cryptospore / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-s390x-protvirt-Inhibit-balloon-when-switching-to-pro.patch

77c23f
From 095553f9dd1fec02869bf974e8cc07614d6587e5 Mon Sep 17 00:00:00 2001
77c23f
From: Thomas Huth <thuth@redhat.com>
77c23f
Date: Fri, 29 May 2020 05:54:06 -0400
77c23f
Subject: [PATCH 24/42] s390x: protvirt: Inhibit balloon when switching to
77c23f
 protected mode
77c23f
MIME-Version: 1.0
77c23f
Content-Type: text/plain; charset=UTF-8
77c23f
Content-Transfer-Encoding: 8bit
77c23f
77c23f
RH-Author: Thomas Huth <thuth@redhat.com>
77c23f
Message-id: <20200529055420.16855-25-thuth@redhat.com>
77c23f
Patchwork-id: 97036
77c23f
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH v2 24/38] s390x: protvirt: Inhibit balloon when switching to protected mode
77c23f
Bugzilla: 1828317
77c23f
RH-Acked-by: Claudio Imbrenda <cimbrend@redhat.com>
77c23f
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
77c23f
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
77c23f
RH-Acked-by: David Hildenbrand <david@redhat.com>
77c23f
77c23f
From: Janosch Frank <frankja@linux.ibm.com>
77c23f
77c23f
Ballooning in protected VMs can only be done when the guest shares the
77c23f
pages it gives to the host. If pages are not shared, the integrity
77c23f
checks will fail once those pages have been altered and are given back
77c23f
to the guest.
77c23f
77c23f
As we currently do not yet have a solution for this we will continue
77c23f
like this:
77c23f
77c23f
1. We block ballooning now in QEMU (with this patch).
77c23f
77c23f
2. Later we will provide a change to virtio that removes the blocker
77c23f
and adds VIRTIO_F_IOMMU_PLATFORM automatically by QEMU when doing the
77c23f
protvirt switch. This is OK, as the balloon driver in Linux (the only
77c23f
supported guest) will refuse to work with the IOMMU_PLATFORM feature
77c23f
bit set.
77c23f
77c23f
3. Later, we can fix the guest balloon driver to accept the IOMMU
77c23f
feature bit and correctly exercise sharing and unsharing of balloon
77c23f
pages.
77c23f
77c23f
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
77c23f
Reviewed-by: David Hildenbrand <david@redhat.com>
77c23f
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
77c23f
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
77c23f
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
77c23f
Message-Id: <20200319131921.2367-6-frankja@linux.ibm.com>
77c23f
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
77c23f
(cherry picked from commit b1697f63fd8f8201b1447bb55f595830b9cbde31)
77c23f
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
77c23f
---
77c23f
 hw/s390x/s390-virtio-ccw.c | 11 +++++++++++
77c23f
 1 file changed, 11 insertions(+)
77c23f
77c23f
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
77c23f
index dbd5125232..b4ebe83766 100644
77c23f
--- a/hw/s390x/s390-virtio-ccw.c
77c23f
+++ b/hw/s390x/s390-virtio-ccw.c
77c23f
@@ -42,6 +42,7 @@
77c23f
 #include "hw/qdev-properties.h"
77c23f
 #include "hw/s390x/tod.h"
77c23f
 #include "sysemu/sysemu.h"
77c23f
+#include "sysemu/balloon.h"
77c23f
 #include "hw/s390x/pv.h"
77c23f
 #include <linux/kvm.h>
77c23f
 #include "migration/blocker.h"
77c23f
@@ -330,6 +331,7 @@ static void s390_machine_unprotect(S390CcwMachineState *ms)
77c23f
     ms->pv = false;
77c23f
     migrate_del_blocker(pv_mig_blocker);
77c23f
     error_free_or_abort(&pv_mig_blocker);
77c23f
+    qemu_balloon_inhibit(false);
77c23f
 }
77c23f
 
77c23f
 static int s390_machine_protect(S390CcwMachineState *ms)
77c23f
@@ -337,10 +339,18 @@ static int s390_machine_protect(S390CcwMachineState *ms)
77c23f
     Error *local_err = NULL;
77c23f
     int rc;
77c23f
 
77c23f
+   /*
77c23f
+    * Ballooning on protected VMs needs support in the guest for
77c23f
+    * sharing and unsharing balloon pages. Block ballooning for
77c23f
+    * now, until we have a solution to make at least Linux guests
77c23f
+    * either support it or fail gracefully.
77c23f
+    */
77c23f
+    qemu_balloon_inhibit(true);
77c23f
     error_setg(&pv_mig_blocker,
77c23f
                "protected VMs are currently not migrateable.");
77c23f
     rc = migrate_add_blocker(pv_mig_blocker, &local_err);
77c23f
     if (rc) {
77c23f
+        qemu_balloon_inhibit(false);
77c23f
         error_report_err(local_err);
77c23f
         error_free_or_abort(&pv_mig_blocker);
77c23f
         return rc;
77c23f
@@ -349,6 +359,7 @@ static int s390_machine_protect(S390CcwMachineState *ms)
77c23f
     /* Create SE VM */
77c23f
     rc = s390_pv_vm_enable();
77c23f
     if (rc) {
77c23f
+        qemu_balloon_inhibit(false);
77c23f
         error_report_err(local_err);
77c23f
         migrate_del_blocker(pv_mig_blocker);
77c23f
         error_free_or_abort(&pv_mig_blocker);
77c23f
-- 
77c23f
2.27.0
77c23f