rpms/qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity
5e5dd1da83
qemu-kvm/kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch
Miroslav Rezanina 9ef7cdf7ca * Wed Jan 24 2024 Miroslav Rezanina <mrezanin@redhat.com> - 8.2.0-3 
- kvm-hw-arm-virt-Add-properties-to-disable-high-memory-re.patch [RHEL-19738]
- kvm-vfio-Introduce-base-object-for-VFIOContainer-and-tar.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Introduce-a-empty-VFIOIOMMUOps.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Switch-to-dma_map-unmap-API.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-common-Introduce-vfio_container_init-destroy-he.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-common-Move-giommu_list-in-base-container.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Move-space-field-to-base-container.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Switch-to-IOMMU-BE-set_dirty_page_tra.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Move-per-container-device-list-in-bas.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Convert-functions-to-base-container.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Move-pgsizes-and-dma_max_mappings-to-.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Move-vrdl_list-to-base-container.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Move-listener-to-base-container.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Move-dirty_pgsizes-and-max_dirty_bitm.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Move-iova_ranges-to-base-container.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Implement-attach-detach_device.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-spapr-Introduce-spapr-backend-and-target-interf.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-spapr-switch-to-spapr-IOMMU-BE-add-del_section_.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-spapr-Move-prereg_listener-into-spapr-container.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-spapr-Move-hostwin_list-into-spapr-container.patch [RHEL-19302 RHEL-21057]
- kvm-backends-iommufd-Introduce-the-iommufd-object.patch [RHEL-19302 RHEL-21057]
- kvm-util-char_dev-Add-open_cdev.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-common-return-early-if-space-isn-t-empty.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-iommufd-Implement-the-iommufd-backend.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-iommufd-Relax-assert-check-for-iommufd-backend.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-iommufd-Add-support-for-iova_ranges-and-pgsizes.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-pci-Extract-out-a-helper-vfio_pci_get_pci_hot_r.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-pci-Introduce-a-vfio-pci-hot-reset-interface.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-iommufd-Enable-pci-hot-reset-through-iommufd-cd.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-pci-Allow-the-selection-of-a-given-iommu-backen.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-pci-Make-vfio-cdev-pre-openable-by-passing-a-fi.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-platform-Allow-the-selection-of-a-given-iommu-b.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-platform-Make-vfio-cdev-pre-openable-by-passing.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-ap-Allow-the-selection-of-a-given-iommu-backend.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-ap-Make-vfio-cdev-pre-openable-by-passing-a-fil.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-ccw-Allow-the-selection-of-a-given-iommu-backen.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-ccw-Make-vfio-cdev-pre-openable-by-passing-a-fi.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-Make-VFIOContainerBase-poiner-parameter-const-i.patch [RHEL-19302 RHEL-21057]
- kvm-hw-arm-Activate-IOMMUFD-for-virt-machines.patch [RHEL-19302 RHEL-21057]
- kvm-kconfig-Activate-IOMMUFD-for-s390x-machines.patch [RHEL-19302 RHEL-21057]
- kvm-hw-i386-Activate-IOMMUFD-for-q35-machines.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-pci-Move-VFIODevice-initializations-in-vfio_ins.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-platform-Move-VFIODevice-initializations-in-vfi.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-ap-Move-VFIODevice-initializations-in-vfio_ap_i.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-ccw-Move-VFIODevice-initializations-in-vfio_ccw.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-Introduce-a-helper-function-to-initialize-VFIOD.patch [RHEL-19302 RHEL-21057]
- kvm-docs-devel-Add-VFIO-iommufd-backend-documentation.patch [RHEL-19302 RHEL-21057]
- kvm-hw-ppc-Kconfig-Imply-VFIO_PCI.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-spapr-Extend-VFIOIOMMUOps-with-a-release-handle.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Introduce-vfio_legacy_setup-for-furth.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Initialize-VFIOIOMMUOps-under-vfio_in.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Introduce-a-VFIOIOMMU-QOM-interface.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Introduce-a-VFIOIOMMU-legacy-QOM-inte.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Intoduce-a-new-VFIOIOMMUClass-setup-h.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-spapr-Introduce-a-sPAPR-VFIOIOMMU-QOM-interface.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-iommufd-Introduce-a-VFIOIOMMU-iommufd-QOM-inter.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-spapr-Only-compile-sPAPR-IOMMU-support-when-nee.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-iommufd-Remove-CONFIG_IOMMUFD-usage.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Replace-basename-with-g_path_get_base.patch [RHEL-19302 RHEL-21057]
- kvm-hw-vfio-fix-iteration-over-global-VFIODevice-list.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-iommufd-Remove-the-use-of-stat-to-check-file-ex.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-container-Rename-vfio_init_container-to-vfio_se.patch [RHEL-19302 RHEL-21057]
- kvm-vfio-migration-Add-helper-function-to-set-state-or-r.patch [RHEL-19302 RHEL-21057]
- kvm-backends-iommufd-Remove-check-on-number-of-backend-u.patch [RHEL-19302 RHEL-21057]
- kvm-backends-iommufd-Remove-mutex.patch [RHEL-19302 RHEL-21057]
- kvm-Compile-IOMMUFD-object-on-aarch64.patch [RHEL-19302 RHEL-21057]
- kvm-Compile-IOMMUFD-on-s390x.patch [RHEL-19302 RHEL-21057]
- kvm-Compile-IOMMUFD-on-x86_64.patch [RHEL-19302 RHEL-21057]
- kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch [RHEL-18212]
- kvm-nbd-server-avoid-per-NBDRequest-nbd_client_get-put.patch [RHEL-15965]
- kvm-nbd-server-only-traverse-NBDExport-clients-from-main.patch [RHEL-15965]
- kvm-nbd-server-introduce-NBDClient-lock-to-protect-field.patch [RHEL-15965]
- kvm-block-file-posix-set-up-Linux-AIO-and-io_uring-in-th.patch [RHEL-15965]
- kvm-virtio-blk-add-lock-to-protect-s-rq.patch [RHEL-15965]
- kvm-virtio-blk-don-t-lock-AioContext-in-the-completion-c.patch [RHEL-15965]
- kvm-virtio-blk-don-t-lock-AioContext-in-the-submission-c.patch [RHEL-15965]
- kvm-scsi-only-access-SCSIDevice-requests-from-one-thread.patch [RHEL-15965]
- kvm-virtio-scsi-don-t-lock-AioContext-around-virtio_queu.patch [RHEL-15965]
- kvm-scsi-don-t-lock-AioContext-in-I-O-code-path.patch [RHEL-15965]
- kvm-dma-helpers-don-t-lock-AioContext-in-dma_blk_cb.patch [RHEL-15965]
- kvm-virtio-scsi-replace-AioContext-lock-with-tmf_bh_lock.patch [RHEL-15965]
- kvm-scsi-assert-that-callbacks-run-in-the-correct-AioCon.patch [RHEL-15965]
- kvm-tests-remove-aio_context_acquire-tests.patch [RHEL-15965]
- kvm-aio-make-aio_context_acquire-aio_context_release-a-n.patch [RHEL-15965]
- kvm-graph-lock-remove-AioContext-locking.patch [RHEL-15965]
- kvm-block-remove-AioContext-locking.patch [RHEL-15965]
- kvm-block-remove-bdrv_co_lock.patch [RHEL-15965]
- kvm-scsi-remove-AioContext-locking.patch [RHEL-15965]
- kvm-aio-wait-draw-equivalence-between-AIO_WAIT_WHILE-and.patch [RHEL-15965]
- kvm-aio-remove-aio_context_acquire-aio_context_release-A.patch [RHEL-15965]
- kvm-docs-remove-AioContext-lock-from-IOThread-docs.patch [RHEL-15965]
- kvm-scsi-remove-outdated-AioContext-lock-comment.patch [RHEL-15965]
- kvm-job-remove-outdated-AioContext-locking-comments.patch [RHEL-15965]
- kvm-block-remove-outdated-AioContext-locking-comments.patch [RHEL-15965]
- kvm-block-coroutine-wrapper-use-qemu_get_current_aio_con.patch [RHEL-15965]
- kvm-s390x-pci-avoid-double-enable-disable-of-aif.patch [RHEL-21169]
- kvm-s390x-pci-refresh-fh-before-disabling-aif.patch [RHEL-21169]
- kvm-s390x-pci-drive-ISM-reset-from-subsystem-reset.patch [RHEL-21169]
- kvm-include-ui-rect.h-fix-qemu_rect_init-mis-assignment.patch [RHEL-21570]
- kvm-virtio-gpu-block-migration-of-VMs-with-blob-true.patch [RHEL-7565]
- kvm-spec-Enable-zstd.patch [RHEL-7361]
- Resolves: RHEL-19738
  (Enable properties allowing to disable high memory regions)
- Resolves: RHEL-19302
  (NVIDIA:Grace-Hopper Backport QEMU IOMMUFD Backend)
- Resolves: RHEL-21057
  (Request backport of 9353b6da430f90e47f352dbf6dc31120c8914da6)
- Resolves: RHEL-18212
  ([RHEL9][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption)
- Resolves: RHEL-15965
  ( [qemu-kvm] Remove AioContext lock (no response with QMP command block_resize))
- Resolves: RHEL-21169
  ([s390x] VM fails to start with ISM passed through QEMU 8.2)
- Resolves: RHEL-21570
  (Critical performance degradation for input devices in virtio vnc session)
- Resolves: RHEL-7565
  (qemu crashed when migrate guest with blob resources enabled)
- Resolves: RHEL-7361
  ([qemu-kvm] Enable zstd support for qcow2 files)
2024-01-24 04:26:42 -05:00

206 lines
7.7 KiB
Diff
Raw Blame History

From cc8d794932e26df7c7f3c8cc0c1f42da8d52f12b Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 15 Jan 2024 10:26:52 +0100
Subject: [PATCH 069/101] target/s390x/kvm/pv: Provide some more useful
information if decryption fails
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Thomas Huth <thuth@redhat.com>
RH-MergeRequest: 213: s390x: Provide some more useful information if decryption of a PV image fails
RH-Jira: RHEL-18212
RH-Acked-by: Cédric Le Goater <clg@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Commit: [1/1] 4ffb61869f7df33e23d3e0ebf8c29e386e3f6cbc (thuth/qemu-kvm-cs9)
JIRA: https://issues.redhat.com/browse/RHEL-18212
commit 7af51621b16ae86646cc2dc9dee30de8176ff761
Author: Thomas Huth <thuth@redhat.com>
Date: Wed Jan 10 15:29:16 2024 +0100
target/s390x/kvm/pv: Provide some more useful information if decryption fails
It's a common scenario to copy guest images from one host to another
to run the guest on the other machine. This (of course) does not work
with "secure execution" guests since they are encrypted with one certain
host key. However, if you still (accidentally) do it, you only get a
very user-unfriendly error message that looks like this:
qemu-system-s390x: KVM PV command 2 (KVM_PV_SET_SEC_PARMS) failed:
header rc 108 rrc 5 IOCTL rc: -22
Let's provide at least a somewhat nicer hint to the users so that they
are able to figure out what might have gone wrong.
Buglink: https://issues.redhat.com/browse/RHEL-18212
Message-ID: <20240110142916.850605-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
hw/s390x/ipl.c | 5 ++---
hw/s390x/ipl.h | 2 +-
hw/s390x/s390-virtio-ccw.c | 5 ++++-
target/s390x/kvm/pv.c | 25 ++++++++++++++++++++-----
target/s390x/kvm/pv.h | 5 +++--
5 files changed, 30 insertions(+), 12 deletions(-)
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 515dcf51b5..b23a6a0ef3 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -703,7 +703,7 @@ static void s390_ipl_prepare_qipl(S390CPU *cpu)
cpu_physical_memory_unmap(addr, len, 1, len);
}
-int s390_ipl_prepare_pv_header(void)
+int s390_ipl_prepare_pv_header(Error **errp)
{
IplParameterBlock *ipib = s390_ipl_get_iplb_pv();
IPLBlockPV *ipib_pv = &ipib->pv;
@@ -712,8 +712,7 @@ int s390_ipl_prepare_pv_header(void)
cpu_physical_memory_read(ipib_pv->pv_header_addr, hdr,
ipib_pv->pv_header_len);
- rc = s390_pv_set_sec_parms((uintptr_t)hdr,
- ipib_pv->pv_header_len);
+ rc = s390_pv_set_sec_parms((uintptr_t)hdr, ipib_pv->pv_header_len, errp);
g_free(hdr);
return rc;
}
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index 7fc86e7905..57cd125769 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -107,7 +107,7 @@ typedef union IplParameterBlock IplParameterBlock;
int s390_ipl_set_loadparm(uint8_t *loadparm);
void s390_ipl_update_diag308(IplParameterBlock *iplb);
-int s390_ipl_prepare_pv_header(void);
+int s390_ipl_prepare_pv_header(Error **errp);
int s390_ipl_pv_unpack(void);
void s390_ipl_prepare_cpu(S390CPU *cpu);
IplParameterBlock *s390_ipl_get_iplb(void);
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 984891b82a..e26ce26f5a 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -391,7 +391,7 @@ static int s390_machine_protect(S390CcwMachineState *ms)
}
/* Set SE header and unpack */
- rc = s390_ipl_prepare_pv_header();
+ rc = s390_ipl_prepare_pv_header(&local_err);
if (rc) {
goto out_err;
}
@@ -410,6 +410,9 @@ static int s390_machine_protect(S390CcwMachineState *ms)
return rc;
out_err:
+ if (local_err) {
+ error_report_err(local_err);
+ }
s390_machine_unprotect(ms);
return rc;
}
diff --git a/target/s390x/kvm/pv.c b/target/s390x/kvm/pv.c
index 6a69be7e5c..7ca7faec73 100644
--- a/target/s390x/kvm/pv.c
+++ b/target/s390x/kvm/pv.c
@@ -29,7 +29,8 @@ static bool info_valid;
static struct kvm_s390_pv_info_vm info_vm;
static struct kvm_s390_pv_info_dump info_dump;
-static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
+static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data,
+ int *pvrc)
{
struct kvm_pv_cmd pv_cmd = {
.cmd = cmd,
@@ -46,6 +47,9 @@ static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
"IOCTL rc: %d", cmd, cmdname, pv_cmd.rc, pv_cmd.rrc,
rc);
}
+ if (pvrc) {
+ *pvrc = pv_cmd.rc;
+ }
return rc;
}
@@ -53,12 +57,13 @@ static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
* This macro lets us pass the command as a string to the function so
* we can print it on an error.
*/
-#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data)
+#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data, NULL)
+#define s390_pv_cmd_pvrc(cmd, data, pvrc) __s390_pv_cmd(cmd, #cmd, data, pvrc)
#define s390_pv_cmd_exit(cmd, data) \
{ \
int rc; \
\
- rc = __s390_pv_cmd(cmd, #cmd, data);\
+ rc = __s390_pv_cmd(cmd, #cmd, data, NULL); \
if (rc) { \
exit(1); \
} \
@@ -142,14 +147,24 @@ bool s390_pv_vm_try_disable_async(S390CcwMachineState *ms)
return true;
}
-int s390_pv_set_sec_parms(uint64_t origin, uint64_t length)
+int s390_pv_set_sec_parms(uint64_t origin, uint64_t length, Error **errp)
{
+ int ret, pvrc;
struct kvm_s390_pv_sec_parm args = {
.origin = origin,
.length = length,
};
- return s390_pv_cmd(KVM_PV_SET_SEC_PARMS, &args);
+ ret = s390_pv_cmd_pvrc(KVM_PV_SET_SEC_PARMS, &args, &pvrc);
+ if (ret) {
+ error_setg(errp, "Failed to set secure execution parameters");
+ if (pvrc == 0x108) {
+ error_append_hint(errp, "Please check whether the image is "
+ "correctly encrypted for this host\n");
+ }
+ }
+
+ return ret;
}
/*
diff --git a/target/s390x/kvm/pv.h b/target/s390x/kvm/pv.h
index 7b935e2246..5877d28ff1 100644
--- a/target/s390x/kvm/pv.h
+++ b/target/s390x/kvm/pv.h
@@ -42,7 +42,7 @@ int s390_pv_query_info(void);
int s390_pv_vm_enable(void);
void s390_pv_vm_disable(void);
bool s390_pv_vm_try_disable_async(S390CcwMachineState *ms);
-int s390_pv_set_sec_parms(uint64_t origin, uint64_t length);
+int s390_pv_set_sec_parms(uint64_t origin, uint64_t length, Error **errp);
int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak);
void s390_pv_prep_reset(void);
int s390_pv_verify(void);
@@ -62,7 +62,8 @@ static inline int s390_pv_query_info(void) { return 0; }
static inline int s390_pv_vm_enable(void) { return 0; }
static inline void s390_pv_vm_disable(void) {}
static inline bool s390_pv_vm_try_disable_async(S390CcwMachineState *ms) { return false; }
-static inline int s390_pv_set_sec_parms(uint64_t origin, uint64_t length) { return 0; }
+static inline int s390_pv_set_sec_parms(uint64_t origin, uint64_t length,
+ Error **errp) { return 0; }
static inline int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak) { return 0; }
static inline void s390_pv_prep_reset(void) {}
static inline int s390_pv_verify(void) { return 0; }
--
2.39.3
Reference in New Issue View Git Blame Copy Permalink