Message ID | 20200724025744.69644-9-david@gibson.dropbear.id.au (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Generalize memory encryption models | expand |
* David Gibson (david@gibson.dropbear.id.au) wrote: > We haven't yet implemented the fairly involved handshaking that will be > needed to migrate PEF protected guests. For now, just use a migration > blocker so we get a meaningful error if someone attempts this (this is the > same approach used by AMD SEV). > > Signed-off-by: David Gibson <david@gibson.dropbear.id.au> > --- > target/ppc/pef.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/target/ppc/pef.c b/target/ppc/pef.c > index 53a6af0347..6a50efd580 100644 > --- a/target/ppc/pef.c > +++ b/target/ppc/pef.c > @@ -36,6 +36,8 @@ struct PefGuestState { > Object parent_obj; > }; > > +static Error *pef_mig_blocker; > + > static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp) > { > if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) { > @@ -52,6 +54,10 @@ static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp) > } > } > > + /* add migration blocker */ > + error_setg(&pef_mig_blocker, "PEF: Migration is not implemented"); > + migrate_add_blocker(pef_mig_blocker, &error_abort); > + Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> You might want that to be &error_fatal rather than error_abort; I think someone could trigger it just by using --only-migratable together with your pef device? (I previously asked whether this would trigger with -cpu host; I hadn't noticed this was based on the device rather than the CPU flag that said whether you had the feature) Dave > return 0; > } > > -- > 2.26.2 > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
diff --git a/target/ppc/pef.c b/target/ppc/pef.c index 53a6af0347..6a50efd580 100644 --- a/target/ppc/pef.c +++ b/target/ppc/pef.c @@ -36,6 +36,8 @@ struct PefGuestState { Object parent_obj; }; +static Error *pef_mig_blocker; + static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp) { if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) { @@ -52,6 +54,10 @@ static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp) } } + /* add migration blocker */ + error_setg(&pef_mig_blocker, "PEF: Migration is not implemented"); + migrate_add_blocker(pef_mig_blocker, &error_abort); + return 0; }
We haven't yet implemented the fairly involved handshaking that will be needed to migrate PEF protected guests. For now, just use a migration blocker so we get a meaningful error if someone attempts this (this is the same approach used by AMD SEV). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> --- target/ppc/pef.c | 6 ++++++ 1 file changed, 6 insertions(+)