57 lines
2.0 KiB
Diff
57 lines
2.0 KiB
Diff
From 9adf5e57df32df464e7465b1df72c993d0ed4ed4 Mon Sep 17 00:00:00 2001
|
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
Date: Fri, 31 Jul 2020 18:08:35 -0400
|
|
Subject: [PATCH 3/4] target/i386: sev: fail query-sev-capabilities if QEMU
|
|
cannot use SEV
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
|
|
Message-id: <20200731180835.86786-3-pbonzini@redhat.com>
|
|
Patchwork-id: 98124
|
|
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH 2/2] target/i386: sev: fail query-sev-capabilities if QEMU cannot use SEV
|
|
Bugzilla: 1689341
|
|
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
|
|
In some cases, such as if the kvm-amd "sev" module parameter is set
|
|
to 0, SEV will be unavailable but query-sev-capabilities will still
|
|
return all the information. This tricks libvirt into erroneously
|
|
reporting that SEV is available. Check the actual usability of the
|
|
feature and return the appropriate error if QEMU cannot use KVM
|
|
or KVM cannot use SEV.
|
|
|
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
cherry picked from commit 1b38750c40281dd0d068f8536b2ea95d7b9bd585
|
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
---
|
|
target/i386/sev.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/target/i386/sev.c b/target/i386/sev.c
|
|
index 054f2d846a..a47f0d3880 100644
|
|
--- a/target/i386/sev.c
|
|
+++ b/target/i386/sev.c
|
|
@@ -504,6 +504,15 @@ sev_get_capabilities(Error **errp)
|
|
uint32_t ebx;
|
|
int fd;
|
|
|
|
+ if (!kvm_enabled()) {
|
|
+ error_setg(errp, "KVM not enabled");
|
|
+ return NULL;
|
|
+ }
|
|
+ if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
|
|
+ error_setg(errp, "SEV is not enabled in KVM");
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
|
|
if (fd < 0) {
|
|
error_setg_errno(errp, errno, "Failed to open %s",
|
|
--
|
|
2.27.0
|
|
|