1. Patchew
  2. Libvirt
  3. [PATCH 0/5] virth-host-validate: Couple of cleanups
  4. View patch

[PATCH 4/5] virt-host-validate: Call VIR_HOST_VALIDATE_FAILURE() more frequently

Michal Privoznik posted 5 patches 4 years, 8 months ago
[PATCH 4/5] virt-host-validate: Call VIR_HOST_VALIDATE_FAILURE() more frequently
Posted by Michal Privoznik 4 years, 8 months ago 
Ideally, every virHostMsgFail() would be coupled with
VIR_HOST_VALIDATE_FAILURE() so that the failure is correctly
propagated to the caller. However, in
virHostValidateSecureGuests() we are either ignoring @level and
returning 0 directly (no error), or not returning at all, relying
on 'return 0' at the end of the function. Neither of these help
propagate failure correctly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 tools/virt-host-validate-common.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index 4482690b4b..9ec4e6f00b 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -467,7 +467,7 @@ int virHostValidateSecureGuests(const char *hvname,
             if (!virFileIsDir("/sys/firmware/uv")) {
                 virHostMsgFail(level, "IBM Secure Execution not supported by "
                                       "the currently used kernel");
-                return 0;
+                return VIR_HOST_VALIDATE_FAILURE(level);
             }
 
             /* we're prefix matching rather than equality matching here, because
@@ -486,16 +486,18 @@ int virHostValidateSecureGuests(const char *hvname,
                                "IBM Secure Execution appears to be disabled "
                                "in kernel. Add prot_virt=1 to kernel cmdline "
                                "arguments");
+                return VIR_HOST_VALIDATE_FAILURE(level);
             }
         } else {
             virHostMsgFail(level, "Hardware or firmware does not provide "
                                   "support for IBM Secure Execution");
+            return VIR_HOST_VALIDATE_FAILURE(level);
         }
     } else if (hasAMDSev) {
         if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
             virHostMsgFail(level, "AMD Secure Encrypted Virtualization not "
                                   "supported by the currently used kernel");
-            return 0;
+            return VIR_HOST_VALIDATE_FAILURE(level);
         }
 
         if (mod_value[0] != '1') {
@@ -503,7 +505,7 @@ int virHostValidateSecureGuests(const char *hvname,
                            "AMD Secure Encrypted Virtualization appears to be "
                            "disabled in kernel. Add kvm_amd.sev=1 "
                            "to the kernel cmdline arguments");
-            return 0;
+            return VIR_HOST_VALIDATE_FAILURE(level);
         }
 
         if (virFileExists("/dev/sev")) {
@@ -513,6 +515,7 @@ int virHostValidateSecureGuests(const char *hvname,
             virHostMsgFail(level,
                            "AMD Secure Encrypted Virtualization appears to be "
                            "disabled in firemare.");
+            return VIR_HOST_VALIDATE_FAILURE(level);
         }
     } else {
         virHostMsgFail(level,
-- 
2.31.1
Re: [PATCH 4/5] virt-host-validate: Call VIR_HOST_VALIDATE_FAILURE() more frequently
Posted by Fabiano Fidêncio 4 years, 8 months ago 
[...]

>
>          if (virFileExists("/dev/sev")) {
> @@ -513,6 +515,7 @@ int virHostValidateSecureGuests(const char *hvname,
>              virHostMsgFail(level,
>                             "AMD Secure Encrypted Virtualization appears to be "
>                             "disabled in firemare.");

Not related to this series, but: firemare -> firmware.

> +            return VIR_HOST_VALIDATE_FAILURE(level);
>          }
>      } else {
>          virHostMsgFail(level,
> --
> 2.31.1
>

Best Regards,
-- 
Fabiano Fidêncio

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.