morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 08:56:15 +09:00
Code Issues Packages Projects Releases Wiki Activity

detect-virt: add bare-metal support for GCE

Browse Source 
Google Compute Engine are not only virtual but can be also physical
machines. Therefore checking only the dmi is not enough to detect if it
is a virtual machine. Therefore systemd-detect-virt return "google"
instead of "none" in c3-highcpu-metal machine.
SMBIOS will not help us to make the difference as for EC2 machines.
However, GCE use KVM hypervisor for these VM, we can use this
information to detect virtualization. [0]

Issue and changes has been tested on SUSE SLE-15-SP7 images with
systemd-254 for both GCE, bare-metal and VM.

[0] -
https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervisor-at-google-cloud-security-in-plaintext
This commit is contained in:
vlefebvre
2025-07-08 15:46:10 +00:00
committed by Yu Watanabe
parent cc01ee7871
commit fb71571d3a
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/basic/virt.c
View File

@@ -475,8 +475,7 @@ Virtualization detect_vm(void) {
VIRTUALIZATION_ORACLE,
VIRTUALIZATION_XEN,
VIRTUALIZATION_AMAZON,
VIRTUALIZATION_PARALLELS,
VIRTUALIZATION_GOOGLE)) {
VIRTUALIZATION_PARALLELS)) {
v = dmi;
goto finish;
}
@@ -515,6 +514,10 @@ Virtualization detect_vm(void) {
hyperv = true;
else if (v == VIRTUALIZATION_VM_OTHER)
other = true;
else if (v == VIRTUALIZATION_KVM && dmi == VIRTUALIZATION_GOOGLE)
/* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between GCE
* virtual machines and bare-metal instances, so we need to look at hypervisor. */
return VIRTUALIZATION_GOOGLE;
else if (v != VIRTUALIZATION_NONE)
goto finish;
@@ -527,7 +530,9 @@ Virtualization detect_vm(void) {
return dmi;
if (dmi == VIRTUALIZATION_VM_OTHER)
other = true;
else if (dmi != VIRTUALIZATION_NONE) {
else if (!IN_SET(dmi, VIRTUALIZATION_NONE, VIRTUALIZATION_GOOGLE)) {
/* At this point if GCE has been detected in dmi, do not report as a VM. It should
* be a bare-metal machine */
v = dmi;
goto finish;
}