[PATCH v7 04/15] s390x: protvirt: Inhibit balloon when switching to protected mode
Ballooning in protected VMs can only be done when the guest shares the
pages it gives to the host. If pages are not shared, the integrity
checks will fail once those pages have been altered and are given back
to the guest.
Hence, until we have a solution for this in the guest kernel, we
inhibit ballooning when switching into protected mode and reverse that
once we move out of it.
Signed-off-by: Janosch Frank
Reviewed-by: David Hildenbrand
---
hw/s390x/s390-virtio-ccw.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 4bb38704ff..2557e214a0 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -41,6 +41,7 @@
#include "hw/qdev-properties.h"
#include "hw/s390x/tod.h"
#include "sysemu/sysemu.h"
+#include "sysemu/balloon.h"
#include "hw/s390x/pv.h"
#include
#include "migration/blocker.h"
@@ -337,6 +338,7 @@ static void s390_machine_unprotect(S390CcwMachineState *ms)
migrate_del_blocker(pv_mig_blocker);
error_free(pv_mig_blocker);
pv_mig_blocker = NULL;
+qemu_balloon_inhibit(false);
}
static int s390_machine_protect(S390CcwMachineState *ms)
@@ -345,10 +347,12 @@ static int s390_machine_protect(S390CcwMachineState *ms)
CPUState *t;
int rc;
+qemu_balloon_inhibit(true);
error_setg(&pv_mig_blocker,
"protected VMs are currently not migrateable.");
rc = migrate_add_blocker(pv_mig_blocker, &local_err);
if (local_err) {
+qemu_balloon_inhibit(false);
error_report_err(local_err);
error_free(pv_mig_blocker);
pv_mig_blocker = NULL;
@@ -358,6 +362,7 @@ static int s390_machine_protect(S390CcwMachineState *ms)
/* Create SE VM */
rc = s390_pv_vm_enable();
if (rc) {
+qemu_balloon_inhibit(false);
error_report_err(local_err);
error_free(pv_mig_blocker);
pv_mig_blocker = NULL;
--
2.20.1
Re: [PATCH v7 04/15] s390x: protvirt: Inhibit balloon when switching to protected mode
On 09.03.20 12:21, Janosch Frank wrote: > Ballooning in protected VMs can only be done when the guest shares the > pages it gives to the host. If pages are not shared, the integrity > checks will fail once those pages have been altered and are given back > to the guest. > > Hence, until we have a solution for this in the guest kernel, we > inhibit ballooning when switching into protected mode and reverse that > once we move out of it. > > Signed-off-by: Janosch Frank > Reviewed-by: David Hildenbrand I think Christian requested to add the next steps. -- Thanks, David / dhildenb
Re: [PATCH v7 04/15] s390x: protvirt: Inhibit balloon when switching to protected mode
On 3/9/20 2:42 PM, David Hildenbrand wrote: > On 09.03.20 12:21, Janosch Frank wrote: >> Ballooning in protected VMs can only be done when the guest shares the >> pages it gives to the host. If pages are not shared, the integrity >> checks will fail once those pages have been altered and are given back >> to the guest. >> >> Hence, until we have a solution for this in the guest kernel, we >> inhibit ballooning when switching into protected mode and reverse that >> once we move out of it. >> >> Signed-off-by: Janosch Frank >> Reviewed-by: David Hildenbrand > > I think Christian requested to add the next steps. Right, I lost that request somewhere. This is what I have now: s390x: protvirt: Inhibit balloon when switching to protected mode Ballooning in protected VMs can only be done when the guest shares the pages it gives to the host. If pages are not shared, the integrity checks will fail once those pages have been altered and are given back to the guest. As we currently do not yet have a solution for this we will continue like this: 1. We block ballooning now in QEMU (with this patch) 2. Later we will provide a change to virtio that removes the blocker and adds VIRTIO_F_IOMMU_PLATFORM automatically by QEMU when doing the protvirt switch. This is ok as the guest balloon driver will reject to work with the IOMMU change 3. later we can fix the guest balloon driver to accept the IOMMU feature bit and correctly exercise sharing and unsharing of balloon pages Signed-off-by: Janosch Frank Reviewed-by: David Hildenbrand Reviewed-by: Christian Borntraeger signature.asc Description: OpenPGP digital signature
