEV works at the
time of this patch).
This patch enables autofill of these attributes right before launching
QEMU and thus updating the live XML.
Signed-off-by: Erik Skultety <eskultet@xxxxxxxxxx>
---
src/conf/domain_conf.h | 2 ++
src/qemu/qemu_process.c | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 450686dfb5..344bb64081 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2490,7 +2490,9 @@ struct _virDomainSEVDef {
char *dh_cert;
char *session;
unsigned int policy;
+ bool haveCbitpos;
unsigned int cbitpos;
+ bool haveReducedPhysBits;
unsigned int reduced_phys_bits;
};
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 2cc1d58266..35af0d11cd 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6233,6 +6233,40 @@ qemuProcessPrepareAllowReboot(virDomainObjPtr vm)
}
+static int
+qemuProcessUpdateSEVInfo(virDomainObjPtr vm)
+{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+ virQEMUCapsPtr qemuCaps = priv->qemuCaps;
+ virDomainSEVDefPtr sev = vm->def->sev;
+ virSEVCapabilityPtr sevCaps = NULL;
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Domain %s asked for 'sev' launch but this "
+ "QEMU does not support SEV feature"), vm->def->name);
+ return -1;
+ }
+
I suggest to move this validation to qemu_validate.c, e.g.:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e651668d21..a8b319892b 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6241,13 +6241,6 @@ qemuProcessUpdateSEVInfo(virDomainObjPtr vm)
virDomainSEVDefPtr sev = vm->def->sev;
virSEVCapabilityPtr sevCaps = NULL;
- if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Domain %s asked for 'sev' launch but this "
- "QEMU does not support SEV feature"), vm->def->name);
- return -1;
- }
-
/* if platform specific info like 'cbitpos' and 'reducedPhysBits' have
* not been supplied, we need to autofill them from caps now as both are
* mandatory on QEMU cmdline
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index bc3043bb3f..964ff776fc 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1034,6 +1034,14 @@ qemuValidateDomainDef(const virDomainDef *def,
return -1;
}
+ if (def->sev &&
+ !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Domain %s asked for 'sev' launch but this "
+ "QEMU does not support SEV feature"), def->name);
+ return -1;
+ }
+
return 0;
}
Thanks,
DHB
+ /* if platform specific info like 'cbitpos' and 'reducedPhysBits' have
+ * not been supplied, we need to autofill them from caps now as both are
+ * mandatory on QEMU cmdline
+ */
+ sevCaps = virQEMUCapsGetSEVCapabilities(qemuCaps);
+ if (!sev->haveCbitpos) {
+ sev->cbitpos = sevCaps->cbitpos;
+ sev->haveCbitpos = true;
+ }
+
+ if (!sev->haveReducedPhysBits) {
+ sev->reduced_phys_bits = sevCaps->reduced_phys_bits;
+ sev->haveReducedPhysBits = true;
+ }
+
+ return 0;
+}
+
+
/**
* qemuProcessPrepareDomain:
* @driver: qemu driver
@@ -6361,6 +6395,12 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver,
for (i = 0; i < vm->def->nshmems; i++)
qemuDomainPrepareShmemChardev(vm->def->shmems[i]);
+ if (vm->def->sev) {
+ VIR_DEBUG("Updating SEV platform info");
+ if (qemuProcessUpdateSEVInfo(vm) < 0)
+ return -1;
+ }
+
return 0;
}
