Blame SOURCES/kvm-target-i386-sev-fail-query-sev-capabilities-if-QEMU-.patch

902636
From 9adf5e57df32df464e7465b1df72c993d0ed4ed4 Mon Sep 17 00:00:00 2001
902636
From: Paolo Bonzini <pbonzini@redhat.com>
902636
Date: Fri, 31 Jul 2020 18:08:35 -0400
902636
Subject: [PATCH 3/4] target/i386: sev: fail query-sev-capabilities if QEMU
902636
 cannot use SEV
902636
MIME-Version: 1.0
902636
Content-Type: text/plain; charset=UTF-8
902636
Content-Transfer-Encoding: 8bit
902636
902636
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
902636
Message-id: <20200731180835.86786-3-pbonzini@redhat.com>
902636
Patchwork-id: 98124
902636
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH 2/2] target/i386: sev: fail query-sev-capabilities if QEMU cannot use SEV
902636
Bugzilla: 1689341
902636
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
902636
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
902636
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
902636
902636
In some cases, such as if the kvm-amd "sev" module parameter is set
902636
to 0, SEV will be unavailable but query-sev-capabilities will still
902636
return all the information.  This tricks libvirt into erroneously
902636
reporting that SEV is available.  Check the actual usability of the
902636
feature and return the appropriate error if QEMU cannot use KVM
902636
or KVM cannot use SEV.
902636
902636
Reviewed-by: Eric Blake <eblake@redhat.com>
902636
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
902636
cherry picked from commit 1b38750c40281dd0d068f8536b2ea95d7b9bd585
902636
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
902636
---
902636
 target/i386/sev.c | 9 +++++++++
902636
 1 file changed, 9 insertions(+)
902636
902636
diff --git a/target/i386/sev.c b/target/i386/sev.c
902636
index 054f2d846a..a47f0d3880 100644
902636
--- a/target/i386/sev.c
902636
+++ b/target/i386/sev.c
902636
@@ -504,6 +504,15 @@ sev_get_capabilities(Error **errp)
902636
     uint32_t ebx;
902636
     int fd;
902636
 
902636
+    if (!kvm_enabled()) {
902636
+        error_setg(errp, "KVM not enabled");
902636
+        return NULL;
902636
+    }
902636
+    if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
902636
+        error_setg(errp, "SEV is not enabled in KVM");
902636
+        return NULL;
902636
+    }
902636
+
902636
     fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
902636
     if (fd < 0) {
902636
         error_setg_errno(errp, errno, "Failed to open %s",
902636
-- 
902636
2.27.0
902636