From 1fdc9073259563c9d849e35713c48de025ab9dd4 Mon Sep 17 00:00:00 2001
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 15 Oct 2020 11:18:58 +0200
Subject: [PATCH] qemu: process: Move SEV capability check to
 qemuValidateDomainDef

Checks such as this one should be done at domain def validation time,
not before starting the QEMU process.
As for this change, existing domains will see some QEMU error when
starting as opposed to a libvirt error that this QEMU binary doesn't
support SEV, but that's okay, we never guaranteed error messages to
remain the same.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
 src/qemu/qemu_process.c  | 9 ---------
 src/qemu/qemu_validate.c | 8 ++++++++
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f71bb21f09..16d6f54f66 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6393,8 +6393,6 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
 static int
 qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
 {
-    qemuDomainObjPrivatePtr priv = vm->privateData;
-    virQEMUCapsPtr qemuCaps = priv->qemuCaps;
     virDomainSEVDefPtr sev = vm->def->sev;
 
     if (!sev)
@@ -6402,13 +6400,6 @@ qemuProcessPrepareSEVGuestInput(virDomainObjPtr vm)
 
     VIR_DEBUG("Preparing SEV guest");
 
-    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                        _("Domain %s asked for 'sev' launch but this "
-                          "QEMU does not support SEV feature"), vm->def->name);
-        return -1;
-    }
-
     if (sev->dh_cert) {
         if (qemuProcessSEVCreateFile(vm, "dh_cert", sev->dh_cert) < 0)
             return -1;
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 3ef90b337b..487a9a9627 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1210,6 +1210,14 @@ qemuValidateDomainDef(const virDomainDef *def,
     if (qemuValidateDomainDefPanic(def, qemuCaps) < 0)
         return -1;
 
+    if (def->sev &&
+        !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("SEV launch security is not supported with "
+                         "this QEMU binary"));
+        return -1;
+    }
+
     return 0;
 }