8a474dcd07
- Include upstream patches targeted for the next stable release (bug fixes only) block-io-fix-bdrv_co_do_copy_on_readv.patch compat-disable-edid-on-correct-virtio-gp.patch target-ppc-Fix-rlwinm-on-ppc64.patch vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch - s390x Protected Virtualization support - start and control guest in secure mode. (note: binary patch from patch series dropped since for s390x we rebuild the patched binary anyways) (bsc#1167075 jsc#SLE-7407) s390-sclp-improve-special-wait-psw-logic.patch s390x-Add-missing-vcpu-reset-functions.patch s390x-Add-SIDA-memory-ops.patch s390x-Add-unpack-facility-feature-to-GA1.patch s390x-Beautify-diag308-handling.patch s390x-Don-t-do-a-normal-reset-on-the-ini.patch s390x-ipl-Consolidate-iplb-validity-chec.patch s390x-kvm-Make-kvm_sclp_service_call-voi.patch s390x-Move-clear-reset.patch s390x-Move-diagnose-308-subcodes-and-rcs.patch s390x-Move-initial-reset.patch s390x-Move-reset-normal-to-shared-reset-.patch s390x-protvirt-Add-migration-blocker.patch s390x-protvirt-Disable-address-checks-fo.patch s390x-protvirt-Handle-SIGP-store-status-.patch s390x-protvirt-Inhibit-balloon-when-swit.patch s390x-protvirt-KVM-intercept-changes.patch s390x-protvirt-Move-diag-308-data-over-S.patch s390x-protvirt-Move-IO-control-structure.patch s390x-protvirt-Move-STSI-data-over-SIDAD.patch s390x-protvirt-SCLP-interpretation.patch s390x-protvirt-Set-guest-IPL-PSW.patch s390x-protvirt-Support-unpack-facility.patch Sync-pv.patch OBS-URL: https://build.opensuse.org/request/show/787000 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=538
62 lines
2.2 KiB
Diff
62 lines
2.2 KiB
Diff
From: Christian Borntraeger <borntraeger@de.ibm.com>
|
|
Date: Tue, 25 Feb 2020 06:28:51 -0500
|
|
Subject: s390x: Add unpack facility feature to GA1
|
|
|
|
References: bsc#1167075
|
|
|
|
The unpack facility is an indication that diagnose 308 subcodes 8-10
|
|
are available to the guest. That means, that the guest can put itself
|
|
into protected mode.
|
|
|
|
Once it is in protected mode, the hardware stops any attempt of VM
|
|
introspection by the hypervisor.
|
|
|
|
Some features are currently not supported in protected mode:
|
|
* vfio devices
|
|
* Migration
|
|
* Huge page backings
|
|
|
|
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
|
|
Reviewed-by: David Hildenbrand <david@redhat.com>
|
|
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
|
|
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
|
|
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
|
(cherry picked from commit 3034eaac3b2970ba85a1d77814ceef1352d05357)
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
---
|
|
target/s390x/gen-features.c | 1 +
|
|
target/s390x/kvm.c | 8 ++++++++
|
|
2 files changed, 9 insertions(+)
|
|
|
|
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
|
|
index 6278845b12b8dee84c086413c60a..8ddeebc54419a3e2481e21916389 100644
|
|
--- a/target/s390x/gen-features.c
|
|
+++ b/target/s390x/gen-features.c
|
|
@@ -562,6 +562,7 @@ static uint16_t full_GEN15_GA1[] = {
|
|
S390_FEAT_GROUP_MSA_EXT_9,
|
|
S390_FEAT_GROUP_MSA_EXT_9_PCKMO,
|
|
S390_FEAT_ETOKEN,
|
|
+ S390_FEAT_UNPACK,
|
|
};
|
|
|
|
/* Default features (in order of release)
|
|
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
|
|
index d94b915da419c3ad0a1f9622ca13..8b82e4c93dfa7e89127bce74cde7 100644
|
|
--- a/target/s390x/kvm.c
|
|
+++ b/target/s390x/kvm.c
|
|
@@ -2407,6 +2407,14 @@ void kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp)
|
|
clear_bit(S390_FEAT_BPB, model->features);
|
|
}
|
|
|
|
+ /*
|
|
+ * If we have support for protected virtualization, indicate
|
|
+ * the protected virtualization IPL unpack facility.
|
|
+ */
|
|
+ if (cap_protected) {
|
|
+ set_bit(S390_FEAT_UNPACK, model->features);
|
|
+ }
|
|
+
|
|
/* We emulate a zPCI bus and AEN, therefore we don't need HW support */
|
|
set_bit(S390_FEAT_ZPCI, model->features);
|
|
set_bit(S390_FEAT_ADAPTER_EVENT_NOTIFICATION, model->features);
|