From 6bbe5c74925c77d9e45395250a785cae93f52f55 Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Wed, 17 Jan 2024 11:51:45 -0500 Subject: [PATCH] * Wed Jan 17 2024 Jon Maloy - 6.2.0-46 - kvm-MAINTAINERS-split-out-s390x-sections.patch [RHEL-18214] - kvm-s390x-pv-remove-semicolon-from-macro-definition.patch [RHEL-18214] - kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch [RHEL-18214] - kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch [RHEL-18214] - kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch [RHEL-18214] - Resolves: RHEL-18214 ([RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption) --- ...MAINTAINERS-split-out-s390x-sections.patch | 181 +++++++++++ ...M-specific-PV-from-hw-to-target-s390.patch | 283 ++++++++++++++++++ ...rict-Protected-Virtualization-to-sys.patch | 100 +++++++ ...move-semicolon-from-macro-definition.patch | 51 ++++ ...-pv-Provide-some-more-useful-informa.patch | 207 +++++++++++++ qemu-kvm.spec | 21 +- 6 files changed, 842 insertions(+), 1 deletion(-) create mode 100644 kvm-MAINTAINERS-split-out-s390x-sections.patch create mode 100644 kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch create mode 100644 kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch create mode 100644 kvm-s390x-pv-remove-semicolon-from-macro-definition.patch create mode 100644 kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch diff --git a/kvm-MAINTAINERS-split-out-s390x-sections.patch b/kvm-MAINTAINERS-split-out-s390x-sections.patch new file mode 100644 index 0000000..3d7381f --- /dev/null +++ b/kvm-MAINTAINERS-split-out-s390x-sections.patch @@ -0,0 +1,181 @@ +From 440ee491240f2f02f9a6082d8aad98d88c1039dd Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Mon, 15 Jan 2024 14:00:04 +0100 +Subject: [PATCH 1/5] MAINTAINERS: split out s390x sections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 348: s390x: Provide some more useful information if decryption of a PV image fails +RH-Jira: RHEL-18214 +RH-Acked-by: Jon Maloy +RH-Acked-by: Cédric Le Goater +RH-Commit: [1/5] a71a3c11922481f97c36570e361088d17474e481 + +JIRA: https://issues.redhat.com/browse/RHEL-18214 + +commit 56e34834029c7c6862cb0095d95ad83c50485f88 +Author: Cornelia Huck +Date: Wed Dec 22 11:55:48 2021 +0100 + + MAINTAINERS: split out s390x sections + + Split out some more specialized devices etc., so that we can build + smarter lists of people to be put on cc: in the future. + + Signed-off-by: Cornelia Huck + Reviewed-by: Philippe Mathieu-Daudé + Acked-by: David Hildenbrand + Acked-by: Christian Borntraeger + Acked-by: Thomas Huth + Acked-by: Halil Pasic + Acked-by: Eric Farman + Message-Id: <20211222105548.356852-1-cohuck@redhat.com> + Signed-off-by: Thomas Huth + +Signed-off-by: Thomas Huth +--- + MAINTAINERS | 85 ++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 74 insertions(+), 11 deletions(-) + +diff --git a/MAINTAINERS b/MAINTAINERS +index 7543eb4d59..b893206fc3 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -297,7 +297,6 @@ M: David Hildenbrand + S: Maintained + F: target/s390x/ + F: target/s390x/tcg +-F: target/s390x/cpu_models_*.[ch] + F: hw/s390x/ + F: disas/s390.c + F: tests/tcg/s390x/ +@@ -396,16 +395,10 @@ M: Halil Pasic + M: Christian Borntraeger + S: Supported + F: target/s390x/kvm/ +-F: target/s390x/ioinst.[ch] + F: target/s390x/machine.c + F: target/s390x/sigp.c +-F: target/s390x/cpu_features*.[ch] +-F: target/s390x/cpu_models.[ch] + F: hw/s390x/pv.c + F: include/hw/s390x/pv.h +-F: hw/intc/s390_flic.c +-F: hw/intc/s390_flic_kvm.c +-F: include/hw/s390x/s390_flic.h + F: gdb-xml/s390*.xml + T: git https://github.com/borntraeger/qemu.git s390-next + L: qemu-s390x@nongnu.org +@@ -1529,12 +1522,8 @@ S390 Virtio-ccw + M: Halil Pasic + M: Christian Borntraeger + S: Supported +-F: hw/char/sclp*.[hc] +-F: hw/char/terminal3270.c + F: hw/s390x/ + F: include/hw/s390x/ +-F: hw/watchdog/wdt_diag288.c +-F: include/hw/watchdog/wdt_diag288.h + F: configs/devices/s390x-softmmu/default.mak + F: tests/avocado/machine_s390_ccw_virtio.py + T: git https://github.com/borntraeger/qemu.git s390-next +@@ -1559,6 +1548,37 @@ F: hw/s390x/s390-pci* + F: include/hw/s390x/s390-pci* + L: qemu-s390x@nongnu.org + ++S390 channel subsystem ++M: Halil Pasic ++M: Christian Borntraeger ++S: Supported ++F: hw/s390x/ccw-device.[ch] ++F: hw/s390x/css.c ++F: hw/s390x/css-bridge.c ++F: include/hw/s390x/css.h ++F: include/hw/s390x/css-bridge.h ++F: include/hw/s390x/ioinst.h ++F: target/s390x/ioinst.c ++L: qemu-s390x@nongnu.org ++ ++S390 CPU models ++M: David Hildenbrand ++S: Maintained ++F: target/s390x/cpu_features*.[ch] ++F: target/s390x/cpu_models.[ch] ++L: qemu-s390x@nongnu.org ++ ++S390 SCLP-backed devices ++M: Halil Pasic ++M: Christian Borntraeger ++S: Supported ++F: include/hw/s390x/event-facility.h ++F: include/hw/s390x/sclp.h ++F: hw/char/sclp*.[hc] ++F: hw/s390x/event-facility.c ++F: hw/s390x/sclp*.c ++L: qemu-s390x@nongnu.org ++ + X86 Machines + ------------ + PC +@@ -1956,6 +1976,7 @@ M: Halil Pasic + S: Supported + F: hw/s390x/virtio-ccw*.[hc] + F: hw/s390x/vhost-vsock-ccw.c ++F: hw/s390x/vhost-user-fs-ccw.c + T: git https://gitlab.com/cohuck/qemu.git s390-next + T: git https://github.com/borntraeger/qemu.git s390-next + L: qemu-s390x@nongnu.org +@@ -2294,6 +2315,48 @@ F: hw/timer/mips_gictimer.c + F: include/hw/intc/mips_gic.h + F: include/hw/timer/mips_gictimer.h + ++S390 3270 device ++M: Halil Pasic ++M: Christian Borntraeger ++S: Odd fixes ++F: include/hw/s390x/3270-ccw.h ++F: hw/char/terminal3270.c ++F: hw/s390x/3270-ccw.c ++L: qemu-s390x@nongnu.org ++ ++S390 diag 288 watchdog ++M: Halil Pasic ++M: Christian Borntraeger ++S: Supported ++F: hw/watchdog/wdt_diag288.c ++F: include/hw/watchdog/wdt_diag288.h ++L: qemu-s390x@nongnu.org ++ ++S390 storage key device ++M: Halil Pasic ++M: Christian Borntraeger ++S: Supported ++F: hw/s390x/storage-keys.h ++F: hw/390x/s390-skeys*.c ++L: qemu-s390x@nongnu.org ++ ++S390 storage attribute device ++M: Halil Pasic ++M: Christian Borntraeger ++S: Supported ++F: hw/s390x/storage-attributes.h ++F: hw/s390/s390-stattrib*.c ++L: qemu-s390x@nongnu.org ++ ++S390 floating interrupt controller ++M: Halil Pasic ++M: Christian Borntraeger ++M: David Hildenbrand ++S: Supported ++F: hw/intc/s390_flic*.c ++F: include/hw/s390x/s390_flic.h ++L: qemu-s390x@nongnu.org ++ + Subsystems + ---------- + Overall Audio backends +-- +2.41.0 + diff --git a/kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch b/kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch new file mode 100644 index 0000000..7d4135f --- /dev/null +++ b/kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch @@ -0,0 +1,283 @@ +From 59f02a421ecdba6e856597367020926fc0cb5177 Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Mon, 15 Jan 2024 18:52:30 +0100 +Subject: [PATCH 4/5] hw/s390x: Move KVM specific PV from hw/ to + target/s390x/kvm/ +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 348: s390x: Provide some more useful information if decryption of a PV image fails +RH-Jira: RHEL-18214 +RH-Acked-by: Jon Maloy +RH-Acked-by: Cédric Le Goater +RH-Commit: [4/5] f6095bfdb89268007a0741665284955db4752d46 + +JIRA: https://issues.redhat.com/browse/RHEL-18214 + +commit f5f9c6ea11bc807664fdeb9354915c2c9cdcbd89 +Author: Philippe Mathieu-Daudé +Date: Sat Jun 24 22:06:44 2023 +0200 + + hw/s390x: Move KVM specific PV from hw/ to target/s390x/kvm/ + + Protected Virtualization (PV) is not a real hardware device: + it is a feature of the firmware on s390x that is exposed to + userspace via the KVM interface. + + Move the pv.c/pv.h files to target/s390x/kvm/ to make this clearer. + + Suggested-by: Thomas Huth + Signed-off-by: Philippe Mathieu-Daudé + Message-Id: <20230624200644.23931-1-philmd@linaro.org> + Signed-off-by: Thomas Huth + +Conflicts: + hw/s390x/ipl.c + hw/s390x/s390-virtio-ccw.c + target/s390x/diag.c + (simple contextual conflict due to differce with #include statements) +Signed-off-by: Thomas Huth +--- + MAINTAINERS | 2 -- + hw/s390x/ipl.c | 2 +- + hw/s390x/meson.build | 1 - + hw/s390x/s390-pci-kvm.c | 2 +- + hw/s390x/s390-virtio-ccw.c | 2 +- + hw/s390x/tod-kvm.c | 2 +- + target/s390x/arch_dump.c | 2 +- + target/s390x/cpu-sysemu.c | 2 +- + target/s390x/cpu_features.c | 2 +- + target/s390x/cpu_models.c | 2 +- + target/s390x/diag.c | 2 +- + target/s390x/helper.c | 2 +- + target/s390x/ioinst.c | 2 +- + target/s390x/kvm/kvm.c | 2 +- + target/s390x/kvm/meson.build | 1 + + {hw/s390x => target/s390x/kvm}/pv.c | 2 +- + {include/hw/s390x => target/s390x/kvm}/pv.h | 0 + 17 files changed, 14 insertions(+), 16 deletions(-) + rename {hw/s390x => target/s390x/kvm}/pv.c (99%) + rename {include/hw/s390x => target/s390x/kvm}/pv.h (100%) + +diff --git a/MAINTAINERS b/MAINTAINERS +index b893206fc3..d74ca51154 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -397,8 +397,6 @@ S: Supported + F: target/s390x/kvm/ + F: target/s390x/machine.c + F: target/s390x/sigp.c +-F: hw/s390x/pv.c +-F: include/hw/s390x/pv.h + F: gdb-xml/s390*.xml + T: git https://github.com/borntraeger/qemu.git s390-next + L: qemu-s390x@nongnu.org +diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c +index 9051d8652d..c25e247426 100644 +--- a/hw/s390x/ipl.c ++++ b/hw/s390x/ipl.c +@@ -27,7 +27,7 @@ + #include "hw/s390x/vfio-ccw.h" + #include "hw/s390x/css.h" + #include "hw/s390x/ebcdic.h" +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + #include "ipl.h" + #include "qemu/error-report.h" + #include "qemu/config-file.h" +diff --git a/hw/s390x/meson.build b/hw/s390x/meson.build +index 6e6e47fcda..bb3b42f613 100644 +--- a/hw/s390x/meson.build ++++ b/hw/s390x/meson.build +@@ -22,7 +22,6 @@ s390x_ss.add(when: 'CONFIG_KVM', if_true: files( + 'tod-kvm.c', + 's390-skeys-kvm.c', + 's390-stattrib-kvm.c', +- 'pv.c', + 's390-pci-kvm.c', + )) + s390x_ss.add(when: 'CONFIG_TCG', if_true: files( +diff --git a/hw/s390x/s390-pci-kvm.c b/hw/s390x/s390-pci-kvm.c +index 9134fe185f..ff41e4106d 100644 +--- a/hw/s390x/s390-pci-kvm.c ++++ b/hw/s390x/s390-pci-kvm.c +@@ -14,7 +14,7 @@ + #include + + #include "kvm/kvm_s390x.h" +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + #include "hw/s390x/s390-pci-bus.h" + #include "hw/s390x/s390-pci-kvm.h" + #include "hw/s390x/s390-pci-inst.h" +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c +index 17146469ee..7bfa5b4e8f 100644 +--- a/hw/s390x/s390-virtio-ccw.c ++++ b/hw/s390x/s390-virtio-ccw.c +@@ -40,7 +40,7 @@ + #include "hw/qdev-properties.h" + #include "hw/s390x/tod.h" + #include "sysemu/sysemu.h" +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + #include "migration/blocker.h" + #include "qapi/visitor.h" + +diff --git a/hw/s390x/tod-kvm.c b/hw/s390x/tod-kvm.c +index c804c979b5..9776cda50a 100644 +--- a/hw/s390x/tod-kvm.c ++++ b/hw/s390x/tod-kvm.c +@@ -13,7 +13,7 @@ + #include "qemu/module.h" + #include "sysemu/runstate.h" + #include "hw/s390x/tod.h" +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + #include "kvm/kvm_s390x.h" + + static void kvm_s390_get_tod_raw(S390TOD *tod, Error **errp) +diff --git a/target/s390x/arch_dump.c b/target/s390x/arch_dump.c +index 3b1f178dc3..2554238c16 100644 +--- a/target/s390x/arch_dump.c ++++ b/target/s390x/arch_dump.c +@@ -17,8 +17,8 @@ + #include "s390x-internal.h" + #include "elf.h" + #include "sysemu/dump.h" +-#include "hw/s390x/pv.h" + #include "kvm/kvm_s390x.h" ++#include "target/s390x/kvm/pv.h" + + struct S390xUserRegsStruct { + uint64_t psw[2]; +diff --git a/target/s390x/cpu-sysemu.c b/target/s390x/cpu-sysemu.c +index 5471e01ee8..547287a949 100644 +--- a/target/s390x/cpu-sysemu.c ++++ b/target/s390x/cpu-sysemu.c +@@ -32,7 +32,7 @@ + #include "qapi/qapi-visit-run-state.h" + #include "sysemu/hw_accel.h" + +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + #include "hw/boards.h" + #include "sysemu/sysemu.h" + #include "sysemu/tcg.h" +diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c +index 2e4e11d264..ebb155ce1c 100644 +--- a/target/s390x/cpu_features.c ++++ b/target/s390x/cpu_features.c +@@ -15,7 +15,7 @@ + #include "qemu/module.h" + #include "cpu_features.h" + #ifndef CONFIG_USER_ONLY +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + #endif + + #define DEF_FEAT(_FEAT, _NAME, _TYPE, _BIT, _DESC) \ +diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c +index e7c586c76e..100c5e7b3a 100644 +--- a/target/s390x/cpu_models.c ++++ b/target/s390x/cpu_models.c +@@ -22,7 +22,7 @@ + #include "qemu/qemu-print.h" + #ifndef CONFIG_USER_ONLY + #include "sysemu/sysemu.h" +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + #endif + + #define CPUDEF_INIT(_type, _gen, _ec_ga, _mha_pow, _hmfai, _name, _desc) \ +diff --git a/target/s390x/diag.c b/target/s390x/diag.c +index 76b01dcd68..7c8714cc27 100644 +--- a/target/s390x/diag.c ++++ b/target/s390x/diag.c +@@ -19,9 +19,9 @@ + #include "sysemu/cpus.h" + #include "hw/s390x/ipl.h" + #include "hw/s390x/s390-virtio-ccw.h" +-#include "hw/s390x/pv.h" + #include "sysemu/kvm.h" + #include "kvm/kvm_s390x.h" ++#include "target/s390x/kvm/pv.h" + + int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3) + { +diff --git a/target/s390x/helper.c b/target/s390x/helper.c +index 6e35473c7f..860977126a 100644 +--- a/target/s390x/helper.c ++++ b/target/s390x/helper.c +@@ -24,7 +24,7 @@ + #include "exec/gdbstub.h" + #include "qemu/timer.h" + #include "hw/s390x/ioinst.h" +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + #include "sysemu/hw_accel.h" + #include "sysemu/runstate.h" + #include "sysemu/tcg.h" +diff --git a/target/s390x/ioinst.c b/target/s390x/ioinst.c +index bdae5090bc..409f3e3e63 100644 +--- a/target/s390x/ioinst.c ++++ b/target/s390x/ioinst.c +@@ -16,7 +16,7 @@ + #include "hw/s390x/ioinst.h" + #include "trace.h" + #include "hw/s390x/s390-pci-bus.h" +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + + /* All I/O instructions but chsc use the s format */ + static uint64_t get_address_from_regs(CPUS390XState *env, uint32_t ipb, +diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c +index a963866ef4..6d1a6324b9 100644 +--- a/target/s390x/kvm/kvm.c ++++ b/target/s390x/kvm/kvm.c +@@ -51,7 +51,7 @@ + #include "exec/memattrs.h" + #include "hw/s390x/s390-virtio-ccw.h" + #include "hw/s390x/s390-virtio-hcall.h" +-#include "hw/s390x/pv.h" ++#include "target/s390x/kvm/pv.h" + + #ifndef DEBUG_KVM + #define DEBUG_KVM 0 +diff --git a/target/s390x/kvm/meson.build b/target/s390x/kvm/meson.build +index aef52b6686..739d5b9f54 100644 +--- a/target/s390x/kvm/meson.build ++++ b/target/s390x/kvm/meson.build +@@ -1,5 +1,6 @@ + + s390x_ss.add(when: 'CONFIG_KVM', if_true: files( ++ 'pv.c', + 'kvm.c' + ), if_false: files( + 'stubs.c' +diff --git a/hw/s390x/pv.c b/target/s390x/kvm/pv.c +similarity index 99% +rename from hw/s390x/pv.c +rename to target/s390x/kvm/pv.c +index 8a1c71436b..e14db4f41a 100644 +--- a/hw/s390x/pv.c ++++ b/target/s390x/kvm/pv.c +@@ -19,9 +19,9 @@ + #include "qom/object_interfaces.h" + #include "exec/confidential-guest-support.h" + #include "hw/s390x/ipl.h" +-#include "hw/s390x/pv.h" + #include "hw/s390x/sclp.h" + #include "target/s390x/kvm/kvm_s390x.h" ++#include "target/s390x/kvm/pv.h" + + static bool info_valid; + static struct kvm_s390_pv_info_vm info_vm; +diff --git a/include/hw/s390x/pv.h b/target/s390x/kvm/pv.h +similarity index 100% +rename from include/hw/s390x/pv.h +rename to target/s390x/kvm/pv.h +-- +2.41.0 + diff --git a/kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch b/kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch new file mode 100644 index 0000000..f0f39fa --- /dev/null +++ b/kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch @@ -0,0 +1,100 @@ +From 053faafcf523b0ea4d841c0af8e7e26a2cddd5e8 Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Mon, 15 Jan 2024 14:00:04 +0100 +Subject: [PATCH 3/5] hw/s390x/pv: Restrict Protected Virtualization to sysemu +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 348: s390x: Provide some more useful information if decryption of a PV image fails +RH-Jira: RHEL-18214 +RH-Acked-by: Jon Maloy +RH-Acked-by: Cédric Le Goater +RH-Commit: [3/5] 17b11f9fd2b53c7d33c09a62f28cfca19b18e798 + +JIRA: https://issues.redhat.com/browse/RHEL-18214 + +commit 3ea7e312671686e616efa1b8caa5f5ce2d06543a +Author: Philippe Mathieu-Daudé +Date: Sat Dec 17 16:24:52 2022 +0100 + + hw/s390x/pv: Restrict Protected Virtualization to sysemu + + Protected Virtualization is irrelevant in user emulation. + + Signed-off-by: Philippe Mathieu-Daudé + Message-Id: <20221217152454.96388-4-philmd@linaro.org> + Reviewed-by: Thomas Huth + Reviewed-by: Richard Henderson + Signed-off-by: Thomas Huth + +Signed-off-by: Thomas Huth +--- + target/s390x/cpu_features.c | 4 ++++ + target/s390x/cpu_models.c | 4 +++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c +index 5528acd082..2e4e11d264 100644 +--- a/target/s390x/cpu_features.c ++++ b/target/s390x/cpu_features.c +@@ -14,7 +14,9 @@ + #include "qemu/osdep.h" + #include "qemu/module.h" + #include "cpu_features.h" ++#ifndef CONFIG_USER_ONLY + #include "hw/s390x/pv.h" ++#endif + + #define DEF_FEAT(_FEAT, _NAME, _TYPE, _BIT, _DESC) \ + [S390_FEAT_##_FEAT] = { \ +@@ -107,6 +109,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type, + feat = find_next_bit(features, S390_FEAT_MAX, feat + 1); + } + ++#ifndef CONFIG_USER_ONLY + if (!s390_is_pv()) { + return; + } +@@ -147,6 +150,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type, + default: + return; + } ++#endif + } + + void s390_add_from_feat_block(S390FeatBitmap features, S390FeatType type, +diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c +index 454485e706..e7c586c76e 100644 +--- a/target/s390x/cpu_models.c ++++ b/target/s390x/cpu_models.c +@@ -22,8 +22,8 @@ + #include "qemu/qemu-print.h" + #ifndef CONFIG_USER_ONLY + #include "sysemu/sysemu.h" +-#endif + #include "hw/s390x/pv.h" ++#endif + + #define CPUDEF_INIT(_type, _gen, _ec_ga, _mha_pow, _hmfai, _name, _desc) \ + { \ +@@ -236,6 +236,7 @@ bool s390_has_feat(S390Feat feat) + return 0; + } + ++#ifndef CONFIG_USER_ONLY + if (s390_is_pv()) { + switch (feat) { + case S390_FEAT_DIAG_318: +@@ -259,6 +260,7 @@ bool s390_has_feat(S390Feat feat) + break; + } + } ++#endif + return test_bit(feat, cpu->model->features); + } + +-- +2.41.0 + diff --git a/kvm-s390x-pv-remove-semicolon-from-macro-definition.patch b/kvm-s390x-pv-remove-semicolon-from-macro-definition.patch new file mode 100644 index 0000000..0c62189 --- /dev/null +++ b/kvm-s390x-pv-remove-semicolon-from-macro-definition.patch @@ -0,0 +1,51 @@ +From 52969f8a75ac7ba115e044cd94208984c18eee41 Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Mon, 15 Jan 2024 14:00:04 +0100 +Subject: [PATCH 2/5] s390x/pv: remove semicolon from macro definition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 348: s390x: Provide some more useful information if decryption of a PV image fails +RH-Jira: RHEL-18214 +RH-Acked-by: Jon Maloy +RH-Acked-by: Cédric Le Goater +RH-Commit: [2/5] 52a04c945a584746ff30bed516ad97bab75ac821 + +JIRA: https://issues.redhat.com/browse/RHEL-18214 + +commit 36c182bbe680d64f0868522bb9256b5b8eccf280 +Author: Claudio Imbrenda +Date: Mon Oct 10 17:10:41 2022 +0200 + + s390x/pv: remove semicolon from macro definition + + Remove spurious semicolon at the end of the macro s390_pv_cmd + + Signed-off-by: Claudio Imbrenda + Acked-by: Cornelia Huck + Message-Id: <20221010151041.89071-1-imbrenda@linux.ibm.com> + Signed-off-by: Thomas Huth + +Signed-off-by: Thomas Huth +--- + hw/s390x/pv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c +index 749e5db1ce..8a1c71436b 100644 +--- a/hw/s390x/pv.c ++++ b/hw/s390x/pv.c +@@ -51,7 +51,7 @@ static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data) + * This macro lets us pass the command as a string to the function so + * we can print it on an error. + */ +-#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data); ++#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data) + #define s390_pv_cmd_exit(cmd, data) \ + { \ + int rc; \ +-- +2.41.0 + diff --git a/kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch b/kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch new file mode 100644 index 0000000..dd05215 --- /dev/null +++ b/kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch @@ -0,0 +1,207 @@ +From c1273f9e38f81f912cd2bd1dd4a43f9652766f76 Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Wed, 10 Jan 2024 15:29:16 +0100 +Subject: [PATCH 5/5] target/s390x/kvm/pv: Provide some more useful information + if decryption fails +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 348: s390x: Provide some more useful information if decryption of a PV image fails +RH-Jira: RHEL-18214 +RH-Acked-by: Jon Maloy +RH-Acked-by: Cédric Le Goater +RH-Commit: [5/5] 087acaecfaa5921b409beb212123214fa79fe50c + +JIRA: https://issues.redhat.com/browse/RHEL-18214 + +commit 7af51621b16ae86646cc2dc9dee30de8176ff761 +Author: Thomas Huth +Date: Wed Jan 10 15:29:16 2024 +0100 + + target/s390x/kvm/pv: Provide some more useful information if decryption fails + + It's a common scenario to copy guest images from one host to another + to run the guest on the other machine. This (of course) does not work + with "secure execution" guests since they are encrypted with one certain + host key. However, if you still (accidentally) do it, you only get a + very user-unfriendly error message that looks like this: + + qemu-system-s390x: KVM PV command 2 (KVM_PV_SET_SEC_PARMS) failed: + header rc 108 rrc 5 IOCTL rc: -22 + + Let's provide at least a somewhat nicer hint to the users so that they + are able to figure out what might have gone wrong. + + Message-ID: <20240110142916.850605-1-thuth@redhat.com> + Reviewed-by: Philippe Mathieu-Daudé + Reviewed-by: Cédric Le Goater + Reviewed-by: Claudio Imbrenda + Signed-off-by: Thomas Huth + +Conflicts: + target/s390x/kvm/pv.c + target/s390x/kvm/pv.h + (contextual conflict due to missing async-teardown in RHEL8) +Signed-off-by: Thomas Huth +--- + hw/s390x/ipl.c | 5 ++--- + hw/s390x/ipl.h | 2 +- + hw/s390x/s390-virtio-ccw.c | 5 ++++- + target/s390x/kvm/pv.c | 25 ++++++++++++++++++++----- + target/s390x/kvm/pv.h | 5 +++-- + 5 files changed, 30 insertions(+), 12 deletions(-) + +diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c +index c25e247426..c6cefdd3fe 100644 +--- a/hw/s390x/ipl.c ++++ b/hw/s390x/ipl.c +@@ -709,7 +709,7 @@ static void s390_ipl_prepare_qipl(S390CPU *cpu) + cpu_physical_memory_unmap(addr, len, 1, len); + } + +-int s390_ipl_prepare_pv_header(void) ++int s390_ipl_prepare_pv_header(Error **errp) + { + IplParameterBlock *ipib = s390_ipl_get_iplb_pv(); + IPLBlockPV *ipib_pv = &ipib->pv; +@@ -718,8 +718,7 @@ int s390_ipl_prepare_pv_header(void) + + cpu_physical_memory_read(ipib_pv->pv_header_addr, hdr, + ipib_pv->pv_header_len); +- rc = s390_pv_set_sec_parms((uintptr_t)hdr, +- ipib_pv->pv_header_len); ++ rc = s390_pv_set_sec_parms((uintptr_t)hdr, ipib_pv->pv_header_len, errp); + g_free(hdr); + return rc; + } +diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h +index dfc6dfd89c..f9cce33330 100644 +--- a/hw/s390x/ipl.h ++++ b/hw/s390x/ipl.h +@@ -107,7 +107,7 @@ typedef union IplParameterBlock IplParameterBlock; + + int s390_ipl_set_loadparm(uint8_t *loadparm); + void s390_ipl_update_diag308(IplParameterBlock *iplb); +-int s390_ipl_prepare_pv_header(void); ++int s390_ipl_prepare_pv_header(Error **errp); + int s390_ipl_pv_unpack(void); + void s390_ipl_prepare_cpu(S390CPU *cpu); + IplParameterBlock *s390_ipl_get_iplb(void); +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c +index 7bfa5b4e8f..94434c3bb1 100644 +--- a/hw/s390x/s390-virtio-ccw.c ++++ b/hw/s390x/s390-virtio-ccw.c +@@ -374,7 +374,7 @@ static int s390_machine_protect(S390CcwMachineState *ms) + } + + /* Set SE header and unpack */ +- rc = s390_ipl_prepare_pv_header(); ++ rc = s390_ipl_prepare_pv_header(&local_err); + if (rc) { + goto out_err; + } +@@ -393,6 +393,9 @@ static int s390_machine_protect(S390CcwMachineState *ms) + return rc; + + out_err: ++ if (local_err) { ++ error_report_err(local_err); ++ } + s390_machine_unprotect(ms); + return rc; + } +diff --git a/target/s390x/kvm/pv.c b/target/s390x/kvm/pv.c +index e14db4f41a..ae75063777 100644 +--- a/target/s390x/kvm/pv.c ++++ b/target/s390x/kvm/pv.c +@@ -27,7 +27,8 @@ static bool info_valid; + static struct kvm_s390_pv_info_vm info_vm; + static struct kvm_s390_pv_info_dump info_dump; + +-static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data) ++static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data, ++ int *pvrc) + { + struct kvm_pv_cmd pv_cmd = { + .cmd = cmd, +@@ -44,6 +45,9 @@ static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data) + "IOCTL rc: %d", cmd, cmdname, pv_cmd.rc, pv_cmd.rrc, + rc); + } ++ if (pvrc) { ++ *pvrc = pv_cmd.rc; ++ } + return rc; + } + +@@ -51,12 +55,13 @@ static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data) + * This macro lets us pass the command as a string to the function so + * we can print it on an error. + */ +-#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data) ++#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data, NULL) ++#define s390_pv_cmd_pvrc(cmd, data, pvrc) __s390_pv_cmd(cmd, #cmd, data, pvrc) + #define s390_pv_cmd_exit(cmd, data) \ + { \ + int rc; \ + \ +- rc = __s390_pv_cmd(cmd, #cmd, data);\ ++ rc = __s390_pv_cmd(cmd, #cmd, data, NULL); \ + if (rc) { \ + exit(1); \ + } \ +@@ -108,14 +113,24 @@ void s390_pv_vm_disable(void) + s390_pv_cmd_exit(KVM_PV_DISABLE, NULL); + } + +-int s390_pv_set_sec_parms(uint64_t origin, uint64_t length) ++int s390_pv_set_sec_parms(uint64_t origin, uint64_t length, Error **errp) + { ++ int ret, pvrc; + struct kvm_s390_pv_sec_parm args = { + .origin = origin, + .length = length, + }; + +- return s390_pv_cmd(KVM_PV_SET_SEC_PARMS, &args); ++ ret = s390_pv_cmd_pvrc(KVM_PV_SET_SEC_PARMS, &args, &pvrc); ++ if (ret) { ++ error_setg(errp, "Failed to set secure execution parameters"); ++ if (pvrc == 0x108) { ++ error_append_hint(errp, "Please check whether the image is " ++ "correctly encrypted for this host\n"); ++ } ++ } ++ ++ return ret; + } + + /* +diff --git a/target/s390x/kvm/pv.h b/target/s390x/kvm/pv.h +index 9360aa1091..6868c3f4ac 100644 +--- a/target/s390x/kvm/pv.h ++++ b/target/s390x/kvm/pv.h +@@ -41,7 +41,7 @@ static inline bool s390_is_pv(void) + int s390_pv_query_info(void); + int s390_pv_vm_enable(void); + void s390_pv_vm_disable(void); +-int s390_pv_set_sec_parms(uint64_t origin, uint64_t length); ++int s390_pv_set_sec_parms(uint64_t origin, uint64_t length, Error **errp); + int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak); + void s390_pv_prep_reset(void); + int s390_pv_verify(void); +@@ -60,7 +60,8 @@ static inline bool s390_is_pv(void) { return false; } + static inline int s390_pv_query_info(void) { return 0; } + static inline int s390_pv_vm_enable(void) { return 0; } + static inline void s390_pv_vm_disable(void) {} +-static inline int s390_pv_set_sec_parms(uint64_t origin, uint64_t length) { return 0; } ++static inline int s390_pv_set_sec_parms(uint64_t origin, uint64_t length, ++ Error **errp) { return 0; } + static inline int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak) { return 0; } + static inline void s390_pv_prep_reset(void) {} + static inline int s390_pv_verify(void) { return 0; } +-- +2.41.0 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 3fe4986..4c9235f 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -83,7 +83,7 @@ Obsoletes: %1-rhev <= %{epoch}:%{version}-%{release} Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 6.2.0 -Release: 45%{?rcrel}%{?dist} +Release: 46%{?rcrel}%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -817,6 +817,16 @@ Patch327: kvm-acpi-fix-acpi_index-migration.patch Patch328: kvm-RHEL-Enable-x-not-migrate-acpi-index-for-all-pre-RHE.patch # For RHEL-14870 - [rhel8]ipxe-roms-qemu does not provide efi-virtio.rom Patch329: kvm-hw-arm-virt-Do-not-load-efi-virtio.rom-for-all-virti.patch +# For RHEL-18214 - [RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption +Patch330: kvm-MAINTAINERS-split-out-s390x-sections.patch +# For RHEL-18214 - [RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption +Patch331: kvm-s390x-pv-remove-semicolon-from-macro-definition.patch +# For RHEL-18214 - [RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption +Patch332: kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch +# For RHEL-18214 - [RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption +Patch333: kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch +# For RHEL-18214 - [RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption +Patch334: kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch BuildRequires: wget BuildRequires: rpm-build @@ -1986,6 +1996,15 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %changelog +* Wed Jan 17 2024 Jon Maloy - 6.2.0-46 +- kvm-MAINTAINERS-split-out-s390x-sections.patch [RHEL-18214] +- kvm-s390x-pv-remove-semicolon-from-macro-definition.patch [RHEL-18214] +- kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch [RHEL-18214] +- kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch [RHEL-18214] +- kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch [RHEL-18214] +- Resolves: RHEL-18214 + ([RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption) + * Thu Jan 04 2024 Jon Maloy - 6.2.0-45 - kvm-acpi-fix-acpi_index-migration.patch [RHEL-20189] - kvm-RHEL-Enable-x-not-migrate-acpi-index-for-all-pre-RHE.patch [RHEL-20189]