[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL 01/53] qapi, target/i386/sev: Add cpu0-id to query-sev-capabil
|
From: |
Dov Murik |
|
Subject: |
Re: [PULL 01/53] qapi, target/i386/sev: Add cpu0-id to query-sev-capabilities |
|
Date: |
Wed, 20 Apr 2022 22:06:56 +0300 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 |
On 19/04/2022 10:16, Dov Murik wrote:
> Thanks Paolo.
>
> On 19/04/2022 8:50, Paolo Bonzini wrote:
>> From: Dov Murik <dovmurik@linux.ibm.com>
>>
>> Add a new field 'cpu0-id' to the response of query-sev-capabilities QMP
>> command. The value of the field is the base64-encoded unique ID of CPU0
>> (socket 0), which can be used to retrieve the signed CEK of the CPU from
>> AMD's Key Distribution Service (KDS).
>>
>> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
>>
>> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
>> Message-Id: <20220228093014.882288-1-dovmurik@linux.ibm.com>
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>> qapi/misc-target.json | 4 ++++
>> target/i386/sev.c | 42 +++++++++++++++++++++++++++++++++++++++++-
>> 2 files changed, 45 insertions(+), 1 deletion(-)
>>
>> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
>> index 036c5e4a91..bc9355b595 100644
>> --- a/qapi/misc-target.json
>> +++ b/qapi/misc-target.json
>> @@ -144,6 +144,8 @@
>> #
>> # @cert-chain: PDH certificate chain (base64 encoded)
>> #
>> +# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.0)
>> +#
>
> Should this be changed to "since 7.1" ?
>
> Paolo, can you modify the patch in your tree, or should I submit a new
> version?
I see the original is already merged to master, so I sent another fix-up patch:
Subject: [PATCH] qapi: Fix version of cpu0-id field
Message-ID: 20220420190129.3532623-1-dovmurik@linux.ibm.com
-Dov
>
> -Dov
>
>> # @cbitpos: C-bit location in page table entry
>> #
>> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
>> @@ -154,6 +156,7 @@
>> { 'struct': 'SevCapability',
>> 'data': { 'pdh': 'str',
>> 'cert-chain': 'str',
>> + 'cpu0-id': 'str',
>> 'cbitpos': 'int',
>> 'reduced-phys-bits': 'int'},
>> 'if': 'TARGET_I386' }
>> @@ -172,6 +175,7 @@
>> #
>> # -> { "execute": "query-sev-capabilities" }
>> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
>> +# "cpu0-id": "2lvmGwo+...61iEinw==",
>> # "cbitpos": 47, "reduced-phys-bits": 5}}
>> #
>> ##
>> diff --git a/target/i386/sev.c b/target/i386/sev.c
>> index 025ff7a6f8..32f7dbac4e 100644
>> --- a/target/i386/sev.c
>> +++ b/target/i386/sev.c
>> @@ -531,12 +531,46 @@ e_free:
>> return 1;
>> }
>>
>> +static int sev_get_cpu0_id(int fd, guchar **id, size_t *id_len, Error
>> **errp)
>> +{
>> + guchar *id_data;
>> + struct sev_user_data_get_id2 get_id2 = {};
>> + int err, r;
>> +
>> + /* query the ID length */
>> + r = sev_platform_ioctl(fd, SEV_GET_ID2, &get_id2, &err);
>> + if (r < 0 && err != SEV_RET_INVALID_LEN) {
>> + error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)",
>> + r, err, fw_error_to_str(err));
>> + return 1;
>> + }
>> +
>> + id_data = g_new(guchar, get_id2.length);
>> + get_id2.address = (unsigned long)id_data;
>> +
>> + r = sev_platform_ioctl(fd, SEV_GET_ID2, &get_id2, &err);
>> + if (r < 0) {
>> + error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)",
>> + r, err, fw_error_to_str(err));
>> + goto err;
>> + }
>> +
>> + *id = id_data;
>> + *id_len = get_id2.length;
>> + return 0;
>> +
>> +err:
>> + g_free(id_data);
>> + return 1;
>> +}
>> +
>> static SevCapability *sev_get_capabilities(Error **errp)
>> {
>> SevCapability *cap = NULL;
>> guchar *pdh_data = NULL;
>> guchar *cert_chain_data = NULL;
>> - size_t pdh_len = 0, cert_chain_len = 0;
>> + guchar *cpu0_id_data = NULL;
>> + size_t pdh_len = 0, cert_chain_len = 0, cpu0_id_len = 0;
>> uint32_t ebx;
>> int fd;
>>
>> @@ -561,9 +595,14 @@ static SevCapability *sev_get_capabilities(Error **errp)
>> goto out;
>> }
>>
>> + if (sev_get_cpu0_id(fd, &cpu0_id_data, &cpu0_id_len, errp)) {
>> + goto out;
>> + }
>> +
>> cap = g_new0(SevCapability, 1);
>> cap->pdh = g_base64_encode(pdh_data, pdh_len);
>> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
>> + cap->cpu0_id = g_base64_encode(cpu0_id_data, cpu0_id_len);
>>
>> host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
>> cap->cbitpos = ebx & 0x3f;
>> @@ -575,6 +614,7 @@ static SevCapability *sev_get_capabilities(Error **errp)
>> cap->reduced_phys_bits = 1;
>>
>> out:
>> + g_free(cpu0_id_data);
>> g_free(pdh_data);
>> g_free(cert_chain_data);
>> close(fd);
- [PULL for-7.1 00/53] Misc pull request for QEMU 7.1, Paolo Bonzini, 2022/04/19
- [PULL 08/53] meson: remove unneeded py3, Paolo Bonzini, 2022/04/19
- [PULL 01/53] qapi, target/i386/sev: Add cpu0-id to query-sev-capabilities, Paolo Bonzini, 2022/04/19
- [PULL 11/53] Replace config-time define HOST_WORDS_BIGENDIAN, Paolo Bonzini, 2022/04/19
- [PULL 20/53] error-report: use error_printf() for program prefix, Paolo Bonzini, 2022/04/19
- [PULL 23/53] include: move qemu_pipe() to osdep.h, Paolo Bonzini, 2022/04/19
- [PULL 06/53] meson: use chardev_ss dependencies, Paolo Bonzini, 2022/04/19
- [PULL 07/53] meson: add util dependency for oslib-posix on freebsd, Paolo Bonzini, 2022/04/19
- [PULL 16/53] Replace qemu_real_host_page variables with inlined functions, Paolo Bonzini, 2022/04/19
- [PULL 14/53] include/qapi: add g_autoptr support for qobject types, Paolo Bonzini, 2022/04/19
- [PULL 19/53] util: rename qemu-error.c to match its header name, Paolo Bonzini, 2022/04/19
- [PULL 21/53] include: move TFR to osdep.h, Paolo Bonzini, 2022/04/19
- [PULL 24/53] include: move coroutine IO functions to coroutine.h, Paolo Bonzini, 2022/04/19