From nobody Sun Feb  8 18:10:39 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1602758771; cv=none;
	d=zohomail.com; s=zohoarc;
	b=R+DrlkIuJjGgHbYhypKgquTUXaxscz7c49YBknCIF+KstzGX15vEJaeXCWIMJsgMbFXEnSIdqBRvUKWRcvkrlvDTC5DcZQcRbCJu5ixTX0bNf4UD1qTiXVU6xYqu3mDy46fPGBfQ6VTjw0i5F0CMVG9r9WBisB35mP71yUqWCXA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1602758771;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=LfBOjGs5GI4jvoVNht+rmrMRhLLMYq5yJdAWrOnVaE0=;
	b=nOekt3Ro1s6eI1CAQXk3nlrz0JfLA0WS0p31kSkMgjAhCrDV3TuI+mXaDEOvrIOyFtNkCIpiB/510/ZOcbDAc9L/6x/Tvu/UhPh/W/iv/6xk+FgaU5lpZDCEgladHtd7nDYUYkT6BAvnYqpAu4Dm7DxwhXdICtY9Pm0/uzX5Ykg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<eskultet@redhat.com> (p=none dis=none)
 header.from=<eskultet@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com
	with SMTPS id 1602758771015918.3849278918078;
 Thu, 15 Oct 2020 03:46:11 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-352-iZS27NBkNWiCNRvGuxD-Bg-1; Thu, 15 Oct 2020 06:46:07 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 16EB49CC07;
	Thu, 15 Oct 2020 10:46:02 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E05E06EF65;
	Thu, 15 Oct 2020 10:46:01 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5A25A58100;
	Thu, 15 Oct 2020 10:46:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 09FAjuP8004190 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 15 Oct 2020 06:45:56 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 3F00910013D7; Thu, 15 Oct 2020 10:45:56 +0000 (UTC)
Received: from nautilus.redhat.com (unknown [10.40.192.115])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3733F1002382;
	Thu, 15 Oct 2020 10:45:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1602758769;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=LfBOjGs5GI4jvoVNht+rmrMRhLLMYq5yJdAWrOnVaE0=;
	b=aJ69sdaqcsYikG4ScqkGvL9NQdrAstrI69KA2H0X4daVyxoE+vb0MReYBtq2XwH3GIQBqy
	QuWZcBZ1GQiqm/5Z1XZhWuCos1q7qTFGRafKJckeqO2VIDgKLtRf6UeYuihU1scVrDRmsg
	+Wgxevzm9wOuNAgBC5Y094zTxFYQgOg=
X-MC-Unique: iZS27NBkNWiCNRvGuxD-Bg-1
From: Erik Skultety <eskultet@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 2/4] qemu: process: Move SEV capability check to
	qemuValidateDomainDef
Date: Thu, 15 Oct 2020 12:45:46 +0200
Message-Id: 
 <ed0fa1c614a7cb422ae625fee0dd64205672e7ad.1602758656.git.eskultet@redhat.com>
In-Reply-To: <cover.1602758656.git.eskultet@redhat.com>
References: <cover.1602758656.git.eskultet@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: brijesh.singh@amd.com, dgilbert@redhat.com,
	Erik Skultety <eskultet@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

Checks such as this one should be done at domain def validation time,
not before starting the QEMU process.
As for this change, existing domains will see some QEMU error when
starting as opposed to a libvirt error that this QEMU binary doesn't
support SEV, but that's okay, we never guaranteed error messages to
remain the same.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
 src/qemu/qemu_process.c  | 9 ---------
 src/qemu/qemu_validate.c | 8 ++++++++
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f71bb21f09..16d6f54f66 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6393,8 +6393,6 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
 static int
 qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
 {
-    qemuDomainObjPrivatePtr priv =3D vm->privateData;
-    virQEMUCapsPtr qemuCaps =3D priv->qemuCaps;
     virDomainSEVDefPtr sev =3D vm->def->sev;
=20
     if (!sev)
@@ -6402,13 +6400,6 @@ qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
=20
     VIR_DEBUG("Preparing SEV guest");
=20
-    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                        _("Domain %s asked for 'sev' launch but this "
-                          "QEMU does not support SEV feature"), vm->def->n=
ame);
-        return -1;
-    }
-
     if (sev->dh_cert) {
         if (qemuProcessSEVCreateFile(vm, "dh_cert", sev->dh_cert) < 0)
             return -1;
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 28eae76cca..949a5a59b7 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1034,6 +1034,14 @@ qemuValidateDomainDef(const virDomainDef *def,
             return -1;
     }
=20
+    if (def->sev &&
+        !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("SEV launch security is not supported with "
+                         "this QEMU binary"));
+        return -1;
+    }
+
     return 0;
 }
=20
--=20
2.26.2