From: Claudio Imbrenda <imbrenda@linux.ibm.com>
To: Nico Boehr <nrb@linux.ibm.com>
Cc: kvm@vger.kernel.org, frankja@linux.ibm.com, thuth@redhat.com
Subject: Re: [kvm-unit-tests PATCH v2 1/1] s390x: do not enable PV dump support by default
Date: Wed, 19 Oct 2022 17:13:59 +0200 [thread overview]
Message-ID: <20221019171359.2b1db783@p-imbrenda> (raw)
In-Reply-To: <20221019145320.1228710-2-nrb@linux.ibm.com>
On Wed, 19 Oct 2022 16:53:20 +0200
Nico Boehr <nrb@linux.ibm.com> wrote:
> Currently, dump support is always enabled by setting the respective
> plaintext control flag (PCF). Unfortunately, older machines without
> support for PV dump will not start the guest when this PCF is set. This
> will result in an error message like this:
>
> qemu-system-s390x: KVM PV command 2 (KVM_PV_SET_SEC_PARMS) failed: header rc 106 rrc 0 IOCTL rc: -22
>
> Hence, by default, disable dump support to preserve compatibility with
> older machines. Users can enable dumping support by passing
> --enable-dump to the configure script.
>
> Fixes: 3043685825d9 ("s390x: create persistent comm-key")
> Signed-off-by: Nico Boehr <nrb@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
> ---
> configure | 11 +++++++++++
> s390x/Makefile | 26 +++++++++++++++++---------
> 2 files changed, 28 insertions(+), 9 deletions(-)
>
> diff --git a/configure b/configure
> index 5b7daac3c6e8..b81f20942c9c 100755
> --- a/configure
> +++ b/configure
> @@ -28,6 +28,7 @@ errata_force=0
> erratatxt="$srcdir/errata.txt"
> host_key_document=
> gen_se_header=
> +enable_dump=no
> page_size=
> earlycon=
> efi=
> @@ -67,6 +68,9 @@ usage() {
> --gen-se-header=GEN_SE_HEADER
> Provide an executable to generate a PV header
> requires --host-key-document. (s390x-snippets only)
> + --[enable|disable]-dump
> + Allow PV guests to be dumped. Requires at least z16.
> + (s390x only)
> --page-size=PAGE_SIZE
> Specify the page size (translation granule) (4k, 16k or
> 64k, default is 64k, arm64 only)
> @@ -146,6 +150,12 @@ while [[ "$1" = -* ]]; do
> --gen-se-header)
> gen_se_header="$arg"
> ;;
> + --enable-dump)
> + enable_dump=yes
> + ;;
> + --disable-dump)
> + enable_dump=no
> + ;;
> --page-size)
> page_size="$arg"
> ;;
> @@ -387,6 +397,7 @@ U32_LONG_FMT=$u32_long
> WA_DIVIDE=$wa_divide
> GENPROTIMG=${GENPROTIMG-genprotimg}
> HOST_KEY_DOCUMENT=$host_key_document
> +CONFIG_DUMP=$enable_dump
> CONFIG_EFI=$efi
> CONFIG_WERROR=$werror
> GEN_SE_HEADER=$gen_se_header
> diff --git a/s390x/Makefile b/s390x/Makefile
> index 649486f2d4a0..271b6803a1c5 100644
> --- a/s390x/Makefile
> +++ b/s390x/Makefile
> @@ -173,18 +173,26 @@ $(comm-key):
> %.bin: %.elf
> $(OBJCOPY) -O binary $< $@
>
> -# The genprotimg arguments for the cck changed over time so we need to
> -# figure out which argument to use in order to set the cck
> -GENPROTIMG_HAS_COMM_KEY = $(shell $(GENPROTIMG) --help | grep -q -- --comm-key && echo yes)
> -ifeq ($(GENPROTIMG_HAS_COMM_KEY),yes)
> - GENPROTIMG_COMM_KEY = --comm-key $(comm-key)
> -else
> - GENPROTIMG_COMM_KEY = --x-comm-key $(comm-key)
> +# Will only be filled when dump has been enabled
> +GENPROTIMG_COMM_KEY =
> +# allow PCKMO
> +genprotimg_pcf = 0x000000e0
> +
> +ifeq ($(CONFIG_DUMP),yes)
> + # The genprotimg arguments for the cck changed over time so we need to
> + # figure out which argument to use in order to set the cck
> + GENPROTIMG_HAS_COMM_KEY = $(shell $(GENPROTIMG) --help | grep -q -- --comm-key && echo yes)
> + ifeq ($(GENPROTIMG_HAS_COMM_KEY),yes)
> + GENPROTIMG_COMM_KEY = --comm-key $(comm-key)
> + else
> + GENPROTIMG_COMM_KEY = --x-comm-key $(comm-key)
> + endif
> +
> + # allow dumping + PCKMO
> + genprotimg_pcf = 0x200000e0
> endif
>
> # use x-pcf to be compatible with old genprotimg versions
> -# allow dumping + PCKMO
> -genprotimg_pcf = 0x200000e0
> genprotimg_args = --host-key-document $(HOST_KEY_DOCUMENT) --no-verify $(GENPROTIMG_COMM_KEY) --x-pcf $(genprotimg_pcf)
>
> %selftest.pv.bin: %selftest.bin $(HOST_KEY_DOCUMENT) $(patsubst %.pv.bin,%.parmfile,$@) $(comm-key)
next prev parent reply other threads:[~2022-10-19 15:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-19 14:53 [kvm-unit-tests PATCH v2 0/1] s390x: do not enable PV dump support by default Nico Boehr
2022-10-19 14:53 ` [kvm-unit-tests PATCH v2 1/1] " Nico Boehr
2022-10-19 15:13 ` Claudio Imbrenda [this message]
2022-10-20 6:56 ` Janosch Frank
2022-10-19 15:19 ` [kvm-unit-tests PATCH v2 0/1] " Claudio Imbrenda
2022-10-19 15:24 ` Nico Boehr
2022-10-19 16:03 ` Claudio Imbrenda
2022-10-19 15:47 ` Janosch Frank
2022-10-19 16:17 ` Claudio Imbrenda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221019171359.2b1db783@p-imbrenda \
--to=imbrenda@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=nrb@linux.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox