-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
rhel-9.7
-
Yes
-
Critical
-
rhel-systemd
-
8
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
s390x
-
None
What were you trying to do that didn't work?
Pass crypto adapters through to VM directly during system boot (aka 'autostart').
Please provide the package NVR for which the bug is seen:
# rpm -q dracut kernel dracut-057-101.git20250808.el9.s390x kernel-5.14.0-604.el9.s390x
How reproducible is this bug?: 100%
Steps to reproduce
1. At host set up the kernel modules:
# rmmod kvm # modprobe kvm nested=1 # modprobe vfio_ap
2. Exists below cryptographic devices on host:
# lszcrypt -V CARD.DOM TYPE MODE STATUS REQUESTS PENDING HWTYPE QDEPTH FUNCTIONS DRIVER -------------------------------------------------------------------------------------------- 00 CEX8P EP11-Coproc online 0 0 14 08 -----XN-F- cex4card 00.000e CEX8P EP11-Coproc online 0 0 14 08 -----XN-F- cex4queue 00.000f CEX8P EP11-Coproc online 0 0 14 08 -----XN-F- cex4queue 01 CEX8C CCA-Coproc online 140 0 14 08 S--D--N-F- cex4card 01.000e CEX8C CCA-Coproc online 70 0 14 08 S--D--N-F- cex4queue 01.000f CEX8C CCA-Coproc online 70 0 14 08 S--D--N-F- cex4queue 02 CEX8C CCA-Coproc online 141 0 14 08 S--D--N-F- cex4card 02.000e CEX8C CCA-Coproc online 70 0 14 08 S--D--N-F- cex4queue 02.000f CEX8C CCA-Coproc online 71 0 14 08 S--D--N-F- cex4queue
3. Create a Mediated Device
# echo -0x00 > /sys/bus/ap/apmask # echo -0x000e > /sys/bus/ap/aqmask # echo 3d01699e-78b3-11f0-8e9f-962e17049492 > /sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough/create # echo 0x00 > /sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough/devices/3d01699e-78b3-11f0-8e9f-962e17049492/assign_adapter # echo 0x000e > /sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough/devices/3d01699e-78b3-11f0-8e9f-962e17049492/assign_domain # virsh nodedev-list --cap mdev mdev_3d01699e_78b3_11f0_8e9f_962e17049492_matrix
4. Attach the device to vm
# cat hostdev.xml <hostdev type="mdev" model="vfio-ap" mode="subsystem"><source><address uuid="3d01699e-78b3-11f0-8e9f-962e17049492" /></source></hostdev> # virsh attach-device avocado-vt-vm1 hostdev.xml --current Device attached successfully
5. Start the guest
# virsh start avocado-vt-vm1
Domain 'avocado-vt-vm1' started
6. Login to the guest enable vfio_ap module
in guest:
# lszcrypt -V CARD.DOM TYPE MODE STATUS REQUESTS PENDING HWTYPE QDEPTH FUNCTIONS DRIVER -------------------------------------------------------------------------------------------- 00 CEX8P EP11-Coproc online 0 0 14 08 -----XN-F- cex4card 00.000e CEX8P EP11-Coproc online 0 0 14 08 -----XN-F- cex4queue # modprobe vfio_ap
7. In guest make active the cryptographic devices and persistent across reboots.
In guest:
# chzdev -t ap apmask=-1 ap device type configured There is a udev rule created by above cmd: # cat /etc/udev/rules.d/41-ap.rules # Generated by chzdev ACTION=="change", SUBSYSTEM=="ap", DEVPATH=="/devices/ap", ENV{BINDINGS}=="complete", ENV{COMPLETECOUNT}=="1", GOTO="cfg_ap" GOTO="end_ap"LABEL="cfg_ap"ATTR{../../bus/ap/apmask}="0xbfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" RUN{builtin}+="kmod load vfio_ap"LABEL="end_ap"
8. Check the vfio_ap module loaded in guest:
# lsmod|grep ap vfio_ap 40960 0 mdev 24576 2 vfio_ccw,vfio_ap vfio 65536 3 vfio_ccw,vfio_iommu_type1,vfio_ap kvm 499712 1 vfio_ap
9. Reboot the guest then login the guest again check the vfio_ap module (no output):
# lsmod|grep ap The ap rules generated at step7 is still there: # cat /etc/udev/rules.d/41-ap.rules # Generated by chzdev ACTION=="change", SUBSYSTEM=="ap", DEVPATH=="/devices/ap", ENV{BINDINGS}=="complete", ENV{COMPLETECOUNT}=="1", GOTO="cfg_ap" GOTO="end_ap"LABEL="cfg_ap"ATTR{../../bus/ap/apmask}="0xbfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" RUN{builtin}+="kmod load vfio_ap"LABEL="end_ap"
Expected results
After guest reboot, the vifio_ap module is loaded automatically
Actual results
After guest reboot, the vifio_ap module is not loaded
