Bug 2012386

Summary: virt-host-validate: Detetion results of AMD SEV is not expected
Product: Red Hat Enterprise Linux 9 Reporter: Han Han <hhan>
Component: libvirtAssignee: Andrea Bolognani <abologna>
libvirt sub component: General QA Contact: Luyao Huang <lhuang>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified CC: coli, jdenemar, jsuchane, lmen, virt-bugs, virt-maint, xuzhang, yafu, zixchen
Version: 9.0Keywords: Regression
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-7.9.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2012385 Environment:
Last Closed: 2022-05-17 12:45:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: 7.9.0
Embargoed:
Bug Depends On: 2012385    
Bug Blocks:    

Description Han Han 2021-10-09 02:31:51 UTC 
+++ This bug was initially created as a clone of Bug #2012385 +++

Description of problem:
As subject

Version-Release number of selected component (if applicable):
kernel-4.18.0-341.el8.x86_64
libvirt-7.6.0-3.module+el8.5.0+12510+80564ecf.x86_64

How reproducible:
100%

Steps to Reproduce:
On a AMD host.
1. Enable sev:
➜  ~ modprobe -r kvm_amd    
➜  ~ modprobe kvm_amd sev=1
➜  ~ cat /sys/module/kvm_amd/parameters/sev
Y


2. Run virt-host-validate:
➜  ~ virt-host-validate    
  QEMU: Checking for hardware virtualization                                 : PASS
  QEMU: Checking if device /dev/kvm exists                                   : PASS
  QEMU: Checking if device /dev/kvm is accessible                            : PASS
  QEMU: Checking if device /dev/vhost-net exists                             : PASS
  QEMU: Checking if device /dev/net/tun exists                               : PASS
  QEMU: Checking for cgroup 'cpu' controller support                         : PASS
  QEMU: Checking for cgroup 'cpuacct' controller support                     : PASS
  QEMU: Checking for cgroup 'cpuset' controller support                      : PASS
  QEMU: Checking for cgroup 'memory' controller support                      : PASS
  QEMU: Checking for cgroup 'devices' controller support                     : PASS
  QEMU: Checking for cgroup 'blkio' controller support                       : PASS
  QEMU: Checking for device assignment IOMMU support                         : PASS
  QEMU: Checking if IOMMU is enabled by kernel                               : PASS
  QEMU: Checking for secure guest support                                    : WARN (AMD Secure Encrypted Virtualization appears to be disabled in kernel. Add kvm_amd.sev=1 to the kernel cmdline arguments)

Actual results:
As above

Expected results:
  QEMU: Checking for secure guest support     : PASS

Additional info:
It is fixed on upstream:
commit 3f9c1a4bb8
Author: Jim Fehlig <jfehlig>
Date:   Tue Oct 5 22:34:57 2021 -0600

    tools: Fix virt-host-validate SEV detection
    
    virt-host-validate checks if AMD SEV is enabled by verifying
    /sys/module/kvm_amd/parameters/sev is set to '1'. On a system
    running kernel 5.13, the parameter is reported as 'Y'. To be
    extra paranoid, add a check for 'y' along with 'Y' to complement
    the existing check for '1'.
    
    Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715
    
    Signed-off-by: Jim Fehlig <jfehlig>
    Reviewed-by: Andrea Bolognani <abologna>
Comment 3 Luyao Huang 2021-11-12 07:39:36 UTC 
Verify this bug with libvirt-7.9.0-1.el9.x86_64:

# modprobe -r kvm_amd
# modprobe kvm_amd sev=1
# cat /sys/module/kvm_amd/parameters/sev
Y
# virt-host-validate
  QEMU: Checking for hardware virtualization                                 : PASS
  QEMU: Checking if device /dev/kvm exists                                   : PASS
  QEMU: Checking if device /dev/kvm is accessible                            : PASS
  QEMU: Checking if device /dev/vhost-net exists                             : PASS
  QEMU: Checking if device /dev/net/tun exists                               : PASS
  QEMU: Checking for cgroup 'cpu' controller support                         : PASS
  QEMU: Checking for cgroup 'cpuacct' controller support                     : PASS
  QEMU: Checking for cgroup 'cpuset' controller support                      : PASS
  QEMU: Checking for cgroup 'memory' controller support                      : PASS
  QEMU: Checking for cgroup 'devices' controller support                     : PASS
  QEMU: Checking for cgroup 'blkio' controller support                       : PASS
  QEMU: Checking for device assignment IOMMU support                         : PASS
  QEMU: Checking if IOMMU is enabled by kernel                               : PASS
  QEMU: Checking for secure guest support                                    : PASS
Comment 5 errata-xmlrpc 2022-05-17 12:45:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: libvirt), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2390