From 095553f9dd1fec02869bf974e8cc07614d6587e5 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Fri, 29 May 2020 05:54:06 -0400 Subject: [PATCH 24/42] s390x: protvirt: Inhibit balloon when switching to protected mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Thomas Huth Message-id: <20200529055420.16855-25-thuth@redhat.com> Patchwork-id: 97036 O-Subject: [RHEL-8.3.0 qemu-kvm PATCH v2 24/38] s390x: protvirt: Inhibit balloon when switching to protected mode Bugzilla: 1828317 RH-Acked-by: Claudio Imbrenda RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Cornelia Huck RH-Acked-by: David Hildenbrand From: Janosch Frank Ballooning in protected VMs can only be done when the guest shares the pages it gives to the host. If pages are not shared, the integrity checks will fail once those pages have been altered and are given back to the guest. As we currently do not yet have a solution for this we will continue like this: 1. We block ballooning now in QEMU (with this patch). 2. Later we will provide a change to virtio that removes the blocker and adds VIRTIO_F_IOMMU_PLATFORM automatically by QEMU when doing the protvirt switch. This is OK, as the balloon driver in Linux (the only supported guest) will refuse to work with the IOMMU_PLATFORM feature bit set. 3. Later, we can fix the guest balloon driver to accept the IOMMU feature bit and correctly exercise sharing and unsharing of balloon pages. Signed-off-by: Janosch Frank Reviewed-by: David Hildenbrand Reviewed-by: Christian Borntraeger Reviewed-by: Claudio Imbrenda Reviewed-by: Cornelia Huck Message-Id: <20200319131921.2367-6-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck (cherry picked from commit b1697f63fd8f8201b1447bb55f595830b9cbde31) Signed-off-by: Danilo C. L. de Paula --- hw/s390x/s390-virtio-ccw.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c index dbd5125232..b4ebe83766 100644 --- a/hw/s390x/s390-virtio-ccw.c +++ b/hw/s390x/s390-virtio-ccw.c @@ -42,6 +42,7 @@ #include "hw/qdev-properties.h" #include "hw/s390x/tod.h" #include "sysemu/sysemu.h" +#include "sysemu/balloon.h" #include "hw/s390x/pv.h" #include #include "migration/blocker.h" @@ -330,6 +331,7 @@ static void s390_machine_unprotect(S390CcwMachineState *ms) ms->pv = false; migrate_del_blocker(pv_mig_blocker); error_free_or_abort(&pv_mig_blocker); + qemu_balloon_inhibit(false); } static int s390_machine_protect(S390CcwMachineState *ms) @@ -337,10 +339,18 @@ static int s390_machine_protect(S390CcwMachineState *ms) Error *local_err = NULL; int rc; + /* + * Ballooning on protected VMs needs support in the guest for + * sharing and unsharing balloon pages. Block ballooning for + * now, until we have a solution to make at least Linux guests + * either support it or fail gracefully. + */ + qemu_balloon_inhibit(true); error_setg(&pv_mig_blocker, "protected VMs are currently not migrateable."); rc = migrate_add_blocker(pv_mig_blocker, &local_err); if (rc) { + qemu_balloon_inhibit(false); error_report_err(local_err); error_free_or_abort(&pv_mig_blocker); return rc; @@ -349,6 +359,7 @@ static int s390_machine_protect(S390CcwMachineState *ms) /* Create SE VM */ rc = s390_pv_vm_enable(); if (rc) { + qemu_balloon_inhibit(false); error_report_err(local_err); migrate_del_blocker(pv_mig_blocker); error_free_or_abort(&pv_mig_blocker); -- 2.27.0