Add detection of SEV support from QEMU/AMD-SP/libvirt on AMD hosts

Adam Spiers · Adam Spiers · commit 434e30f0d2f7 · 2019-05-17T19:45:12.000+01:00
In order to support booting of SEV-enabled guests on AMD hosts which are SEV-capable, we first need to be able to automatically detect which hosts are capable of supporting SEV. This requires checking for support in two places: - The sev parameter of the kvm_amd kernel module (which indicates that the kernel provides support) - The host's libvirt domain capabilities, as indicated in the response from a virConnectGetDomainCapabilities() API call; if the <features> element includes <sev supported='yes'/> then this indicates that both QEMU and the AMD Secure Processor (AMD-SP) support SEV functionality, whereas <sev supported='no'/> indicates that QEMU doesn't support it, and the absence of any <sev> element indicates that libvirt doesn't even know about the feature: https://libvirt.org/git/?p=libvirt.git;a=commit;h=6688393c6b222b5d7cba238f21d55134611ede9c This commit addresses the second of these two checks. Subsequent commits will address the first, add logic which combines both checks, provide a new standard trait which indicates that both checks have passed, and of course ultimately make use of that new trait. blueprint: amd-sev-libvirt-support Change-Id: I4c35b6a27db05349213429422ffe62adb09bd921
diff --git a/nova/tests/unit/virt/libvirt/fakelibvirt.py b/nova/tests/unit/virt/libvirt/fakelibvirt.py
@@ -1505,6 +1505,17 @@ def getDomainCapabilities(self, emulatorbin, arch, machine_type,
     <gic supported='no'/>
   </features>'''
 
+    _domain_capability_features_with_SEV = '''  <features>
+    <gic supported='no'/>
+    <sev supported='yes'>
+      <cbitpos>47</cbitpos>
+      <reducedPhysBits>1</reducedPhysBits>
+    </sev>
+  </features>'''
+
+    _domain_capability_features_with_SEV_unsupported = \
+        _domain_capability_features_with_SEV.replace('yes', 'no')
+
     def getCapabilities(self):
         """Return spoofed capabilities."""
         numa_topology = self.host_info.numa_topology
diff --git a/nova/tests/unit/virt/libvirt/test_host.py b/nova/tests/unit/virt/libvirt/test_host.py
@@ -658,6 +658,28 @@ def test_get_domain_capabilities_no_features(self):
         features = caps.features
         self.assertEqual([], features)
 
+    def _test_get_domain_capabilities_sev(self, supported):
+        caps = self._test_get_domain_capabilities()
+        self.assertEqual(vconfig.LibvirtConfigDomainCaps, type(caps))
+        features = caps.features
+        self.assertEqual(1, len(features))
+        sev = features[0]
+        self.assertEqual(vconfig.LibvirtConfigDomainCapsFeatureSev, type(sev))
+        self.assertEqual(supported, sev.supported)
+
+    @mock.patch.object(
+        fakelibvirt.virConnect, '_domain_capability_features', new=
+        fakelibvirt.virConnect._domain_capability_features_with_SEV_unsupported
+    )
+    def test_get_domain_capabilities_sev_unsupported(self):
+        self._test_get_domain_capabilities_sev(False)
+
+    @mock.patch.object(
+        fakelibvirt.virConnect, '_domain_capability_features',
+        new=fakelibvirt.virConnect._domain_capability_features_with_SEV)
+    def test_get_domain_capabilities_sev_supported(self):
+        self._test_get_domain_capabilities_sev(True)
+
     @mock.patch.object(fakelibvirt.virConnect, "getHostname")
     def test_get_hostname_caching(self, mock_hostname):
         mock_hostname.return_value = "foo"
diff --git a/nova/virt/libvirt/config.py b/nova/virt/libvirt/config.py
@@ -147,7 +147,8 @@ def parse_dom(self, xmldoc):
 
         for c in xmldoc.getchildren():
             feature = None
-            # TODO(aspiers): add supported features here
+            if c.tag == "sev":
+                feature = LibvirtConfigDomainCapsFeatureSev()
             if feature:
                 feature.parse_dom(c)
                 self.features.append(feature)
@@ -165,6 +166,20 @@ def format_dom(self):
         raise RuntimeError(_('BUG: tried to generate domainCapabilities XML'))
 
 
+class LibvirtConfigDomainCapsFeatureSev(LibvirtConfigObject):
+
+    def __init__(self, **kwargs):
+        super(LibvirtConfigDomainCapsFeatureSev, self).__init__(
+            root_name='sev', **kwargs)
+        self.supported = False
+
+    def parse_dom(self, xmldoc):
+        super(LibvirtConfigDomainCapsFeatureSev, self).parse_dom(xmldoc)
+
+        if xmldoc.get('supported') == 'yes':
+            self.supported = True
+
+
 class LibvirtConfigCapsNUMATopology(LibvirtConfigObject):
 
     def __init__(self, **kwargs):
