Bug 1852311
Summary: | virNodeGetSEVInfo API return error and can not get the information | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | yalzhang <yalzhang> |
Component: | libvirt | Assignee: | Erik Skultety <eskultet> |
Status: | CLOSED ERRATA | QA Contact: | yalzhang <yalzhang> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 8.2 | CC: | eskultet, jdenemar, jsuchane, virt-maint |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 8.3 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-6.6.0-1.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-17 17:49:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
yalzhang@redhat.com
2020-06-30 06:16:12 UTC
Erik, since you implemented the libvirt part. Is this gap in libvirt-python bindings? Thanks. (In reply to Jaroslav Suchanek from comment #1) > Erik, since you implemented the libvirt part. Is this gap in libvirt-python > bindings? Thanks. I need to get access to an SEV-capable machine to confirm or refute that. Looking at the code the problem very likely originates in the driver's cache in core libvirt, but that one is taken from the connection object's private data. I'll investigate at which end the problem comes from. The problem is that you don't have any capabilities generated. Normally, we'd generated them when they're missing, but qemuNodeGetSEVInfo() failed to do it properly. Posted an upstream fix to libvirt: https://www.redhat.com/archives/libvir-list/2020-July/msg00168.html Fixed upstream by: commit f3d838237d55ee636163825c1e4ee573d8437968 Refs: v6.5.0-43-gf3d838237d Author: Erik Skultety <eskultet> AuthorDate: Fri Jul 3 14:26:13 2020 +0200 Commit: Erik Skultety <eskultet> CommitDate: Wed Jul 8 10:55:07 2020 +0200 qemu: Use virQEMUCapsCacheLookupDefault instead of lookup by arch Firstly, SEV is present only on AMD, so we can safely assume x86. Secondly, the problem with looking up capabilities in the cache by arch is that it's using virHashSearch with a callback to find the right capabilities and get the binary name from it as well, but since the cache is empty, it will return NULL and we won't get the corresponding binary name out of the lookup either. Then, during the cache validation we try to create a new cache entry for the emulator, but since we don't have the binary name, nothing gets created. Therefore, virQEMUCapsCacheLookupDefault is used to fix this issue, because it doesn't rely on the capabilities cache to construct the emulator binary name. https://bugzilla.redhat.com/show_bug.cgi?id=1852311 Signed-off-by: Erik Skultety <eskultet> Reviewed-by: Daniel P. Berrangé <berrange> test on:
# rpm -q libvirt-libs python3-libvirt
libvirt-libs-6.6.0-2.module+el8.3.0+7567+dc41c0a9.x86_64
python3-libvirt-6.6.0-1.module+el8.3.0+7572+bcbf6b90.x86_64
on system support SEV, test with below steps:
# rmmod kvm_amd
# modprobe kvm_amd sev=1
# ll -Z /dev/sev
crw-------. 1 root root system_u:object_r:sev_device_t:s0 10, 60 Aug 11 2020 /dev/sev
# cat /sys/module/kvm_amd/parameters/sev
1
# python3
Python 3.6.8 (default, Jun 26 2020, 12:10:09)
[GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> con = libvirt.open()
>>> con.getSEVInfo()
{'pdh': 'AQAAAAAWAAADEAAAAwAAAAIAAADjMa5EBdErta4MeoeduMCZyGLlum5SL1lULFczhWV5JtPA979TRIEJzwNgpCXBLTsAAA..(very long string)..AAAA',
'cert-chain': 'AQAAAA....(very long string)..AAAA',
'cbitpos': 47,
'reduced-phys-bits': 1}
the result is as expected, set the bug to be verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5137 |