[PATCH v3 2/7] qemu: check if s390 secure guest support is enabled
Boris Fiuczynski
fiuczy at linux.ibm.com
Mon Jun 15 14:49:30 UTC 2020
On 6/15/20 4:17 PM, Erik Skultety wrote:
> On Mon, Jun 15, 2020 at 10:28:07AM +0200, Paulo de Rezende Pinatti wrote:
>> This patch introduces a common function to verify if the
>> availability of the so-called Secure Guest feature on the host
>> has changed in order to invalidate the qemu capabilities cache.
>> It can be used as an entry point for verification on different
>> architectures.
>>
>> For s390 the verification consists of:
>> - checking if /sys/firmware/uv is available: meaning the HW
>> facility is available and the host OS supports it;
>> - checking if the kernel cmdline contains 'prot_virt=1': meaning
>> the host OS wants to use the feature.
>>
>> Whenever the availability of the feature does not match the secure
>> guest flag in the cache then libvirt will re-build it in order to
>> pick up the new set of capabilities available.
>>
>> Signed-off-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
>> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>> Tested-by: Viktor Mihajlovski <mihajlov at linux.ibm.com>
>> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
>> ---
>
> Reviewed-by: Erik Skultety <eskultet at redhat.com>
>
> I'll squash the following in:
>
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index 0bade7e71b..54835f12a6 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -4699,12 +4699,8 @@ virQEMUCapsKVMSupportsSecureGuestS390(void)
>
> if (!virFileIsDir("/sys/firmware/uv"))
> return false;
> -
> if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
> return false;
> -
> - /* we're prefix matching rather than equality matching here, because kernel
> - * would treat even something like prot_virt='yFOO' as enabled */
> if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kValues,
> G_N_ELEMENTS(kValues),
> VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
>
Did you miss adding new lines before the last " return false;" lines
in virQEMUCapsKVMSupportsSecureGuestS390 and
virQEMUCapsKVMSupportsSecureGuest ?
Besides that question I am fine with your micro fixups.
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
More information about the libvir-list
mailing list