From: Christian Borntraeger <borntrae...@de.ibm.com>
The unpack facility is an indication that diagnose 308 subcodes 8-10
are available to the guest. That means, that the guest can put itself
into protected mode.
Once it is in protected mode, the hardware stops any attempt of VM
introspection by the hypervisor.
Some features are currently not supported in protected mode:
* vfio devices
* Migration
* Huge page backings
Signed-off-by: Christian Borntraeger <borntrae...@de.ibm.com>
Signed-off-by: Janosch Frank <fran...@linux.ibm.com>
Reviewed-by: David Hildenbrand <da...@redhat.com>
Reviewed-by: Claudio Imbrenda <imbre...@linux.ibm.com>
Reviewed-by: Cornelia Huck <coh...@redhat.com>
Message-Id: <20200319131921.2367-17-fran...@linux.ibm.com>
Signed-off-by: Cornelia Huck <coh...@redhat.com>
---
target/s390x/gen-features.c | 1 +
target/s390x/kvm.c | 8 ++++++++
2 files changed, 9 insertions(+)
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index 6278845b12b8..8ddeebc54419 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -562,6 +562,7 @@ static uint16_t full_GEN15_GA1[] = {
S390_FEAT_GROUP_MSA_EXT_9,
S390_FEAT_GROUP_MSA_EXT_9_PCKMO,
S390_FEAT_ETOKEN,
+ S390_FEAT_UNPACK,
};
/* Default features (in order of release)
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index 870dd1b52b6e..69881a0da0b3 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -2425,6 +2425,14 @@ void kvm_s390_get_host_cpu_model(S390CPUModel *model,
Error **errp)
clear_bit(S390_FEAT_BPB, model->features);
}
+ /*
+ * If we have support for protected virtualization, indicate
+ * the protected virtualization IPL unpack facility.
+ */
+ if (cap_protected) {
+ set_bit(S390_FEAT_UNPACK, model->features);
+ }
+
/* We emulate a zPCI bus and AEN, therefore we don't need HW support */
set_bit(S390_FEAT_ZPCI, model->features);
set_bit(S390_FEAT_ADAPTER_EVENT_NOTIFICATION, model->features);
--
2.21.1
