From patchwork Wed Mar 18 14:30:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janosch Frank X-Patchwork-Id: 11445349 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E0DA490 for ; Wed, 18 Mar 2020 14:32:31 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C08B020774 for ; Wed, 18 Mar 2020 14:32:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C08B020774 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:51468 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jEZkE-0004AW-S8 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 18 Mar 2020 10:32:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58382) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jEZj8-0002fh-Is for qemu-devel@nongnu.org; Wed, 18 Mar 2020 10:31:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jEZj6-0001RX-Ga for qemu-devel@nongnu.org; Wed, 18 Mar 2020 10:31:22 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:39228 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jEZj6-0001PM-8N for qemu-devel@nongnu.org; Wed, 18 Mar 2020 10:31:20 -0400 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02IE7ALY136112 for ; Wed, 18 Mar 2020 10:31:18 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0b-001b2d01.pphosted.com with ESMTP id 2yukx5kje1-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Mar 2020 10:31:18 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 18 Mar 2020 14:31:16 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 18 Mar 2020 14:31:14 -0000 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 02IEVDQ850987204 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Mar 2020 14:31:13 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3A1B84204B; Wed, 18 Mar 2020 14:31:13 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1C54C42041; Wed, 18 Mar 2020 14:31:12 +0000 (GMT) Received: from localhost.localdomain (unknown [9.145.78.199]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 18 Mar 2020 14:31:11 +0000 (GMT) From: Janosch Frank To: qemu-devel@nongnu.org Subject: [PATCH v10 05/16] s390x: protvirt: Inhibit balloon when switching to protected mode Date: Wed, 18 Mar 2020 10:30:36 -0400 X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200318143047.2335-1-frankja@linux.ibm.com> References: <20200318143047.2335-1-frankja@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20031814-0028-0000-0000-000003E6F276 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20031814-0029-0000-0000-000024AC4AAC Message-Id: <20200318143047.2335-6-frankja@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.645 definitions=2020-03-18_06:2020-03-18, 2020-03-18 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1015 phishscore=0 spamscore=0 mlxscore=0 bulkscore=0 suspectscore=3 mlxlogscore=962 priorityscore=1501 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003180067 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 148.163.158.5 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: borntraeger@de.ibm.com, qemu-s390x@nongnu.org, cohuck@redhat.com, david@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Ballooning in protected VMs can only be done when the guest shares the pages it gives to the host. If pages are not shared, the integrity checks will fail once those pages have been altered and are given back to the guest. As we currently do not yet have a solution for this we will continue like this: 1. We block ballooning now in QEMU (with this patch). 2. Later we will provide a change to virtio that removes the blocker and adds VIRTIO_F_IOMMU_PLATFORM automatically by QEMU when doing the protvirt switch. This is OK, as the balloon driver in Linux (the only supported guest) will refuse to work with the IOMMU_PLATFORM feature bit set. 3. Later, we can fix the guest balloon driver to accept the IOMMU feature bit and correctly exercise sharing and unsharing of balloon pages. Signed-off-by: Janosch Frank Reviewed-by: David Hildenbrand Reviewed-by: Christian Borntraeger Reviewed-by: Claudio Imbrenda Reviewed-by: Cornelia Huck --- hw/s390x/s390-virtio-ccw.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c index 8013c82236a36724..3cf19c99f3468b7d 100644 --- a/hw/s390x/s390-virtio-ccw.c +++ b/hw/s390x/s390-virtio-ccw.c @@ -42,6 +42,7 @@ #include "hw/qdev-properties.h" #include "hw/s390x/tod.h" #include "sysemu/sysemu.h" +#include "sysemu/balloon.h" #include "hw/s390x/pv.h" #include #include "migration/blocker.h" @@ -328,6 +329,7 @@ static void s390_machine_unprotect(S390CcwMachineState *ms) ms->pv = false; migrate_del_blocker(pv_mig_blocker); error_free_or_abort(&pv_mig_blocker); + qemu_balloon_inhibit(false); } static int s390_machine_protect(S390CcwMachineState *ms) @@ -335,10 +337,18 @@ static int s390_machine_protect(S390CcwMachineState *ms) Error *local_err = NULL; int rc; + /* + * Ballooning on protected VMs needs support in the guest for + * sharing and unsharing balloon pages. Block ballooning for + * now, until we have a solution to make at least Linux guests + * either support it or fail gracefully. + */ + qemu_balloon_inhibit(true); error_setg(&pv_mig_blocker, "protected VMs are currently not migrateable."); rc = migrate_add_blocker(pv_mig_blocker, &local_err); if (rc) { + qemu_balloon_inhibit(false); error_report_err(local_err); error_free_or_abort(&pv_mig_blocker); return rc; @@ -347,6 +357,7 @@ static int s390_machine_protect(S390CcwMachineState *ms) /* Create SE VM */ rc = s390_pv_vm_enable(); if (rc) { + qemu_balloon_inhibit(false); error_report_err(local_err); migrate_del_blocker(pv_mig_blocker); error_free_or_abort(&pv_mig_blocker);