[libvirt PATCH v2 2/4] qemu: process: Move SEV capability check to qemuValidateDomainDef
Daniel Henrique Barboza
danielhb413 at gmail.com
Fri Oct 16 18:31:25 UTC 2020
On 10/15/20 7:45 AM, Erik Skultety wrote:
> Checks such as this one should be done at domain def validation time,
> not before starting the QEMU process.
> As for this change, existing domains will see some QEMU error when
> starting as opposed to a libvirt error that this QEMU binary doesn't
> support SEV, but that's okay, we never guaranteed error messages to
> remain the same.
>
> Signed-off-by: Erik Skultety <eskultet at redhat.com>
> ---
Reviewed-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
> src/qemu/qemu_process.c | 9 ---------
> src/qemu/qemu_validate.c | 8 ++++++++
> 2 files changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index f71bb21f09..16d6f54f66 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -6393,8 +6393,6 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
> static int
> qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
> {
> - qemuDomainObjPrivatePtr priv = vm->privateData;
> - virQEMUCapsPtr qemuCaps = priv->qemuCaps;
> virDomainSEVDefPtr sev = vm->def->sev;
>
> if (!sev)
> @@ -6402,13 +6400,6 @@ qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
>
> VIR_DEBUG("Preparing SEV guest");
>
> - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
> - virReportError(VIR_ERR_INTERNAL_ERROR,
> - _("Domain %s asked for 'sev' launch but this "
> - "QEMU does not support SEV feature"), vm->def->name);
> - return -1;
> - }
> -
> if (sev->dh_cert) {
> if (qemuProcessSEVCreateFile(vm, "dh_cert", sev->dh_cert) < 0)
> return -1;
> diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
> index 28eae76cca..949a5a59b7 100644
> --- a/src/qemu/qemu_validate.c
> +++ b/src/qemu/qemu_validate.c
> @@ -1034,6 +1034,14 @@ qemuValidateDomainDef(const virDomainDef *def,
> return -1;
> }
>
> + if (def->sev &&
> + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("SEV launch security is not supported with "
> + "this QEMU binary"));
> + return -1;
> + }
> +
> return 0;
> }
>
>
More information about the libvir-list
mailing list