diff options
| author | Paolo Bonzini | 2020-06-30 17:38:18 +0200 |
|---|---|---|
| committer | Paolo Bonzini | 2020-07-11 00:02:22 +0200 |
| commit | 1b38750c40281dd0d068f8536b2ea95d7b9bd585 (patch) | |
| tree | 1b42258bbd5256f0e931085af953a9b2f514bf6f | |
| parent | target/i386: sev: provide proper error reporting for query-sev-capabilities (diff) | |
| download | qemu-1b38750c40281dd0d068f8536b2ea95d7b9bd585.tar.gz qemu-1b38750c40281dd0d068f8536b2ea95d7b9bd585.tar.xz qemu-1b38750c40281dd0d068f8536b2ea95d7b9bd585.zip | |
target/i386: sev: fail query-sev-capabilities if QEMU cannot use SEV
In some cases, such as if the kvm-amd "sev" module parameter is set
to 0, SEV will be unavailable but query-sev-capabilities will still
return all the information. This tricks libvirt into erroneously
reporting that SEV is available. Check the actual usability of the
feature and return the appropriate error if QEMU cannot use KVM
or KVM cannot use SEV.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| -rw-r--r-- | target/i386/sev.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/target/i386/sev.c b/target/i386/sev.c index 7012b1d4b1..c3ecf86704 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -450,6 +450,15 @@ sev_get_capabilities(Error **errp) uint32_t ebx; int fd; + if (!kvm_enabled()) { + error_setg(errp, "KVM not enabled"); + return NULL; + } + if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) { + error_setg(errp, "SEV is not enabled in KVM"); + return NULL; + } + fd = open(DEFAULT_SEV_DEVICE, O_RDWR); if (fd < 0) { error_setg_errno(errp, errno, "Failed to open %s", |