Bug 1804227 - qemu should prompt warning/error messages when using sev + virtio devices without specify iommu_platform=on
Summary: qemu should prompt warning/error messages when using sev + virtio devices wit...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: qemu-kvm
Version: 8.2
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: 8.0
Assignee: Virtualization Maintenance
QA Contact: zixchen
URL:
Whiteboard:
Depends On:
Blocks: 1818024 1935445
TreeView+ depends on / blocked
 
Reported: 2020-02-18 13:53 UTC by Guo, Zhiyi
Modified: 2021-11-16 07:50 UTC (History)
15 users (show)

Fixed In Version: qemu-kvm-6.0.0-17.module+el8.5.0+11173+c9fce0bb
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-16 07:49:57 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Guo, Zhiyi 2020-02-18 13:53:44 UTC 
Description of problem:
qemu should prompt warning messages when using sev + virito devices without specify iommu_platform=on

Version-Release number of selected component (if applicable):
qemu-kvm-4.2.0-10.module+el8.2.0+5740+c3dff59e.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Boot rhel 8.2 vm with sev and virtio devices(without use iommu_platform=on), for example, use virtio-vga device but not set iommu_platform=on:
/usr/libexec/qemu-kvm \
-name guest=rhel82_sev_memory_plug,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-1-rhel82_sev_memory_pl/master-key.aes \
-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/rhel82_sev_memory_plug_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \
-machine pc-q35-rhel8.2.0,accel=kvm,usb=off,vmport=off,smm=on,dump-guest-core=off,memory-encryption=sev0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \
-cpu EPYC-IBPB,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,arch-capabilities=on,ssbd=on,cmp-legacy=on,perfctr-core=on,clzero=on,amd-ssbd=on,virt-ssbd=on,rdctl-no=on,skip-l1dfl-vmentry=on,mds-no=on,monitor=off,svm=off \
-global driver=cfi.pflash01,property=secure,value=on \
-m size=8388608k,slots=8,maxmem=16777216k \
-overcommit mem-lock=off \
-smp 2,sockets=1,dies=1,cores=2,threads=1 \
-numa node,nodeid=0,cpus=0-1,mem=8192 \
-uuid 408c85c9-d201-44fb-8508-4c059f1b1351 \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=37,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc,driftfix=slew \
-global kvm-pit.lost_tick_policy=delay \
-no-hpet \
-no-shutdown \
-global ICH9-LPC.disable_s3=1 \
-global ICH9-LPC.disable_s4=1 \
-boot strict=on \
-device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 \
-device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 \
-device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 \
-device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 \
-device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 \
-device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 \
-device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6 \
-device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.4,addr=0x0 \
-device virtio-scsi-pci,iommu_platform=on,id=scsi0,bus=pci.2,addr=0x0 \
-device virtio-serial-pci,id=virtio-serial0,iommu_platform=on,bus=pci.3,addr=0x0 \
-blockdev '{"driver":"file","filename":"/home/rhel82_sev_memory_plug.qcow2","node-name":"libvirt-1-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"cache":{"direct":true,"no-flush":false},"driver":"raw","file":"libvirt-1-storage"}' \
-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,device_id=drive-scsi0-0-0-0,drive=libvirt-1-format,id=scsi0-0-0-0,bootindex=1,write-cache=on \
-netdev tap,fd=38,id=hostnet0,vhost=on,vhostfd=39 \
-device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:56:00:00:00:02,bus=pci.1,addr=0x0,iommu_platform=on \
-chardev file,id=charserial0,path=/mnt/tests/distribution/virt/install/guests/rhel82_sev_memory_plug/logs/rhel82_sev_memory_plug_console.log \
-device isa-serial,chardev=charserial0,id=serial0 \
-chardev pty,id=charserial1 \
-device isa-serial,chardev=charserial1,id=serial1 \
-chardev socket,id=charchannel0,fd=35,server,nowait \
-device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 \
-chardev spicevmc,id=charchannel1,name=vdagent \
-device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0 \
-device usb-tablet,id=input0,bus=usb.0,port=1 \
-spice port=5900,addr=0.0.0.0,disable-ticketing,image-compression=off,seamless-migration=on \
-device virtio-vga,id=video0,max_outputs=1,bus=pcie.0,addr=0x1 \
-device ich9-intel-hda,id=sound0,bus=pcie.0,addr=0x1b \
-device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 \
-chardev spicevmc,id=charredir0,name=usbredir \
-device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2 \
-chardev spicevmc,id=charredir1,name=usbredir \
-device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3 \
-device virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0,iommu_platform=on \
-object rng-random,id=objrng0,filename=/dev/random \
-device virtio-rng-pci,rng=objrng0,id=rng0,iommu_platform=on,bus=pci.6,addr=0x0 \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x3 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
2.
3.

Actual results:
qemu start normally without any error/warning messages


Expected results:
qemu should prompt error/warning messages that sev is enabled but iommu_platform is not set for virtio-vga 

Additional info:
Comment 7 Danilo de Paula 2021-06-08 00:29:00 UTC 
Upstream feature already present in qemu-6.0.
Marked as TestOnly and moved directly to ON_QA
Comment 8 zixchen 2021-06-08 10:04:42 UTC 
The issue is no longger exits, set status to verified.

Version:
kernel-4.18.0-310.el8.x86_64
qemu-kvm-6.0.0-17.module+el8.5.0+11173+c9fce0bb.x86_64

Steps:
1.boot a SEV guest without adding iommu_platform=on,
/usr/libexec/qemu-kvm \
-enable-kvm \
-cpu EPYC \
-smp 4 \
-m 4096 \
-overcommit mem-lock=on \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x3 \
-machine q35,confidential-guest-support=sev0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \
-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.cc.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \
-device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x3 \
-device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x4 \
-device virtio-scsi-pci,id=scsi0,bus=pci.1,addr=0x0 \
-drive file=/home/rhel83_sev.qcow2,format=raw,if=none,id=drive-scsi0-0-0-0 \
-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scssi0-0-0-0 \
-device pcie-root-port,id=pcie-root-port-4,port=0x01,bus=pcie.0,chassis=4 \
-device virtio-net-pci,mac=52:56:00:00:00:11,id=net0,netdev=hostnet0,bus=pcie-root-port-4,addr=0x0,romfile=""  \
-netdev tap,id=hostnet0 \
-device virtio-vga,id=video0,max_outputs=1,bus=pcie.0,addr=0x5 \
-vnc :0 \
-monitor stdio \
-qmp tcp:0:6666,server,nowait   \

Result:
guesy boots normally, without iommu_platform=on, network, hard disk and vga devices works well.
#lspci -k
00:05.0 VGA compatible controller: Red Hat, Inc. Virtio GPU (rev 01)
	Subsystem: Red Hat, Inc. Device 1100
	Kernel driver in use: virtio-pci
01:00.0 Ethernet controller: Red Hat, Inc. Virtio network device (rev 01)
	Subsystem: Red Hat, Inc. Device 1100
	Kernel driver in use: virtio-pci
02:00.0 SCSI storage controller: Red Hat, Inc. Virtio SCSI (rev 01)
	Subsystem: Red Hat, Inc. Device 1100
	Kernel driver in use: virtio-pci
Comment 12 errata-xmlrpc 2021-11-16 07:49:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4684
Note You need to log in before you can comment on or make changes to this bug.