Re: [PATCH v3 4/7] tools: secure guest check on s390 in virt-host-validate

Monday, 15 June 2020

On Mon, Jun 15, 2020 at 10:28:09AM +0200, Paulo de Rezende Pinatti wrote:
...
 From: Boris Fiuczynski <fiuczy(a)linux.ibm.com&gt;

 Add checking in virt-host-validate for secure guest support
 on s390 for IBM Secure Execution.

 Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com&gt;
 Tested-by: Viktor Mihajlovski <mihajlov(a)linux.ibm.com&gt;
 Reviewed-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com&gt;
 Reviewed-by: Bjoern Walk <bwalk(a)linux.ibm.com&gt;
 Reviewed-by: Erik Skultety <eskultet(a)redhat.com&gt;
 --- 
My RB still stands, again small enhancement:

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index a279e9cc19..6e03235ceb 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -471,10 +471,6 @@ int virHostValidateSecureGuests(const char *hvname,
             if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0)
                 return -1;

-            /* we're prefix matching rather than equality matching here, because
-             * kernel would treat even something like prot_virt='yFOO' as
-             * enabled
-             */
             if (virKernelCmdlineMatchParam(cmdline, "prot_virt", kIBMValues,
                                            G_N_ELEMENTS(kIBMValues),
                                            VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [PATCH v3 4/7] tools: secure guest check on s390 in virt-host-validate