Bug 1731439
Summary: | QEMU should report an error and return failure if AMD SEV is not enabled in the kernel | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | Paolo Bonzini <pbonzini> |
Component: | qemu-kvm | Assignee: | Paolo Bonzini <pbonzini> |
qemu-kvm sub component: | General | QA Contact: | zixchen |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | unspecified | ||
Priority: | unspecified | CC: | coli, ddepaula, knoel, pbonzini, virt-maint, zhguo |
Version: | 8.0 | ||
Target Milestone: | rc | ||
Target Release: | 8.3 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | qemu-kvm-5.1.0-2.module+el8.3.0+7652+b30e6901 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-17 17:45:27 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1731440 | ||
Bug Blocks: |
Description
Paolo Bonzini
2019-07-19 12:27:51 UTC
Hi Paolo, I suppose this bug should be Future Feature request bug, can we add a Future Feature keyword? Thanks! BR/ Zhiyi, Guo It's a small enhancement to error reporting so it will be 8.2 material, but I don't think it's FutureFeature. QEMU has been recently split into sub-components and as a one-time operation to avoid breakage of tools, we are setting the QEMU sub-component of this BZ to "General". Please review and change the sub-component if necessary the next time you review this BZ. Thanks Test with qemu-kvm-4.2.0-32.module+el8.3.0+7629+c86ce105.x86_64, reported bug is not exits, test steps return RuntimeError: SEV launch security is not supported on this platform which is correct error report for this test. Test version: qemu-kvm-5.1.0-2.module+el8.3.0+7652+b30e6901.x86_64 kernel-4.18.0-232.el8.x86_64 Test steps: . Take an AMD EPYC machine and disable SEV in the kernel # cat /sys/module/kvm_amd/parameters/sev 0 2. make sure to clear libvirt capabilities # systemctl stop libvirtd # rm -f /var/cache/libvirt/qemu/capabilities # systemctl restart libvirtd 3. check libvirt's domain capabilities # virsh domcapabilities| grep sev <sev supported='no'/> 4. try launching a sev VM virt-install --name rhel83sev --cpu EPYC-IBPB,-hypervisor --ram=4096 --memtune hard_limit=5000000 --vcpus=2,sockets=1,cores=1,threads=2 --boot uefi --machine q35 --noreboot --network bridge=br0 --os-variant rhel8.3 --os-type=linux --location=http://download.eng.bos.redhat.com/rhel-8/rel-eng/RHEL-8/latest-RHEL-8.3.0/compose/BaseOS/x86_64/os/ --disk path=/home/rhel83sev.qcow2,bus=scsi,format=qcow2,cache=none,size=80 --controller type=scsi,model=virtio-scsi,driver.iommu=on --controller type=virtio-serial,driver.iommu=on --network network=default,model=virtio,driver.iommu=on --rng type=/dev/random,driver.iommu=on --memballoon driver.iommu=on --launchSecurity sev --graphics vnc,listen=0.0.0.0 --console unix,path=/tmp/rhel83sev,mode=bind --debug --extra-args console=ttyS0,115200 [Tue, 18 Aug 2020 03:23:40 virt-install 38372] DEBUG (cli:208) Launched with command line: /usr/share/virt-manager/virt-install --name rhel83sev --cpu EPYC-IBPB,-hypervisor --ram=4096 --memtune hard_limit=5000000 --vcpus=2,sockets=1,cores=1,threads=2 --boot uefi --machine q35 --noreboot --network bridge=br0 --os-variant rhel8.3 --os-type=linux --location=http://download.eng.bos.redhat.com/rhel-8/rel-eng/RHEL-8/latest-RHEL-8.3.0/compose/BaseOS/x86_64/os/ --disk path=/home/rhel83sev.qcow2,bus=scsi,format=qcow2,cache=none,size=80 --controller type=scsi,model=virtio-scsi,driver.iommu=on --controller type=virtio-serial,driver.iommu=on --network network=default,model=virtio,driver.iommu=on --rng type=/dev/random,driver.iommu=on --memballoon driver.iommu=on --launchSecurity sev --graphics vnc,listen=0.0.0.0 --console unix,path=/tmp/rhel83sev,mode=bind --debug --extra-args console=ttyS0,115200 Actual result: [Tue, 18 Aug 2020 04:34:32 virt-install 64727] ERROR (cli:264) SEV launch security is not supported on this platform [Tue, 18 Aug 2020 04:34:32 virt-install 64727] DEBUG (cli:266) Traceback (most recent call last): File "/usr/share/virt-manager/virt-install", line 1009, in <module> sys.exit(main()) File "/usr/share/virt-manager/virt-install", line 997, in main guest, installer = build_guest_instance(conn, options) File "/usr/share/virt-manager/virt-install", line 564, in build_guest_instance installer.set_install_defaults(guest) File "/usr/share/virt-manager/virtinst/install/installer.py", line 340, in set_install_defaults guest.set_defaults(None) File "/usr/share/virt-manager/virtinst/guest.py", line 746, in set_defaults self.launchSecurity.set_defaults(self) File "/usr/share/virt-manager/virtinst/domain/launch_security.py", line 56, in set_defaults return self._set_defaults_sev(guest) File "/usr/share/virt-manager/virtinst/domain/launch_security.py", line 39, in _set_defaults_sev raise RuntimeError(_("SEV launch security is not supported on this platform")) RuntimeError: SEV launch security is not supported on this platform Expected result: Same with actual result. Sorry, I made a tying error in Comment 7, this bug is verified by qemu-kvm-5.1.0-2.module+el8.3.0+7652+b30e6901.x86_64. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5137 |