From 72fb687e3fe51dff5c0fde28acfd62404eec9065 Mon Sep 17 00:00:00 2001
From: Rob Bradford <robert.bradford@intel.com>
Date: Thu, 5 Dec 2019 15:24:26 +0000
Subject: [PATCH] vmm: Check for required capabilities

We now require CAP_SIGNAL_MSI, CAP_TSC_DEADLINE_TIMER and
CAP_SPLIT_IRQCHIP.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 vmm/src/vm.rs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/vmm/src/vm.rs b/vmm/src/vm.rs
index 542754582..4d07aa43d 100755
--- a/vmm/src/vm.rs
+++ b/vmm/src/vm.rs
@@ -145,6 +145,9 @@ pub enum Error {
 
     /// Error from CPU handling
     CpuManager(cpu::Error),
+
+    /// Capability missing
+    CapabilityMissing(Cap),
 }
 pub type Result<T> = result::Result<T, Error>;
 
@@ -243,6 +246,20 @@ impl Vm {
         reset_evt: EventFd,
     ) -> Result<Self> {
         let kvm = Kvm::new().map_err(Error::KvmNew)?;
+
+        // Check required capabilities:
+        if !kvm.check_extension(Cap::SignalMsi) {
+            return Err(Error::CapabilityMissing(Cap::SignalMsi));
+        }
+
+        if !kvm.check_extension(Cap::TscDeadlineTimer) {
+            return Err(Error::CapabilityMissing(Cap::TscDeadlineTimer));
+        }
+
+        if !kvm.check_extension(Cap::SplitIrqchip) {
+            return Err(Error::CapabilityMissing(Cap::SplitIrqchip));
+        }
+
         let kernel = File::open(&config.lock().unwrap().kernel.as_ref().unwrap().path)
             .map_err(Error::KernelFile)?;
         let fd = kvm.create_vm().map_err(Error::VmCreate)?;