diff mbox series

s390x/cpu_model: disallow unpack for --only-migratable

Message ID 20210125125312.138491-1-borntraeger@de.ibm.com
State New
Headers show
Series s390x/cpu_model: disallow unpack for --only-migratable | expand

Commit Message

Christian Borntraeger Jan. 25, 2021, 12:53 p.m. UTC
secure execution (aka protected virtualization) guests cannot be
migrated at the moment. Disallow the unpack facility if the user
specifies --only-migratable.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 target/s390x/cpu_models.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

David Hildenbrand Jan. 25, 2021, 12:57 p.m. UTC | #1
On 25.01.21 13:53, Christian Borntraeger wrote:
> secure execution (aka protected virtualization) guests cannot be
> migrated at the moment. Disallow the unpack facility if the user
> specifies --only-migratable.
> 
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
>  target/s390x/cpu_models.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
> index 35179f9dc7ba..0fa082ae2546 100644
> --- a/target/s390x/cpu_models.c
> +++ b/target/s390x/cpu_models.c
> @@ -26,6 +26,7 @@
>  #include "qapi/qmp/qdict.h"
>  #ifndef CONFIG_USER_ONLY
>  #include "sysemu/arch_init.h"
> +#include "sysemu/sysemu.h"
>  #include "hw/pci/pci.h"
>  #endif
>  #include "qapi/qapi-commands-machine-target.h"
> @@ -878,6 +879,11 @@ static void check_compatibility(const S390CPUModel *max_model,
>          return;
>      }
>  
> +    if (only_migratable && test_bit(S390_FEAT_UNPACK, model->features)) {
> +        error_setg(errp, "The unpack facility is not compatible with "
> +                   "the --only-migratable option");

return; ?


This implies that a VM with "-cpu host" might not start anymore, right?
Christian Borntraeger Jan. 25, 2021, 12:59 p.m. UTC | #2
On 25.01.21 13:57, David Hildenbrand wrote:
> On 25.01.21 13:53, Christian Borntraeger wrote:
>> secure execution (aka protected virtualization) guests cannot be
>> migrated at the moment. Disallow the unpack facility if the user
>> specifies --only-migratable.
>>
>> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
>> ---
>>  target/s390x/cpu_models.c | 6 ++++++
>>  1 file changed, 6 insertions(+)
>>
>> diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
>> index 35179f9dc7ba..0fa082ae2546 100644
>> --- a/target/s390x/cpu_models.c
>> +++ b/target/s390x/cpu_models.c
>> @@ -26,6 +26,7 @@
>>  #include "qapi/qmp/qdict.h"
>>  #ifndef CONFIG_USER_ONLY
>>  #include "sysemu/arch_init.h"
>> +#include "sysemu/sysemu.h"
>>  #include "hw/pci/pci.h"
>>  #endif
>>  #include "qapi/qapi-commands-machine-target.h"
>> @@ -878,6 +879,11 @@ static void check_compatibility(const S390CPUModel *max_model,
>>          return;
>>      }
>>  
>> +    if (only_migratable && test_bit(S390_FEAT_UNPACK, model->features)) {
>> +        error_setg(errp, "The unpack facility is not compatible with "
>> +                   "the --only-migratable option");
> 
> return; ?

of course.

> 
> 
> This implies that a VM with "-cpu host" might not start anymore, right?

Only if --only-migratable is set.
David Hildenbrand Jan. 25, 2021, 1:04 p.m. UTC | #3
On 25.01.21 13:59, Christian Borntraeger wrote:
> 
> 
> On 25.01.21 13:57, David Hildenbrand wrote:
>> On 25.01.21 13:53, Christian Borntraeger wrote:
>>> secure execution (aka protected virtualization) guests cannot be
>>> migrated at the moment. Disallow the unpack facility if the user
>>> specifies --only-migratable.
>>>
>>> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
>>> ---
>>>  target/s390x/cpu_models.c | 6 ++++++
>>>  1 file changed, 6 insertions(+)
>>>
>>> diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
>>> index 35179f9dc7ba..0fa082ae2546 100644
>>> --- a/target/s390x/cpu_models.c
>>> +++ b/target/s390x/cpu_models.c
>>> @@ -26,6 +26,7 @@
>>>  #include "qapi/qmp/qdict.h"
>>>  #ifndef CONFIG_USER_ONLY
>>>  #include "sysemu/arch_init.h"
>>> +#include "sysemu/sysemu.h"
>>>  #include "hw/pci/pci.h"
>>>  #endif
>>>  #include "qapi/qapi-commands-machine-target.h"
>>> @@ -878,6 +879,11 @@ static void check_compatibility(const S390CPUModel *max_model,
>>>          return;
>>>      }
>>>  
>>> +    if (only_migratable && test_bit(S390_FEAT_UNPACK, model->features)) {
>>> +        error_setg(errp, "The unpack facility is not compatible with "
>>> +                   "the --only-migratable option");
>>
>> return; ?
> 
> of course.
> 
>>
>>
>> This implies that a VM with "-cpu host" might not start anymore, right?
> 
> Only if --only-migratable is set.
> 

Right, that's what I meant

Reviewed-by: David Hildenbrand <david@redhat.com>
diff mbox series

Patch

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 35179f9dc7ba..0fa082ae2546 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -26,6 +26,7 @@ 
 #include "qapi/qmp/qdict.h"
 #ifndef CONFIG_USER_ONLY
 #include "sysemu/arch_init.h"
+#include "sysemu/sysemu.h"
 #include "hw/pci/pci.h"
 #endif
 #include "qapi/qapi-commands-machine-target.h"
@@ -878,6 +879,11 @@  static void check_compatibility(const S390CPUModel *max_model,
         return;
     }
 
+    if (only_migratable && test_bit(S390_FEAT_UNPACK, model->features)) {
+        error_setg(errp, "The unpack facility is not compatible with "
+                   "the --only-migratable option");
+    }
+
     /* detect the missing features to properly report them */
     bitmap_andnot(missing, model->features, max_model->features, S390_FEAT_MAX);
     if (bitmap_empty(missing, S390_FEAT_MAX)) {