From nobody Sun May 5 17:19:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1622974599; cv=none; d=zohomail.com; s=zohoarc; b=E3YLWaPDUusbPBzT5pCW8V3pFU+mmsLITG5Q3Mmp4wQPaGuX08dHGlo9xW8xe3Ap7QH1MaNv94MqFZlc5C/7p3Ir/uaAs0/EgeA6tjWdi424X7OOKdfB7jGSEQrjhwCfTgBYpskyxFXdDCrsf9+kUXQE56W1Y3MjNoha0jOHGv0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1622974599; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=sIB6NscxtMYumnwswSRFBn74Zs9DyUZ4blUAqr+rCrc=; b=TyGk4SFRt+fJkv3cOQwcKdGuEp/BfaV+q/wxaGa+hlXPJe9iaLzaT7oea+VDfbjneLe56kKiAxbUViBC0NdxCNKbxDqgcRle4z4DWRdTReSnRgeqHYHIQ2qcsuVEDGDoO7OPxN992ZI3VtaA2eRveizFo5KPfEh6NZkuVz1EMtY= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1622974599504728.8373015953284; Sun, 6 Jun 2021 03:16:39 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-188-mcxZ_44OPs6maIVR5u4Mtw-1; Sun, 06 Jun 2021 06:16:36 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BF1236D241; Sun, 6 Jun 2021 10:16:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DD02460CC9; Sun, 6 Jun 2021 10:16:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F16FE18095C2; Sun, 6 Jun 2021 10:16:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 156AGJbF013488 for ; Sun, 6 Jun 2021 06:16:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 90FDD1003215; Sun, 6 Jun 2021 10:16:19 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C797112133F for ; Sun, 6 Jun 2021 10:16:16 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0949D80D0E2 for ; Sun, 6 Jun 2021 10:16:16 +0000 (UTC) Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-154-OZgiy9oLMiO_PzXABXyhjw-1; Sun, 06 Jun 2021 06:16:13 -0400 Received: by mail-ed1-f54.google.com with SMTP id w21so16446072edv.3 for ; Sun, 06 Jun 2021 03:16:13 -0700 (PDT) Received: from quino.redhat.com ([83.240.60.216]) by smtp.googlemail.com with ESMTPSA id y10sm5183077ejq.50.2021.06.06.03.16.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Jun 2021 03:16:11 -0700 (PDT) X-MC-Unique: mcxZ_44OPs6maIVR5u4Mtw-1 X-MC-Unique: OZgiy9oLMiO_PzXABXyhjw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=sIB6NscxtMYumnwswSRFBn74Zs9DyUZ4blUAqr+rCrc=; b=jnrYyHPIDVYzV+SyCdjTOaHvX4AxL2HDZE14cVU3l8hquJGkf5yI8SR9UEeswkCz7q 7JD8xzZXopj4ocssvdtfwDtnxaaxZKmHTpvzkE/MCkh30BT7pcyk1TgASkSRi2z/6Ze9 MSG812J8Tk37X5ODuaiEMRayHPdUO0ptdWKlEdQPgzTPGNf1DLVe0LRbf08IEyBVV5R6 uVP7HWTN4dTwdtpdKX+joQGf8PpmvRaqxhCsRmbuRIexST/qE+Ic00RyQHvpliTiS3PE cD5mSDd9YAnmKSo15hQJr0jiiw6Ko63AlbW9/B2Debj5sv3NKtNbDOVfuBIYMRimxwZu GjHw== X-Gm-Message-State: AOAM5308F5xG5vAA/HPAH2h80q8a4BvhvrIDcE+BNpu55y56B7L7e89v BZv7+sdKOVTirhCb72IVeCp0UsubB4Fsnifb5CQ= X-Google-Smtp-Source: ABdhPJwDugNjjpqY4j+kJd2gGT/xDt68ZY96qTc9NV5AhygYxf/YCqkZceSx0x0WfTC04Kvh4DiqkA== X-Received: by 2002:a05:6402:b11:: with SMTP id bm17mr14575828edb.109.1622974572217; Sun, 06 Jun 2021 03:16:12 -0700 (PDT) From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= To: libvir-list@redhat.com Subject: [PATCH] tools: only fail validations if VIR_HOST_VALIDATE_FAIL is set Date: Sun, 6 Jun 2021 12:15:49 +0200 Message-Id: <20210606101549.119981-1-fabiano@fidencio.org> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Cc: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Currently `virt-host-validate` will fail whenever one of its calls fail, regardless of virHostValidateLevel set. This behaviour is not optimal and makes it not exactly reliable as a command line tool as other tools or scripts using it would have to check its output to figure out whether something really failed or if a warning was mistakenly treated as failure. With this change, the behaviour of whether to fail or not, is defined by the caller of those functions, based on the virHostValidateLevel passed to them. Signed-off-by: Fabiano Fid=C3=AAncio --- tools/virt-host-validate-common.c | 129 ++++++++++++++++++++++-------- 1 file changed, 94 insertions(+), 35 deletions(-) diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-c= ommon.c index 6dd851f07d..2bf97bad75 100644 --- a/tools/virt-host-validate-common.c +++ b/tools/virt-host-validate-common.c @@ -138,15 +138,21 @@ int virHostValidateDeviceExists(const char *hvname, virHostValidateLevel level, const char *hint) { + int ret =3D 0; + virHostMsgCheck(hvname, "if device %s exists", dev_name); =20 if (access(dev_name, F_OK) < 0) { virHostMsgFail(level, "%s", hint); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } =20 virHostMsgPass(); - return 0; + + out: + return ret; } =20 =20 @@ -155,15 +161,21 @@ int virHostValidateDeviceAccessible(const char *hvnam= e, virHostValidateLevel level, const char *hint) { + int ret =3D 0; + virHostMsgCheck(hvname, "if device %s is accessible", dev_name); =20 if (access(dev_name, R_OK|W_OK) < 0) { virHostMsgFail(level, "%s", hint); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } =20 virHostMsgPass(); - return 0; + + out: + return ret; } =20 =20 @@ -173,6 +185,7 @@ int virHostValidateNamespace(const char *hvname, const char *hint) { char nspath[100]; + int ret =3D 0; =20 virHostMsgCheck(hvname, "for namespace %s", ns_name); =20 @@ -180,11 +193,15 @@ int virHostValidateNamespace(const char *hvname, =20 if (access(nspath, F_OK) < 0) { virHostMsgFail(level, "%s", hint); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } =20 virHostMsgPass(); - return 0; +=20 + out: + return ret; } =20 =20 @@ -254,6 +271,7 @@ int virHostValidateLinuxKernel(const char *hvname, { struct utsname uts; unsigned long thisversion; + int ret =3D 0; =20 uname(&uts); =20 @@ -264,21 +282,29 @@ int virHostValidateLinuxKernel(const char *hvname, =20 if (STRNEQ(uts.sysname, "Linux")) { virHostMsgFail(level, "%s", hint); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } =20 if (virParseVersionString(uts.release, &thisversion, true) < 0) { virHostMsgFail(level, "%s", hint); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } =20 if (thisversion < version) { virHostMsgFail(level, "%s", hint); - return -1; - } else { - virHostMsgPass(); - return 0; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } + + virHostMsgPass(); + + out: + return ret; } =20 #ifdef __linux__ @@ -290,8 +316,11 @@ int virHostValidateCGroupControllers(const char *hvnam= e, int ret =3D 0; size_t i; =20 - if (virCgroupNew("/", -1, &group) < 0) - return -1; + if (virCgroupNew("/", -1, &group) < 0) { + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; + } =20 for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) { int flag =3D 1 << i; @@ -303,7 +332,8 @@ int virHostValidateCGroupControllers(const char *hvname, virHostMsgCheck(hvname, "for cgroup '%s' controller support", cg_n= ame); =20 if (!virCgroupHasController(group, i)) { - ret =3D -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; virHostMsgFail(level, "Enable '%s' in kernel Kconfig file or " "mount/enable cgroup controller in your system", cg_name); @@ -312,6 +342,7 @@ int virHostValidateCGroupControllers(const char *hvname, } } =20 + out: return ret; } #else /* !__linux__ */ @@ -319,8 +350,13 @@ int virHostValidateCGroupControllers(const char *hvnam= e G_GNUC_UNUSED, int controllers G_GNUC_UNUSED, virHostValidateLevel level) { + int ret =3D 0; + virHostMsgFail(level, "%s", "This platform does not support cgroups"); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + + return ret; } #endif /* !__linux__ */ =20 @@ -334,6 +370,7 @@ int virHostValidateIOMMU(const char *hvname, virArch arch =3D virArchFromHost(); struct dirent *dent; int rc; + int ret =3D 0; =20 flags =3D virHostValidateGetCPUFlags(); =20 @@ -354,7 +391,9 @@ int virHostValidateIOMMU(const char *hvname, "No ACPI DMAR table found, IOMMU either " "disabled in BIOS or not supported by this " "hardware platform"); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } } else if (isAMD) { virHostMsgCheck(hvname, "%s", _("for device assignment IOMMU suppo= rt")); @@ -366,7 +405,9 @@ int virHostValidateIOMMU(const char *hvname, "No ACPI IVRS table found, IOMMU either " "disabled in BIOS or not supported by this " "hardware platform"); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } } else if (ARCH_IS_PPC64(arch)) { /* Empty Block */ @@ -378,23 +419,25 @@ int virHostValidateIOMMU(const char *hvname, * no PCI devices the directory is still there but is * empty. */ if (!virDirOpen(&dir, "/sys/bus/pci/devices")) - return 0; + goto out; rc =3D virDirRead(dir, &dent, NULL); if (rc <=3D 0) - return 0; + goto out; } else { virHostMsgFail(level, "Unknown if this platform has IOMMU support"); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; } =20 =20 /* We can only check on newer kernels with iommu groups & vfio */ if (stat("/sys/kernel/iommu_groups", &sb) < 0) - return 0; + goto out; =20 if (!S_ISDIR(sb.st_mode)) - return 0; + goto out; =20 virHostMsgCheck(hvname, "%s", _("if IOMMU is enabled by kernel")); if (sb.st_nlink <=3D 2) { @@ -404,10 +447,16 @@ int virHostValidateIOMMU(const char *hvname, "Add %s to kernel cmdline arguments", bootarg); else virHostMsgFail(level, "IOMMU capability not compiled into kern= el."); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; + } + virHostMsgPass(); - return 0; + + out: + return ret; } =20 =20 @@ -448,6 +497,7 @@ int virHostValidateSecureGuests(const char *hvname, g_autofree char *cmdline =3D NULL; static const char *kIBMValues[] =3D {"y", "Y", "on", "ON", "oN", "On",= "1"}; g_autofree char *mod_value =3D NULL; + int ret =3D 0; =20 flags =3D virHostValidateGetCPUFlags(); =20 @@ -464,12 +514,15 @@ int virHostValidateSecureGuests(const char *hvname, if (!virFileIsDir("/sys/firmware/uv")) { virHostMsgFail(level, "IBM Secure Execution not supported = by " "the currently used kernel"); - return 0; + goto out; } =20 - if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0) - return -1; - + if (virFileReadValueString(&cmdline, "/proc/cmdline") < 0) { + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) { + ret =3D -1; + goto out; + } + } /* we're prefix matching rather than equality matching here, b= ecause * kernel would treat even something like prot_virt=3D'yFOO' as * enabled @@ -479,7 +532,8 @@ int virHostValidateSecureGuests(const char *hvname, VIR_KERNEL_CMDLINE_FLAGS_SEARCH= _FIRST | VIR_KERNEL_CMDLINE_FLAGS_CMP_PR= EFIX)) { virHostMsgPass(); - return 1; + ret =3D 1; + goto out; } else { virHostMsgFail(level, "IBM Secure Execution appears to be disable= d " @@ -494,7 +548,7 @@ int virHostValidateSecureGuests(const char *hvname, if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parame= ters/sev") < 0) { virHostMsgFail(level, "AMD Secure Encrypted Virtualization not= " "supported by the currently used kernel"= ); - return 0; + goto out; } =20 if (mod_value[0] !=3D '1') { @@ -502,12 +556,13 @@ int virHostValidateSecureGuests(const char *hvname, "AMD Secure Encrypted Virtualization appears to= be " "disabled in kernel. Add kvm_amd.sev=3D1 " "to the kernel cmdline arguments"); - return 0; + goto out; } =20 if (virFileExists("/dev/sev")) { virHostMsgPass(); - return 1; + ret =3D 1; + goto out; } else { virHostMsgFail(level, "AMD Secure Encrypted Virtualization appears to= be " @@ -516,8 +571,12 @@ int virHostValidateSecureGuests(const char *hvname, } else { virHostMsgFail(level, "Unknown if this platform has Secure Guest support"= ); - return -1; + if (level =3D=3D VIR_HOST_VALIDATE_FAIL) + ret =3D -1; + goto out; + } =20 - return 0; + out: + return ret; } --=20 2.31.1