* Tue Apr 25 2023 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-33
- kvm-s390x-pv-Implement-a-CGS-check-helper.patch [bz#2187159] - Resolves: bz#2187159 (RHEL8.8 - KVM - Secure Guest crashed during booting with 248 vcpus)
This commit is contained in:
		
							parent
							
								
									d9dd6a665d
								
							
						
					
					
						commit
						c5c2aa1409
					
				
							
								
								
									
										109
									
								
								kvm-s390x-pv-Implement-a-CGS-check-helper.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										109
									
								
								kvm-s390x-pv-Implement-a-CGS-check-helper.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,109 @@ | |||||||
|  | From 2fc8489b70445a3db0a2e72c1f1edb4d61d404d6 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com> | ||||||
|  | Date: Mon, 16 Jan 2023 18:46:05 +0100 | ||||||
|  | Subject: [PATCH] s390x/pv: Implement a CGS check helper | ||||||
|  | MIME-Version: 1.0 | ||||||
|  | Content-Type: text/plain; charset=UTF-8 | ||||||
|  | Content-Transfer-Encoding: 8bit | ||||||
|  | 
 | ||||||
|  | RH-Author: Cédric Le Goater <clg@redhat.com> | ||||||
|  | RH-MergeRequest: 271: Secure guest can't boot with maximal number of vcpus (248) | ||||||
|  | RH-Bugzilla: 2187159 | ||||||
|  | RH-Acked-by: Thomas Huth <thuth@redhat.com> | ||||||
|  | RH-Acked-by: Cornelia Huck <cohuck@redhat.com> | ||||||
|  | RH-Acked-by: Jon Maloy <jmaloy@redhat.com> | ||||||
|  | RH-Commit: [1/1] c870d525c48ab6d0df964b5abe48efe2528c9883 | ||||||
|  | 
 | ||||||
|  | When a protected VM is started with the maximum number of CPUs (248), | ||||||
|  | the service call providing information on the CPUs requires more | ||||||
|  | buffer space than allocated and QEMU disgracefully aborts : | ||||||
|  | 
 | ||||||
|  |     LOADPARM=[........] | ||||||
|  |     Using virtio-blk. | ||||||
|  |     Using SCSI scheme. | ||||||
|  |     ................................................................................... | ||||||
|  |     qemu-system-s390x: KVM_S390_MEM_OP failed: Argument list too long | ||||||
|  | 
 | ||||||
|  | When protected virtualization is initialized, compute the maximum | ||||||
|  | number of vCPUs supported by the machine and return useful information | ||||||
|  | to the user before the machine starts in case of error. | ||||||
|  | 
 | ||||||
|  | Suggested-by: Thomas Huth <thuth@redhat.com> | ||||||
|  | Reviewed-by: Thomas Huth <thuth@redhat.com> | ||||||
|  | Signed-off-by: Cédric Le Goater <clg@redhat.com> | ||||||
|  | Message-Id: <20230116174607.2459498-2-clg@kaod.org> | ||||||
|  | Signed-off-by: Thomas Huth <thuth@redhat.com> | ||||||
|  | (cherry picked from commit 75d7150c636569f6687f7e70a33be893be43eb5f) | ||||||
|  | Signed-off-by: Cédric Le Goater <clg@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  hw/s390x/pv.c | 40 ++++++++++++++++++++++++++++++++++++++++ | ||||||
|  |  1 file changed, 40 insertions(+) | ||||||
|  | 
 | ||||||
|  | diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
 | ||||||
|  | index 728ba24547..749e5db1ce 100644
 | ||||||
|  | --- a/hw/s390x/pv.c
 | ||||||
|  | +++ b/hw/s390x/pv.c
 | ||||||
|  | @@ -20,6 +20,7 @@
 | ||||||
|  |  #include "exec/confidential-guest-support.h" | ||||||
|  |  #include "hw/s390x/ipl.h" | ||||||
|  |  #include "hw/s390x/pv.h" | ||||||
|  | +#include "hw/s390x/sclp.h"
 | ||||||
|  |  #include "target/s390x/kvm/kvm_s390x.h" | ||||||
|  |   | ||||||
|  |  static bool info_valid; | ||||||
|  | @@ -249,6 +250,41 @@ struct S390PVGuestClass {
 | ||||||
|  |      ConfidentialGuestSupportClass parent_class; | ||||||
|  |  }; | ||||||
|  |   | ||||||
|  | +/*
 | ||||||
|  | + * If protected virtualization is enabled, the amount of data that the
 | ||||||
|  | + * Read SCP Info Service Call can use is limited to one page. The
 | ||||||
|  | + * available space also depends on the Extended-Length SCCB (ELS)
 | ||||||
|  | + * feature which can take more buffer space to store feature
 | ||||||
|  | + * information. This impacts the maximum number of CPUs supported in
 | ||||||
|  | + * the machine.
 | ||||||
|  | + */
 | ||||||
|  | +static uint32_t s390_pv_get_max_cpus(void)
 | ||||||
|  | +{
 | ||||||
|  | +    int offset_cpu = s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) ?
 | ||||||
|  | +        offsetof(ReadInfo, entries) : SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET;
 | ||||||
|  | +
 | ||||||
|  | +    return (TARGET_PAGE_SIZE - offset_cpu) / sizeof(CPUEntry);
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  | +static bool s390_pv_check_cpus(Error **errp)
 | ||||||
|  | +{
 | ||||||
|  | +    MachineState *ms = MACHINE(qdev_get_machine());
 | ||||||
|  | +    uint32_t pv_max_cpus = s390_pv_get_max_cpus();
 | ||||||
|  | +
 | ||||||
|  | +    if (ms->smp.max_cpus > pv_max_cpus) {
 | ||||||
|  | +        error_setg(errp, "Protected VMs support a maximum of %d CPUs",
 | ||||||
|  | +                   pv_max_cpus);
 | ||||||
|  | +        return false;
 | ||||||
|  | +    }
 | ||||||
|  | +
 | ||||||
|  | +    return true;
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  | +static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **errp)
 | ||||||
|  | +{
 | ||||||
|  | +    return s390_pv_check_cpus(errp);
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) | ||||||
|  |  { | ||||||
|  |      if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) { | ||||||
|  | @@ -261,6 +297,10 @@ int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 | ||||||
|  |          return -1; | ||||||
|  |      } | ||||||
|  |   | ||||||
|  | +    if (!s390_pv_guest_check(cgs, errp)) {
 | ||||||
|  | +        return -1;
 | ||||||
|  | +    }
 | ||||||
|  | +
 | ||||||
|  |      cgs->ready = true; | ||||||
|  |   | ||||||
|  |      return 0; | ||||||
|  | -- 
 | ||||||
|  | 2.39.1 | ||||||
|  | 
 | ||||||
| @ -83,7 +83,7 @@ Obsoletes: %1-rhev <= %{epoch}:%{version}-%{release} | |||||||
| Summary: QEMU is a machine emulator and virtualizer | Summary: QEMU is a machine emulator and virtualizer | ||||||
| Name: qemu-kvm | Name: qemu-kvm | ||||||
| Version: 6.2.0 | Version: 6.2.0 | ||||||
| Release: 32%{?rcrel}%{?dist} | Release: 33%{?rcrel}%{?dist} | ||||||
| # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped | # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped | ||||||
| Epoch: 15 | Epoch: 15 | ||||||
| License: GPLv2 and GPLv2+ and CC-BY | License: GPLv2 and GPLv2+ and CC-BY | ||||||
| @ -652,6 +652,8 @@ Patch255: kvm-scsi-protect-req-aiocb-with-AioContext-lock.patch | |||||||
| Patch256: kvm-dma-helpers-prevent-dma_blk_cb-vs-dma_aio_cancel-rac.patch | Patch256: kvm-dma-helpers-prevent-dma_blk_cb-vs-dma_aio_cancel-rac.patch | ||||||
| # For bz#2090990 - qemu crash with error scsi_req_unref(SCSIRequest *): Assertion `req->refcount > 0' failed or scsi_dma_complete(void *, int): Assertion `r->req.aiocb != NULL' failed [8.7.0] | # For bz#2090990 - qemu crash with error scsi_req_unref(SCSIRequest *): Assertion `req->refcount > 0' failed or scsi_dma_complete(void *, int): Assertion `r->req.aiocb != NULL' failed [8.7.0] | ||||||
| Patch257: kvm-virtio-scsi-reset-SCSI-devices-from-main-loop-thread.patch | Patch257: kvm-virtio-scsi-reset-SCSI-devices-from-main-loop-thread.patch | ||||||
|  | # For bz#2187159 - RHEL8.8 - KVM - Secure Guest crashed during booting with 248 vcpus | ||||||
|  | Patch258: kvm-s390x-pv-Implement-a-CGS-check-helper.patch | ||||||
| 
 | 
 | ||||||
| BuildRequires: wget | BuildRequires: wget | ||||||
| BuildRequires: rpm-build | BuildRequires: rpm-build | ||||||
| @ -1821,6 +1823,11 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Tue Apr 25 2023 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-33 | ||||||
|  | - kvm-s390x-pv-Implement-a-CGS-check-helper.patch [bz#2187159] | ||||||
|  | - Resolves: bz#2187159 | ||||||
|  |   (RHEL8.8 - KVM - Secure Guest crashed during booting with 248 vcpus) | ||||||
|  | 
 | ||||||
| * Mon Mar 13 2023 Jon Maloy <jmaloy@redhat.com> - 6.2.0-32.el8_8 | * Mon Mar 13 2023 Jon Maloy <jmaloy@redhat.com> - 6.2.0-32.el8_8 | ||||||
| - kvm-aio_wait_kick-add-missing-memory-barrier.patch [bz#2168472] | - kvm-aio_wait_kick-add-missing-memory-barrier.patch [bz#2168472] | ||||||
| - kvm-qatomic-add-smp_mb__before-after_rmw.patch [bz#2168472] | - kvm-qatomic-add-smp_mb__before-after_rmw.patch [bz#2168472] | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user