detect-virt: add bare-metal support for GCE

val4oss · keentux · commit d28187aa2a1a · 2025-07-31T19:04:22.000+02:00
Google Compute Engine are not only virtual but can be also physical machines. Therefore checking only the dmi is not enough to detect if it is a virtual machine. Therefore systemd-detect-virt return "google" instead of "none" in c3-highcpu-metal machine. SMBIOS will not help us to make the difference as for EC2 machines. However, GCE use KVM hypervisor for these VM, we can use this information to detect virtualization. [0] Issue and changes has been tested on SUSE SLE-15-SP7 images with systemd-254 for both GCE, bare-metal and VM. [0] - https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervisor-at-google-cloud-security-in-plaintext (cherry picked from commit fb71571) [val4oss: fixes bsc#1244449]
diff --git a/src/basic/virt.c b/src/basic/virt.c
@@ -470,8 +470,7 @@ Virtualization detect_vm(void) {
                    VIRTUALIZATION_ORACLE,
                    VIRTUALIZATION_XEN,
                    VIRTUALIZATION_AMAZON,
-                   VIRTUALIZATION_PARALLELS,
-                   VIRTUALIZATION_GOOGLE)) {
+                   VIRTUALIZATION_PARALLELS)) {
                 v = dmi;
                 goto finish;
         }
@@ -505,6 +504,10 @@ Virtualization detect_vm(void) {
                 return v;
         if (v == VIRTUALIZATION_VM_OTHER)
                 other = true;
+        else if (v == VIRTUALIZATION_KVM && dmi == VIRTUALIZATION_GOOGLE)
+                /* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between GCE
+                 * virtual machines and bare-metal instances, so we need to look at hypervisor. */
+                return VIRTUALIZATION_GOOGLE;
         else if (v != VIRTUALIZATION_NONE)
                 goto finish;
 
@@ -517,7 +520,9 @@ Virtualization detect_vm(void) {
                 return dmi;
         if (dmi == VIRTUALIZATION_VM_OTHER)
                 other = true;
-        else if (dmi != VIRTUALIZATION_NONE) {
+        else if (!IN_SET(dmi, VIRTUALIZATION_NONE, VIRTUALIZATION_GOOGLE)) {
+                /* At this point if GCE has been detected in dmi, do not report as a VM. It should
+                 * be a bare-metal machine */
                 v = dmi;
                 goto finish;
         }
