detect-virt: add bare-metal support for GCE

Google Compute Engine are not only virtual but can be also physical
machines. Therefore checking only the dmi is not enough to detect if it
is a virtual machine. Therefore systemd-detect-virt return "google"
instead of "none" in c3-highcpu-metal machine.
SMBIOS will not help us to make the difference as for EC2 machines.
However, GCE use KVM hypervisor for these VM, we can use this
information to detect virtualization. [0]

Issue and changes has been tested on SUSE SLE-15-SP7 images with
systemd-254 for both GCE, bare-metal and VM.

[0] -
https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervisor-at-google-cloud-security-in-plaintext

diff --git a/src/basic/virt.c b/src/basic/virt.c
index f11d5c235acd4d889a88eccc926c2d7dd113f15b..13917058d885a0176c403fe7e6c0678f8aff8e36 100644 (file)
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -475,8 +475,7 @@ Virtualization detect_vm(void) {
                    VIRTUALIZATION_ORACLE,
                    VIRTUALIZATION_XEN,
                    VIRTUALIZATION_AMAZON,
-                   VIRTUALIZATION_PARALLELS,
-                   VIRTUALIZATION_GOOGLE)) {
+                   VIRTUALIZATION_PARALLELS)) {
                 v = dmi;
                 goto finish;
         }
@@ -515,6 +514,10 @@ Virtualization detect_vm(void) {
                 hyperv = true;
         else if (v == VIRTUALIZATION_VM_OTHER)
                 other = true;
+        else if (v == VIRTUALIZATION_KVM && dmi == VIRTUALIZATION_GOOGLE)
+                /* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between GCE
+                 * virtual machines and bare-metal instances, so we need to look at hypervisor. */
+                return VIRTUALIZATION_GOOGLE;
         else if (v != VIRTUALIZATION_NONE)
                 goto finish;
 
@@ -527,7 +530,9 @@ Virtualization detect_vm(void) {
                 return dmi;
         if (dmi == VIRTUALIZATION_VM_OTHER)
                 other = true;
-        else if (dmi != VIRTUALIZATION_NONE) {
+        else if (!IN_SET(dmi, VIRTUALIZATION_NONE, VIRTUALIZATION_GOOGLE)) {
+                /* At this point if GCE has been detected in dmi, do not report as a VM. It should
+                 * be a bare-metal machine */
                 v = dmi;
                 goto finish;
         }