cryptospore / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-s390x-protvirt-allow-to-IPL-secure-guests-with-no-re.patch

be904d
From 8b994757136780998e0dd1d41613d2006c0dbcf6 Mon Sep 17 00:00:00 2001
be904d
From: Thomas Huth <thuth@redhat.com>
be904d
Date: Tue, 4 Aug 2020 10:16:04 -0400
be904d
Subject: [PATCH 4/4] s390x/protvirt: allow to IPL secure guests with
be904d
 -no-reboot
be904d
be904d
RH-Author: Thomas Huth <thuth@redhat.com>
be904d
Message-id: <20200804101604.6259-2-thuth@redhat.com>
be904d
Patchwork-id: 98126
be904d
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH 1/1] s390x/protvirt: allow to IPL secure guests with -no-reboot
be904d
Bugzilla: 1863034
be904d
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
be904d
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
be904d
RH-Acked-by: David Hildenbrand <david@redhat.com>
be904d
be904d
From: Christian Borntraeger <borntraeger@de.ibm.com>
be904d
be904d
Right now, -no-reboot prevents secure guests from running. This is
be904d
correct from an implementation point of view, as we have modeled the
be904d
transition from non-secure to secure as a program directed IPL. From
be904d
a user perspective, this is not the behavior of least surprise.
be904d
be904d
We should implement the IPL into protected mode similar to the
be904d
functions that we use for kdump/kexec. In other words, we do not stop
be904d
here when -no-reboot is specified on the command line. Like function 0
be904d
or function 1, function 10 is not a classic reboot. For example, it
be904d
can only be called once. Before calling it a second time, a real
be904d
reboot/reset must happen in-between. So function code 10 is more or
be904d
less a state transition reset, but not a "standard" reset or reboot.
be904d
be904d
Fixes: 4d226deafc44 ("s390x: protvirt: Support unpack facility")
be904d
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
be904d
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
be904d
Reviewed-by: David Hildenbrand <david@redhat.com>
be904d
Acked-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
be904d
Message-Id: <20200721103202.30610-1-borntraeger@de.ibm.com>
be904d
[CH: tweaked description]
be904d
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
be904d
(cherry picked from commit d1bb69db4ceb6897ef6a17bf263146b53a123632)
be904d
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
be904d
---
be904d
 hw/s390x/ipl.c | 3 ++-
be904d
 1 file changed, 2 insertions(+), 1 deletion(-)
be904d
be904d
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
be904d
index 586d95b5b6..5b3ea990af 100644
be904d
--- a/hw/s390x/ipl.c
be904d
+++ b/hw/s390x/ipl.c
be904d
@@ -624,7 +624,8 @@ void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type)
be904d
         }
be904d
     }
be904d
     if (reset_type == S390_RESET_MODIFIED_CLEAR ||
be904d
-        reset_type == S390_RESET_LOAD_NORMAL) {
be904d
+        reset_type == S390_RESET_LOAD_NORMAL ||
be904d
+        reset_type == S390_RESET_PV) {
be904d
         /* ignore -no-reboot, send no event  */
be904d
         qemu_system_reset_request(SHUTDOWN_CAUSE_SUBSYSTEM_RESET);
be904d
     } else {
be904d
-- 
be904d
2.27.0
be904d