pool/qemu
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
52f4085bb5
qemu/s390x-protvirt-Inhibit-balloon-when-swit.patch
Bruce Rogers a447edb5e5 Accepting request 787000 from home:bfrogers:branches:Virtualization 
- Include upstream patches targeted for the next stable release
  (bug fixes only)
  block-io-fix-bdrv_co_do_copy_on_readv.patch
  compat-disable-edid-on-correct-virtio-gp.patch
  target-ppc-Fix-rlwinm-on-ppc64.patch
  vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch
- s390x Protected Virtualization support - start and control guest
  in secure mode. (note: binary patch from patch series dropped since
  for s390x we rebuild the patched binary anyways) (bsc#1167075
  jsc#SLE-7407)
  s390-sclp-improve-special-wait-psw-logic.patch
  s390x-Add-missing-vcpu-reset-functions.patch
  s390x-Add-SIDA-memory-ops.patch
  s390x-Add-unpack-facility-feature-to-GA1.patch
  s390x-Beautify-diag308-handling.patch
  s390x-Don-t-do-a-normal-reset-on-the-ini.patch
  s390x-ipl-Consolidate-iplb-validity-chec.patch
  s390x-kvm-Make-kvm_sclp_service_call-voi.patch
  s390x-Move-clear-reset.patch
  s390x-Move-diagnose-308-subcodes-and-rcs.patch
  s390x-Move-initial-reset.patch
  s390x-Move-reset-normal-to-shared-reset-.patch
  s390x-protvirt-Add-migration-blocker.patch
  s390x-protvirt-Disable-address-checks-fo.patch
  s390x-protvirt-Handle-SIGP-store-status-.patch
  s390x-protvirt-Inhibit-balloon-when-swit.patch
  s390x-protvirt-KVM-intercept-changes.patch
  s390x-protvirt-Move-diag-308-data-over-S.patch
  s390x-protvirt-Move-IO-control-structure.patch
  s390x-protvirt-Move-STSI-data-over-SIDAD.patch
  s390x-protvirt-SCLP-interpretation.patch
  s390x-protvirt-Set-guest-IPL-PSW.patch
  s390x-protvirt-Support-unpack-facility.patch
  Sync-pv.patch

OBS-URL: https://build.opensuse.org/request/show/787000
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=538
2020-03-20 22:41:29 +00:00

85 lines
3.1 KiB
Diff
Raw Blame History

From: Janosch Frank <frankja@linux.ibm.com>
Date: Mon, 24 Feb 2020 07:49:06 -0500
Subject: s390x: protvirt: Inhibit balloon when switching to protected mode
References: bsc#1167075
Ballooning in protected VMs can only be done when the guest shares the
pages it gives to the host. If pages are not shared, the integrity
checks will fail once those pages have been altered and are given back
to the guest.
As we currently do not yet have a solution for this we will continue
like this:
1. We block ballooning now in QEMU (with this patch).
2. Later we will provide a change to virtio that removes the blocker
and adds VIRTIO_F_IOMMU_PLATFORM automatically by QEMU when doing the
protvirt switch. This is OK, as the balloon driver in Linux (the only
supported guest) will refuse to work with the IOMMU_PLATFORM feature
bit set.
3. Later, we can fix the guest balloon driver to accept the IOMMU
feature bit and correctly exercise sharing and unsharing of balloon
pages.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
(cherry picked from commit 59dc32a3494d6afdd420f3e401f1f324a1179256)
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/s390x/s390-virtio-ccw.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index ed910a099627dae96ab5da747fb3..85250bf046ed72313b03c6ff6c54 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -42,6 +42,7 @@
#include "hw/qdev-properties.h"
#include "hw/s390x/tod.h"
#include "sysemu/sysemu.h"
+#include "sysemu/balloon.h"
#include "hw/s390x/pv.h"
#include <linux/kvm.h>
#include "migration/blocker.h"
@@ -330,6 +331,7 @@ static void s390_machine_unprotect(S390CcwMachineState *ms)
ms->pv = false;
migrate_del_blocker(pv_mig_blocker);
error_free_or_abort(&pv_mig_blocker);
+ qemu_balloon_inhibit(false);
}
static int s390_machine_protect(S390CcwMachineState *ms)
@@ -337,10 +339,18 @@ static int s390_machine_protect(S390CcwMachineState *ms)
Error *local_err = NULL;
int rc;
+ /*
+ * Ballooning on protected VMs needs support in the guest for
+ * sharing and unsharing balloon pages. Block ballooning for
+ * now, until we have a solution to make at least Linux guests
+ * either support it or fail gracefully.
+ */
+ qemu_balloon_inhibit(true);
error_setg(&pv_mig_blocker,
"protected VMs are currently not migrateable.");
rc = migrate_add_blocker(pv_mig_blocker, &local_err);
if (rc) {
+ qemu_balloon_inhibit(false);
error_report_err(local_err);
error_free_or_abort(&pv_mig_blocker);
return rc;
@@ -349,6 +359,7 @@ static int s390_machine_protect(S390CcwMachineState *ms)
/* Create SE VM */
rc = s390_pv_vm_enable();
if (rc) {
+ qemu_balloon_inhibit(false);
error_report_err(local_err);
migrate_del_blocker(pv_mig_blocker);
error_free_or_abort(&pv_mig_blocker);
Reference in New Issue View Git Blame Copy Permalink