[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v2 12/12] i386/sev: update query-sev QAPI format to handl
From: |
Markus Armbruster |
Subject: |
Re: [RFC PATCH v2 12/12] i386/sev: update query-sev QAPI format to handle SEV-SNP |
Date: |
Wed, 01 Sep 2021 16:14:10 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Michael Roth <michael.roth@amd.com> writes:
> Most of the current 'query-sev' command is relevant to both legacy
> SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions:
>
> - 'policy' is a 64-bit field for SEV-SNP, not 32-bit, and
> the meaning of the bit positions has changed
> - 'handle' is not relevant to SEV-SNP
>
> To address this, this patch adds a new 'sev-type' field that can be
> used as a discriminator to select between SEV and SEV-SNP-specific
> fields/formats without breaking compatibility for existing management
> tools (so long as management tools that add support for launching
> SEV-SNP guest update their handling of query-sev appropriately).
Technically a compatibility break: query-sev can now return an object
that whose member @policy has different meaning, and also lacks @handle.
Matrix:
Old mgmt app New mgmt app
Old QEMU, SEV/SEV-ES good good(1)
New QEMU, SEV/SEV-ES good(2) good
New QEMU, SEV-SNP bad(3) good
Notes:
(1) As long as the management application can cope with absent member
@sev-type.
(2) As long as the management application ignores unknown member
@sev-type.
(3) Management application may choke on missing member @handle, or
worse, misinterpret member @policy. Can only happen when something
other than the management application created the SEV-SNP guest (or the
user somehow made the management application create one even though it
doesn't know how, say with CLI option passthrough, but that's always
fragile, and I wouldn't worry about it here).
I think (1) and (2) are reasonable. (3) is an issue for management
applications that support attaching to existing guests. Thoughts?
>
> The corresponding HMP command has also been fixed up similarly.
>
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> ---
> qapi/misc-target.json | 71 +++++++++++++++++++++++++++++++++---------
> target/i386/monitor.c | 29 +++++++++++++----
> target/i386/sev.c | 22 +++++++------
> target/i386/sev_i386.h | 3 ++
> 4 files changed, 95 insertions(+), 30 deletions(-)
>
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 3b05ad3dbf..80f994ff9b 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -81,6 +81,49 @@
> 'send-update', 'receive-update' ],
> 'if': 'TARGET_I386' }
>
> +##
> +# @SevGuestType:
> +#
> +# An enumeration indicating the type of SEV guest being run.
> +#
> +# @sev: The guest is a legacy SEV or SEV-ES guest.
> +# @sev-snp: The guest is an SEV-SNP guest.
> +#
> +# Since: 6.2
> +##
> +{ 'enum': 'SevGuestType',
> + 'data': [ 'sev', 'sev-snp' ],
> + 'if': 'TARGET_I386' }
> +
> +##
> +# @SevGuestInfo:
> +#
> +# Information specific to legacy SEV/SEV-ES guests.
> +#
> +# @policy: SEV policy value
> +#
> +# @handle: SEV firmware handle
> +#
> +# Since: 2.12
> +##
> +{ 'struct': 'SevGuestInfo',
> + 'data': { 'policy': 'uint32',
> + 'handle': 'uint32' },
> + 'if': 'TARGET_I386' }
> +
> +##
> +# @SevSnpGuestInfo:
> +#
> +# Information specific to SEV-SNP guests.
> +#
> +# @policy: SEV-SNP policy value
> +#
> +# Since: 6.2
> +##
> +{ 'struct': 'SevSnpGuestInfo',
> + 'data': { 'policy': 'uint64' },
> + 'if': 'TARGET_I386' }
> +
> ##
> # @SevInfo:
> #
> @@ -94,25 +137,25 @@
> #
> # @build-id: SEV FW build id
> #
> -# @policy: SEV policy value
> -#
> # @state: SEV guest state
> #
> -# @handle: SEV firmware handle
> +# @sev-type: Type of SEV guest being run
> #
> # Since: 2.12
> ##
> -{ 'struct': 'SevInfo',
> - 'data': { 'enabled': 'bool',
> - 'api-major': 'uint8',
> - 'api-minor' : 'uint8',
> - 'build-id' : 'uint8',
> - 'policy' : 'uint32',
> - 'state' : 'SevState',
> - 'handle' : 'uint32'
> - },
> - 'if': 'TARGET_I386'
> -}
> +{ 'union': 'SevInfo',
> + 'base': { 'enabled': 'bool',
> + 'api-major': 'uint8',
> + 'api-minor' : 'uint8',
> + 'build-id' : 'uint8',
> + 'state' : 'SevState',
> + 'sev-type' : 'SevGuestType' },
> + 'discriminator': 'sev-type',
> + 'data': {
> + 'sev': 'SevGuestInfo',
> + 'sev-snp': 'SevSnpGuestInfo' },
> + 'if': 'TARGET_I386' }
> +
>
> ##
> # @query-sev:
[...]