[libvirt PATCH v2 2/4] qemu: process: Move SEV capability check to qemuValidateDomainDef

Daniel Henrique Barboza danielhb413 at gmail.com
Fri Oct 16 18:31:25 UTC 2020 


On 10/15/20 7:45 AM, Erik Skultety wrote:
> Checks such as this one should be done at domain def validation time,
> not before starting the QEMU process.
> As for this change, existing domains will see some QEMU error when
> starting as opposed to a libvirt error that this QEMU binary doesn't
> support SEV, but that's okay, we never guaranteed error messages to
> remain the same.
> 
> Signed-off-by: Erik Skultety <eskultet at redhat.com>
> ---

Reviewed-by: Daniel Henrique Barboza <danielhb413 at gmail.com>

>   src/qemu/qemu_process.c  | 9 ---------
>   src/qemu/qemu_validate.c | 8 ++++++++
>   2 files changed, 8 insertions(+), 9 deletions(-)
> 
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index f71bb21f09..16d6f54f66 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -6393,8 +6393,6 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
>   static int
>   qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
>   {
> -    qemuDomainObjPrivatePtr priv = vm->privateData;
> -    virQEMUCapsPtr qemuCaps = priv->qemuCaps;
>       virDomainSEVDefPtr sev = vm->def->sev;
>   
>       if (!sev)
> @@ -6402,13 +6400,6 @@ qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
>   
>       VIR_DEBUG("Preparing SEV guest");
>   
> -    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
> -        virReportError(VIR_ERR_INTERNAL_ERROR,
> -                        _("Domain %s asked for 'sev' launch but this "
> -                          "QEMU does not support SEV feature"), vm->def->name);
> -        return -1;
> -    }
> -
>       if (sev->dh_cert) {
>           if (qemuProcessSEVCreateFile(vm, "dh_cert", sev->dh_cert) < 0)
>               return -1;
> diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
> index 28eae76cca..949a5a59b7 100644
> --- a/src/qemu/qemu_validate.c
> +++ b/src/qemu/qemu_validate.c
> @@ -1034,6 +1034,14 @@ qemuValidateDomainDef(const virDomainDef *def,
>               return -1;
>       }
>   
> +    if (def->sev &&
> +        !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("SEV launch security is not supported with "
> +                         "this QEMU binary"));
> +        return -1;
> +    }
> +
>       return 0;
>   }
>   
>

More information about the libvir-list mailing list