|
|
be904d |
From 9adf5e57df32df464e7465b1df72c993d0ed4ed4 Mon Sep 17 00:00:00 2001
|
|
|
be904d |
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
be904d |
Date: Fri, 31 Jul 2020 18:08:35 -0400
|
|
|
be904d |
Subject: [PATCH 3/4] target/i386: sev: fail query-sev-capabilities if QEMU
|
|
|
be904d |
cannot use SEV
|
|
|
be904d |
MIME-Version: 1.0
|
|
|
be904d |
Content-Type: text/plain; charset=UTF-8
|
|
|
be904d |
Content-Transfer-Encoding: 8bit
|
|
|
be904d |
|
|
|
be904d |
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
be904d |
Message-id: <20200731180835.86786-3-pbonzini@redhat.com>
|
|
|
be904d |
Patchwork-id: 98124
|
|
|
be904d |
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH 2/2] target/i386: sev: fail query-sev-capabilities if QEMU cannot use SEV
|
|
|
be904d |
Bugzilla: 1689341
|
|
|
be904d |
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
|
|
be904d |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
be904d |
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
|
be904d |
|
|
|
be904d |
In some cases, such as if the kvm-amd "sev" module parameter is set
|
|
|
be904d |
to 0, SEV will be unavailable but query-sev-capabilities will still
|
|
|
be904d |
return all the information. This tricks libvirt into erroneously
|
|
|
be904d |
reporting that SEV is available. Check the actual usability of the
|
|
|
be904d |
feature and return the appropriate error if QEMU cannot use KVM
|
|
|
be904d |
or KVM cannot use SEV.
|
|
|
be904d |
|
|
|
be904d |
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
|
be904d |
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
be904d |
cherry picked from commit 1b38750c40281dd0d068f8536b2ea95d7b9bd585
|
|
|
be904d |
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
|
be904d |
---
|
|
|
be904d |
target/i386/sev.c | 9 +++++++++
|
|
|
be904d |
1 file changed, 9 insertions(+)
|
|
|
be904d |
|
|
|
be904d |
diff --git a/target/i386/sev.c b/target/i386/sev.c
|
|
|
be904d |
index 054f2d846a..a47f0d3880 100644
|
|
|
be904d |
--- a/target/i386/sev.c
|
|
|
be904d |
+++ b/target/i386/sev.c
|
|
|
be904d |
@@ -504,6 +504,15 @@ sev_get_capabilities(Error **errp)
|
|
|
be904d |
uint32_t ebx;
|
|
|
be904d |
int fd;
|
|
|
be904d |
|
|
|
be904d |
+ if (!kvm_enabled()) {
|
|
|
be904d |
+ error_setg(errp, "KVM not enabled");
|
|
|
be904d |
+ return NULL;
|
|
|
be904d |
+ }
|
|
|
be904d |
+ if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
|
|
|
be904d |
+ error_setg(errp, "SEV is not enabled in KVM");
|
|
|
be904d |
+ return NULL;
|
|
|
be904d |
+ }
|
|
|
be904d |
+
|
|
|
be904d |
fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
|
|
|
be904d |
if (fd < 0) {
|
|
|
be904d |
error_setg_errno(errp, errno, "Failed to open %s",
|
|
|
be904d |
--
|
|
|
be904d |
2.27.0
|
|
|
be904d |
|