Bug 1852311
| Summary: | virNodeGetSEVInfo API return error and can not get the information | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | yalzhang <yalzhang> |
| Component: | libvirt | Assignee: | Erik Skultety <eskultet> |
| Status: | CLOSED ERRATA | QA Contact: | yalzhang <yalzhang> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.2 | CC: | eskultet, jdenemar, jsuchane, virt-maint |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.3 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-6.6.0-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-17 17:49:34 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Erik, since you implemented the libvirt part. Is this gap in libvirt-python bindings? Thanks. (In reply to Jaroslav Suchanek from comment #1) > Erik, since you implemented the libvirt part. Is this gap in libvirt-python > bindings? Thanks. I need to get access to an SEV-capable machine to confirm or refute that. Looking at the code the problem very likely originates in the driver's cache in core libvirt, but that one is taken from the connection object's private data. I'll investigate at which end the problem comes from. The problem is that you don't have any capabilities generated. Normally, we'd generated them when they're missing, but qemuNodeGetSEVInfo() failed to do it properly. Posted an upstream fix to libvirt: https://www.redhat.com/archives/libvir-list/2020-July/msg00168.html Fixed upstream by:
commit f3d838237d55ee636163825c1e4ee573d8437968
Refs: v6.5.0-43-gf3d838237d
Author: Erik Skultety <eskultet>
AuthorDate: Fri Jul 3 14:26:13 2020 +0200
Commit: Erik Skultety <eskultet>
CommitDate: Wed Jul 8 10:55:07 2020 +0200
qemu: Use virQEMUCapsCacheLookupDefault instead of lookup by arch
Firstly, SEV is present only on AMD, so we can safely assume x86.
Secondly, the problem with looking up capabilities in the cache by arch
is that it's using virHashSearch with a callback to find the right
capabilities and get the binary name from it as well, but since the
cache is empty, it will return NULL and we won't get the corresponding
binary name out of the lookup either. Then, during the cache validation
we try to create a new cache entry for the emulator, but since we don't
have the binary name, nothing gets created.
Therefore, virQEMUCapsCacheLookupDefault is used to fix this issue,
because it doesn't rely on the capabilities cache to construct the
emulator binary name.
https://bugzilla.redhat.com/show_bug.cgi?id=1852311
Signed-off-by: Erik Skultety <eskultet>
Reviewed-by: Daniel P. Berrangé <berrange>
test on:
# rpm -q libvirt-libs python3-libvirt
libvirt-libs-6.6.0-2.module+el8.3.0+7567+dc41c0a9.x86_64
python3-libvirt-6.6.0-1.module+el8.3.0+7572+bcbf6b90.x86_64
on system support SEV, test with below steps:
# rmmod kvm_amd
# modprobe kvm_amd sev=1
# ll -Z /dev/sev
crw-------. 1 root root system_u:object_r:sev_device_t:s0 10, 60 Aug 11 2020 /dev/sev
# cat /sys/module/kvm_amd/parameters/sev
1
# python3
Python 3.6.8 (default, Jun 26 2020, 12:10:09)
[GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> con = libvirt.open()
>>> con.getSEVInfo()
{'pdh': 'AQAAAAAWAAADEAAAAwAAAAIAAADjMa5EBdErta4MeoeduMCZyGLlum5SL1lULFczhWV5JtPA979TRIEJzwNgpCXBLTsAAA..(very long string)..AAAA',
'cert-chain': 'AQAAAA....(very long string)..AAAA',
'cbitpos': 47,
'reduced-phys-bits': 1}
the result is as expected, set the bug to be verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5137 |
Description of problem: virNodeGetSEVInfo API return error and can not get the information Version-Release number of selected component (if applicable): # rpm -q python3-libvirt libvirt-libs python3-libvirt-6.0.0-1.module+el8.2.0+5453+31b2b136.x86_64 libvirt-libs-6.0.0-25.module+el8.2.1+7154+47ffd890.x86_64 How reproducible: 100% Steps to Reproduce: 1. On a host supports "SEV", add “amd_iommu=on kvm_amd.sev=1” in kernel cmd line and reboot the host; 2. check the setting exists: # cat /proc/cmdline BOOT_IMAGE=(hd0,gpt2)/vmlinuz-4.18.0-193.10.1.el8_2.x86_64 root=/dev/mapper/rhel_amd--daytona--06-root ro crashkernel=auto resume=/dev/mapper/rhel_amd--daytona--06-swap rd.lvm.lv=rhel_amd-daytona-06/root rd.lvm.lv=rhel_amd-daytona-06/swap console=ttyS0,115200n81 amd_iommu=on kvm_amd.sev=1 3. check the sev related information: # ll -Z /dev/sev crw-------. 1 root root system_u:object_r:sev_device_t:s0 10, 57 Jun 29 21:40 /dev/sev # virsh domcapabilities ... <sev supported='yes'> <cbitpos>47</cbitpos> <reducedPhysBits>1</reducedPhysBits> </sev> </features> ... # cat /sys/module/kvm_amd/parameters/sev 1 4. There is no guest defined in the system, check virNodeGetSEVInfo API function: # python3 Python 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import libvirt >>> con = libvirt.open() >>> con.getSEVInfo() libvirt: QEMU Driver error : invalid argument: unable to find any emulator to serve 'x86_64' architecture Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib64/python3.6/site-packages/libvirt.py", line 4235, in getSEVInfo if ret is None: raise libvirtError ('virNodeGetSEVInfo() failed', conn=self) libvirt.libvirtError: invalid argument: unable to find any emulator to serve 'x86_64' architecture >>> Actual results: in step 4, the con.getSEVInfo() return error Expected results: it should get the correct information like " {... 'cbitpos': 47, 'reduced-phys-bits': 1}" Additional info: After define a guest, the virNodeGetSEVInfo API can get the expected information.