[UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | |||
linux (Ubuntu) | Status tracked in Noble | |||||
Lunar |
Fix Released
|
Medium
|
Canonical Kernel Team | |||
Mantic |
Fix Released
|
Medium
|
Canonical Kernel Team | |||
Noble |
Fix Released
|
High
|
Canonical Kernel Team |
Bug Description
SRU Justification:
[Impact]
* Today no s390x-specific vfio-pci devices (zPCI) can be passed
from a KVM host to a KVM guest (incl. secure execution guests
in the context of confidential computing).
* s390x PCI passthrough needs various changes in the s390x kernel zPCI
code (incl. the new s390x-specific Kernel config option
'CONFIG_
and got backported to 22.04/jammy as part of LP: #1853306.
* Lunar an newer Ubuntu releases have the code already included from
upstream (incl. the Kernel option 'CONFIG_
config option is not set, hence zPCI pass-through is still not possible.
[Fix]
* To be able to make use of VFIO zPCI pass-through on s390x running newer
Ubuntu releases (especially needed in the context of secure execution)
the (s390x-specific) Kernel config option 'CONFIG_
to be enabled and set to 'y'.
[Test Case]
* Hardware used: z14 or greater LPAR, PCI-attached devices
(RoCE VFs, ISM devices, NVMe drive)
* Setup: Both the kernel and QEMU features are needed for the feature
to function (an upstream QEMU can be used to verify the kernel early),
and the facility is only available on z14 or newer.
When any of those pieces is missing,
the interpretation facility will not be used.
When both the kernel and QEMU features are included in their respective
packages, and running in an LPAR on a z14 or newer machine,
this feature will be enabled automatically.
Existing supported devices should behave as before with no changes
required by an end-user (e.g. no changes to libvirt domain definitions)
-- but will now make use of the interpretation facility.
Additionally, ISM devices will now be eligible for vfio-pci passthrough
(where before QEMU would exit on error if attempting to provide an ISM
device for vfio-pci passthrough, preventing the guest from starting)
* Testing will include the following scenarios, repeated each for RoCE,
ISM and NVMe:
1) Testing of basic device passthrough (create a VM with a vfio-pci
device as part of the libvirt domain definition, passing through
a RoCE VF, an ISM device, or an NVMe drive. Verify that the device
is available in the guest and functioning)
2) Testing of device hotplug/unplug (create a VM with a vfio-pci device,
virsh detach-device to remove the device from the running guest,
verify the device is removed from the guest, then virsh attach-device
to hotplug the device to the guest again, verify the device functions
in the guest)
3) Host power off testing: Power off the device from the host, verify
that the device is unplugged from the guest as part of the poweroff
4) Guest power off testing: Power off the device from within the guest,
verify that the device is unusable in the guest,
power the device back on within the guest and verify that the device
is once again usable.
5) Guest reboot testing: (create a VM with a vfio-pci device,
verify the device is in working condition, reboot the guest,
verify that the device is still usable after reboot)
[Regression Potential]
* The regression potential is moderate, since the code is upstream
for quite a while and already enabled in jammy.
* The general way on using passthrough has not changed, with this
change (config option) it's now just possible to passthrough
zPCI on top.
* CCW devices are not affected.
* And this is s390x-specific anyway, so no other architectures are affected.
[Other]
* The enabling of the kernel config option is exactly the same for L, M
and U/N, but I submitted separate patches due to slightly different context
and offsets.
__________
=== Description by <email address hidden> ===
LP#1853306 / IBM bug 182254 backported the necessary kernel pieces to enable enhanced interpretation of PCI passthrough on s390. It also included a kernel config update for CONFIG_
For lunar and mantic, the kernel code did not require backporting due to the base kernel version already containing it, but the kernel config option still needs to be enabled. Comparison from git.launchpad.net:
Jammy:
cat debian.
CONFIG_
CONFIG_
Lunar:
cat debian.
CONFIG_
Mantic:
cat debian.
CONFIG_
This setting is supposed to default y when S390 && KVM via Kconfig. Can this be enabled for lunar, mantic, and future releases?
tags: | added: architecture-s39064 bugnameltc-203971 severity-medium targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in linux (Ubuntu Noble): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → nobody |
Changed in ubuntu-z-systems: | |
status: | New → Triaged |
Changed in linux (Ubuntu Lunar): | |
status: | New → Triaged |
Changed in linux (Ubuntu Mantic): | |
status: | New → Triaged |
Changed in linux (Ubuntu Noble): | |
status: | New → Triaged |
summary: |
- [UBUNTU 23.04] Kernel config option missing for s390 PCI passthrough + [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough |
description: | updated |
Changed in linux (Ubuntu Mantic): | |
status: | In Progress → Fix Committed |
importance: | High → Medium |
Changed in linux (Ubuntu Lunar): | |
importance: | High → Medium |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Noble): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
tags: |
added: targetmilestone-inin2304 removed: targetmilestone-inin--- verification-done-lunar-linux verification-done-mantic-linux |
tags: | added: verification-done |
tags: | added: verification-done-lunar-linux verification-done-mantic-linux |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
SRU request submitted to the Ubuntu kernel team mailing list for unstable/noble, mantic and lunar. /lists. ubuntu. com/archives/ kernel- team/2023- November/ thread. html#146982
https:/
Changing status to 'In Progress' for noble, mantic and lunar.