From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 24 Jun 2024 07:22:16 +0000 (+0200)
Subject: virt-host-validate: Move AMD SEV into a separate func
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=30c01e535d8bed8223c542513f2c93c3ecefa370;p=libvirt.git

virt-host-validate: Move AMD SEV into a separate func

The code that validates AMD SEV is going to be expanded soon.
Move it into its own function to avoid lengthening
virHostValidateSecureGuests() where the code lives now, even
more.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index ad06dfb245..3e6a1c78ae 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -379,6 +379,36 @@ bool virHostKernelModuleIsLoaded(const char *module)
 }
 
 
+static int
+virHostValidateAMDSev(virValidateLevel level)
+{
+    g_autofree char *mod_value = NULL;
+
+    if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
+        virValidateFail(level, "AMD Secure Encrypted Virtualization not "
+                        "supported by the currently used kernel");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') {
+        virValidateFail(level,
+                        "AMD Secure Encrypted Virtualization appears to be "
+                        "disabled in kernel. Add kvm_amd.sev=1 "
+                        "to the kernel cmdline arguments");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    if (!virFileExists("/dev/sev")) {
+        virValidateFail(level,
+                        "AMD Secure Encrypted Virtualization appears to be "
+                        "disabled in firmware.");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    return 1;
+}
+
+
 int virHostValidateSecureGuests(const char *hvname,
                                 virValidateLevel level)
 {
@@ -388,7 +418,6 @@ int virHostValidateSecureGuests(const char *hvname,
     virArch arch = virArchFromHost();
     g_autofree char *cmdline = NULL;
     static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"};
-    g_autofree char *mod_value = NULL;
 
     flags = virHostValidateGetCPUFlags();
 
@@ -430,29 +459,11 @@ int virHostValidateSecureGuests(const char *hvname,
             return VIR_VALIDATE_FAILURE(level);
         }
     } else if (hasAMDSev) {
-        if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
-            virValidateFail(level, "AMD Secure Encrypted Virtualization not "
-                            "supported by the currently used kernel");
-            return VIR_VALIDATE_FAILURE(level);
-        }
-
-        if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') {
-            virValidateFail(level,
-                            "AMD Secure Encrypted Virtualization appears to be "
-                            "disabled in kernel. Add kvm_amd.sev=1 "
-                            "to the kernel cmdline arguments");
-            return VIR_VALIDATE_FAILURE(level);
-        }
+        int rc = virHostValidateAMDSev(level);
 
-        if (virFileExists("/dev/sev")) {
+        if (rc > 0)
             virValidatePass();
-            return 1;
-        } else {
-            virValidateFail(level,
-                            "AMD Secure Encrypted Virtualization appears to be "
-                            "disabled in firmware.");
-            return VIR_VALIDATE_FAILURE(level);
-        }
+        return rc;
     }
 
     virValidateFail(level,