On Tue, Jan 09, 2024 at 03:30:38PM +0100, Thomas Huth wrote: > It's a common scenario to copy guest images from one host to another > to run the guest on the other machine. This (of course) does not work > with "secure exection" guests since they are encrypted with one certain > host key. However, if you still (accidentally) do it, you only get a > very user-unfriendly error message that looks like this:
Not a comment on the patch, but my own interest how/where does the disk image encryption/decryption happen ? Is that in guest kernel context, and any info on what format the encryption uses ? > > qemu-system-s390x: KVM PV command 2 (KVM_PV_SET_SEC_PARMS) failed: > header rc 108 rrc 5 IOCTL rc: -22 > > Let's provide at least a somewhat nicer hint to the users so that they > are able to figure out what might have gone wrong. > > Buglink: https://issues.redhat.com/browse/RHEL-18212 > Signed-off-by: Thomas Huth <th...@redhat.com> > --- > target/s390x/kvm/pv.c | 20 ++++++++++++++++---- > 1 file changed, 16 insertions(+), 4 deletions(-) > > diff --git a/target/s390x/kvm/pv.c b/target/s390x/kvm/pv.c > index 6a69be7e5c..2833a255fa 100644 > --- a/target/s390x/kvm/pv.c > +++ b/target/s390x/kvm/pv.c > @@ -29,7 +29,8 @@ static bool info_valid; > static struct kvm_s390_pv_info_vm info_vm; > static struct kvm_s390_pv_info_dump info_dump; > > -static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data) > +static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data, > + int *pvrc) > { > struct kvm_pv_cmd pv_cmd = { > .cmd = cmd, > @@ -46,6 +47,9 @@ static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, > void *data) > "IOCTL rc: %d", cmd, cmdname, pv_cmd.rc, pv_cmd.rrc, > rc); > } > + if (pvrc) { > + *pvrc = pv_cmd.rc; > + } > return rc; > } > > @@ -53,12 +57,13 @@ static int __s390_pv_cmd(uint32_t cmd, const char > *cmdname, void *data) > * This macro lets us pass the command as a string to the function so > * we can print it on an error. > */ > -#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data) > +#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data, NULL) > +#define s390_pv_cmd_pvrc(cmd, data, pvrc) __s390_pv_cmd(cmd, #cmd, data, > pvrc) > #define s390_pv_cmd_exit(cmd, data) \ > { \ > int rc; \ > \ > - rc = __s390_pv_cmd(cmd, #cmd, data);\ > + rc = __s390_pv_cmd(cmd, #cmd, data, NULL); \ > if (rc) { \ > exit(1); \ > } \ > @@ -144,12 +149,19 @@ bool s390_pv_vm_try_disable_async(S390CcwMachineState > *ms) > > int s390_pv_set_sec_parms(uint64_t origin, uint64_t length) > { > + int ret, pvrc; > struct kvm_s390_pv_sec_parm args = { > .origin = origin, > .length = length, > }; > > - return s390_pv_cmd(KVM_PV_SET_SEC_PARMS, &args); > + ret = s390_pv_cmd_pvrc(KVM_PV_SET_SEC_PARMS, &args, &pvrc); > + if (ret && pvrc == 0x108) { > + error_report("Can't set secure parameters, please check whether " > + "the image is correctly encrypted for this host"); > + } > + > + return ret; > } > > /* > -- > 2.43.0 > > With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|