This is s390x-specific only and does not affect gcp. Hence I'm adjusting the tag to potentially unblock the process.
** Tags added: verification-done -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2042853 Title: [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Committed Status in linux source package in Lunar: Fix Released Status in linux source package in Mantic: Fix Released Status in linux source package in Noble: Fix Committed Bug description: SRU Justification: [Impact] * Today no s390x-specific vfio-pci devices (zPCI) can be passed from a KVM host to a KVM guest (incl. secure execution guests in the context of confidential computing). * s390x PCI passthrough needs various changes in the s390x kernel zPCI code (incl. the new s390x-specific Kernel config option 'CONFIG_VFIO_PCI_ZDEV_KVM') that were introduced with kernel 6.0 and got backported to 22.04/jammy as part of LP: #1853306. * Lunar an newer Ubuntu releases have the code already included from upstream (incl. the Kernel option 'CONFIG_VFIO_PCI_ZDEV_KVM'), but the config option is not set, hence zPCI pass-through is still not possible. [Fix] * To be able to make use of VFIO zPCI pass-through on s390x running newer Ubuntu releases (especially needed in the context of secure execution) the (s390x-specific) Kernel config option 'CONFIG_VFIO_PCI_ZDEV_KVM' needs to be enabled and set to 'y'. [Test Case] * Hardware used: z14 or greater LPAR, PCI-attached devices (RoCE VFs, ISM devices, NVMe drive) * Setup: Both the kernel and QEMU features are needed for the feature to function (an upstream QEMU can be used to verify the kernel early), and the facility is only available on z14 or newer. When any of those pieces is missing, the interpretation facility will not be used. When both the kernel and QEMU features are included in their respective packages, and running in an LPAR on a z14 or newer machine, this feature will be enabled automatically. Existing supported devices should behave as before with no changes required by an end-user (e.g. no changes to libvirt domain definitions) -- but will now make use of the interpretation facility. Additionally, ISM devices will now be eligible for vfio-pci passthrough (where before QEMU would exit on error if attempting to provide an ISM device for vfio-pci passthrough, preventing the guest from starting) * Testing will include the following scenarios, repeated each for RoCE, ISM and NVMe: 1) Testing of basic device passthrough (create a VM with a vfio-pci device as part of the libvirt domain definition, passing through a RoCE VF, an ISM device, or an NVMe drive. Verify that the device is available in the guest and functioning) 2) Testing of device hotplug/unplug (create a VM with a vfio-pci device, virsh detach-device to remove the device from the running guest, verify the device is removed from the guest, then virsh attach-device to hotplug the device to the guest again, verify the device functions in the guest) 3) Host power off testing: Power off the device from the host, verify that the device is unplugged from the guest as part of the poweroff 4) Guest power off testing: Power off the device from within the guest, verify that the device is unusable in the guest, power the device back on within the guest and verify that the device is once again usable. 5) Guest reboot testing: (create a VM with a vfio-pci device, verify the device is in working condition, reboot the guest, verify that the device is still usable after reboot) [Regression Potential] * The regression potential is moderate, since the code is upstream for quite a while and already enabled in jammy. * The general way on using passthrough has not changed, with this change (config option) it's now just possible to passthrough zPCI on top. * CCW devices are not affected. * And this is s390x-specific anyway, so no other architectures are affected. [Other] * The enabling of the kernel config option is exactly the same for L, M and U/N, but I submitted separate patches due to slightly different context and offsets. __________ === Description by mjros...@us.ibm.com === LP#1853306 / IBM bug 182254 backported the necessary kernel pieces to enable enhanced interpretation of PCI passthrough on s390. It also included a kernel config update for CONFIG_VFIO_PCI_ZDEV_KVM=y which is necessary to activate this kernel feature. For lunar and mantic, the kernel code did not require backporting due to the base kernel version already containing it, but the kernel config option still needs to be enabled. Comparison from git.launchpad.net: Jammy: cat debian.master/config/annotations | grep CONFIG_VFIO_PCI_ZDEV_KVM CONFIG_VFIO_PCI_ZDEV_KVM policy<{'s390x': 'y'}> CONFIG_VFIO_PCI_ZDEV_KVM note<'LP#1853306 Enable VFIO zPCI pass-through for s390x'> Lunar: cat debian.master/config/annotations | grep CONFIG_VFIO_PCI_ZDEV_KVM CONFIG_VFIO_PCI_ZDEV_KVM policy<{'s390x': 'n'}> Mantic: cat debian.master/config/annotations | grep CONFIG_VFIO_PCI_ZDEV_KVM CONFIG_VFIO_PCI_ZDEV_KVM policy<{'s390x': 'n'}> This setting is supposed to default y when S390 && KVM via Kconfig. Can this be enabled for lunar, mantic, and future releases? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2042853/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
