Re: [PATCH] qemuValidateDomainDef: Clarify error message when S390 PV launch security is unsupported by the kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 30, 2022 at 15:17:36 +0200, Marc Hartmayer wrote:
> Peter Krempa <pkrempa@xxxxxxxxxx> writes:
> 
> > Split up the condition and report a different error message when the
> > host or host config results in S390 PV launch security being
> > unavailable.
> >
> > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2122534
> > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
> > ---
> >  src/qemu/qemu_validate.c | 11 +++++++----
> >  1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
> > index 6403266559..63f3459c90 100644
> > --- a/src/qemu/qemu_validate.c
> > +++ b/src/qemu/qemu_validate.c
> > @@ -1454,11 +1454,14 @@ qemuValidateDomainDef(const virDomainDef *def,
> >              break;
> >          case VIR_DOMAIN_LAUNCH_SECURITY_PV:
> >              if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT) ||
> > -                !virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) ||
> > -                !virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps)) {
> > +                !virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST)) {
> >                  virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> > -                               _("S390 PV launch security is not supported with "
> > -                                 "this QEMU binary"));
> > +                               _("S390 PV launch security is not supported with this QEMU binary"));
> > +                return -1;
> > +            }
> > +            if (!virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps)) {
> > +                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> > +                               _("S390 PV launch security is not supported by this host or kernel"));
> 
> Not sure if the error message is clear enough… PV also depends on the
> kernel cmdline opt-in - `prot_virt=1` has to be set.

I went for a generic error as there are multiple conditions when the
support is assumed to not be present in virQEMUCapsKVMSupportsSecureGuestS390.

The first condition seems to imply that also host firmware might be
involved and thus asking for the kernel parameter to be enabled might be
misleading.




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux