1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 05:17:54 +03:00
libvirt/tools/virt-host-validate-qemu.c
Boris Fiuczynski 0254ceab82 tools: Secure guest check on s390 in virt-host-validate
Add checking in virt-host-validate for secure guest support
on s390 for IBM Secure Execution.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-06-16 09:43:44 +02:00

136 lines
4.8 KiB
C

/*
* virt-host-validate-qemu.c: Sanity check a QEMU hypervisor host
*
* Copyright (C) 2012 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
*/
#include <config.h>
#include <unistd.h>
#include "virt-host-validate-qemu.h"
#include "virt-host-validate-common.h"
#include "virarch.h"
#include "virbitmap.h"
#include "vircgroup.h"
int virHostValidateQEMU(void)
{
virBitmapPtr flags;
int ret = 0;
bool hasHwVirt = false;
bool hasVirtFlag = false;
virArch arch = virArchFromHost();
const char *kvmhint = _("Check that CPU and firmware supports virtualization "
"and kvm module is loaded");
if (!(flags = virHostValidateGetCPUFlags()))
return -1;
switch ((int)arch) {
case VIR_ARCH_I686:
case VIR_ARCH_X86_64:
hasVirtFlag = true;
kvmhint = _("Check that the 'kvm-intel' or 'kvm-amd' modules are "
"loaded & the BIOS has enabled virtualization");
if (virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_SVM) ||
virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_VMX))
hasHwVirt = true;
break;
case VIR_ARCH_S390:
case VIR_ARCH_S390X:
hasVirtFlag = true;
if (virBitmapIsBitSet(flags, VIR_HOST_VALIDATE_CPU_FLAG_SIE))
hasHwVirt = true;
break;
case VIR_ARCH_PPC64:
case VIR_ARCH_PPC64LE:
hasVirtFlag = true;
hasHwVirt = true;
break;
default:
hasHwVirt = false;
}
if (hasVirtFlag) {
virHostMsgCheck("QEMU", "%s", _("for hardware virtualization"));
if (hasHwVirt) {
virHostMsgPass();
} else {
virHostMsgFail(VIR_HOST_VALIDATE_FAIL,
_("Only emulated CPUs are available, performance will be significantly limited"));
ret = -1;
}
}
if (hasHwVirt || !hasVirtFlag) {
if (virHostValidateDeviceExists("QEMU", "/dev/kvm",
VIR_HOST_VALIDATE_FAIL,
kvmhint) <0)
ret = -1;
else if (virHostValidateDeviceAccessible("QEMU", "/dev/kvm",
VIR_HOST_VALIDATE_FAIL,
_("Check /dev/kvm is world writable or you are in "
"a group that is allowed to access it")) < 0)
ret = -1;
}
if (arch == VIR_ARCH_PPC64 || arch == VIR_ARCH_PPC64LE) {
virHostMsgCheck("QEMU", "%s", _("for PowerPC KVM module loaded"));
if (!virHostKernelModuleIsLoaded("kvm_hv"))
virHostMsgFail(VIR_HOST_VALIDATE_WARN,
_("Load kvm_hv for better performance"));
else
virHostMsgPass();
}
virBitmapFree(flags);
if (virHostValidateDeviceExists("QEMU", "/dev/vhost-net",
VIR_HOST_VALIDATE_WARN,
_("Load the 'vhost_net' module to improve performance "
"of virtio networking")) < 0)
ret = -1;
if (virHostValidateDeviceExists("QEMU", "/dev/net/tun",
VIR_HOST_VALIDATE_FAIL,
_("Load the 'tun' module to enable networking for QEMU guests")) < 0)
ret = -1;
if (virHostValidateCGroupControllers("QEMU",
(1 << VIR_CGROUP_CONTROLLER_MEMORY) |
(1 << VIR_CGROUP_CONTROLLER_CPU) |
(1 << VIR_CGROUP_CONTROLLER_CPUACCT) |
(1 << VIR_CGROUP_CONTROLLER_CPUSET) |
(1 << VIR_CGROUP_CONTROLLER_DEVICES) |
(1 << VIR_CGROUP_CONTROLLER_BLKIO),
VIR_HOST_VALIDATE_WARN) < 0) {
ret = -1;
}
if (virHostValidateIOMMU("QEMU",
VIR_HOST_VALIDATE_WARN) < 0)
ret = -1;
if (virHostValidateSecureGuests("QEMU",
VIR_HOST_VALIDATE_WARN) < 0)
ret = -1;
return ret;
}