[PATCH] tools: Fix virt-host-validate SEV detection

Jim Fehlig posted 1 patch 2 weeks, 2 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20211006044147.4176-1-jfehlig@suse.com
tools/virt-host-validate-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[PATCH] tools: Fix virt-host-validate SEV detection

Posted by Jim Fehlig 2 weeks, 2 days ago
virt-host-validate checks if AMD SEV is enabled by verifying
/sys/module/kvm_amd/parameters/sev is set to '1'. On a system
running kernel 5.13, the parameter is reported as 'Y'. To be
extra paranoid, add a check for 'y' along with 'Y' to complement
the existing check for '1'.

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 tools/virt-host-validate-common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index 556223242d..ba7f54b4ce 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -501,7 +501,7 @@ int virHostValidateSecureGuests(const char *hvname,
             return VIR_HOST_VALIDATE_FAILURE(level);
         }
 
-        if (mod_value[0] != '1') {
+        if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') {
             virHostMsgFail(level,
                            "AMD Secure Encrypted Virtualization appears to be "
                            "disabled in kernel. Add kvm_amd.sev=1 "
-- 
2.33.0


Re: [PATCH] tools: Fix virt-host-validate SEV detection

Posted by Andrea Bolognani 2 weeks, 2 days ago
On Tue, Oct 05, 2021 at 10:41:47PM -0600, Jim Fehlig wrote:
> virt-host-validate checks if AMD SEV is enabled by verifying
> /sys/module/kvm_amd/parameters/sev is set to '1'. On a system
> running kernel 5.13, the parameter is reported as 'Y'. To be
> extra paranoid, add a check for 'y' along with 'Y' to complement
> the existing check for '1'.
>
> Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715
>
> Signed-off-by: Jim Fehlig <jfehlig@suse.com>
> ---
>  tools/virt-host-validate-common.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Andrea Bolognani <abologna@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization