Created attachment 1784405 [details] libguestfs-test-tool output Description of problem: On RHEL AV 8.5.0, libvirt cannot start the kernel when <cpu mode="host-passthrough"> is used, giving the error: internal error: unknown feature amd-sev-es See libguestfs-test-tool output attached. Version-Release number of selected component (if applicable): libguestfs-1.40.2-28.module+el8.5.0+10717+67be7ac4.x86_64 libvirt-6.0.0-35.module+el8.5.0+10709+b3edb581.x86_64 qemu-kvm-4.2.0-50.module+el8.5.0+10875+d90dbc7e.x86_64 Both of these kernels were tested and found to fail in the same way: kernel-4.18.0-305.6.el8.x86_64 (normal RHEL AV kernel) kernel-5.13.0-0.rc1.13.fc35.x86_64 (from Fedora) How reproducible: 100% Steps to Reproduce: 1. Run libguestfs-test-tool Additional information: This is NOT AMD hardware! It's: Intel(R) Xeon(R) Silver 4210R CPU @ 2.40GHz
Created attachment 1784406 [details] /proc/cpuinfo from the host
There are no libvirt log files containing the qemu command line. We suspect this is because the failure happens long before libvirtd has produces the qemu command. Also supporting this theory: # virsh domcapabilities error: failed to get emulator capabilities error: internal error: unknown feature amd-sev-es
I think this is a problem with the new capability in the new ovmf firmware: [root@virtlab722 capabilities]# virsh domcapabilities 2021-05-18 10:00:45.638+0000: 11259: info : libvirt version: 6.0.0, package: 35.module+el8.5.0+10709+b3edb581 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2021-04-19-06:16:31, ) 2021-05-18 10:00:45.638+0000: 11259: info : hostname: virtlab722.virt.lab.eng.bos.redhat.com 2021-05-18 10:00:45.638+0000: 11259: debug : virQEMUCapsLoadCache:4100 : Got flags 209 2021-05-18 10:00:45.663+0000: 11259: debug : virQEMUCapsKVMUsable:4645 : /dev/kvm has changed (1621331538 vs 0) 2021-05-18 10:00:45.671+0000: 11259: debug : virQEMUCapsCacheLookup:5405 : Returning caps 0x7fabb0001860 for /usr/libexec/qemu-kvm 2021-05-18 10:00:45.671+0000: 11259: debug : qemuInteropFetchConfigs:162 : firmware description path '/usr/share/qemu/firmware/40-edk2-ovmf-sb.json' len=770 2021-05-18 10:00:45.671+0000: 11259: debug : qemuInteropFetchConfigs:162 : firmware description path '/usr/share/qemu/firmware/50-edk2-ovmf-cc.json' len=673 2021-05-18 10:00:45.671+0000: 11259: debug : qemuInteropFetchConfigs:162 : firmware description path '/usr/share/qemu/firmware/50-edk2-ovmf.json' len=722 2021-05-18 10:00:45.671+0000: 11259: debug : qemuFirmwareInterfaceParse:324 : firmware description path '/usr/share/qemu/firmware/40-edk2-ovmf-sb.json' supported interfaces: uefi 2021-05-18 10:00:45.671+0000: 11259: debug : qemuFirmwareInterfaceParse:324 : firmware description path '/usr/share/qemu/firmware/50-edk2-ovmf-cc.json' supported interfaces: uefi 2021-05-18 10:00:45.671+0000: 11259: error : qemuFirmwareFeatureParse:595 : internal error: unknown feature amd-sev-es error: failed to get emulator capabilities error: internal error: unknown feature amd-sev-es
Laszlo: This seems to be new ovmf packages upsetting old libvirt?
There is similar error info from bug 1961562 on RHEL8.5.
I think the issue is introduced by edk2-ovmf-20200602gitca407c7246bf-5.el8.noarch, and it is related with bug 1956837. But I'm not sure, need Laszlo's confirmation.
*** Bug 1961562 has been marked as a duplicate of this bug. ***
Upstream commit fixing the behavior to not print error messages for unknown features: commit 61d95a1073833ec4323c1ef28e71e913c55aa7b9 Author: Pavel Hrdina <phrdina> Date: Mon May 10 15:07:09 2021 +0200 qemu_firmware: don't error out for unknown firmware features This will be included in RHEL-AV-8.5.0 by next rebase to libvirt 7.4.0.
Verified Version: libvirt-7.4.0-1.module+el8.5.0+11218+83343022.x86_64 qemu-kvm-6.0.0-19.module+el8.5.0+11385+6e7d542e.x86_64 Verified Steps: 1. Prepare a guest xml: # cat lmn.xml ... <os> <type arch='x86_64' machine='pc-q35-rhel8.4.0'>hvm</type> <boot dev='hd'/> </os> ... <devices> <emulator>/usr/libexec/qemu-kvm</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/var/lib/libvirt/images/lmn.qcow2'/> <target dev='vda' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/> </disk> ... 2. Define and start the guest. # virsh define lmn.xml Domain lmn defined from lmn.xml # virsh start lmn Domain lmn started 3. Check domcapabilities. # virsh domcapabilities <domainCapabilities> <path>/usr/libexec/qemu-kvm</path> <domain>kvm</domain> ... <backup supported='no'/> <sev supported='no'/> </features> </domainCapabilities>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4684