[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] target-i386: sev: fail query-sev-capabilities if QEMU ca
|
From: |
Dr. David Alan Gilbert |
|
Subject: |
Re: [PATCH 2/2] target-i386: sev: fail query-sev-capabilities if QEMU cannot use SEV |
|
Date: |
Fri, 3 Jul 2020 17:08:41 +0100 |
|
User-agent: |
Mutt/1.14.5 (2020-06-23) |
* Paolo Bonzini (pbonzini@redhat.com) wrote:
> In some cases, such as if the kvm-amd "sev" module parameter is set
> to 0, SEV will be unavailable but query-sev-capabilities will still
> return all the information. This tricks libvirt into erroneously
> reporting that SEV is available. Check the actual usability of the
> feature and return the appropriate error if QEMU cannot use KVM
> or KVM cannot use SEV.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> target/i386/sev.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 70f9ee026f..22194b3e32 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -450,6 +450,15 @@ sev_get_capabilities(Error **errp)
> uint32_t ebx;
> int fd;
>
> + if (!kvm_enabled()) {
> + error_setg(errp, "KVM not enabled\n");
> + return NULL;
> + }
> + if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
> + error_setg(errp, "SEV is not enabled\n");
Can you make that 'SEV is not enabled in KVM' so it's obvious
that it's the KVM side and not the qemu side (like you've
done in the previous patch).
Dave
> + return NULL;
> + }
> +
> fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
> if (fd < 0) {
> error_setg_errno(errp, errno, "Failed to open %s",
> --
> 2.26.2
>
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK