virt-host-validate: Move AMD SEV into a separate func

The code that validates AMD SEV is going to be expanded soon. Move it into its own function to avoid lengthening virHostValidateSecureGuests() where the code lives now, even more. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2024-11-09 23:10:08 +00:00 · 2024-06-24 09:22:16 +02:00 · 2024-06-24 09:22:16 +02:00 · 30c01e535d
commit 30c01e535d
parent fbe97ee17d
1 changed files with 33 additions and 22 deletions
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@ -379,6 +379,36 @@ bool virHostKernelModuleIsLoaded(const char *module)
 }


+static int
+virHostValidateAMDSev(virValidateLevel level)
+{
+    g_autofree char *mod_value = NULL;
+
+    if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
+        virValidateFail(level, "AMD Secure Encrypted Virtualization not "
+                        "supported by the currently used kernel");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') {
+        virValidateFail(level,
+                        "AMD Secure Encrypted Virtualization appears to be "
+                        "disabled in kernel. Add kvm_amd.sev=1 "
+                        "to the kernel cmdline arguments");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    if (!virFileExists("/dev/sev")) {
+        virValidateFail(level,
+                        "AMD Secure Encrypted Virtualization appears to be "
+                        "disabled in firmware.");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    return 1;
+}
+
+
 int virHostValidateSecureGuests(const char *hvname,
                                virValidateLevel level)
 {
@ -388,7 +418,6 @@ int virHostValidateSecureGuests(const char *hvname,
    virArch arch = virArchFromHost();
    g_autofree char *cmdline = NULL;
    static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
-    g_autofree char *mod_value = NULL;

    flags = virHostValidateGetCPUFlags();

@ -430,29 +459,11 @@ int virHostValidateSecureGuests(const char *hvname,
            return VIR_VALIDATE_FAILURE(level);
        }
    } else if (hasAMDSev) {
-        if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
-            virValidateFail(level, "AMD Secure Encrypted Virtualization not "
-                            "supported by the currently used kernel");
-            return VIR_VALIDATE_FAILURE(level);
-        }
+        int rc = virHostValidateAMDSev(level);

-        if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') {
-            virValidateFail(level,
-                            "AMD Secure Encrypted Virtualization appears to be "
-                            "disabled in kernel. Add kvm_amd.sev=1 "
-                            "to the kernel cmdline arguments");
-            return VIR_VALIDATE_FAILURE(level);
-        }
-
-        if (virFileExists("/dev/sev")) {
+        if (rc > 0)
            virValidatePass();
-            return 1;
-        } else {
-            virValidateFail(level,
-                            "AMD Secure Encrypted Virtualization appears to be "
-                            "disabled in firmware.");
-            return VIR_VALIDATE_FAILURE(level);
-        }
+        return rc;
    }

    virValidateFail(level,