[PATCH v3 2/7] qemu: check if s390 secure guest support is enabled

Boris Fiuczynski fiuczy at linux.ibm.com
Tue Jun 16 11:30:51 UTC 2020


On 6/15/20 5:51 PM, Erik Skultety wrote:
> On Mon, Jun 15, 2020 at 04:49:30PM +0200, Boris Fiuczynski wrote:
>> On 6/15/20 4:17 PM, Erik Skultety wrote:
>>> On Mon, Jun 15, 2020 at 10:28:07AM +0200, Paulo de Rezende Pinatti wrote:
>>>> This patch introduces a common function to verify if the
>>>> availability of the so-called Secure Guest feature on the host
>>>> has changed in order to invalidate the qemu capabilities cache.
>>>> It can be used as an entry point for verification on different
>>>> architectures.
>>>>
>>>> For s390 the verification consists of:
>>>> - checking if /sys/firmware/uv is available: meaning the HW
>>>> facility is available and the host OS supports it;
>>>> - checking if the kernel cmdline contains 'prot_virt=1': meaning
>>>> the host OS wants to use the feature.
>>>>
>>>> Whenever the availability of the feature does not match the secure
>>>> guest flag in the cache then libvirt will re-build it in order to
>>>> pick up the new set of capabilities available.
>>>>
>>>> Signed-off-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
>>>> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>>>> Tested-by: Viktor Mihajlovski <mihajlov at linux.ibm.com>
>>>> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
>>>> ---
>>>
>>> Reviewed-by: Erik Skultety <eskultet at redhat.com>
>>>
>>> I'll squash the following in:
>>>
>>> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
>>> index 0bade7e71b..54835f12a6 100644
>>> --- a/src/qemu/qemu_capabilities.c
>>> +++ b/src/qemu/qemu_capabilities.c
>>> @@ -4699,12 +4699,8 @@ virQEMUCapsKVMSupportsSecureGuestS390(void)
>>>
>>>        if (!virFileIsDir("/sys/firmware/uv"))
>>>            return false;
>>> -
>>>        if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
>>>            return false;
>>> -
>>> -    /* we're prefix matching rather than equality matching here, because kernel
>>> -     * would treat even something like prot_virt='yFOO' as enabled */
>>>        if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kValues,
>>>                                       G_N_ELEMENTS(kValues),
>>>                                       VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
>>>
>>
>> Did you miss adding new lines before the last "    return false;" lines in
>> virQEMUCapsKVMSupportsSecureGuestS390 and virQEMUCapsKVMSupportsSecureGuest
>> ?
> 
> Good catch :).
> Again, sorry for the reverse diff.
> 
> Erik
> 

Erik,
thanks for your review, your micro fixups and pushing the series.

-- 
Mit freundlichen Grüßen/Kind regards
    Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294





More information about the libvir-list mailing list