There are limits on the number of SEV/SEV-ES guests that can be run on machines, which may be influenced by firmware settings. This is important to expose to users. Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- docs/formatdomaincaps.html.in | 6 ++++++ docs/schemas/domaincaps.rng | 6 ++++++ src/conf/domain_capabilities.c | 4 ++++ src/conf/domain_capabilities.h | 2 ++ tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 2 ++ tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 2 ++ tests/domaincapsdata/qemu_2.12.0.x86_64.xml | 2 ++ tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 2 ++ tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 2 ++ tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 2 ++ 10 files changed, 30 insertions(+) diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in index 915ece8e3e..35b8bf3def 100644 --- a/docs/formatdomaincaps.html.in +++ b/docs/formatdomaincaps.html.in @@ -681,6 +681,12 @@ <dt><code>reducedPhysBits</code></dt> <dd>When memory encryption is enabled, we lose certain bits in physical address space. The number of bits we lose is hypervisor dependent.</dd> + <dt><code>maxGuests</code></dt> + <dd>The maximum number of SEV guests that can be launched on the host. + This value may be configurable in the firmware for some hosts.</dd> + <dt><code>maxESGuests</code></dt> + <dd>The maximum number of SEV-ES guests that can be launched on the host. + This value may be configurable in the firmware for some hosts.</dd> </dl> </body> diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng index 1b6122507f..b40ee0f35a 100644 --- a/docs/schemas/domaincaps.rng +++ b/docs/schemas/domaincaps.rng @@ -323,6 +323,12 @@ <element name="reducedPhysBits"> <data type="unsignedInt"/> </element> + <element name="maxGuests"> + <data type="unsignedInt"/> + </element> + <element name="maxESGuests"> + <data type="unsignedInt"/> + </element> </optional> </element> </define> diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index fef1326190..c394a7a390 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -597,6 +597,10 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf, virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos); virBufferAsprintf(buf, "<reducedPhysBits>%d</reducedPhysBits>\n", sev->reduced_phys_bits); + virBufferAsprintf(buf, "<maxGuests>%d</maxGuests>\n", + sev->max_guests); + virBufferAsprintf(buf, "<maxESGuests>%d</maxESGuests>\n", + sev->max_es_guests); virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "</sev>\n"); } diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 2fcad87fd8..1d2f4ac7a5 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -187,6 +187,8 @@ struct _virSEVCapability { char *cert_chain; unsigned int cbitpos; unsigned int reduced_phys_bits; + unsigned int max_guests; + unsigned int max_es_guests; }; typedef enum { diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml index 9f41dfaf2b..26816ff066 100644 --- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml @@ -205,6 +205,8 @@ <sev supported='yes'> <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> + <maxGuests>0</maxGuests> + <maxESGuests>0</maxESGuests> </sev> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml index d5f9d8ebe3..5840a8b921 100644 --- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml @@ -215,6 +215,8 @@ <sev supported='yes'> <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> + <maxGuests>0</maxGuests> + <maxESGuests>0</maxESGuests> </sev> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml index dc2c3ec4dd..21d1b6946e 100644 --- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml @@ -205,6 +205,8 @@ <sev supported='yes'> <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> + <maxGuests>0</maxGuests> + <maxESGuests>0</maxESGuests> </sev> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml index 90acb29775..3415d44019 100644 --- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml @@ -227,6 +227,8 @@ <sev supported='yes'> <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> + <maxGuests>0</maxGuests> + <maxESGuests>0</maxESGuests> </sev> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml index 768cba5a41..f58be3af6c 100644 --- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml @@ -233,6 +233,8 @@ <sev supported='yes'> <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> + <maxGuests>0</maxGuests> + <maxESGuests>0</maxESGuests> </sev> </features> </domainCapabilities> diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml index 7a95c530f9..0a2615c519 100644 --- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml @@ -227,6 +227,8 @@ <sev supported='yes'> <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> + <maxGuests>0</maxGuests> + <maxESGuests>0</maxESGuests> </sev> </features> </domainCapabilities> -- 2.33.1