* [PATCH v3] s390x/cpu_model: disallow unpack for --only-migratable
@ 2021-01-25 13:53 Christian Borntraeger
2021-01-25 22:49 ` Halil Pasic
2021-01-26 10:43 ` Cornelia Huck
0 siblings, 2 replies; 3+ messages in thread
From: Christian Borntraeger @ 2021-01-25 13:53 UTC (permalink / raw)
To: Cornelia Huck
Cc: Thomas Huth, Daniel P . Berrangé,
Janosch Frank, David Hildenbrand, qemu-devel,
Dr . David Alan Gilbert, Halil Pasic, Christian Borntraeger,
qemu-s390x, David Gibson, Richard Henderson
Secure execution (aka protected virtualization) guests cannot be
migrated at the moment. If the unpack facility is provided in the cpu
model, a guest may choose to transition to secure mode, making the
guest unmigratable at that point in time. If the machine was explicitly
started with --only-migratable, we would get a failure only when the
guest actually tries to transition; instead, explicitly disallow the
unpack facility if --only-migratable was specified to avoid late
surprises.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
---
target/s390x/cpu_models.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 35179f9dc7ba..dd474c5e9ad1 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -26,6 +26,7 @@
#include "qapi/qmp/qdict.h"
#ifndef CONFIG_USER_ONLY
#include "sysemu/arch_init.h"
+#include "sysemu/sysemu.h"
#include "hw/pci/pci.h"
#endif
#include "qapi/qapi-commands-machine-target.h"
@@ -878,6 +879,15 @@ static void check_compatibility(const S390CPUModel *max_model,
return;
}
+#ifndef CONFIG_USER_ONLY
+ if (only_migratable && test_bit(S390_FEAT_UNPACK, model->features)) {
+ error_setg(errp, "The unpack facility is not compatible with "
+ "the --only-migratable option. You must remove either "
+ "the 'unpack' facility or the --only-migratable option");
+ return;
+ }
+#endif
+
/* detect the missing features to properly report them */
bitmap_andnot(missing, model->features, max_model->features, S390_FEAT_MAX);
if (bitmap_empty(missing, S390_FEAT_MAX)) {
--
2.28.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v3] s390x/cpu_model: disallow unpack for --only-migratable
2021-01-25 13:53 [PATCH v3] s390x/cpu_model: disallow unpack for --only-migratable Christian Borntraeger
@ 2021-01-25 22:49 ` Halil Pasic
2021-01-26 10:43 ` Cornelia Huck
1 sibling, 0 replies; 3+ messages in thread
From: Halil Pasic @ 2021-01-25 22:49 UTC (permalink / raw)
To: Christian Borntraeger
Cc: Thomas Huth, Daniel P . Berrangé,
Janosch Frank, David Hildenbrand, Cornelia Huck, qemu-devel,
Dr . David Alan Gilbert, qemu-s390x, Richard Henderson,
David Gibson
On Mon, 25 Jan 2021 14:53:32 +0100
Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> Secure execution (aka protected virtualization) guests cannot be
> migrated at the moment. If the unpack facility is provided in the cpu
> model, a guest may choose to transition to secure mode, making the
> guest unmigratable at that point in time. If the machine was explicitly
> started with --only-migratable, we would get a failure only when the
> guest actually tries to transition; instead, explicitly disallow the
> unpack facility if --only-migratable was specified to avoid late
> surprises.
>
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v3] s390x/cpu_model: disallow unpack for --only-migratable
2021-01-25 13:53 [PATCH v3] s390x/cpu_model: disallow unpack for --only-migratable Christian Borntraeger
2021-01-25 22:49 ` Halil Pasic
@ 2021-01-26 10:43 ` Cornelia Huck
1 sibling, 0 replies; 3+ messages in thread
From: Cornelia Huck @ 2021-01-26 10:43 UTC (permalink / raw)
To: Christian Borntraeger
Cc: Thomas Huth, Daniel P . Berrangé,
Janosch Frank, David Hildenbrand, qemu-devel,
Dr . David Alan Gilbert, Halil Pasic, qemu-s390x, David Gibson,
Richard Henderson
On Mon, 25 Jan 2021 14:53:32 +0100
Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> Secure execution (aka protected virtualization) guests cannot be
> migrated at the moment. If the unpack facility is provided in the cpu
> model, a guest may choose to transition to secure mode, making the
> guest unmigratable at that point in time. If the machine was explicitly
> started with --only-migratable, we would get a failure only when the
> guest actually tries to transition; instead, explicitly disallow the
> unpack facility if --only-migratable was specified to avoid late
> surprises.
>
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>
> ---
> target/s390x/cpu_models.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
Thanks, applied.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-26 10:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-25 13:53 [PATCH v3] s390x/cpu_model: disallow unpack for --only-migratable Christian Borntraeger
2021-01-25 22:49 ` Halil Pasic
2021-01-26 10:43 ` Cornelia Huck
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.