Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-58218

SE can't be memory backed with file set by libvirt, other than /dev/shm

XMLWordPrintable

    • Yes
    • None
    • CustomerScenariosInitiative
    • 1
    • rhel-sst-virtualization-hwe
    • ssg_virtualization
    • 400
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • zKVM CY25Q1
    • None
    • None
    • Known Issue
    • Hide
      Cause (the user action or circumstances that trigger the bug):

      Set up a Secure Execution guest with file backed memory backing, e.g. for virtiofs shared directory setup with libvirt's default configuration.

      Consequence (what the user experience is when the bug occurs):

      Can't boot the guest.

      Workaround (if available):

      In /etc/libvirt/qemu.conf, set {code:bash}memory_backing_dir = "/dev/shm/"{code}

      Result (mandatory if the workaround does not solve the problem completely):

      Memory backing is usable, SE guests boot.
      Show
      Cause (the user action or circumstances that trigger the bug): Set up a Secure Execution guest with file backed memory backing, e.g. for virtiofs shared directory setup with libvirt's default configuration. Consequence (what the user experience is when the bug occurs): Can't boot the guest. Workaround (if available): In /etc/libvirt/qemu.conf, set {code:bash}memory_backing_dir = "/dev/shm/"{code} Result (mandatory if the workaround does not solve the problem completely): Memory backing is usable, SE guests boot.
    • Proposed
    • s390x
    • None

      What were you trying to do that didn't work?

      Use a virtiofs filesystem on an SE guest with memory backing source a file.

      What is the impact of this issue to you?

      VMs must be defined to use memory backing with memfd.

      Please provide the package NVR for which the bug is seen:

      host
      kernel-6.11.0-0.rc5.22.el10.s390x
      qemu-kvm-9.1.0-1.el10.s390x
      libvirt-10.5.0-5.el10.s390x

      guest
      kernel-6.11.0-0.rc5.22.el10.s390x

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. Set memory backing 
        <memoryBacking><source type="file"/><access mode="shared"/></memoryBacking>

        on a VM with

        <launchSecurity type="s390-pv"/>

        The VM has sufficient memory of 2GB.

      1. Start VM

      Expected results

      The VM boots correctly. I can log in.

      Actual results

      The boot sequence gets stuck very early:

      Escape character is ^] (Ctrl + ])
LOADPARM=[        ]
Using virtio-blk.
Using SCSI scheme.
.........................................................................................................................

      Additional notes

      1. When SE was introduced virtiofs was not supported. At some point we got it from upstream. For SE we only run a critical subset of known test cases. Therefore we only covered //source@type=file in the past.
      2. There are three memory backing types: memfd, file, hugepages. On 9.5 memfd and file worked, hugepages never worked, but there's an additional line in the guest output: 
        Escape character is ^] (Ctrl + ])
LOADPARM=[        ]
Using virtio-blk.
Using SCSI scheme.
.........................................................................................................................
Protected boot has failed: 0xa02
      1. From the following two test cases, only the 'memfd_backed' now passes on 10.0.beta: 
        JOB ID     : ffab891ab8f7015665bc7c0a848332fffeaf90e2
JOB LOG    : /var/log/avocado/job-results/job-2024-09-10T09.17-ffab891/job.log
 (1/2) type_specific.io-github-autotest-libvirt.virtual_devices.filesystem_device.positive_test.file_backed.nop.fs_test.xattr_on.cache_mode_auto.thread_pool_noset.one_fs.one_guest: PASS (26.22 s)
 (2/2) type_specific.io-github-autotest-libvirt.virtual_devices.filesystem_device.positive_test.memfd_backed.nop.fs_test.xattr_on.cache_mode_auto.thread_pool_noset.one_fs.one_guest: PASS (24.33 s)
RESULTS    : PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0
JOB HTML   : /var/log/avocado/job-results/job-2024-09-10T09.17-ffab891/results.html
JOB TIME   : 50.98 s
      2. I noticed when the VM is stuck as described with type=file, I can't even take a memory dump (virsh dump --memory-only).
      3. Libvirt starts the file backed VM with qemu cmdline 
        -machine s390-ccw-virtio-rhel9.4.0,usb=off,dump-guest-core=off,memory-backend=s390.ram,confidential-guest-support=lsec0  -object {"qom-type":"memory-backend-file","id":"s390.ram","mem-path":"/var/lib/libvirt/qemu/ram/1-avocado-vt-vm1/s390.ram","share":true,"x-use-canonical-path-for-ramblock-id":false,"size":1073741824}

        .

        1. audit.log
          11 kB
        2. kvm-pid.sprintf.log
          12 kB
        3. kvm-uv.sprintf.log
          3 kB

              dhildenb@redhat.com David Hildenbrand
              smitterl@redhat.com Sebastian Mitterle
              virt-maint virt-maint
              Leo Fu Leo Fu
              Jiří Herrmann Jiří Herrmann
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated: