On Mon, Jun 15, 2020 at 10:28:07AM +0200, Paulo de Rezende Pinatti wrote:
> This patch introduces a common function to verify if the
> availability of the so-called Secure Guest feature on the host
> has changed in order to invalidate the qemu capabilities cache.
> It can be used as an entry point for verification on different
> architectures.
>
> For s390 the verification consists of:
> - checking if /sys/firmware/uv is available: meaning the HW
> facility is available and the host OS supports it;
> - checking if the kernel cmdline contains 'prot_virt=1': meaning
> the host OS wants to use the feature.
>
> Whenever the availability of the feature does not match the secure
> guest flag in the cache then libvirt will re-build it in order to
> pick up the new set of capabilities available.
>
> Signed-off-by: Paulo de Rezende Pinatti <ppinatti@xxxxxxxxxxxxx>
> Signed-off-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxx>
> Tested-by: Viktor Mihajlovski <mihajlov@xxxxxxxxxxxxx>
> Reviewed-by: Bjoern Walk <bwalk@xxxxxxxxxxxxx>
> ---
Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>
I'll squash the following in:
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 0bade7e71b..54835f12a6 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4699,12 +4699,8 @@ virQEMUCapsKVMSupportsSecureGuestS390(void)
if (!virFileIsDir("/sys/firmware/uv"))
return false;
-
if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
return false;
-
- /* we're prefix matching rather than equality matching here, because kernel
- * would treat even something like prot_virt='yFOO' as enabled */
if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kValues,
G_N_ELEMENTS(kValues),
VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
