render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
a41c76
From 71e87f4da22992c5d9f858535a1acaa7201aa7d3 Mon Sep 17 00:00:00 2001
a41c76
Message-Id: <71e87f4da22992c5d9f858535a1acaa7201aa7d3@dist-git>
a41c76
From: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
a41c76
Date: Wed, 24 Jun 2020 13:16:19 +0200
a41c76
Subject: [PATCH] qemu: Check if AMD secure guest support is enabled
a41c76
MIME-Version: 1.0
a41c76
Content-Type: text/plain; charset=UTF-8
a41c76
Content-Transfer-Encoding: 8bit
a41c76
a41c76
Implement secure guest check for AMD SEV (Secure Encrypted
a41c76
Virtualization) in order to invalidate the qemu capabilities
a41c76
cache in case the availability of the feature changed.
a41c76
a41c76
For AMD SEV the verification consists of:
a41c76
 - checking if /sys/module/kvm_amd/parameters/sev contains the
a41c76
   value '1': meaning SEV is enabled in the host kernel;
a41c76
 - checking if /dev/sev exists
a41c76
a41c76
Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
a41c76
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
a41c76
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
a41c76
Reviewed-by: Erik Skultety <eskultet@redhat.com>
a41c76
(cherry picked from commit 657365e74f489b70bfbf2eb014db63046c5e3888)
a41c76
a41c76
https://bugzilla.redhat.com/show_bug.cgi?id=1848997
a41c76
https://bugzilla.redhat.com/show_bug.cgi?id=1850351
a41c76
a41c76
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
a41c76
Message-Id: <1c3393cb71b731f5632d150d77f9920b591aa5ee.1592996194.git.jdenemar@redhat.com>
a41c76
Reviewed-by: Ján Tomko <jtomko@redhat.com>
a41c76
---
a41c76
 src/qemu/qemu_capabilities.c | 25 +++++++++++++++++++++++++
a41c76
 1 file changed, 25 insertions(+)
a41c76
a41c76
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
a41c76
index 8a4b43c269..278eaa0009 100644
a41c76
--- a/src/qemu/qemu_capabilities.c
a41c76
+++ b/src/qemu/qemu_capabilities.c
a41c76
@@ -4543,6 +4543,27 @@ virQEMUCapsKVMSupportsSecureGuestS390(void)
a41c76
 }
a41c76
 
a41c76
 
a41c76
+/*
a41c76
+ * Check whether AMD Secure Encrypted Virtualization (x86) is enabled
a41c76
+ */
a41c76
+static bool
a41c76
+virQEMUCapsKVMSupportsSecureGuestAMD(void)
a41c76
+{
a41c76
+    g_autofree char *modValue = NULL;
a41c76
+
a41c76
+    if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/sev") < 0)
a41c76
+        return false;
a41c76
+
a41c76
+    if (modValue[0] != '1')
a41c76
+        return false;
a41c76
+
a41c76
+    if (virFileExists(QEMU_DEV_SEV))
a41c76
+        return true;
a41c76
+
a41c76
+    return false;
a41c76
+}
a41c76
+
a41c76
+
a41c76
 /*
a41c76
  * Check whether the secure guest functionality is enabled.
a41c76
  * See the specific architecture function for details on the verifications made.
a41c76
@@ -4554,6 +4575,10 @@ virQEMUCapsKVMSupportsSecureGuest(void)
a41c76
 
a41c76
     if (ARCH_IS_S390(arch))
a41c76
         return virQEMUCapsKVMSupportsSecureGuestS390();
a41c76
+
a41c76
+    if (ARCH_IS_X86(arch))
a41c76
+        return virQEMUCapsKVMSupportsSecureGuestAMD();
a41c76
+
a41c76
     return false;
a41c76
 }
a41c76
 
a41c76
-- 
a41c76
2.27.0
a41c76