From 79846eb0d08e289326af372db87762d66e0c688f Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Fri, 29 Aug 2025 21:10:05 +0900 Subject: [PATCH] libvirt: Disable VMCoreInfo device for SEV-encrypted instances When VMCoreInfo device is enabled, the QEMU fw_cfg device in guest OS requires DMA between host OS and guest OS through the device. However DMA is prohibited when guest memory is encrypted using SEV, and the attempt results in kernel crash. Do not add VMCoreInfo when memory encryption is enabled. Closes-Bug: #2117170 Change-Id: I05c7b1ae46ccd8d9aa42456b493ac6ee7ddd8bae Signed-off-by: Takashi Kajinami --- nova/tests/unit/virt/libvirt/test_driver.py | 47 +++++++++++++++++++ nova/virt/libvirt/driver.py | 7 ++- ...ncryption-is-enabled-142e64f6b9ef3135.yaml | 7 +++ 3 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/bug-2117170-disable-vmcoreinfo-when-memory-encryption-is-enabled-142e64f6b9ef3135.yaml diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py index fd4a3e1813..ad43d287e0 100644 --- a/nova/tests/unit/virt/libvirt/test_driver.py +++ b/nova/tests/unit/virt/libvirt/test_driver.py @@ -3787,6 +3787,53 @@ class LibvirtConnTestCase(test.NoDBTestCase, None, None, flavor, image_meta, ) + @mock.patch.object( + fakelibvirt.virConnect, '_domain_capability_features', new= + fakelibvirt.virConnect._domain_capability_features_with_SEV + ) + @mock.patch.object(host.Host, "_check_machine_type", new=mock.Mock()) + def test_get_guest_config_memory_encryption(self): + """Generate a guest with memory encryption. + + This configures an memory encryption. + """ + self.flags(virt_type="kvm", group='libvirt') + + drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), True) + drvr._host._supports_amd_sev = True + drvr._host._supports_amd_sev_es = False + instance_ref = objects.Instance(**self.test_instance) + image_meta = objects.ImageMeta.from_dict({ + "hw_architecture": fields.Architecture.X86_64, + "disk_format": "raw", + "properties": { + "hw_machine_type": "q35", + "hw_firmware_type": "uefi", + "hw_mem_encryption": True, + } + }) + + disk_info = blockinfo.get_disk_info( + CONF.libvirt.virt_type, + instance_ref, + image_meta, + ) + + cfg = drvr._get_guest_config( + instance_ref, + _fake_network_info(self), + image_meta, + disk_info, + ) + + # NOTE(tkajinm): vmcoreinfo should be disabled in this case + self.assertEqual(2, len(cfg.features)) + for idx, device_type in enumerate([ + vconfig.LibvirtConfigGuestFeatureACPI, + vconfig.LibvirtConfigGuestFeatureAPIC, + ]): + self.assertIsInstance(cfg.features[idx], device_type) + def _test_get_mem_encryption_config( self, expected=None, host_sev_enabled=False, enc_extra_spec=None, enc_image_prop=None, hw_machine_type=None, hw_firmware_type=None): diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py index 355624ffae..2e22810c28 100644 --- a/nova/virt/libvirt/driver.py +++ b/nova/virt/libvirt/driver.py @@ -6689,8 +6689,11 @@ class LibvirtDriver(driver.ComputeDriver): fields.Architecture.I686, fields.Architecture.X86_64, fields.Architecture.AARCH64, ): - guest.add_feature( - vconfig.LibvirtConfigGuestFeatureVMCoreInfo()) + # VMCoreInfo device requires DMA between guest OS and host + # OS, which is prohibited when guest memory is encrypted. + if not self._get_mem_encryption_config(flavor, image_meta): + guest.add_feature( + vconfig.LibvirtConfigGuestFeatureVMCoreInfo()) if hide_hypervisor_id: guest.add_feature( diff --git a/releasenotes/notes/bug-2117170-disable-vmcoreinfo-when-memory-encryption-is-enabled-142e64f6b9ef3135.yaml b/releasenotes/notes/bug-2117170-disable-vmcoreinfo-when-memory-encryption-is-enabled-142e64f6b9ef3135.yaml new file mode 100644 index 0000000000..259f0662d9 --- /dev/null +++ b/releasenotes/notes/bug-2117170-disable-vmcoreinfo-when-memory-encryption-is-enabled-142e64f6b9ef3135.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + [`bug 2117170 `_] Libvirt + driver no longer enables VMCoreInfo device when an instance has memory + encryption is enabled, to avoid kernel crash caused by fw_cfg device in + guest requiring DMA.