* David Gibson (da...@gibson.dropbear.id.au) wrote:
> We haven't yet implemented the fairly involved handshaking that will be
> needed to migrate PEF protected guests. For now, just use a migration
> blocker so we get a meaningful error if someone attempts this (this is the
> same approach used by AMD SEV).
>
> Signed-off-by: David Gibson <da...@gibson.dropbear.id.au>
> ---
> target/ppc/pef.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/target/ppc/pef.c b/target/ppc/pef.c
> index 53a6af0347..6a50efd580 100644
> --- a/target/ppc/pef.c
> +++ b/target/ppc/pef.c
> @@ -36,6 +36,8 @@ struct PefGuestState {
> Object parent_obj;
> };
>
> +static Error *pef_mig_blocker;
> +
> static int pef_kvm_init(HostTrustLimitation *gmpo, Error **errp)
> {
> if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) {
> @@ -52,6 +54,10 @@ static int pef_kvm_init(HostTrustLimitation *gmpo, Error
> **errp)
> }
> }
>
> + /* add migration blocker */
> + error_setg(&pef_mig_blocker, "PEF: Migration is not implemented");
> + migrate_add_blocker(pef_mig_blocker, &error_abort);
> +
Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com>
You might want that to be &error_fatal rather than error_abort; I think
someone could trigger it just by using --only-migratable together with
your pef device?
(I previously asked whether this would trigger with -cpu host; I hadn't
noticed this was based on the device rather than the CPU flag that said
whether you had the feature)
Dave
> return 0;
> }
>
> --
> 2.26.2
>
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
