On 06.05.20 14:12, Paolo Bonzini wrote: > On 06/05/20 13:59, Christian Borntraeger wrote: >> Running nested under z/VM can result in other intercepts as >> well as ECA_APIE is an effective bit: If one hypervisor layer has >> turned this bit off, the end result will be that we will get intercepts for >> all function codes. Usually the first one will be a query like PQAP(QCI). >> So the WARN_ON_ONCE is not right. Let us simply remove it. > > Possibly stupid question since I can only recognize some words here. :) > But anyway... shouldn't z/VM trap this intercept when the guest has > turned off the bit, and only reflect the SIE exit based on the function > code? So here is my theory. the problem is that z/VM seems to have disabled that bit. The interpretion only works when all layers have this bit set. (Its called an effective bit). So we have LPAR -> ECA_APIE = 1 Z/VM -> ECA_APIE = 0 KVM -> ECA_APIE = 1 nested KVM guest --> does during boot in ap_instructions_available PQAP with FC==0 to test if crypto is available. As the nested guest is in fact a shadow guest of z/VM this will now intercept to z/VM, which will forward that to KVM. As PQAP with FC==0 DOES work in the KVM, KVM believes that we have crypto support and we will enable it for our guests. So all the early checks in handle_pqap will succeed until we run in the check for fc!=3. In the end this is obviously a case how this warning can trigger. So we better remove it and rely on the error path to clean up.
