Bug 1804227
| Summary: | qemu should prompt warning/error messages when using sev + virtio devices without specify iommu_platform=on | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | Guo, Zhiyi <zhguo> |
| Component: | qemu-kvm | Assignee: | Virtualization Maintenance <virt-maint> |
| qemu-kvm sub component: | QMP Monitor and CLI | QA Contact: | zixchen |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | ailan, brijesh.singh, coli, ctatman, ddepaula, dgilbert, dyuan, ehadley, hhan, juzhang, lmen, virt-maint, xuzhang, yafu, zhguo |
| Version: | 8.2 | Keywords: | TestOnly, Triaged |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | qemu-kvm-6.0.0-17.module+el8.5.0+11173+c9fce0bb | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-11-16 07:49:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1818024, 1935445 | ||
Upstream feature already present in qemu-6.0. Marked as TestOnly and moved directly to ON_QA The issue is no longger exits, set status to verified.
Version:
kernel-4.18.0-310.el8.x86_64
qemu-kvm-6.0.0-17.module+el8.5.0+11173+c9fce0bb.x86_64
Steps:
1.boot a SEV guest without adding iommu_platform=on,
/usr/libexec/qemu-kvm \
-enable-kvm \
-cpu EPYC \
-smp 4 \
-m 4096 \
-overcommit mem-lock=on \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x3 \
-machine q35,confidential-guest-support=sev0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \
-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.cc.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \
-device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x3 \
-device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x4 \
-device virtio-scsi-pci,id=scsi0,bus=pci.1,addr=0x0 \
-drive file=/home/rhel83_sev.qcow2,format=raw,if=none,id=drive-scsi0-0-0-0 \
-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scssi0-0-0-0 \
-device pcie-root-port,id=pcie-root-port-4,port=0x01,bus=pcie.0,chassis=4 \
-device virtio-net-pci,mac=52:56:00:00:00:11,id=net0,netdev=hostnet0,bus=pcie-root-port-4,addr=0x0,romfile="" \
-netdev tap,id=hostnet0 \
-device virtio-vga,id=video0,max_outputs=1,bus=pcie.0,addr=0x5 \
-vnc :0 \
-monitor stdio \
-qmp tcp:0:6666,server,nowait \
Result:
guesy boots normally, without iommu_platform=on, network, hard disk and vga devices works well.
#lspci -k
00:05.0 VGA compatible controller: Red Hat, Inc. Virtio GPU (rev 01)
Subsystem: Red Hat, Inc. Device 1100
Kernel driver in use: virtio-pci
01:00.0 Ethernet controller: Red Hat, Inc. Virtio network device (rev 01)
Subsystem: Red Hat, Inc. Device 1100
Kernel driver in use: virtio-pci
02:00.0 SCSI storage controller: Red Hat, Inc. Virtio SCSI (rev 01)
Subsystem: Red Hat, Inc. Device 1100
Kernel driver in use: virtio-pci
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4684 |
Description of problem: qemu should prompt warning messages when using sev + virito devices without specify iommu_platform=on Version-Release number of selected component (if applicable): qemu-kvm-4.2.0-10.module+el8.2.0+5740+c3dff59e.x86_64 How reproducible: 100% Steps to Reproduce: 1.Boot rhel 8.2 vm with sev and virtio devices(without use iommu_platform=on), for example, use virtio-vga device but not set iommu_platform=on: /usr/libexec/qemu-kvm \ -name guest=rhel82_sev_memory_plug,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-1-rhel82_sev_memory_pl/master-key.aes \ -blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/rhel82_sev_memory_plug_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ -machine pc-q35-rhel8.2.0,accel=kvm,usb=off,vmport=off,smm=on,dump-guest-core=off,memory-encryption=sev0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -cpu EPYC-IBPB,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,arch-capabilities=on,ssbd=on,cmp-legacy=on,perfctr-core=on,clzero=on,amd-ssbd=on,virt-ssbd=on,rdctl-no=on,skip-l1dfl-vmentry=on,mds-no=on,monitor=off,svm=off \ -global driver=cfi.pflash01,property=secure,value=on \ -m size=8388608k,slots=8,maxmem=16777216k \ -overcommit mem-lock=off \ -smp 2,sockets=1,dies=1,cores=2,threads=1 \ -numa node,nodeid=0,cpus=0-1,mem=8192 \ -uuid 408c85c9-d201-44fb-8508-4c059f1b1351 \ -no-user-config \ -nodefaults \ -chardev socket,id=charmonitor,fd=37,server,nowait \ -mon chardev=charmonitor,id=monitor,mode=control \ -rtc base=utc,driftfix=slew \ -global kvm-pit.lost_tick_policy=delay \ -no-hpet \ -no-shutdown \ -global ICH9-LPC.disable_s3=1 \ -global ICH9-LPC.disable_s4=1 \ -boot strict=on \ -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 \ -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 \ -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 \ -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 \ -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 \ -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 \ -device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6 \ -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.4,addr=0x0 \ -device virtio-scsi-pci,iommu_platform=on,id=scsi0,bus=pci.2,addr=0x0 \ -device virtio-serial-pci,id=virtio-serial0,iommu_platform=on,bus=pci.3,addr=0x0 \ -blockdev '{"driver":"file","filename":"/home/rhel82_sev_memory_plug.qcow2","node-name":"libvirt-1-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,"cache":{"direct":true,"no-flush":false},"driver":"raw","file":"libvirt-1-storage"}' \ -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,device_id=drive-scsi0-0-0-0,drive=libvirt-1-format,id=scsi0-0-0-0,bootindex=1,write-cache=on \ -netdev tap,fd=38,id=hostnet0,vhost=on,vhostfd=39 \ -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:56:00:00:00:02,bus=pci.1,addr=0x0,iommu_platform=on \ -chardev file,id=charserial0,path=/mnt/tests/distribution/virt/install/guests/rhel82_sev_memory_plug/logs/rhel82_sev_memory_plug_console.log \ -device isa-serial,chardev=charserial0,id=serial0 \ -chardev pty,id=charserial1 \ -device isa-serial,chardev=charserial1,id=serial1 \ -chardev socket,id=charchannel0,fd=35,server,nowait \ -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 \ -chardev spicevmc,id=charchannel1,name=vdagent \ -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0 \ -device usb-tablet,id=input0,bus=usb.0,port=1 \ -spice port=5900,addr=0.0.0.0,disable-ticketing,image-compression=off,seamless-migration=on \ -device virtio-vga,id=video0,max_outputs=1,bus=pcie.0,addr=0x1 \ -device ich9-intel-hda,id=sound0,bus=pcie.0,addr=0x1b \ -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 \ -chardev spicevmc,id=charredir0,name=usbredir \ -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2 \ -chardev spicevmc,id=charredir1,name=usbredir \ -device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3 \ -device virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0,iommu_platform=on \ -object rng-random,id=objrng0,filename=/dev/random \ -device virtio-rng-pci,rng=objrng0,id=rng0,iommu_platform=on,bus=pci.6,addr=0x0 \ -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x3 \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ -msg timestamp=on 2. 3. Actual results: qemu start normally without any error/warning messages Expected results: qemu should prompt error/warning messages that sev is enabled but iommu_platform is not set for virtio-vga Additional info: