| Message ID | 20200619020602.118306-9-david@gibson.dropbear.id.au (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Generalize memory encryption models | expand |
* David Gibson (david@gibson.dropbear.id.au) wrote: > We haven't yet implemented the fairly involved handshaking that will be > needed to migrate PEF protected guests. For now, just use a migration > blocker so we get a meaningful error if someone attempts this (this is the > same approach used by AMD SEV). > > Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Do you expect this to happen if people run with -cpu host ? Dave > --- > target/ppc/pef.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/target/ppc/pef.c b/target/ppc/pef.c > index 53a6af0347..6a50efd580 100644 > --- a/target/ppc/pef.c > +++ b/target/ppc/pef.c > @@ -36,6 +36,8 @@ struct PefGuestState { > Object parent_obj; > }; > > +static Error *pef_mig_blocker; > + > static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp) > { > if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) { > @@ -52,6 +54,10 @@ static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp) > } > } > > + /* add migration blocker */ > + error_setg(&pef_mig_blocker, "PEF: Migration is not implemented"); > + migrate_add_blocker(pef_mig_blocker, &error_abort); > + > return 0; > } > > -- > 2.26.2 > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
On Fri, Jun 26, 2020 at 11:33:03AM +0100, Dr. David Alan Gilbert wrote: > * David Gibson (david@gibson.dropbear.id.au) wrote: > > We haven't yet implemented the fairly involved handshaking that will be > > needed to migrate PEF protected guests. For now, just use a migration > > blocker so we get a meaningful error if someone attempts this (this is the > > same approach used by AMD SEV). > > > > Signed-off-by: David Gibson <david@gibson.dropbear.id.au> > > Do you expect this to happen if people run with -cpu host ? Uh.. I don't really understand the question. What's the connection between cpu model and migration blocking?
diff --git a/target/ppc/pef.c b/target/ppc/pef.c index 53a6af0347..6a50efd580 100644 --- a/target/ppc/pef.c +++ b/target/ppc/pef.c @@ -36,6 +36,8 @@ struct PefGuestState { Object parent_obj; }; +static Error *pef_mig_blocker; + static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp) { if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) { @@ -52,6 +54,10 @@ static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp) } } + /* add migration blocker */ + error_setg(&pef_mig_blocker, "PEF: Migration is not implemented"); + migrate_add_blocker(pef_mig_blocker, &error_abort); + return 0; }
We haven't yet implemented the fairly involved handshaking that will be needed to migrate PEF protected guests. For now, just use a migration blocker so we get a meaningful error if someone attempts this (this is the same approach used by AMD SEV). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> --- target/ppc/pef.c | 6 ++++++ 1 file changed, 6 insertions(+)