From nobody Sun Feb 8 21:46:23 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1590747211; cv=none; d=zohomail.com; s=zohoarc; b=Qq8Tpc8PxWTTbJSSbqW0otJwPFANbTf5KKrZJZbohz7ygegcqxNvu9TbOwjvB+TxmoYo+4+O92iOW4YL8l0qVJJpppB8cYOtF1Mmjy1fC2ObJCDxrmnCPD4LMO+LwrsOeyLWS/sCzvBUNOT5WrN1RKJP5SOkyPx6xOfvpBf6j54= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590747211; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=URvbKVLbPUdkmKJ1YDYEaYny1xmy+zrtPJ/u1XaHifA=; b=ieYqETJ2vvX8aIIW9ai4XRhb2cj4LVbKYJnbisjZB7EFQpaxiV3atyp4Yv5nBHk4JhwXpwGlgUk/GfnqNeMxyOlas+dgnYOyR3bbvWMyN5i4ACXsa875yoDQxI3AgeQZf30HAShjus3MAHy2l1LtuBMoPwavuwgGS9OHmD1Fjiw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1590747211292218.17845422850883; Fri, 29 May 2020 03:13:31 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-66-gijeNkbCPHGYz0KsTLUbvg-1; Fri, 29 May 2020 06:13:24 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8F5C5100CCC1; Fri, 29 May 2020 10:13:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7348C768DC; Fri, 29 May 2020 10:13:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4633B6EF47; Fri, 29 May 2020 10:13:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04TAAPtG030446 for ; Fri, 29 May 2020 06:10:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1892C2028CD3; Fri, 29 May 2020 10:10:25 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 142F420267F2 for ; Fri, 29 May 2020 10:10:23 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D445D1019CA8 for ; Fri, 29 May 2020 10:10:22 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-512-wDzy5JifOsmb4LQhOcos9g-1; Fri, 29 May 2020 06:10:19 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04TA2bFr086173; Fri, 29 May 2020 06:10:18 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 31as1cvdqm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 06:10:18 -0400 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 04TA3lCp091080; Fri, 29 May 2020 06:10:17 -0400 Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 31as1cvdpq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 06:10:17 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 04TA6AGH010133; Fri, 29 May 2020 10:10:15 GMT Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by ppma04ams.nl.ibm.com with ESMTP id 316uf93qgd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 10:10:15 +0000 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04TAACqr51970198 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 29 May 2020 10:10:12 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DCF0F4205C; Fri, 29 May 2020 10:10:11 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6791942045; Fri, 29 May 2020 10:10:11 +0000 (GMT) Received: from normandy.boeblingen.de.ibm.com (unknown [9.145.145.249]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 29 May 2020 10:10:11 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590747207; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=URvbKVLbPUdkmKJ1YDYEaYny1xmy+zrtPJ/u1XaHifA=; b=aqbfqaRn8g5jZtUL24d+S2qyJB7sLPm70Vb17ei06PAiR0kl8/ancn6q2oe8BpB9zH3yxR FuqS1N8b74O1thh/QUAWnD7VEcYC4u4iPh7J7/JclNnjXT1qIkJgYaeQvEL848WSuKzvPJ 267j8nlsdlWX0DM3NbbPbdbPJq/5/D4= X-MC-Unique: gijeNkbCPHGYz0KsTLUbvg-1 X-MC-Unique: wDzy5JifOsmb4LQhOcos9g-1 From: Paulo de Rezende Pinatti To: libvir-list@redhat.com, fiuczy@linux.ibm.com, mihajlov@linux.ibm.com, berrange@redhat.com, brijesh.singh@amd.com, borntraeger@de.ibm.com, eskultet@redhat.com Subject: [PATCH v2 3/7] qemu: check if AMD secure guest support is enabled Date: Fri, 29 May 2020 12:10:05 +0200 Message-Id: <20200529101009.130358-4-ppinatti@linux.ibm.com> In-Reply-To: <20200529101009.130358-1-ppinatti@linux.ibm.com> References: <20200529101009.130358-1-ppinatti@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-29_02:2020-05-28, 2020-05-29 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 spamscore=0 phishscore=0 impostorscore=0 mlxscore=0 adultscore=0 cotscore=-2147483648 lowpriorityscore=0 suspectscore=0 clxscore=1015 priorityscore=1501 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005290075 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: danielhb413@gmail.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Implement secure guest check for AMD SEV (Secure Encrypted Virtualization) in order to invalidate the qemu capabilities cache in case the availability of the feature changed. For AMD SEV the verification consists of: - checking if /sys/module/kvm_amd/parameters/sev contains the value '1': meaning SEV is enabled in the host kernel; - checking if /dev/sev exists Signed-off-by: Paulo de Rezende Pinatti Signed-off-by: Boris Fiuczynski Reviewed-by: Bjoern Walk Reviewed-by: Erik Skultety --- src/qemu/qemu_capabilities.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index cbc577353b..0d19d4adff 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -4702,6 +4702,24 @@ virQEMUCapsKVMSupportsSecureGuestS390(void) } =20 =20 +/* + * Check whether AMD Secure Encrypted Virtualization (x86) is enabled + */ +static bool +virQEMUCapsKVMSupportsSecureGuestAMD(void) +{ + g_autofree char *modValue =3D NULL; + + if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/= sev") < 0) + return false; + if (modValue[0] !=3D '1') + return false; + if (virFileExists(QEMU_DEV_SEV)) + return true; + return false; +} + + /* * Check whether the secure guest functionality is enabled. * See the specific architecture function for details on the verifications= made. @@ -4713,6 +4731,8 @@ virQEMUCapsKVMSupportsSecureGuest(void) =20 if (ARCH_IS_S390(arch)) return virQEMUCapsKVMSupportsSecureGuestS390(); + if (ARCH_IS_X86(arch)) + return virQEMUCapsKVMSupportsSecureGuestAMD(); return false; } =20 --=20 2.25.4