[PATCH v3 4/7] tools: secure guest check on s390 in virt-host-validate

Boris Fiuczynski fiuczy at linux.ibm.com
Mon Jun 15 14:27:06 UTC 2020


On 6/15/20 4:19 PM, Erik Skultety wrote:
> On Mon, Jun 15, 2020 at 10:28:09AM +0200, Paulo de Rezende Pinatti wrote:
>> From: Boris Fiuczynski <fiuczy at linux.ibm.com>
>>
>> Add checking in virt-host-validate for secure guest support
>> on s390 for IBM Secure Execution.
>>
>> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>> Tested-by: Viktor Mihajlovski <mihajlov at linux.ibm.com>
>> Reviewed-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
>> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
>> Reviewed-by: Erik Skultety <eskultet at redhat.com>
>> ---
> 
> My RB still stands, again small enhancement:
> 
> diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
> index a279e9cc19..6e03235ceb 100644
> --- a/tools/virt-host-validate-common.c
> +++ b/tools/virt-host-validate-common.c
> @@ -471,10 +471,6 @@ int virHostValidateSecureGuests(const char *hvname,
>               if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
>                   return -1;
> 
> -            /* we're prefix matching rather than equality matching here, because
> -             * kernel would treat even something like prot_virt='yFOO' as
> -             * enabled
> -             */
>               if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kIBMValues,
>                                              G_N_ELEMENTS(kIBMValues),
>                                              VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
> 

Thanks Erik, the "enhancement" is fine with me. :-)


-- 
Mit freundlichen Grüßen/Kind regards
    Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294





More information about the libvir-list mailing list