On 26.02.20 13:20, Janosch Frank wrote:
> Ballooning in protected VMs can only be done when the guest shares the
> pages it gives to the host. Hence, until we have a solution for this
> in the guest kernel, we inhibit ballooning when switching into
> protected mode and reverse that once we move out of it.
I don't understand what you mean here, sorry. zapping a page will mean
that a fresh one will be faulted in when accessed. And AFAIK, that means
it will be encrypted again when needed.
Is that more like the UV will detect this as an integrity issue and
crash the VM?
>
> Signed-off-by: Janosch Frank <fran...@linux.ibm.com>
> ---
> hw/s390x/s390-virtio-ccw.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
> index 9983165b05..0f4455d1df 100644
> --- a/hw/s390x/s390-virtio-ccw.c
> +++ b/hw/s390x/s390-virtio-ccw.c
> @@ -41,6 +41,7 @@
> #include "hw/qdev-properties.h"
> #include "hw/s390x/tod.h"
> #include "sysemu/sysemu.h"
> +#include "sysemu/balloon.h"
> #include "hw/s390x/pv.h"
> #include "migration/blocker.h"
>
> @@ -336,6 +337,7 @@ static void s390_machine_unprotect(S390CcwMachineState
> *ms)
> ms->pv = false;
> }
> migrate_del_blocker(pv_mig_blocker);
> + qemu_balloon_inhibit(false);
> }
>
> static int s390_machine_protect(S390CcwMachineState *ms)
> @@ -344,6 +346,7 @@ static int s390_machine_protect(S390CcwMachineState *ms)
> CPUState *t;
> int rc;
>
> + qemu_balloon_inhibit(true);
> if (!pv_mig_blocker) {
> error_setg(&pv_mig_blocker,
> "protected VMs are currently not migrateable.");
>
--
Thanks,
David / dhildenb
