-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-8.10
-
qemu-kvm-6.2.0-46.el8
-
None
-
Critical
-
rhel-sst-virtualization
-
ssg_virtualization
-
22
-
24
-
None
-
False
-
-
No
-
Red Hat Enterprise Linux
-
None
-
Pass
-
Automated
-
-
s390x
-
None
What were you trying to do that didn't work?
The error message is not clear when boot up a SE guest with wrong notification on Z16 host and with Z15 notification
Please provide the package NVR for which bug is seen:
qemu version: qemu-kvm-6.2.0-41.module+el8.10.0+20088+3901493e.s390x
kernel version: kernel-4.18.0-527.el8.s390x
How reproducible:
100%
Steps to reproduce
- set LPAR kernel command for SE guest on z16
- grubby --update-kernel='/boot/vmlinuz-4.18.0-527.el8.s390x' --args="prot_virt=1"
- zipl
- reboot
- boot a SE guest with z15 verification
Expected results
the error message could show more details about the root cause
Actual results
[root@rdu-z16-l27 home]# cat /sys/firmware/uv/prot_virt_host
1
[root@rdu-z16-l27 home]# sh se.sh
QEMU 6.2.0 monitor - type 'help' for more information
(qemu) qemu-kvm: KVM PV command 2 (KVM_PV_SET_SEC_PARMS) failed: header rc 108 rrc 5 IOCTL rc: -22
[root@rdu-z16-l27 home]#
[root@rdu-z16-l26 home]#
- clones
-
-
- Closed
-
- links to
-
RHSA-2023:120326
virt:rhel security bug fix and enhancement update
- mentioned on
[RHEL-18214] [RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption
Leo Fu
added a comment - since the pre-verification was using official qemu package, set this bug to release-pending
Leo Fu
added a comment - since the pre-verification was using official qemu package, set this bug to release-pending Hit known issue https://issues.redhat.com/browse/RHEL-22411
Besides that, other passthrough tests passed. So consider Pass.
Regression test result:
specific test:
QEMU 6.2.0 monitor - type 'help' for more information
(qemu) qemu-kvm: KVM PV command 2 (KVM_PV_SET_SEC_PARMS) failed: header rc 108 rrc 5 IOCTL rc: -22
qemu-kvm: Failed to set secure execution parameters
Please check whether the image is correctly encrypted for this host
Normal guest:
From 102 tests executed, 101 passed and 0 warned - success rate of 99.02%
Failed case got PASS after re-trigger
http://10.0.136.47/bfu/s390x/jira-bugs/RHEL-18214/results.html
http://10.0.136.47/bfu/s390x/jira-bugs/RHEL-18214-1/results.html
SE guest:
From 177 tests executed, 175 passed and 0 warned - success rate of 98.87%
Failed cases got PASS after re-trigger
http://10.0.136.47/bfu/s390x/jira-bugs/RHEL-18214-se/results.html
http://10.0.136.47/bfu/s390x/jira-bugs/RHEL-18214-se-1/results.html
smitterl@redhat.com Could you please trigger the passthrough test from libvirt side and set the preliminary test as PASS, thx
Leo Fu
added a comment - - edited Regression test result:
specific test:
QEMU 6.2.0 monitor - type 'help' for more information
(qemu) qemu-kvm: KVM PV command 2 (KVM_PV_SET_SEC_PARMS) failed: header rc 108 rrc 5 IOCTL rc: -22
qemu-kvm: Failed to set secure execution parameters
Please check whether the image is correctly encrypted for this host
Normal guest:
From 102 tests executed, 101 passed and 0 warned - success rate of 99.02%
Failed case got PASS after re-trigger
http://10.0.136.47/bfu/s390x/jira-bugs/RHEL-18214/results.html
http://10.0.136.47/bfu/s390x/jira-bugs/RHEL-18214-1/results.html
SE guest:
From 177 tests executed, 175 passed and 0 warned - success rate of 98.87%
Failed cases got PASS after re-trigger
http://10.0.136.47/bfu/s390x/jira-bugs/RHEL-18214-se/results.html
http://10.0.136.47/bfu/s390x/jira-bugs/RHEL-18214-se-1/results.html
smitterl@redhat.com Could you please trigger the passthrough test from libvirt side and set the preliminary test as PASS, thx 
Jon Maloy
added a comment - Fix included in qemu-kvm-6.2.0-46.el8
Fixed by merge request 's390x: Provide some more useful information if decryption of a PV image fails' ( https://gitlab.com/redhat/rhel/src/qemu-kvm/qemu-kvm/-/merge_requests/348 )
Jon Maloy
added a comment - Fix included in qemu-kvm-6.2.0-46.el8
Fixed by merge request 's390x: Provide some more useful information if decryption of a PV image fails' ( https://gitlab.com/redhat/rhel/src/qemu-kvm/qemu-kvm/-/merge_requests/348 ) 
gitlab-bot
added a comment - Jon Maloy mentioned this issue in a commit of Red Hat / centos-stream / rpms / qemu-kvm on branch stream-virt-rhel-rhel-8.10.0:
- Wed Jan 17 2024 Jon Maloy <jmaloy@redhat.com> - 6.2.0-46
gitlab-bot
added a comment - Jon Maloy mentioned this issue in a commit of Red Hat / centos-stream / rpms / qemu-kvm on branch stream-virt-rhel-rhel-8.10.0 :
Wed Jan 17 2024 Jon Maloy <jmaloy@redhat.com> - 6.2.0-46
gitlab-bot
added a comment - Jon Maloy mentioned this issue in a merge request of Red Hat / centos-stream / rpms / qemu-kvm on branch next:
Update to qemu-kvm-6.2.0-46.el8
gitlab-bot
added a comment - Jon Maloy mentioned this issue in a merge request of Red Hat / centos-stream / rpms / qemu-kvm on branch next : Update to qemu-kvm-6.2.0-46.el8 bfu@redhat.com : Never mind, I was looking at a stale version in my browser, I just noticed that there is already an ITM now.
bfu@redhat.com : Could you please provide an ITM for this ticket? Thanks!
We should include several error_reports() calls in s390_machine_protect()
Since the problem described in this issue should be resolved in a recent advisory, it has been closed.
For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security and enhancement update), and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2024:2962