virt: detect Amazon EC2 Nitro instance

Amazon EC2 Nitro hypervisor is technically based on KVM[1], which
systemd-detect-virt identify propely from CPUID. However the lack of
CPUID on aarch64 (A1, T4 instance type) prevents a correct
identification, impacting hostnamectl and systemd-random-seed. Instead
it's possible to identify virtualization from DMI vendor ID.

Prior to this commit:
  # hostnamectl
     Static hostname: n/a
  Transient hostname: ip-10-97-8-12
           Icon name: computer
          Machine ID: 8e3772fbcfa3dd6f330a12ff5df5a63b
             Boot ID: b7b7e2fe0079448db664839df59f9817
    Operating System: Gentoo/Linux
              Kernel: Linux 5.4.69-longterm
        Architecture: arm64

After this commit:
  # hostnamectl
     Static hostname: n/a
  Transient hostname: ip-10-97-8-12
           Icon name: computer-vm
             Chassis: vm
          Machine ID: 8e3772fbcfa3dd6f330a12ff5df5a63b
             Boot ID: bd04da57084e41078f20541101867113
      Virtualization: amazon
    Operating System: Gentoo/Linux
              Kernel: Linux 5.4.69-longterm
        Architecture: arm64

[1] https://aws.amazon.com/ec2/faqs/

diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index 654cf9b84c441f5c5f1c2838a01a3e1bbd4a6468..14bfd19b6220c82c1da8b7b9282f53726990d073 100644 (file)
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -69,7 +69,12 @@
 
           <row>
             <entry><varname>kvm</varname></entry>
-            <entry>Linux KVM kernel virtual machine, with whatever software, except Oracle Virtualbox</entry>
+            <entry>Linux KVM kernel virtual machine, in combination with QEMU. Not used for other virtualizers using the KVM interfaces, such as Oracle VirtualBox or Amazon EC2 Nitro, see below.</entry>
+          </row>
+
+          <row>
+            <entry><varname>amazon</varname></entry>
+            <entry>Amazon EC2 Nitro using Linux KVM</entry>
           </row>
 
           <row>

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 7f37f01ef98362df3ae38f62f8f6d63df759f8e8..b7a5ec0362e2229a1ec09081da162f71fa6d9375 100644 (file)
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -1192,6 +1192,7 @@
           <literal>container</literal> to test against a generic type of virtualization solution, or one of
           <literal>qemu</literal>,
           <literal>kvm</literal>,
+          <literal>amazon</literal>,
           <literal>zvm</literal>,
           <literal>vmware</literal>,
           <literal>microsoft</literal>,

diff --git a/src/basic/virt.c b/src/basic/virt.c
index 335f59d6fc60c8c9de3e973c03d84ac7142c2c6c..03c0e431ad47a43835507dad349c45395d9762bf 100644 (file)
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -149,6 +149,7 @@ static int detect_vm_dmi(void) {
                 int id;
         } dmi_vendor_table[] = {
                 { "KVM",                 VIRTUALIZATION_KVM       },
+                { "Amazon EC2",          VIRTUALIZATION_AMAZON    },
                 { "QEMU",                VIRTUALIZATION_QEMU      },
                 { "VMware",              VIRTUALIZATION_VMWARE    }, /* https://kb.vmware.com/s/article/1009458 */
                 { "VMW",                 VIRTUALIZATION_VMWARE    },
@@ -344,8 +345,9 @@ int detect_vm(void) {
 
         /* We have to use the correct order here:
          *
-         * → First, try to detect Oracle Virtualbox, even if it uses KVM, as well as Xen even if it cloaks as Microsoft
-         *   Hyper-V. Attempt to detect uml at this stage also since it runs as a user-process nested inside other VMs.
+         * → First, try to detect Oracle Virtualbox and Amazon EC2 Nitro, even if they use KVM, as well as Xen even if
+         *   it cloaks as Microsoft Hyper-V. Attempt to detect uml at this stage also since it runs as a user-process
+         *   nested inside other VMs.
          *
          * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if info in DMI is
          *   overwritten.
@@ -353,7 +355,7 @@ int detect_vm(void) {
          * → Third, try to detect from DMI. */
 
         dmi = detect_vm_dmi();
-        if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN)) {
+        if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN, VIRTUALIZATION_AMAZON)) {
                 r = dmi;
                 goto finish;
         }
@@ -914,6 +916,7 @@ bool has_cpu_with_flag(const char *flag) {
 static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
         [VIRTUALIZATION_NONE] = "none",
         [VIRTUALIZATION_KVM] = "kvm",
+        [VIRTUALIZATION_AMAZON] = "amazon",
         [VIRTUALIZATION_QEMU] = "qemu",
         [VIRTUALIZATION_BOCHS] = "bochs",
         [VIRTUALIZATION_XEN] = "xen",

diff --git a/src/basic/virt.h b/src/basic/virt.h
index 378c7c4d232a5b84ec8f2e4ea9baa944e04d1f42..1eafbe2cbecfc92bbc730430f39b5a6423a8a581 100644 (file)
--- a/src/basic/virt.h
+++ b/src/basic/virt.h
@@ -10,6 +10,7 @@ enum {
 
         VIRTUALIZATION_VM_FIRST,
         VIRTUALIZATION_KVM = VIRTUALIZATION_VM_FIRST,
+        VIRTUALIZATION_AMAZON,
         VIRTUALIZATION_QEMU,
         VIRTUALIZATION_BOCHS,
         VIRTUALIZATION_XEN,

diff --git a/src/test/test-condition.c b/src/test/test-condition.c
index db15fe3136ce64f45bcf49c7e3d53ff8181e8efa..adba383fddbc2556c0215406549984e07b4379df 100644 (file)
--- a/src/test/test-condition.c
+++ b/src/test/test-condition.c
@@ -575,6 +575,7 @@ static void test_condition_test_virtualization(void) {
 
         NULSTR_FOREACH(virt,
                        "kvm\0"
+                       "amazon\0"
                        "qemu\0"
                        "bochs\0"
                        "xen\0"