Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to

From:	Janosch Frank
Subject:	Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode
Date:	Wed, 26 Feb 2020 16:11:03 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2

On 2/26/20 3:59 PM, David Hildenbrand wrote:
> On 26.02.20 13:20, Janosch Frank wrote:
>> Ballooning in protected VMs can only be done when the guest shares the
>> pages it gives to the host. Hence, until we have a solution for this
>> in the guest kernel, we inhibit ballooning when switching into
>> protected mode and reverse that once we move out of it.
> 
> I don't understand what you mean here, sorry. zapping a page will mean
> that a fresh one will be faulted in when accessed. And AFAIK, that means
> it will be encrypted again when needed.

Yes, as soon as the host alters non-shared memory we'll run into
integrity issues.


I've been talking to Halil after I sent this out and it looks like we'll
rather try to automatically enable the IOMMU for all devices when
switching into protected mode. He said that if the IOMMU is set the
balloon code will do an early exit on feature negotiation.

> 
> Is that more like the UV will detect this as an integrity issue and
> crash the VM?
> 
>>
>> Signed-off-by: Janosch Frank <address@hidden>
>> ---
>>  hw/s390x/s390-virtio-ccw.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
>> index 9983165b05..0f4455d1df 100644
>> --- a/hw/s390x/s390-virtio-ccw.c
>> +++ b/hw/s390x/s390-virtio-ccw.c
>> @@ -41,6 +41,7 @@
>>  #include "hw/qdev-properties.h"
>>  #include "hw/s390x/tod.h"
>>  #include "sysemu/sysemu.h"
>> +#include "sysemu/balloon.h"
>>  #include "hw/s390x/pv.h"
>>  #include "migration/blocker.h"
>>  
>> @@ -336,6 +337,7 @@ static void s390_machine_unprotect(S390CcwMachineState 
>> *ms)
>>          ms->pv = false;
>>      }
>>      migrate_del_blocker(pv_mig_blocker);
>> +    qemu_balloon_inhibit(false);
>>  }
>>  
>>  static int s390_machine_protect(S390CcwMachineState *ms)
>> @@ -344,6 +346,7 @@ static int s390_machine_protect(S390CcwMachineState *ms)
>>      CPUState *t;
>>      int rc;
>>  
>> +    qemu_balloon_inhibit(true);
>>      if (!pv_mig_blocker) {
>>          error_setg(&pv_mig_blocker,
>>                     "protected VMs are currently not migrateable.");
>>
> 
>

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v6] s390x: Rename and use constants for short PSW address and mask, (continued)
- [PATCH v5 03/18] s390x: protvirt: Add diag308 subcodes 8 - 10, Janosch Frank, 2020/02/26
- [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, Janosch Frank, 2020/02/26
  - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, David Hildenbrand, 2020/02/26
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, Christian Borntraeger, 2020/02/26
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, David Hildenbrand, 2020/02/26
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, Janosch Frank, 2020/02/26
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, David Hildenbrand, 2020/02/26
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, Cornelia Huck, 2020/02/26
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, Janosch Frank <=
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, Christian Borntraeger, 2020/02/26
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, David Hildenbrand, 2020/02/26
    - Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode, Halil Pasic, 2020/02/27
- [PATCH v5 06/18] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4, Janosch Frank, 2020/02/26
  - Re: [PATCH v5 06/18] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4, Christian Borntraeger, 2020/02/26
    - Re: [PATCH v5 06/18] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4, Janosch Frank, 2020/02/26
- [PATCH v5 04/18] s390x: protvirt: Support unpack facility, Janosch Frank, 2020/02/26
- [PATCH v5 05/18] s390x: protvirt: Add migration blocker, Janosch Frank, 2020/02/26
  - Re: [PATCH v5 05/18] s390x: protvirt: Add migration blocker, Christian Borntraeger, 2020/02/26
    - Re: [PATCH v5 05/18] s390x: protvirt: Add migration blocker, Janosch Frank, 2020/02/26

Prev by Date: Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode
Next by Date: Re: [PATCH v5 06/18] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4
Previous by thread: Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode
Next by thread: Re: [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode
Index(es):
- Date
- Thread