Merge pull request avocado-framework#4276 from PaulYuuu/sev-auto-bits

feat: auto-detect SEV cbitpos and reduced-phys-bits from host capability

Author: YvanY0

virttest/coco/__init__.py

@@ -13,43 +13,4 @@
 # Copyright: Red Hat (c) 2025
 # Author: Yihuang Yu <yihyu@redhat.com>
 
-
-import logging
-
-from avocado.utils import cpu as utils
-
-from virttest.cpu import UnsupportedCPU, cpuid
-
-LOG = logging.getLogger("avocado." + __name__)
-
-
-def get_amd_cbit_position():
-    """
-    Get AMD C-bit position for memory encryption
-
-    This function checks if the CPU supports SEV (Secure Encrypted Virtualization)
-    and returns the C-bit position used for memory encryption.
-
-    :return: C-bit position (0-63)
-    :raises: UnsupportedCPU if not an AMD CPU, CPU doesn't support required
-             extended CPUID leaf, or SEV is not supported
-    """
-    if utils.get_vendor() != "amd":
-        raise UnsupportedCPU("C-bit detection only supported on AMD CPU")
-
-    # Check maximum extended leaf
-    eax, _, _, _ = cpuid(0x80000000)
-    if eax < 0x8000001F:
-        raise UnsupportedCPU("CPU does not support extended leaf 0x8000001f")
-
-    # Query SEV/SME features
-    eax, ebx, _, _ = cpuid(0x8000001F)
-
-    # Check SEV support bit (EAX bit 1)
-    if (eax & 2) == 0:
-        raise UnsupportedCPU("CPU does not support SEV")
-
-    # Extract C-bit position (lower 6 bits of EBX) with additional validation
-    cbit_position = ebx & 0x3F
-    LOG.debug("AMD C-bit position: %d", cbit_position)
-    return cbit_position
+from . import sev

virttest/coco/sev.py

@@ -18,30 +18,84 @@
 
 from avocado.utils import cpu as utils
 
-from virttest.cpu import cpuid
+from virttest.cpu import UnsupportedCPU, cpuid
 
 LOG = logging.getLogger("avocado." + __name__)
 
 
+def _get_mem_encryption_features():
+    """
+    Get AMD memory encryption CPUID features (internal helper)
+
+    Query CPUID leaf 0x8000001F for SME/SEV memory encryption features.
+
+    :return: Tuple of (eax, ebx, ecx, edx) register values from CPUID 0x8000001F
+    :raises: UnsupportedCPU if not an AMD CPU, CPU doesn't support required
+             extended CPUID leaf, or SME/SEV is not supported
+    """
+    if utils.get_vendor() != "amd":
+        raise UnsupportedCPU("AMD memory encryption only supported on AMD CPU")
+
+    # Check maximum extended leaf
+    eax, _, _, _ = cpuid(0x80000000)
+    if eax < 0x8000001F:
+        raise UnsupportedCPU("CPU does not support extended leaf 0x8000001f")
+
+    # Query SEV/SME features
+    eax, ebx, ecx, edx = cpuid(0x8000001F)
+
+    # Check SME or SEV support (EAX bit 0 or bit 1)
+    if (eax & 0x3) == 0:
+        raise UnsupportedCPU("CPU does not support SME or SEV")
+
+    return eax, ebx, ecx, edx
+
+
+def get_cbit_position():
+    """
+    Get C-bit position for memory encryption
+
+    This function checks if the CPU supports SME/SEV and returns the C-bit
+    position used for memory encryption.
+
+    :return: C-bit position (0-63)
+    :raises: UnsupportedCPU if not an AMD CPU, CPU doesn't support required
+             extended CPUID leaf, or SME/SEV is not supported
+    """
+    _, ebx, _, _ = _get_mem_encryption_features()
+
+    # Extract C-bit position (lower 6 bits of EBX)
+    cbit_position = ebx & 0x3F
+    return cbit_position
+
+
+def get_reduced_phys_bits():
+    """
+    Get physical address bits reduced by memory encryption
+
+    This function checks if the CPU supports SME/SEV and returns the number
+    of physical address bits reduced due to encryption metadata overhead.
+
+    :return: Number of physical address bits reduced (0-63)
+    :raises: UnsupportedCPU if not an AMD CPU, CPU doesn't support required
+             extended CPUID leaf, or SME/SEV is not supported
+    """
+    _, ebx, _, _ = _get_mem_encryption_features()
+
+    # Extract reduced physical address bits (bits [11:6] of EBX)
+    reduced_bits = (ebx >> 6) & 0x3F
+    return reduced_bits
+
+
 def is_sev_snp_supported():
     """
     Check if AMD SEV-SNP (Secure Nested Paging) is supported.
 
     :return: True if SEV-SNP is supported, False otherwise
     """
     try:
-        if utils.get_vendor() != "amd":
-            return False
-
-        # Check maximum extended leaf
-        eax, _, _, _ = cpuid(0x80000000)
-        if eax < 0x8000001F:
-            return False
-
-        # Query SEV/SME features
-        eax, _, _, _ = cpuid(0x8000001F)
-
+        eax, _, _, _ = _get_mem_encryption_features()
         # Check SEV-SNP support bit (EAX bit 4)
         return bool(eax & (1 << 4))
-    except Exception:
+    except UnsupportedCPU:
         return False

virttest/qemu_devices/qcontainer.py

@@ -34,6 +34,7 @@
 # Internal imports
 from virttest import (
     arch,
+    coco,
     data_dir,
     qemu_storage,
     storage,
@@ -3981,10 +3982,12 @@ def _gen_sev_common_props(params):
             Required: cbitpos, reduced-phys-bits
             """
             sev_common_props = {
-                # FIXME: Set the following two properties from sev capabilities
-                # if they are not set yet
-                "cbitpos": int(params["vm_sev_cbitpos"]),
-                "reduced-phys-bits": int(params["vm_sev_reduced_phys_bits"]),
+                "cbitpos": params.get_numeric(
+                    "vm_sev_cbitpos", coco.sev.get_cbit_position()
+                ),
+                "reduced-phys-bits": params.get_numeric(
+                    "vm_sev_reduced_phys_bits", coco.sev.get_reduced_phys_bits()
+                ),
             }
 
             if params.get("vm_sev_kernel_hashes"):