Bug 1961562
Summary: | vm can not start with error as "internal error: unknown feature amd-sev-es" | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | yalzhang <yalzhang> |
Component: | libvirt | Assignee: | Pavel Hrdina <phrdina> |
Status: | CLOSED ERRATA | QA Contact: | Meina Li <meili> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.5 | CC: | agurenko, atodorov, aybhalala, bxue, carl, coli, davide, dkaylor, dtantsur, eminguez, ernunes, gradde, jdenemar, jfrieben, jhughes, jinzhao, jsuchane, juzhang, knoel, meili, mmizuma, mpitt, nk, phrdina, pierre, rjones, troels, virt-maint, vpolasek, yoguo, zhilli |
Target Milestone: | beta | Keywords: | FutureFeature, Regression, Reopened, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-6.0.0-36.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-09 18:00:11 UTC | Type: | Feature Request |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1969483 |
Description
yalzhang@redhat.com
2021-05-18 09:24:52 UTC
See bug 1961558 for similar issue on RHEL AV. Note a simpler reproducer is: # virsh domcapabilities error: failed to get emulator capabilities error: internal error: unknown feature amd-sev-es (In reply to Richard W.M. Jones from comment #2) > See bug 1961558 for similar issue on RHEL AV. > > Note a simpler reproducer is: > > # virsh domcapabilities > error: failed to get emulator capabilities > error: internal error: unknown feature amd-sev-es Yes, I think it is the same bug, so this one can be closed as duplicate. *** This bug has been marked as a duplicate of bug 1961558 *** We should no close BZ as duplicate if the BZs are for RHEL and RHEL-AV as they have different code-base. Reopening the BZ as we will need to backport the following upstream commit: commit 61d95a1073833ec4323c1ef28e71e913c55aa7b9 Author: Pavel Hrdina <phrdina> Date: Mon May 10 15:07:09 2021 +0200 qemu_firmware: don't error out for unknown firmware features Bumping severity, as this completely breaks libvirt/qemu: # cat /tmp/xml <domain type='qemu'> <name>subVmTest1</name> <os> <type arch='x86_64'>hvm</type> <boot dev='hd'/> <boot dev='network'/> </os> <memory unit='MiB'>128</memory> </domain> # virsh define /tmp/xml error: Failed to define domain from /tmp/xml error: internal error: unknown feature amd-sev-es Is there any known workaround? Right now this completely blocks our package updates in RHEL 8.5 and our CI. Thanks! (In reply to Martin Pitt from comment #11) > Is there any known workaround? Right now this completely blocks our package > updates in RHEL 8.5 and our CI. Thanks! You can try to download the package: edk2-20200602gitca407c7246bf-5.el8, refer to bug 1961558#c10 In reply to yalzhang from comment #13) > (In reply to Martin Pitt from comment #11) > > Is there any known workaround? Right now this completely blocks our package > > updates in RHEL 8.5 and our CI. Thanks! > > You can try to download the package: edk2-20200602gitca407c7246bf-5.el8, > refer to bug 1961558#c10 s/download/downgrade s/edk2-20200602gitca407c7246bf-5.el8/edk2-ovmf-20200602gitca407c7246bf-5.el8.noarch Sorry for the misunderstanding. I have tried and it works well. Just downgrade the current edk2-ovmf-20200602gitca407c7246bf-5.el8.noarch to edk2-ovmf-20200602gitca407c7246bf-4.el8.noarch which without the fix mentioned in bug 1961558#c10 will workaround the issue. (In reply to Martin Pitt from comment #11) > Is there any known workaround? Right now this completely blocks our package > updates in RHEL 8.5 and our CI. Thanks! Yes, there is simple workaround: mkdir -p /etc/qemu/firmware touch /etc/qemu/firmware/50-edk2-ovmf-cc.json This will create an empty file which can disable the new firmware, more details here [1], look for firmware description. [1] <https://libvirt.org/formatdomain.html#operating-system-booting> Thanks Pavel! I'm trying that in https://github.com/cockpit-project/cockpit-machines/pull/177 and it seems to generally work. Great! FTR I have been seeing this rather often during osbuild-composer testing after we switched to GitLab CI: https://gitlab.com/osbuild/ci/osbuild-composer/-/jobs/1295926825 - this particular one is for CentOS but I've seen this on RHEL & Fedora as well. Faced the same issue in centos 8 after I updated all packages from cockpit and rebooted the server. Thanks to Paval, his patch worked for now. This issue is also present in the current CentOS Stream 8. # rpm -q libvirt-daemon qemu-kvm kernel edk2-ovmf libvirt-daemon-6.0.0-35.module_el8.5.0+746+bbd5d70c.x86_64 qemu-kvm-4.2.0-48.module_el8.5.0+746+bbd5d70c.x86_64 kernel-4.18.0-305.el8.x86_64 edk2-ovmf-20200602gitca407c7246bf-5.el8.noarch Verified Version: libvirt-6.0.0-36.module+el8.5.0+11222+c889b3f3.x86_64 qemu-kvm-4.2.0-51.module+el8.5.0+11141+9dff516f.x86_64 Verified Steps: 1. Prepare a guest xml: # cat lmn.xml ... <os> <type arch='x86_64' machine='pc-q35-rhel8.2.0'>hvm</type> <boot dev='hd'/> </os> ... <devices> <emulator>/usr/libexec/qemu-kvm</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/var/lib/libvirt/images/lmn.qcow2'/> <target dev='vda' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/> </disk> ... 2. Define and start the guest. # virsh define lmn.xml Domain lmn defined from lmn.xml # virsh start lmn Domain lmn started 3. Check domcapabilities. # virsh domcapabilities <domainCapabilities> <path>/usr/libexec/qemu-kvm</path> <domain>kvm</domain> ... <backup supported='no'/> <sev supported='no'/> </features> </domainCapabilities> Hello. Is there an estimate of when this issue may be fixed in CentOS Stream 8? libvirt-6.0.0-36.el8 has been built [0] and released for CentOS Stream 8. [0] https://koji.mbox.centos.org/koji/buildinfo?buildID=17918 Also CentOS 8 Advanced Virtualization module is broken (I didn't try the Stream 8 AV yet). Any plans to fix this as well? http://mirror.centos.org/centos/8/virt/x86_64/advanced-virtualization/Packages/l/ (In reply to Carl George 🤠 from comment #29) > libvirt-6.0.0-36.el8 has been built [0] and released for CentOS Stream 8. > > > [0] https://koji.mbox.centos.org/koji/buildinfo?buildID=17918 Great news, thank you Carl! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4191 *** Bug 2022101 has been marked as a duplicate of this bug. *** |