|
 |
902636 |
From 9adf5e57df32df464e7465b1df72c993d0ed4ed4 Mon Sep 17 00:00:00 2001
|
|
|
902636 |
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
902636 |
Date: Fri, 31 Jul 2020 18:08:35 -0400
|
|
|
902636 |
Subject: [PATCH 3/4] target/i386: sev: fail query-sev-capabilities if QEMU
|
|
|
902636 |
cannot use SEV
|
|
|
902636 |
MIME-Version: 1.0
|
|
|
902636 |
Content-Type: text/plain; charset=UTF-8
|
|
|
902636 |
Content-Transfer-Encoding: 8bit
|
|
|
902636 |
|
|
|
902636 |
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
902636 |
Message-id: <20200731180835.86786-3-pbonzini@redhat.com>
|
|
|
902636 |
Patchwork-id: 98124
|
|
|
902636 |
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH 2/2] target/i386: sev: fail query-sev-capabilities if QEMU cannot use SEV
|
|
|
902636 |
Bugzilla: 1689341
|
|
|
902636 |
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
|
|
902636 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
902636 |
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
|
902636 |
|
|
|
902636 |
In some cases, such as if the kvm-amd "sev" module parameter is set
|
|
|
902636 |
to 0, SEV will be unavailable but query-sev-capabilities will still
|
|
|
902636 |
return all the information. This tricks libvirt into erroneously
|
|
|
902636 |
reporting that SEV is available. Check the actual usability of the
|
|
|
902636 |
feature and return the appropriate error if QEMU cannot use KVM
|
|
|
902636 |
or KVM cannot use SEV.
|
|
|
902636 |
|
|
|
902636 |
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
|
902636 |
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
902636 |
cherry picked from commit 1b38750c40281dd0d068f8536b2ea95d7b9bd585
|
|
|
902636 |
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
|
902636 |
---
|
|
|
902636 |
target/i386/sev.c | 9 +++++++++
|
|
|
902636 |
1 file changed, 9 insertions(+)
|
|
|
902636 |
|
|
|
902636 |
diff --git a/target/i386/sev.c b/target/i386/sev.c
|
|
|
902636 |
index 054f2d846a..a47f0d3880 100644
|
|
|
902636 |
--- a/target/i386/sev.c
|
|
|
902636 |
+++ b/target/i386/sev.c
|
|
|
902636 |
@@ -504,6 +504,15 @@ sev_get_capabilities(Error **errp)
|
|
|
902636 |
uint32_t ebx;
|
|
|
902636 |
int fd;
|
|
|
902636 |
|
|
|
902636 |
+ if (!kvm_enabled()) {
|
|
|
902636 |
+ error_setg(errp, "KVM not enabled");
|
|
|
902636 |
+ return NULL;
|
|
|
902636 |
+ }
|
|
|
902636 |
+ if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
|
|
|
902636 |
+ error_setg(errp, "SEV is not enabled in KVM");
|
|
|
902636 |
+ return NULL;
|
|
|
902636 |
+ }
|
|
|
902636 |
+
|
|
|
902636 |
fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
|
|
|
902636 |
if (fd < 0) {
|
|
|
902636 |
error_setg_errno(errp, errno, "Failed to open %s",
|
|
|
902636 |
--
|
|
|
902636 |
2.27.0
|
|
|
902636 |
|