On 26.02.20 16:30, Janosch Frank wrote: > On 2/26/20 4:16 PM, David Hildenbrand wrote: >> On 26.02.20 16:06, Christian Borntraeger wrote: >>> >>> >>> On 26.02.20 15:59, David Hildenbrand wrote: >>>> On 26.02.20 13:20, Janosch Frank wrote: >>>>> Ballooning in protected VMs can only be done when the guest shares the >>>>> pages it gives to the host. Hence, until we have a solution for this >>>>> in the guest kernel, we inhibit ballooning when switching into >>>>> protected mode and reverse that once we move out of it. >>>> >>>> I don't understand what you mean here, sorry. zapping a page will mean >>>> that a fresh one will be faulted in when accessed. And AFAIK, that means >>>> it will be encrypted again when needed. >>>> >>>> Is that more like the UV will detect this as an integrity issue and >>>> crash the VM? >>> >>> yes, the UV will detect a fresh page as an integrity issue. >>> Only if the page was defined to be shared by the guest, we would avoid the >>> integrity check. >>> >> >> Please make that clearer in the patch description. With that >> >> Reviewed-by: David Hildenbrand <[email protected]> >> > > How about: > s390x: protvirt: Inhibit balloon when switching to protected mode > > Ballooning in protected VMs can only be done when the guest shares the > pages it gives to the host. If pages are not shared, the integrity > checks will fail once those pages have been altered and are given back > to the guest. > > Hence, until we have a solution for this in the guest kernel, we > inhibit ballooning when switching into protected mode and reverse that > once we move out of it. >
Yep, sounds good! -- Thanks, David / dhildenb
