[23.10 FEAT] KVM: Improve memory reclaiming for z15 Secure Execution guests - libvirt part

Bug #2006743 reported by bugproxy
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
libvirt (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Feature Description:

Currently, Secure Execution guest memory needs to be exported or destroyed, when a secure guest is rebooted or shut down. On the z15 this currently happens in a serialized manner, which takes long and also causes the host system to become irresponsive for extended periods, if very large guests are terminated. Changes to the KVM memory management will be required to improve the scalability.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-201598 severity-high targetmilestone-inin2310
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
affects: linux (Ubuntu) → libvirt (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in libvirt (Ubuntu):
importance: Undecided → High
Changed in ubuntu-z-systems:
importance: Undecided → High
Frank Heimes (fheimes)
tags: added: qemu-23.10
Changed in ubuntu-z-systems:
status: New → Incomplete
Changed in libvirt (Ubuntu):
status: New → Incomplete
tags: added: libvirt23.10
removed: qemu-23.10
tags: added: libvirt-23.10
removed: libvirt23.10
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-02-09 10:41 EDT-------
Please note: In addition to this libvirt part, there is also a kernel and a qemu part required to implement the feature "KVM: Improve memory reclaiming for z15 Secure Execution guests".

The two other parts (kernel and qemu) are handled in the following bugs / LP entries:
Bug 193343 - LP1933180 : [23.04 FEAT] [VS2106] KVM: Improve memory reclaiming for z15 Secure Execution guests - kernel part
Bug 201597 - [23.10 FEAT] KVM: Improve memory reclaiming for z15 Secure Execution guests - qemu part

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2023-07-11 10:57 EDT-------
(In reply to comment #7)
> Hello Boris F.:
> Can you please provide the commit IDs of the required patches of the libvirt
> part?
> Thanks

Patches are now upstream:

https://gitlab.com/libvirt/libvirt/-/commit/d8e95ab6b7c45acc121746e2e24
https://gitlab.com/libvirt/libvirt/-/commit/584820b6bbe8b0d20c3b38f029f
https://gitlab.com/libvirt/libvirt/-/commit/65c6513811d1cdc7e97319164d7
https://gitlab.com/libvirt/libvirt/-/commit/3bf02acdc5446b2c4a3078f99d8

With the four patches upstream and as long as the fifth patch (enable the async-teardown feature by default on S390) is NOT upstream the documentation for Secure Execution needs to be extended.
It needs to be described for Secure Execution guests to make use of the new feature manually as the last upstream patch by default is disabled.

Commit 3bf02acd
qemu: allow use of async teardown in domain

Asynchronous teardown can be specified if the QEMU binary supports it by
adding in the domain XML

<features>
...
<async-teardown enabled='yes|no'/>
...
</features>

By default this new feature is disabled.

Frank Heimes (fheimes)
Changed in libvirt (Ubuntu):
status: Incomplete → New
Changed in ubuntu-z-systems:
status: Incomplete → New
Changed in libvirt (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → nobody
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tagged and mentioned on the planned merge for this cycle in bug 2018082

information type: Private → Public
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2023-07-18 04:19 EDT-------
One more patch needs to be added:
https://gitlab.com/libvirt/libvirt/-/commit/aece25f66517a327c2a6bde4d06

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks

All of them are in v9.6.0-rc1 and we plan to pick up 9.6 for Ubuntu 23.10
So this should be rather smooth.

Frank Heimes (fheimes)
Changed in libvirt (Ubuntu):
status: New → Triaged
Changed in ubuntu-z-systems:
status: New → Triaged
Revision history for this message
Frank Heimes (fheimes) wrote :

Updating status to Fix Committed,
since 9.6.0 landed meanwhile in -proposed:
libvirt | 9.6.0-1ubuntu1 | mantic-proposed | source

Changed in ubuntu-z-systems:
status: Triaged → Fix Committed
Changed in libvirt (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Frank Heimes (fheimes) wrote :

Since 9.6.0-1ubuntu1 has landed in mantic's release pocket, I'm closing this ticket with Fix Released.

Changed in libvirt (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.