s390x/cpu_model: disallow unpack for --only-migratable

Secure execution (aka protected virtualization) guests cannot be
migrated at the moment. If the unpack facility is provided in the cpu
model, a guest may choose to transition to secure mode, making the
guest unmigratable at that point in time. If the machine was explicitly
started with --only-migratable, we would get a failure only when the
guest actually tries to transition; instead, explicitly disallow the
unpack facility if --only-migratable was specified to avoid late
surprises.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210125135332.181324-1-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
This commit is contained in:
Christian Borntraeger 2021-01-25 14:53:32 +01:00 committed by Cornelia Huck
parent c40ae5a3ee
commit 0110253e69

View File

@ -26,6 +26,7 @@
#include "qapi/qmp/qdict.h"
#ifndef CONFIG_USER_ONLY
#include "sysemu/arch_init.h"
#include "sysemu/sysemu.h"
#include "hw/pci/pci.h"
#endif
#include "qapi/qapi-commands-machine-target.h"
@ -878,6 +879,15 @@ static void check_compatibility(const S390CPUModel *max_model,
return;
}
#ifndef CONFIG_USER_ONLY
if (only_migratable && test_bit(S390_FEAT_UNPACK, model->features)) {
error_setg(errp, "The unpack facility is not compatible with "
"the --only-migratable option. You must remove either "
"the 'unpack' facility or the --only-migratable option");
return;
}
#endif
/* detect the missing features to properly report them */
bitmap_andnot(missing, model->features, max_model->features, S390_FEAT_MAX);
if (bitmap_empty(missing, S390_FEAT_MAX)) {