Re: [PATCH v3 2/7] qemu: check if s390 secure guest support is enabled

Boris Fiuczynski <fiuczy@xxxxxxxxxxxxx> · Mon, 15 Jun 2020 16:49:30 +0200

On 6/15/20 4:17 PM, Erik Skultety wrote:
On Mon, Jun 15, 2020 at 10:28:07AM +0200, Paulo de Rezende Pinatti wrote:
This patch introduces a common function to verify if the
availability of the so-called Secure Guest feature on the host
has changed in order to invalidate the qemu capabilities cache.
It can be used as an entry point for verification on different
architectures.

For s390 the verification consists of:
- checking if /sys/firmware/uv is available: meaning the HW
facility is available and the host OS supports it;
- checking if the kernel cmdline contains 'prot_virt=1': meaning
the host OS wants to use the feature.

Whenever the availability of the feature does not match the secure
guest flag in the cache then libvirt will re-build it in order to
pick up the new set of capabilities available.

Signed-off-by: Paulo de Rezende Pinatti <ppinatti@xxxxxxxxxxxxx>
Signed-off-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxx>
Tested-by: Viktor Mihajlovski <mihajlov@xxxxxxxxxxxxx>
Reviewed-by: Bjoern Walk <bwalk@xxxxxxxxxxxxx>
---

Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>

I'll squash the following in:

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 0bade7e71b..54835f12a6 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4699,12 +4699,8 @@ virQEMUCapsKVMSupportsSecureGuestS390(void)

      if (!virFileIsDir("/sys/firmware/uv"))
          return false;
-
      if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
          return false;
-
-    /* we're prefix matching rather than equality matching here, because kernel
-     * would treat even something like prot_virt='yFOO' as enabled */
      if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kValues,
                                     G_N_ELEMENTS(kValues),
                                     VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |


Did you miss adding new lines before the last "    return false;" lines 
in virQEMUCapsKVMSupportsSecureGuestS390 and 
virQEMUCapsKVMSupportsSecureGuest ?

Besides that question I am fine with your micro fixups.

--
Mit freundlichen Grüßen/Kind regards
   Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294








