QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Reviewed-by: "Daniel P. Berrangé" <berrange@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
src/conf/domain_capabilities.h | 13 ++++
src/qemu/qemu_capabilities.c | 38 +++++++++++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_capspriv.h | 4 ++
src/qemu/qemu_monitor.c | 9 +++
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 3 +
.../caps_2.12.0.x86_64.replies | 10 +++
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 3 +-
10 files changed, 156 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index fa4c1e4..72e9daf 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -137,6 +137,19 @@ struct _virDomainCapsCPU {
virDomainCapsCPUModelsPtr custom;
};
+/*
+ * SEV capabilities
+ */
+typedef struct _virSEVCapability virSEVCapability;
+typedef virSEVCapability *virSEVCapabilityPtr;
+struct _virSEVCapability {
+ char *pdh;
+ char *cert_chain;
+ unsigned int cbitpos;
+ unsigned int reduced_phys_bits;
+};
+
+
struct _virDomainCaps {
virObjectLockable parent;
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index e54dde6..0f6e6fb 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -466,6 +466,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
/* 285 */
"virtio-mouse-ccw",
"virtio-tablet-ccw",
+ "sev-guest",
);
@@ -532,6 +533,8 @@ struct _virQEMUCaps {
size_t ngicCapabilities;
virGICCapability *gicCapabilities;
+ virSEVCapability *sevCapabilities;
+
virQEMUCapsHostCPUData kvmCPU;
virQEMUCapsHostCPUData tcgCPU;
};
@@ -1705,6 +1708,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
{ "virtio-keyboard-ccw", QEMU_CAPS_DEVICE_VIRTIO_KEYBOARD_CCW },
{ "virtio-mouse-ccw", QEMU_CAPS_DEVICE_VIRTIO_MOUSE_CCW },
{ "virtio-tablet-ccw", QEMU_CAPS_DEVICE_VIRTIO_TABLET_CCW },
+ { "sev-guest", QEMU_CAPS_SEV_GUEST },
};
static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsVirtioBalloon[] = {
@@ -2784,6 +2788,21 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCaps,
qemuCaps->ngicCapabilities = ncapabilities;
}
+void
+virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
+ virSEVCapability *capabilities)
+{
+ virSEVCapability *cap = qemuCaps->sevCapabilities;
+
+ if (cap) {
+ VIR_FREE(cap->pdh);
+ VIR_FREE(cap->cert_chain);
+ }
+
+ VIR_FREE(qemuCaps->sevCapabilities);
+
+ qemuCaps->sevCapabilities = capabilities;
+}
static int
virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps,
@@ -3287,6 +3306,19 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCapsPtr qemuCaps,
return 0;
}
+static int
+virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps,
+ qemuMonitorPtr mon)
+{
+ virSEVCapability *caps = NULL;
+
+ if (qemuMonitorGetSEVCapabilities(mon, &caps) < 0)
+ return -1;
+
+ virQEMUCapsSetSEVCapabilities(qemuCaps, caps);
+
+ return 0;
+}
bool
virQEMUCapsCPUFilterFeatures(const char *name,
@@ -4768,6 +4800,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps,
virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION))
virQEMUCapsSet(qemuCaps, QEMU_CAPS_CPU_CACHE);
+ /* Probe for SEV capabilities */
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
+ if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0)
+ virQEMUCapsClear(qemuCaps, QEMU_CAPS_SEV_GUEST);
+ }
+
ret = 0;
cleanup:
return ret;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 3f3c29f..9b51cc2 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -450,6 +450,7 @@ typedef enum {
/* 285 */
QEMU_CAPS_DEVICE_VIRTIO_MOUSE_CCW, /* -device virtio-mouse-ccw */
QEMU_CAPS_DEVICE_VIRTIO_TABLET_CCW, /* -device virtio-tablet-ccw */
+ QEMU_CAPS_SEV_GUEST, /* -object sev-guest,... */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/src/qemu/qemu_capspriv.h b/src/qemu/qemu_capspriv.h
index 222f336..1fa85cc 100644
--- a/src/qemu/qemu_capspriv.h
+++ b/src/qemu/qemu_capspriv.h
@@ -86,6 +86,10 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCaps,
virGICCapability *capabilities,
size_t ncapabilities);
+void
+virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
+ virSEVCapability *capabilities);
+
int
virQEMUCapsParseHelpStr(const char *qemu,
const char *str,
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index e169553..44c2dff 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4007,6 +4007,15 @@ qemuMonitorGetGICCapabilities(qemuMonitorPtr mon,
return qemuMonitorJSONGetGICCapabilities(mon, capabilities);
}
+int
+qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon,
+ virSEVCapability **capabilities)
+{
+ QEMU_CHECK_MONITOR_JSON(mon);
+
+ return qemuMonitorJSONGetSEVCapabilities(mon, capabilities);
+}
+
int
qemuMonitorNBDServerStart(qemuMonitorPtr mon,
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 7a22323..efd3427 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -767,6 +767,9 @@ int qemuMonitorSetMigrationCapability(qemuMonitorPtr mon,
int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon,
virGICCapability **capabilities);
+int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon,
+ virSEVCapability **capabilities);
+
typedef enum {
QEMU_MONITOR_MIGRATE_BACKGROUND = 1 << 0,
QEMU_MONITOR_MIGRATE_NON_SHARED_DISK = 1 << 1, /* migration with non-shared storage with full disk copy */
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index d80c4f1..e67f7b7 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6398,6 +6398,79 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
return ret;
}
+int
+qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
+ virSEVCapability **capabilities)
+{
+ int ret = -1;
+ virJSONValuePtr cmd;
+ virJSONValuePtr reply = NULL;
+ virJSONValuePtr caps;
+ virSEVCapability *capability = NULL;
+ const char *pdh = NULL, *cert_chain = NULL;
+ int cbitpos, reduced_phys_bits;
+
+ *capabilities = NULL;
+
+ if (!(cmd = qemuMonitorJSONMakeCommand("query-sev-capabilities",
+ NULL)))
+ return -1;
+
+ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+ goto cleanup;
+
+
+ if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+ goto cleanup;
+
+ caps = virJSONValueObjectGetObject(reply, "return");
+
+ if (virJSONValueObjectGetNumberInt(caps, "cbitpos", &cbitpos) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("'cbitpos' field is missing"));
+ goto cleanup;
+ }
+
+ if (virJSONValueObjectGetNumberInt(caps, "reduced-phys-bits",
+ &reduced_phys_bits) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("'reduced-phys-bits' field is missing"));
+ goto cleanup;
+ }
+
+ if (!(pdh = virJSONValueObjectGetString(caps, "pdh"))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("'pdh' field is missing"));
+ goto cleanup;
+ }
+
+ if (!(cert_chain = virJSONValueObjectGetString(caps, "cert-chain"))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("'cert-chain' field is missing"));
+ goto cleanup;
+ }
+
+ if (VIR_ALLOC(capability) < 0)
+ goto cleanup;
+
+ if (VIR_STRDUP(capability->pdh, pdh) < 0)
+ goto cleanup;
+
+ if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0)
+ goto cleanup;
+
+ capability->cbitpos = cbitpos;
+ capability->reduced_phys_bits = reduced_phys_bits;
+ *capabilities = capability;
+ ret = 0;
+
+ cleanup:
+ virJSONValueFree(cmd);
+ virJSONValueFree(reply);
+
+ return ret;
+}
+
static virJSONValuePtr
qemuMonitorJSONBuildInetSocketAddress(const char *host,
const char *port)
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 846d366..f30ff1f 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -152,6 +152,9 @@ int qemuMonitorJSONSetMigrationCapability(qemuMonitorPtr mon,
int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
virGICCapability **capabilities);
+int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
+ virSEVCapability **capabilities);
+
int qemuMonitorJSONMigrate(qemuMonitorPtr mon,
unsigned int flags,
const char *uri);
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
index c086e04..8287bb7 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
@@ -18942,6 +18942,16 @@
}
{
+ "return" : {
+ "reduced-phys-bits": 1,
+ "cbitpos": 47,
+ "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA",
+ "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA"
+ },
+ "id": "libvirt-51"
+}
+
+{
"return": {
},
"id": "libvirt-1"
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
index 334296e..43eeef5 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -225,9 +225,10 @@
<flag name='iscsi.password-secret'/>
<flag name='isa-serial'/>
<flag name='dump-completed'/>
+ <flag name='sev-guest'/>
<version>2011090</version>
<kvmVersion>0</kvmVersion>
- <microcodeVersion>390060</microcodeVersion>
+ <microcodeVersion>390306</microcodeVersion>
<package>v2.12.0-rc0</package>
<arch>x86_64</arch>
<hostCPU type='kvm' model='base' migratability='yes'>
--
2.7.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 04/02/2018 10:18 AM, Brijesh Singh wrote:
> QEMU version >= 2.12 provides support for launching an encrypted VMs on
> AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
> This patch adds support to query the SEV capability from the qemu.
>
> Reviewed-by: "Daniel P. Berrangé" <berrange@redhat.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
> src/conf/domain_capabilities.h | 13 ++++
> src/qemu/qemu_capabilities.c | 38 +++++++++++
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_capspriv.h | 4 ++
> src/qemu/qemu_monitor.c | 9 +++
> src/qemu/qemu_monitor.h | 3 +
> src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++
> src/qemu/qemu_monitor_json.h | 3 +
> .../caps_2.12.0.x86_64.replies | 10 +++
> tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 3 +-
> 10 files changed, 156 insertions(+), 1 deletion(-)
>
Should have noted the first time - should have 2 blank lines around new
methods...
e.g.:
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index e54dde6..0f6e6fb 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -466,6 +466,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
> /* 285 */
> "virtio-mouse-ccw",
> "virtio-tablet-ccw",
> + "sev-guest",
> );
>
>
> @@ -532,6 +533,8 @@ struct _virQEMUCaps {
> size_t ngicCapabilities;
> virGICCapability *gicCapabilities;
>
> + virSEVCapability *sevCapabilities;
> +
> virQEMUCapsHostCPUData kvmCPU;
> virQEMUCapsHostCPUData tcgCPU;
> };
> @@ -1705,6 +1708,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
> { "virtio-keyboard-ccw", QEMU_CAPS_DEVICE_VIRTIO_KEYBOARD_CCW },
> { "virtio-mouse-ccw", QEMU_CAPS_DEVICE_VIRTIO_MOUSE_CCW },
> { "virtio-tablet-ccw", QEMU_CAPS_DEVICE_VIRTIO_TABLET_CCW },
> + { "sev-guest", QEMU_CAPS_SEV_GUEST },
> };
>
> static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsVirtioBalloon[] = {
> @@ -2784,6 +2788,21 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCaps,
> qemuCaps->ngicCapabilities = ncapabilities;
> }
>
Extra blank line here...
> +void
> +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
> + virSEVCapability *capabilities)
> +{
> + virSEVCapability *cap = qemuCaps->sevCapabilities;
> +
> + if (cap) {
> + VIR_FREE(cap->pdh);
> + VIR_FREE(cap->cert_chain);
> + }
> +
> + VIR_FREE(qemuCaps->sevCapabilities);
> +
> + qemuCaps->sevCapabilities = capabilities;
> +}
and here
>
> static int
> virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps,
> @@ -3287,6 +3306,19 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCapsPtr qemuCaps,
> return 0;
> }
>
and here
> +static int
> +virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps,
> + qemuMonitorPtr mon)
> +{
> + virSEVCapability *caps = NULL;
> +
> + if (qemuMonitorGetSEVCapabilities(mon, &caps) < 0)
> + return -1;
> +
> + virQEMUCapsSetSEVCapabilities(qemuCaps, caps);
> +
> + return 0;
> +}
and here
>
> bool
> virQEMUCapsCPUFilterFeatures(const char *name,
[...]
John
(I would normally fix it for you; however, I have more questions and
comments as I've gone on, so if a v6 will be needed, then you'd need to
fix. I may be able to alter for you depending on some decisions in the
middle patches).
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 04/02/2018 12:31 PM, John Ferlan wrote: > > > On 04/02/2018 10:18 AM, Brijesh Singh wrote: >> QEMU version >= 2.12 provides support for launching an encrypted VMs on >> AMD x86 platform using Secure Encrypted Virtualization (SEV) feature. >> This patch adds support to query the SEV capability from the qemu. >> >> Reviewed-by: "Daniel P. Berrangé" <berrange@redhat.com> >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >> --- >> src/conf/domain_capabilities.h | 13 ++++ >> src/qemu/qemu_capabilities.c | 38 +++++++++++ >> src/qemu/qemu_capabilities.h | 1 + >> src/qemu/qemu_capspriv.h | 4 ++ >> src/qemu/qemu_monitor.c | 9 +++ >> src/qemu/qemu_monitor.h | 3 + >> src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++ >> src/qemu/qemu_monitor_json.h | 3 + >> .../caps_2.12.0.x86_64.replies | 10 +++ >> tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 3 +- >> 10 files changed, 156 insertions(+), 1 deletion(-) >> > > Should have noted the first time - should have 2 blank lines around new > methods... > Noted, I will go through all the patches and add two new lines around new methods. thanks -Brijesh -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On 04/02/2018 10:18 AM, Brijesh Singh wrote:
> QEMU version >= 2.12 provides support for launching an encrypted VMs on
> AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
> This patch adds support to query the SEV capability from the qemu.
>
> Reviewed-by: "Daniel P. Berrangé" <berrange@redhat.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
> src/conf/domain_capabilities.h | 13 ++++
> src/qemu/qemu_capabilities.c | 38 +++++++++++
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_capspriv.h | 4 ++
> src/qemu/qemu_monitor.c | 9 +++
> src/qemu/qemu_monitor.h | 3 +
> src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++
> src/qemu/qemu_monitor_json.h | 3 +
> .../caps_2.12.0.x86_64.replies | 10 +++
> tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 3 +-
> 10 files changed, 156 insertions(+), 1 deletion(-)
>
I ran the changes through coverity as a last thing to do...
....
> +void
> +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
> + virSEVCapability *capabilities)
> +{
> + virSEVCapability *cap = qemuCaps->sevCapabilities;
> +
This hunk ...
> + if (cap) {
> + VIR_FREE(cap->pdh);
> + VIR_FREE(cap->cert_chain);
> + }
> +
> + VIR_FREE(qemuCaps->sevCapabilities);
... should be a virQEMUSevCapabilitiesFree() type function which can be
called from qemuMonitorJSONGetSEVCapabilities
where the function would :
if (!cap)
return;
VIR_FREE(cap->pdh);
VIR_FREE(cap->cert_chain);
VIR_FREE(capabilities);
and the callers would need to ensure to 'overwrite' sevCapabilities with
something new or NULL.
> +
> + qemuCaps->sevCapabilities = capabilities;
> +}
>
[...]
> diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
> index d80c4f1..e67f7b7 100644
> --- a/src/qemu/qemu_monitor_json.c
> +++ b/src/qemu/qemu_monitor_json.c
> @@ -6398,6 +6398,79 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
> return ret;
> }
>
> +int
> +qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
> + virSEVCapability **capabilities)
> +{
> + int ret = -1;
> + virJSONValuePtr cmd;
> + virJSONValuePtr reply = NULL;
> + virJSONValuePtr caps;
> + virSEVCapability *capability = NULL;
> + const char *pdh = NULL, *cert_chain = NULL;
> + int cbitpos, reduced_phys_bits;
> +
> + *capabilities = NULL;
> +
> + if (!(cmd = qemuMonitorJSONMakeCommand("query-sev-capabilities",
> + NULL)))
> + return -1;
> +
> + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
> + goto cleanup;
> +
> +
> + if (qemuMonitorJSONCheckError(cmd, reply) < 0)
> + goto cleanup;
> +
> + caps = virJSONValueObjectGetObject(reply, "return");
> +
> + if (virJSONValueObjectGetNumberInt(caps, "cbitpos", &cbitpos) < 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("'cbitpos' field is missing"));
> + goto cleanup;
> + }
> +
> + if (virJSONValueObjectGetNumberInt(caps, "reduced-phys-bits",
> + &reduced_phys_bits) < 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("'reduced-phys-bits' field is missing"));
> + goto cleanup;
> + }
> +
> + if (!(pdh = virJSONValueObjectGetString(caps, "pdh"))) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("'pdh' field is missing"));
> + goto cleanup;
> + }
> +
> + if (!(cert_chain = virJSONValueObjectGetString(caps, "cert-chain"))) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("'cert-chain' field is missing"));
> + goto cleanup;
> + }
> +
> + if (VIR_ALLOC(capability) < 0)
> + goto cleanup;
> +
> + if (VIR_STRDUP(capability->pdh, pdh) < 0)
> + goto cleanup;
> +
> + if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0)
> + goto cleanup;
> +
> + capability->cbitpos = cbitpos;
> + capability->reduced_phys_bits = reduced_phys_bits;
> + *capabilities = capability;
VIR_STEAL_PTR(*capabilities, capability);
> + ret = 0;
> +
> + cleanup:
virQEMUSevCapabilitiesFree(capability);
John
> + virJSONValueFree(cmd);
> + virJSONValueFree(reply);
> +
> + return ret;
> +}
> +
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2025 Red Hat, Inc.