From: Cornelia Huck <cohuck@redhat.com>
To: Janosch Frank <frankja@linux.ibm.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>,
qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
David Hildenbrand <david@redhat.com>
Subject: Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode
Date: Wed, 26 Feb 2020 19:24:04 +0100 [thread overview]
Message-ID: <20200226192404.57b6ef61.cohuck@redhat.com> (raw)
In-Reply-To: <556c23cb-7648-f4f6-aef4-728a164d9502@linux.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 2645 bytes --]
On Wed, 26 Feb 2020 16:30:32 +0100
Janosch Frank <frankja@linux.ibm.com> wrote:
> On 2/26/20 4:16 PM, David Hildenbrand wrote:
> > On 26.02.20 16:06, Christian Borntraeger wrote:
> >>
> >>
> >> On 26.02.20 15:59, David Hildenbrand wrote:
> >>> On 26.02.20 13:20, Janosch Frank wrote:
> >>>> Ballooning in protected VMs can only be done when the guest shares the
> >>>> pages it gives to the host. Hence, until we have a solution for this
> >>>> in the guest kernel, we inhibit ballooning when switching into
> >>>> protected mode and reverse that once we move out of it.
> >>>
> >>> I don't understand what you mean here, sorry. zapping a page will mean
> >>> that a fresh one will be faulted in when accessed. And AFAIK, that means
> >>> it will be encrypted again when needed.
> >>>
> >>> Is that more like the UV will detect this as an integrity issue and
> >>> crash the VM?
> >>
> >> yes, the UV will detect a fresh page as an integrity issue.
> >> Only if the page was defined to be shared by the guest, we would avoid the
> >> integrity check.
> >>
> >
> > Please make that clearer in the patch description. With that
> >
> > Reviewed-by: David Hildenbrand <david@redhat.com>
> >
>
> How about:
> s390x: protvirt: Inhibit balloon when switching to protected mode
>
> Ballooning in protected VMs can only be done when the guest shares the
> pages it gives to the host. If pages are not shared, the integrity
> checks will fail once those pages have been altered and are given back
> to the guest.
This makes sense to me...
>
> Hence, until we have a solution for this in the guest kernel, we
> inhibit ballooning when switching into protected mode and reverse that
> once we move out of it.
...however, I'm scratching my head here.
If we have a future guest that knows how to handle this, how do we
know? We know that the current Linux driver clears
VIRTIO_F_IOMMU_PLATFORM during feature negotiation, and presumably a
guest that knows how to handle this will not do that. But it still
won't work as expected, as we inhibit ballooning...
So, either
- we don't inhibit ballooning now; any guest that clears the (required)
virtio feature bit won't be able to drive the virtio-balloon device
anyway, but a future guest that negotiates the bit would work; or
- we inhibit ballooning now; no guest can therefore use ballooning,
regardless what they are doing or not doing (this includes guests
that negotiate the feature bit, but fail to handle pages properly).
Or is there some other reason why we need to inhibit ballooning for
protected vms?
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-02-26 18:25 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-26 12:20 [PATCH v5 00/18] s390x: Protected Virtualization support Janosch Frank
2020-02-26 12:20 ` [PATCH v5 01/18] s390x: Use constant for ESA PSW address Janosch Frank
2020-02-26 13:46 ` Christian Borntraeger
2020-02-26 13:47 ` Janosch Frank
2020-02-26 14:27 ` David Hildenbrand
2020-02-26 17:51 ` Cornelia Huck
2020-02-26 17:52 ` David Hildenbrand
2020-02-27 7:53 ` Janosch Frank
2020-02-27 8:09 ` Janosch Frank
2020-02-27 9:06 ` Cornelia Huck
2020-02-27 9:23 ` [PATCH v6] s390x: Rename and use constants for short PSW address and mask Janosch Frank
2020-02-27 9:27 ` David Hildenbrand
2020-02-27 10:36 ` Cornelia Huck
2020-02-26 12:20 ` [PATCH v5 02/18] Sync pv Janosch Frank
2020-02-26 12:20 ` [PATCH v5 03/18] s390x: protvirt: Add diag308 subcodes 8 - 10 Janosch Frank
2020-02-26 12:20 ` [PATCH v5 04/18] s390x: protvirt: Support unpack facility Janosch Frank
2020-02-26 12:20 ` [PATCH v5 05/18] s390x: protvirt: Add migration blocker Janosch Frank
2020-02-26 14:05 ` Christian Borntraeger
2020-02-26 14:08 ` Janosch Frank
2020-02-26 12:20 ` [PATCH v5 06/18] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4 Janosch Frank
2020-02-26 15:00 ` Christian Borntraeger
2020-02-26 15:11 ` Janosch Frank
2020-02-26 12:20 ` [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode Janosch Frank
2020-02-26 14:59 ` David Hildenbrand
2020-02-26 15:06 ` Christian Borntraeger
2020-02-26 15:16 ` David Hildenbrand
2020-02-26 15:30 ` Janosch Frank
2020-02-26 15:31 ` David Hildenbrand
2020-02-26 18:24 ` Cornelia Huck [this message]
2020-03-03 12:42 ` Christian Borntraeger
2020-02-26 15:11 ` Janosch Frank
2020-02-26 15:13 ` Christian Borntraeger
2020-02-26 15:15 ` David Hildenbrand
2020-02-27 12:24 ` Halil Pasic
2020-03-19 13:42 ` Halil Pasic
2020-03-19 13:54 ` David Hildenbrand
2020-03-19 15:40 ` Halil Pasic
2020-03-19 17:31 ` David Hildenbrand
2020-03-20 18:43 ` Halil Pasic
2020-03-24 21:07 ` Brijesh Singh
2020-03-27 10:50 ` David Hildenbrand
2020-03-19 17:45 ` Michael S. Tsirkin
2020-03-20 9:36 ` David Hildenbrand
2020-03-29 14:48 ` Michael S. Tsirkin
2020-03-31 8:59 ` David Hildenbrand
2020-02-26 12:20 ` [PATCH v5 08/18] s390x: protvirt: KVM intercept changes Janosch Frank
2020-02-26 12:20 ` [PATCH v5 09/18] s390x: Add SIDA memory ops Janosch Frank
2020-02-26 12:20 ` [PATCH v5 10/18] s390x: protvirt: Move STSI data over SIDAD Janosch Frank
2020-02-26 12:20 ` [PATCH v5 11/18] s390x: protvirt: SCLP interpretation Janosch Frank
2020-02-26 12:20 ` [PATCH v5 12/18] s390x: protvirt: Set guest IPL PSW Janosch Frank
2020-02-26 12:20 ` [PATCH v5 13/18] s390x: protvirt: Move diag 308 data over SIDAD Janosch Frank
2020-02-26 12:20 ` [PATCH v5 14/18] s390x: protvirt: Disable address checks for PV guest IO emulation Janosch Frank
2020-02-26 12:20 ` [PATCH v5 15/18] s390x: protvirt: Move IO control structures over SIDA Janosch Frank
2020-02-26 12:20 ` [PATCH v5 16/18] s390x: protvirt: Handle SIGP store status correctly Janosch Frank
2020-02-26 12:20 ` [PATCH v5 17/18] s390x: Add unpack facility feature to GA1 Janosch Frank
2020-02-26 12:20 ` [PATCH v5 18/18] docs: Add protvirt docs Janosch Frank
2020-02-26 20:09 ` [PATCH v5 00/18] s390x: Protected Virtualization support Cornelia Huck
2020-02-27 8:32 ` Janosch Frank
2020-03-03 15:50 ` [PATCH] pc-bios: s390x: Save iplb location in lowcore Janosch Frank
2020-03-03 16:13 ` David Hildenbrand
2020-03-04 8:59 ` Janosch Frank
2020-03-04 9:05 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200226192404.57b6ef61.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.