cryptospore / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-target-i386-sev-fail-query-sev-capabilities-if-QEMU-.patch

be904d
From 9adf5e57df32df464e7465b1df72c993d0ed4ed4 Mon Sep 17 00:00:00 2001
be904d
From: Paolo Bonzini <pbonzini@redhat.com>
be904d
Date: Fri, 31 Jul 2020 18:08:35 -0400
be904d
Subject: [PATCH 3/4] target/i386: sev: fail query-sev-capabilities if QEMU
be904d
 cannot use SEV
be904d
MIME-Version: 1.0
be904d
Content-Type: text/plain; charset=UTF-8
be904d
Content-Transfer-Encoding: 8bit
be904d
be904d
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
be904d
Message-id: <20200731180835.86786-3-pbonzini@redhat.com>
be904d
Patchwork-id: 98124
be904d
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH 2/2] target/i386: sev: fail query-sev-capabilities if QEMU cannot use SEV
be904d
Bugzilla: 1689341
be904d
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
be904d
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
be904d
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
be904d
be904d
In some cases, such as if the kvm-amd "sev" module parameter is set
be904d
to 0, SEV will be unavailable but query-sev-capabilities will still
be904d
return all the information.  This tricks libvirt into erroneously
be904d
reporting that SEV is available.  Check the actual usability of the
be904d
feature and return the appropriate error if QEMU cannot use KVM
be904d
or KVM cannot use SEV.
be904d
be904d
Reviewed-by: Eric Blake <eblake@redhat.com>
be904d
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
be904d
cherry picked from commit 1b38750c40281dd0d068f8536b2ea95d7b9bd585
be904d
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
be904d
---
be904d
 target/i386/sev.c | 9 +++++++++
be904d
 1 file changed, 9 insertions(+)
be904d
be904d
diff --git a/target/i386/sev.c b/target/i386/sev.c
be904d
index 054f2d846a..a47f0d3880 100644
be904d
--- a/target/i386/sev.c
be904d
+++ b/target/i386/sev.c
be904d
@@ -504,6 +504,15 @@ sev_get_capabilities(Error **errp)
be904d
     uint32_t ebx;
be904d
     int fd;
be904d
 
be904d
+    if (!kvm_enabled()) {
be904d
+        error_setg(errp, "KVM not enabled");
be904d
+        return NULL;
be904d
+    }
be904d
+    if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
be904d
+        error_setg(errp, "SEV is not enabled in KVM");
be904d
+        return NULL;
be904d
+    }
be904d
+
be904d
     fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
be904d
     if (fd < 0) {
be904d
         error_setg_errno(errp, errno, "Failed to open %s",
be904d
-- 
be904d
2.27.0
be904d