[PULL 1/8] s390x/cpu_model: disallow unpack for --only-migratable

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Cornelia Huck <cohuck@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: David Hildenbrand <david@redhat.com>,
	Cornelia Huck <cohuck@redhat.com>,
	qemu-devel@nongnu.org, Halil Pasic <pasic@linux.ibm.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	qemu-s390x@nongnu.org
Subject: [PULL 1/8] s390x/cpu_model: disallow unpack for --only-migratable
Date: Fri,  5 Mar 2021 16:55:10 +0100	[thread overview]
Message-ID: <20210305155517.1604547-2-cohuck@redhat.com> (raw)
In-Reply-To: <20210305155517.1604547-1-cohuck@redhat.com>

From: Christian Borntraeger <borntraeger@de.ibm.com>

Secure execution (aka protected virtualization) guests cannot be
migrated at the moment. If the unpack facility is provided in the cpu
model, a guest may choose to transition to secure mode, making the
guest unmigratable at that point in time. If the machine was explicitly
started with --only-migratable, we would get a failure only when the
guest actually tries to transition; instead, explicitly disallow the
unpack facility if --only-migratable was specified to avoid late
surprises.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210125135332.181324-1-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
---
 target/s390x/cpu_models.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 35179f9dc7ba..dd474c5e9ad1 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -26,6 +26,7 @@
 #include "qapi/qmp/qdict.h"
 #ifndef CONFIG_USER_ONLY
 #include "sysemu/arch_init.h"
+#include "sysemu/sysemu.h"
 #include "hw/pci/pci.h"
 #endif
 #include "qapi/qapi-commands-machine-target.h"
@@ -878,6 +879,15 @@ static void check_compatibility(const S390CPUModel *max_model,
         return;
     }
 
+#ifndef CONFIG_USER_ONLY
+    if (only_migratable && test_bit(S390_FEAT_UNPACK, model->features)) {
+        error_setg(errp, "The unpack facility is not compatible with "
+                   "the --only-migratable option. You must remove either "
+                   "the 'unpack' facility or the --only-migratable option");
+        return;
+    }
+#endif
+
     /* detect the missing features to properly report them */
     bitmap_andnot(missing, model->features, max_model->features, S390_FEAT_MAX);
     if (bitmap_empty(missing, S390_FEAT_MAX)) {
-- 
2.26.2

next prev parent reply	other threads:[~2021-03-05 15:56 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-05 15:55 [PULL 0/8] s390x update Cornelia Huck
2021-03-05 15:55 ` Cornelia Huck [this message]
2021-03-05 15:55 ` [PULL 2/8] target/s390x/arch_dump: Fix warning for the name field in the PT_NOTE section Cornelia Huck
2021-03-05 15:55 ` [PULL 3/8] hw/s390x: fix build for virtio-9p-ccw Cornelia Huck
2021-03-05 15:55 ` [PULL 4/8] s390x/pci: restore missing Query PCI Function CLP data Cornelia Huck
2021-03-05 15:55 ` [PULL 5/8] virtio-ccw: commands on revision-less devices Cornelia Huck
2021-03-05 15:55 ` [PULL 6/8] css: SCHIB measurement block origin must be aligned Cornelia Huck
2021-03-05 15:55 ` [PULL 7/8] vfio-ccw: Do not read region ret_code after write Cornelia Huck
2021-03-05 15:55 ` [PULL 8/8] target/s390x/kvm: Simplify debug code Cornelia Huck
2021-03-05 22:52 ` [PULL 0/8] s390x update Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:35179f9dc7b dfblob:dd474c5e9ad )
 OR (
bs:"[PULL 1/8] s390x/cpu_model: disallow unpack for --only-migratable" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210305155517.1604547-2-cohuck@redhat.com \
    --to=cohuck@redhat.com \
    --cc=borntraeger@de.ibm.com \
    --cc=david@redhat.com \
    --cc=pasic@linux.ibm.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-s390x@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).