kata-check: optionally require kvm-intel unrestricted_guest

We have optionally handled it in kernel parameter in genericArchKernelParamHandler but kata-check still forcely require it to be present. Let's only require it when running on baremetal. Signed-off-by: Peng Tao <bergwolf@gmail.com>
2025-07-03 18:47:03 +00:00 · 2018-10-16 16:57:01 +08:00 · 2018-10-16 16:57:01 +08:00 · 8cfb06f1a9
commit 8cfb06f1a9
parent acbcde3fee
6 changed files with 34 additions and 19 deletions
--- a/cli/kata-check.go
+++ b/cli/kata-check.go
@ -291,7 +291,10 @@ var kataCheckCLICommand = cli.Command{
 		span, _ := trace(ctx, "kata-check")
 		defer span.Finish()

-		setCPUtype()
+		err = setCPUtype()
+		if err != nil {
+			return err
+		}

 		details := vmContainerCapableDetails{
 			cpuInfoFile:           procCPUInfo,
--- a/cli/kata-check_amd64.go
+++ b/cli/kata-check_amd64.go
@ -6,9 +6,12 @@
 package main

 import (
+	"fmt"
 	"github.com/sirupsen/logrus"
 	"io/ioutil"
 	"strings"
+
+	vc "github.com/kata-containers/runtime/virtcontainers"
 )

 const (
@ -45,13 +48,23 @@ var archRequiredCPUAttribs map[string]string
 // required module parameters.
 var archRequiredKernelModules map[string]kernelModule

-func setCPUtype() {
+func setCPUtype() error {
 	cpuType = getCPUtype()

 	if cpuType == cpuTypeUnknown {
-		kataLog.Fatal("Unknown CPU Type")
-		exit(1)
+		return fmt.Errorf("Unknow CPU Type")
 	} else if cpuType == cpuTypeIntel {
+		var kvmIntelParams map[string]string
+		onVMM, err := vc.RunningOnVMM(procCPUInfo)
+		if err != nil && !onVMM {
+			kvmIntelParams = map[string]string{
+				// "VMX Unrestricted mode support". This is used
+				// as a heuristic to determine if the system is
+				// "new enough" to run a Kata Container
+				// (atleast a Westmere).
+				"unrestricted_guest": "Y",
+			}
+		}
 		archRequiredCPUFlags = map[string]string{
 			"vmx":    "Virtualization support",
 			"lm":     "64Bit CPU",
@ -65,14 +78,8 @@ func setCPUtype() {
 				desc: msgKernelVM,
 			},
 			"kvm_intel": {
-				desc: "Intel KVM",
-				parameters: map[string]string{
-					// "VMX Unrestricted mode support". This is used
-					// as a heuristic to determine if the system is
-					// "new enough" to run a Kata Container
-					// (atleast a Westmere).
-					"unrestricted_guest": "Y",
-				},
+				desc:       "Intel KVM",
+				parameters: kvmIntelParams,
 			},
 			"vhost": {
 				desc: msgKernelVirtio,
@ -105,6 +112,8 @@ func setCPUtype() {
 			},
 		}
 	}
+
+	return nil
 }

 func getCPUtype() int {
--- a/cli/kata-check_amd64_test.go
+++ b/cli/kata-check_amd64_test.go
@ -81,9 +81,7 @@ func TestCCCheckCLIFunction(t *testing.T) {
 			{archGenuineIntel, "lm vmx sse4_1", false},
 		}

-		moduleData = []testModuleData{
-			{filepath.Join(sysModuleDir, "kvm_intel/parameters/unrestricted_guest"), false, "Y"},
-		}
+		moduleData = []testModuleData{}
 	} else if cpuType == cpuTypeAMD {
 		cpuData = []testCPUData{
 			{archAuthenticAMD, "lm svm sse4_1", false},
@ -393,7 +391,7 @@ func TestCheckHostIsVMContainerCapable(t *testing.T) {
 	}

 	err = hostIsVMContainerCapable(details)
-	assert.Error(err)
+	assert.Nil(err)
 }

 func TestArchKernelParamHandler(t *testing.T) {
--- a/cli/kata-check_arm64.go
+++ b/cli/kata-check_arm64.go
@ -40,7 +40,8 @@ var archRequiredKernelModules = map[string]kernelModule{
 	},
 }

-func setCPUtype() {
+func setCPUtype() error {
+	return nil
 }

 // kvmIsUsable determines if it will be possible to create a full virtual machine
--- a/cli/kata-check_ppc64le.go
+++ b/cli/kata-check_ppc64le.go
@ -44,7 +44,8 @@ var archRequiredKernelModules = map[string]kernelModule{
 	},
 }

-func setCPUtype() {
+func setCPUtype() error {
+	return nil
 }

 func archHostCanCreateVMContainer() error {
--- a/cli/kata-env.go
+++ b/cli/kata-env.go
@ -325,7 +325,10 @@ func getHypervisorInfo(config oci.RuntimeConfig) HypervisorInfo {
 }

 func getEnvInfo(configFile string, config oci.RuntimeConfig) (env EnvInfo, err error) {
-	setCPUtype()
+	err = setCPUtype()
+	if err != nil {
+		return EnvInfo{}, err
+	}

 	meta := getMetaInfo()