Bug 2012386 - virt-host-validate: Detetion results of AMD SEV is not expected
Summary: virt-host-validate: Detetion results of AMD SEV is not expected
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: libvirt
Version: 9.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Andrea Bolognani
QA Contact: Luyao Huang
URL:
Whiteboard:
Depends On: 2012385
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-10-09 02:31 UTC by Han Han
Modified: 2022-05-17 13:05 UTC (History)
9 users (show)

Fixed In Version: libvirt-7.9.0-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2012385
Environment:
Last Closed: 2022-05-17 12:45:32 UTC
Type: Bug
Target Upstream Version: 7.9.0


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-99351 0 None None None 2021-10-09 02:32:32 UTC
Red Hat Product Errata RHBA-2022:2390 0 None None None 2022-05-17 12:45:58 UTC

Description Han Han 2021-10-09 02:31:51 UTC
+++ This bug was initially created as a clone of Bug #2012385 +++

Description of problem:
As subject

Version-Release number of selected component (if applicable):
kernel-4.18.0-341.el8.x86_64
libvirt-7.6.0-3.module+el8.5.0+12510+80564ecf.x86_64

How reproducible:
100%

Steps to Reproduce:
On a AMD host.
1. Enable sev:
➜  ~ modprobe -r kvm_amd    
➜  ~ modprobe kvm_amd sev=1
➜  ~ cat /sys/module/kvm_amd/parameters/sev
Y


2. Run virt-host-validate:
➜  ~ virt-host-validate    
  QEMU: Checking for hardware virtualization                                 : PASS
  QEMU: Checking if device /dev/kvm exists                                   : PASS
  QEMU: Checking if device /dev/kvm is accessible                            : PASS
  QEMU: Checking if device /dev/vhost-net exists                             : PASS
  QEMU: Checking if device /dev/net/tun exists                               : PASS
  QEMU: Checking for cgroup 'cpu' controller support                         : PASS
  QEMU: Checking for cgroup 'cpuacct' controller support                     : PASS
  QEMU: Checking for cgroup 'cpuset' controller support                      : PASS
  QEMU: Checking for cgroup 'memory' controller support                      : PASS
  QEMU: Checking for cgroup 'devices' controller support                     : PASS
  QEMU: Checking for cgroup 'blkio' controller support                       : PASS
  QEMU: Checking for device assignment IOMMU support                         : PASS
  QEMU: Checking if IOMMU is enabled by kernel                               : PASS
  QEMU: Checking for secure guest support                                    : WARN (AMD Secure Encrypted Virtualization appears to be disabled in kernel. Add kvm_amd.sev=1 to the kernel cmdline arguments)

Actual results:
As above

Expected results:
  QEMU: Checking for secure guest support     : PASS

Additional info:
It is fixed on upstream:
commit 3f9c1a4bb8
Author: Jim Fehlig <jfehlig>
Date:   Tue Oct 5 22:34:57 2021 -0600

    tools: Fix virt-host-validate SEV detection
    
    virt-host-validate checks if AMD SEV is enabled by verifying
    /sys/module/kvm_amd/parameters/sev is set to '1'. On a system
    running kernel 5.13, the parameter is reported as 'Y'. To be
    extra paranoid, add a check for 'y' along with 'Y' to complement
    the existing check for '1'.
    
    Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715
    
    Signed-off-by: Jim Fehlig <jfehlig>
    Reviewed-by: Andrea Bolognani <abologna>

Comment 3 Luyao Huang 2021-11-12 07:39:36 UTC
Verify this bug with libvirt-7.9.0-1.el9.x86_64:

# modprobe -r kvm_amd
# modprobe kvm_amd sev=1
# cat /sys/module/kvm_amd/parameters/sev
Y
# virt-host-validate
  QEMU: Checking for hardware virtualization                                 : PASS
  QEMU: Checking if device /dev/kvm exists                                   : PASS
  QEMU: Checking if device /dev/kvm is accessible                            : PASS
  QEMU: Checking if device /dev/vhost-net exists                             : PASS
  QEMU: Checking if device /dev/net/tun exists                               : PASS
  QEMU: Checking for cgroup 'cpu' controller support                         : PASS
  QEMU: Checking for cgroup 'cpuacct' controller support                     : PASS
  QEMU: Checking for cgroup 'cpuset' controller support                      : PASS
  QEMU: Checking for cgroup 'memory' controller support                      : PASS
  QEMU: Checking for cgroup 'devices' controller support                     : PASS
  QEMU: Checking for cgroup 'blkio' controller support                       : PASS
  QEMU: Checking for device assignment IOMMU support                         : PASS
  QEMU: Checking if IOMMU is enabled by kernel                               : PASS
  QEMU: Checking for secure guest support                                    : PASS

Comment 5 errata-xmlrpc 2022-05-17 12:45:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: libvirt), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2390


Note You need to log in before you can comment on or make changes to this bug.