| Message ID | 20190411235456.12918-1-brijesh.singh@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] target/i386: sev: add 'sev-max-guests' field to 'query-sev-capabilities' | expand |
On 04/12/19 01:55, Singh, Brijesh wrote: > There are limited numbers of the SEV guests that can be run concurrently. > A management applications may need to know this limit so that it can place > SEV VMs on hosts which have suitable resources available. > > Currently, this limit is not exposed to the application. Add a new > 'sev-max-guest' field in the query-sev-capabilities to provide this > information. > > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Eric Blake <eblake@redhat.com> > Cc: Daniel P. Berrangé <berrange@redhat.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Erik Skultety <eskultet@redhat.com> > Cc: Tom Lendacky <Thomas.Lendacky@amd.com> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- > > changes since v1: > - document the new field and add (since 4.1) annotation. > > qapi/target.json | 9 +++++++-- > target/i386/sev.c | 9 +++++++-- > 2 files changed, 14 insertions(+), 4 deletions(-) > > diff --git a/qapi/target.json b/qapi/target.json > index 1d4d54b600..8cd4fc7919 100644 > --- a/qapi/target.json > +++ b/qapi/target.json > @@ -177,13 +177,17 @@ > # @reduced-phys-bits: Number of physical Address bit reduction when SEV is > # enabled > # > +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES disabled > +# (since 4.1) > +# > # Since: 2.12 > ## > { 'struct': 'SevCapability', > 'data': { 'pdh': 'str', > 'cert-chain': 'str', > 'cbitpos': 'int', > - 'reduced-phys-bits': 'int'}, > + 'reduced-phys-bits': 'int', > + 'sev-max-guests': 'int'}, > 'if': 'defined(TARGET_I386)' } > > ## > @@ -200,7 +204,8 @@ > # > # -> { "execute": "query-sev-capabilities" } > # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", > -# "cbitpos": 47, "reduced-phys-bits": 5}} > +# "cbitpos": 47, "reduced-phys-bits": 5, > +# "sev-max-guests" : 15}} There seems to be a superfluous space character before the colon, but I don't think it matters much. > # > ## > { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', > diff --git a/target/i386/sev.c b/target/i386/sev.c > index cd77f6b5d4..6829586fbe 100644 > --- a/target/i386/sev.c > +++ b/target/i386/sev.c > @@ -488,7 +488,7 @@ sev_get_capabilities(void) > guchar *pdh_data = NULL; > guchar *cert_chain_data = NULL; > size_t pdh_len = 0, cert_chain_len = 0; > - uint32_t ebx; > + uint32_t ebx, ecx, edx; > int fd; > > fd = open(DEFAULT_SEV_DEVICE, O_RDWR); > @@ -507,7 +507,7 @@ sev_get_capabilities(void) > cap->pdh = g_base64_encode(pdh_data, pdh_len); > cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); > > - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); > + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx); > cap->cbitpos = ebx & 0x3f; > > /* > @@ -516,6 +516,11 @@ sev_get_capabilities(void) > */ > cap->reduced_phys_bits = 1; > > + /* > + * The maximum number of SEV guests with SEV-ES disabled that can run > + * simultaneously. > + */ > + cap->sev_max_guests = ecx - edx + 1; > out: > g_free(pdh_data); > g_free(cert_chain_data); > Reviewed-by: Laszlo Ersek <lersek@redhat.com> Thanks! Laszlo
On 12/04/19 09:58, Laszlo Ersek wrote: > On 04/12/19 01:55, Singh, Brijesh wrote: >> There are limited numbers of the SEV guests that can be run concurrently. >> A management applications may need to know this limit so that it can place >> SEV VMs on hosts which have suitable resources available. >> >> Currently, this limit is not exposed to the application. Add a new >> 'sev-max-guest' field in the query-sev-capabilities to provide this >> information. >> >> Cc: Paolo Bonzini <pbonzini@redhat.com> >> Cc: Markus Armbruster <armbru@redhat.com> >> Cc: Eric Blake <eblake@redhat.com> >> Cc: Daniel P. Berrangé <berrange@redhat.com> >> Cc: Laszlo Ersek <lersek@redhat.com> >> Cc: Erik Skultety <eskultet@redhat.com> >> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >> --- >> >> changes since v1: >> - document the new field and add (since 4.1) annotation. >> >> qapi/target.json | 9 +++++++-- >> target/i386/sev.c | 9 +++++++-- >> 2 files changed, 14 insertions(+), 4 deletions(-) >> >> diff --git a/qapi/target.json b/qapi/target.json >> index 1d4d54b600..8cd4fc7919 100644 >> --- a/qapi/target.json >> +++ b/qapi/target.json >> @@ -177,13 +177,17 @@ >> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is >> # enabled >> # >> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES disabled >> +# (since 4.1) >> +# >> # Since: 2.12 >> ## >> { 'struct': 'SevCapability', >> 'data': { 'pdh': 'str', >> 'cert-chain': 'str', >> 'cbitpos': 'int', >> - 'reduced-phys-bits': 'int'}, >> + 'reduced-phys-bits': 'int', >> + 'sev-max-guests': 'int'}, >> 'if': 'defined(TARGET_I386)' } >> >> ## >> @@ -200,7 +204,8 @@ >> # >> # -> { "execute": "query-sev-capabilities" } >> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", >> -# "cbitpos": 47, "reduced-phys-bits": 5}} >> +# "cbitpos": 47, "reduced-phys-bits": 5, >> +# "sev-max-guests" : 15}} > > There seems to be a superfluous space character before the colon, but I > don't think it matters much. > >> # >> ## >> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', >> diff --git a/target/i386/sev.c b/target/i386/sev.c >> index cd77f6b5d4..6829586fbe 100644 >> --- a/target/i386/sev.c >> +++ b/target/i386/sev.c >> @@ -488,7 +488,7 @@ sev_get_capabilities(void) >> guchar *pdh_data = NULL; >> guchar *cert_chain_data = NULL; >> size_t pdh_len = 0, cert_chain_len = 0; >> - uint32_t ebx; >> + uint32_t ebx, ecx, edx; >> int fd; >> >> fd = open(DEFAULT_SEV_DEVICE, O_RDWR); >> @@ -507,7 +507,7 @@ sev_get_capabilities(void) >> cap->pdh = g_base64_encode(pdh_data, pdh_len); >> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); >> >> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); >> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx); >> cap->cbitpos = ebx & 0x3f; >> >> /* >> @@ -516,6 +516,11 @@ sev_get_capabilities(void) >> */ >> cap->reduced_phys_bits = 1; >> >> + /* >> + * The maximum number of SEV guests with SEV-ES disabled that can run >> + * simultaneously. >> + */ >> + cap->sev_max_guests = ecx - edx + 1; >> out: >> g_free(pdh_data); >> g_free(cert_chain_data); >> > > Reviewed-by: Laszlo Ersek <lersek@redhat.com> As mentioned in v1, I don't think a management application should need to run QEMU in order to figure this out. Paolo
On Fri, Apr 12, 2019 at 10:05:23AM +0200, Paolo Bonzini wrote: > On 12/04/19 09:58, Laszlo Ersek wrote: > > On 04/12/19 01:55, Singh, Brijesh wrote: > >> There are limited numbers of the SEV guests that can be run concurrently. > >> A management applications may need to know this limit so that it can place > >> SEV VMs on hosts which have suitable resources available. > >> > >> Currently, this limit is not exposed to the application. Add a new > >> 'sev-max-guest' field in the query-sev-capabilities to provide this > >> information. > >> > >> Cc: Paolo Bonzini <pbonzini@redhat.com> > >> Cc: Markus Armbruster <armbru@redhat.com> > >> Cc: Eric Blake <eblake@redhat.com> > >> Cc: Daniel P. Berrangé <berrange@redhat.com> > >> Cc: Laszlo Ersek <lersek@redhat.com> > >> Cc: Erik Skultety <eskultet@redhat.com> > >> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> > >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > >> --- > >> > >> changes since v1: > >> - document the new field and add (since 4.1) annotation. > >> > >> qapi/target.json | 9 +++++++-- > >> target/i386/sev.c | 9 +++++++-- > >> 2 files changed, 14 insertions(+), 4 deletions(-) > >> > >> diff --git a/qapi/target.json b/qapi/target.json > >> index 1d4d54b600..8cd4fc7919 100644 > >> --- a/qapi/target.json > >> +++ b/qapi/target.json > >> @@ -177,13 +177,17 @@ > >> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is > >> # enabled > >> # > >> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES disabled > >> +# (since 4.1) > >> +# > >> # Since: 2.12 > >> ## > >> { 'struct': 'SevCapability', > >> 'data': { 'pdh': 'str', > >> 'cert-chain': 'str', > >> 'cbitpos': 'int', > >> - 'reduced-phys-bits': 'int'}, > >> + 'reduced-phys-bits': 'int', > >> + 'sev-max-guests': 'int'}, > >> 'if': 'defined(TARGET_I386)' } > >> > >> ## > >> @@ -200,7 +204,8 @@ > >> # > >> # -> { "execute": "query-sev-capabilities" } > >> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", > >> -# "cbitpos": 47, "reduced-phys-bits": 5}} > >> +# "cbitpos": 47, "reduced-phys-bits": 5, > >> +# "sev-max-guests" : 15}} > > > > There seems to be a superfluous space character before the colon, but I > > don't think it matters much. > > > >> # > >> ## > >> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', > >> diff --git a/target/i386/sev.c b/target/i386/sev.c > >> index cd77f6b5d4..6829586fbe 100644 > >> --- a/target/i386/sev.c > >> +++ b/target/i386/sev.c > >> @@ -488,7 +488,7 @@ sev_get_capabilities(void) > >> guchar *pdh_data = NULL; > >> guchar *cert_chain_data = NULL; > >> size_t pdh_len = 0, cert_chain_len = 0; > >> - uint32_t ebx; > >> + uint32_t ebx, ecx, edx; > >> int fd; > >> > >> fd = open(DEFAULT_SEV_DEVICE, O_RDWR); > >> @@ -507,7 +507,7 @@ sev_get_capabilities(void) > >> cap->pdh = g_base64_encode(pdh_data, pdh_len); > >> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); > >> > >> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); > >> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx); > >> cap->cbitpos = ebx & 0x3f; > >> > >> /* > >> @@ -516,6 +516,11 @@ sev_get_capabilities(void) > >> */ > >> cap->reduced_phys_bits = 1; > >> > >> + /* > >> + * The maximum number of SEV guests with SEV-ES disabled that can run > >> + * simultaneously. > >> + */ > >> + cap->sev_max_guests = ecx - edx + 1; > >> out: > >> g_free(pdh_data); > >> g_free(cert_chain_data); > >> > > > > Reviewed-by: Laszlo Ersek <lersek@redhat.com> > > As mentioned in v1, I don't think a management application should need > to run QEMU in order to figure this out. Libvirt is already running this query-sev-capabilities command to find out information about SEV support, so from our POV this is the natural place to report the max limits. Regards, Daniel
On Thu, Apr 11, 2019 at 11:55:15PM +0000, Singh, Brijesh wrote: > There are limited numbers of the SEV guests that can be run concurrently. > A management applications may need to know this limit so that it can place > SEV VMs on hosts which have suitable resources available. > > Currently, this limit is not exposed to the application. Add a new > 'sev-max-guest' field in the query-sev-capabilities to provide this > information. > > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Eric Blake <eblake@redhat.com> > Cc: Daniel P. Berrangé <berrange@redhat.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Erik Skultety <eskultet@redhat.com> > Cc: Tom Lendacky <Thomas.Lendacky@amd.com> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel
On Thu, Apr 11, 2019 at 11:55:15PM +0000, Singh, Brijesh wrote: > There are limited numbers of the SEV guests that can be run concurrently. > A management applications may need to know this limit so that it can place > SEV VMs on hosts which have suitable resources available. > > Currently, this limit is not exposed to the application. Add a new > 'sev-max-guest' field in the query-sev-capabilities to provide this > information. > > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Eric Blake <eblake@redhat.com> > Cc: Daniel P. Berrangé <berrange@redhat.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Erik Skultety <eskultet@redhat.com> > Cc: Tom Lendacky <Thomas.Lendacky@amd.com> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- > > changes since v1: > - document the new field and add (since 4.1) annotation. > > qapi/target.json | 9 +++++++-- > target/i386/sev.c | 9 +++++++-- > 2 files changed, 14 insertions(+), 4 deletions(-) > > diff --git a/qapi/target.json b/qapi/target.json > index 1d4d54b600..8cd4fc7919 100644 > --- a/qapi/target.json > +++ b/qapi/target.json > @@ -177,13 +177,17 @@ > # @reduced-phys-bits: Number of physical Address bit reduction when SEV is > # enabled > # > +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES disabled > +# (since 4.1) > +# > # Since: 2.12 > ## > { 'struct': 'SevCapability', > 'data': { 'pdh': 'str', > 'cert-chain': 'str', > 'cbitpos': 'int', > - 'reduced-phys-bits': 'int'}, > + 'reduced-phys-bits': 'int', > + 'sev-max-guests': 'int'}, > 'if': 'defined(TARGET_I386)' } > > ## > @@ -200,7 +204,8 @@ > # > # -> { "execute": "query-sev-capabilities" } > # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", > -# "cbitpos": 47, "reduced-phys-bits": 5}} > +# "cbitpos": 47, "reduced-phys-bits": 5, > +# "sev-max-guests" : 15}} > # > ## > { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', > diff --git a/target/i386/sev.c b/target/i386/sev.c > index cd77f6b5d4..6829586fbe 100644 > --- a/target/i386/sev.c > +++ b/target/i386/sev.c > @@ -488,7 +488,7 @@ sev_get_capabilities(void) > guchar *pdh_data = NULL; > guchar *cert_chain_data = NULL; > size_t pdh_len = 0, cert_chain_len = 0; > - uint32_t ebx; > + uint32_t ebx, ecx, edx; > int fd; > > fd = open(DEFAULT_SEV_DEVICE, O_RDWR); > @@ -507,7 +507,7 @@ sev_get_capabilities(void) > cap->pdh = g_base64_encode(pdh_data, pdh_len); > cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); > > - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); > + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx); > cap->cbitpos = ebx & 0x3f; > > /* > @@ -516,6 +516,11 @@ sev_get_capabilities(void) > */ > cap->reduced_phys_bits = 1; > > + /* > + * The maximum number of SEV guests with SEV-ES disabled that can run > + * simultaneously. > + */ > + cap->sev_max_guests = ecx - edx + 1; I'm not that familiar with QEMU code, so I guess ^this works as intended, but to the idea (and per my comment in v1): Reviewed-by: Erik Skultety <eskultet@redhat.com>
On 04/12/19 10:05, Paolo Bonzini wrote: > On 12/04/19 09:58, Laszlo Ersek wrote: >> On 04/12/19 01:55, Singh, Brijesh wrote: >>> There are limited numbers of the SEV guests that can be run concurrently. >>> A management applications may need to know this limit so that it can place >>> SEV VMs on hosts which have suitable resources available. >>> >>> Currently, this limit is not exposed to the application. Add a new >>> 'sev-max-guest' field in the query-sev-capabilities to provide this >>> information. >>> >>> Cc: Paolo Bonzini <pbonzini@redhat.com> >>> Cc: Markus Armbruster <armbru@redhat.com> >>> Cc: Eric Blake <eblake@redhat.com> >>> Cc: Daniel P. Berrangé <berrange@redhat.com> >>> Cc: Laszlo Ersek <lersek@redhat.com> >>> Cc: Erik Skultety <eskultet@redhat.com> >>> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> >>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >>> --- >>> >>> changes since v1: >>> - document the new field and add (since 4.1) annotation. >>> >>> qapi/target.json | 9 +++++++-- >>> target/i386/sev.c | 9 +++++++-- >>> 2 files changed, 14 insertions(+), 4 deletions(-) >>> >>> diff --git a/qapi/target.json b/qapi/target.json >>> index 1d4d54b600..8cd4fc7919 100644 >>> --- a/qapi/target.json >>> +++ b/qapi/target.json >>> @@ -177,13 +177,17 @@ >>> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is >>> # enabled >>> # >>> +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES disabled >>> +# (since 4.1) >>> +# >>> # Since: 2.12 >>> ## >>> { 'struct': 'SevCapability', >>> 'data': { 'pdh': 'str', >>> 'cert-chain': 'str', >>> 'cbitpos': 'int', >>> - 'reduced-phys-bits': 'int'}, >>> + 'reduced-phys-bits': 'int', >>> + 'sev-max-guests': 'int'}, >>> 'if': 'defined(TARGET_I386)' } >>> >>> ## >>> @@ -200,7 +204,8 @@ >>> # >>> # -> { "execute": "query-sev-capabilities" } >>> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", >>> -# "cbitpos": 47, "reduced-phys-bits": 5}} >>> +# "cbitpos": 47, "reduced-phys-bits": 5, >>> +# "sev-max-guests" : 15}} >> >> There seems to be a superfluous space character before the colon, but I >> don't think it matters much. >> >>> # >>> ## >>> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', >>> diff --git a/target/i386/sev.c b/target/i386/sev.c >>> index cd77f6b5d4..6829586fbe 100644 >>> --- a/target/i386/sev.c >>> +++ b/target/i386/sev.c >>> @@ -488,7 +488,7 @@ sev_get_capabilities(void) >>> guchar *pdh_data = NULL; >>> guchar *cert_chain_data = NULL; >>> size_t pdh_len = 0, cert_chain_len = 0; >>> - uint32_t ebx; >>> + uint32_t ebx, ecx, edx; >>> int fd; >>> >>> fd = open(DEFAULT_SEV_DEVICE, O_RDWR); >>> @@ -507,7 +507,7 @@ sev_get_capabilities(void) >>> cap->pdh = g_base64_encode(pdh_data, pdh_len); >>> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); >>> >>> - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); >>> + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx); >>> cap->cbitpos = ebx & 0x3f; >>> >>> /* >>> @@ -516,6 +516,11 @@ sev_get_capabilities(void) >>> */ >>> cap->reduced_phys_bits = 1; >>> >>> + /* >>> + * The maximum number of SEV guests with SEV-ES disabled that can run >>> + * simultaneously. >>> + */ >>> + cap->sev_max_guests = ecx - edx + 1; >>> out: >>> g_free(pdh_data); >>> g_free(cert_chain_data); >>> >> >> Reviewed-by: Laszlo Ersek <lersek@redhat.com> > > As mentioned in v1, I don't think a management application should need > to run QEMU in order to figure this out. Sorry, I didn't mean to ignore your feedback; I hadn't seen it. Thanks Laszlo
diff --git a/qapi/target.json b/qapi/target.json index 1d4d54b600..8cd4fc7919 100644 --- a/qapi/target.json +++ b/qapi/target.json @@ -177,13 +177,17 @@ # @reduced-phys-bits: Number of physical Address bit reduction when SEV is # enabled # +# @sev-max-guests: maximum number of concurrent SEV guest with SEV-ES disabled +# (since 4.1) +# # Since: 2.12 ## { 'struct': 'SevCapability', 'data': { 'pdh': 'str', 'cert-chain': 'str', 'cbitpos': 'int', - 'reduced-phys-bits': 'int'}, + 'reduced-phys-bits': 'int', + 'sev-max-guests': 'int'}, 'if': 'defined(TARGET_I386)' } ## @@ -200,7 +204,8 @@ # # -> { "execute": "query-sev-capabilities" } # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", -# "cbitpos": 47, "reduced-phys-bits": 5}} +# "cbitpos": 47, "reduced-phys-bits": 5, +# "sev-max-guests" : 15}} # ## { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', diff --git a/target/i386/sev.c b/target/i386/sev.c index cd77f6b5d4..6829586fbe 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -488,7 +488,7 @@ sev_get_capabilities(void) guchar *pdh_data = NULL; guchar *cert_chain_data = NULL; size_t pdh_len = 0, cert_chain_len = 0; - uint32_t ebx; + uint32_t ebx, ecx, edx; int fd; fd = open(DEFAULT_SEV_DEVICE, O_RDWR); @@ -507,7 +507,7 @@ sev_get_capabilities(void) cap->pdh = g_base64_encode(pdh_data, pdh_len); cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); - host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); + host_cpuid(0x8000001F, 0, NULL, &ebx, &ecx, &edx); cap->cbitpos = ebx & 0x3f; /* @@ -516,6 +516,11 @@ sev_get_capabilities(void) */ cap->reduced_phys_bits = 1; + /* + * The maximum number of SEV guests with SEV-ES disabled that can run + * simultaneously. + */ + cap->sev_max_guests = ecx - edx + 1; out: g_free(pdh_data); g_free(cert_chain_data);
There are limited numbers of the SEV guests that can be run concurrently. A management applications may need to know this limit so that it can place SEV VMs on hosts which have suitable resources available. Currently, this limit is not exposed to the application. Add a new 'sev-max-guest' field in the query-sev-capabilities to provide this information. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Eric Blake <eblake@redhat.com> Cc: Daniel P. Berrangé <berrange@redhat.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Erik Skultety <eskultet@redhat.com> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- changes since v1: - document the new field and add (since 4.1) annotation. qapi/target.json | 9 +++++++-- target/i386/sev.c | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-)