Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753339AbdLEOHN (ORCPT ); Tue, 5 Dec 2017 09:07:13 -0500 Received: from mx1.redhat.com ([209.132.183.28]:56474 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752732AbdLEOHG (ORCPT ); Tue, 5 Dec 2017 09:07:06 -0500 Date: Tue, 5 Dec 2017 15:06:57 +0100 From: Cornelia Huck To: Tony Krowiak Cc: Pierre Morel , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, qemu-s390x@nongnu.org, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com Subject: Re: [RFC 00/19] KVM: s390/crypto/vfio: guest dedicated crypto adapters Message-ID: <20171205150657.371a6e04.cohuck@redhat.com> In-Reply-To: References: <1507916344-3896-1-git-send-email-akrowiak@linux.vnet.ibm.com> <5baf5f90-6cac-3c09-7b66-1bc8b30b8093@linux.vnet.ibm.com> <20171114145722.4ab850a5.cohuck@redhat.com> <8a492b07-3d3b-f4cf-e139-7de345ea8188@linux.vnet.ibm.com> <20171116180308.289e5eed.cohuck@redhat.com> <1476b0a4-a2a3-2c48-107a-ab7b39b0e93e@linux.vnet.ibm.com> <0b40cee7-78d3-f96b-ab46-1f40b31251cb@linux.vnet.ibm.com> <20171117110742.1d416435.cohuck@redhat.com> <20171120181345.3fbda311.cohuck@redhat.com> <20171122144750.1ceffe41.cohuck@redhat.com> Organization: Red Hat GmbH MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 05 Dec 2017 14:07:05 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3345 Lines: 71 On Mon, 27 Nov 2017 19:39:32 -0500 Tony Krowiak wrote: > On 11/22/2017 08:47 AM, Cornelia Huck wrote: > > On Tue, 21 Nov 2017 11:08:01 -0500 > > Tony Krowiak wrote: > > > > > >> I am not quite sure what you are asking, but I'll attempt to answer > >> what I think you're asking. A new type of mediated matrix device > >> will be introduced to configure a virtual matrix for a guest that > >> provides the interfaces to map a virtual adapter/domain ID to one > >> or more real adapter/domain IDs. If by virtualization facility, > >> you are talking about the VFIO AP matrix driver, then yes, > >> the driver will handle ioctl requests based on the type of the > >> mediated matrix device through which the request was submitted: > >> > >> If the request is to configure the KVM guest's matrix: > >> > >> * If the mediated matrix device type is passthrough: > >> * Do validation of matrix > >> * Configure the APM, AQM and ADM in the KVM guest's CRYCB > >> according to the configuration specified via the mediated > >> device's sysfs attribute files. > >> * If the mediated matrix device type is virtual: > >> * Do validation of matrix > >> * No need to configure CRYCB since all instructions will be > >> intercepted > > Ok, so we would have two distinct paths here... > It depends upon what you mean by two distinct paths. Configuring the > mediated device would require a new mediated device type for virtualized > AP matrices. The ioctl for configuring the KVM guest's CRYCB would > require an additional check to determine whether the CRYCB need be > configured or not. Yes, the new type makes this distinct enough so that we can think about this later. > > > >> If the request is to execute an intercepted AP instruction: > >> > >> * If the mediated matrix device type is passthrough: > >> * Forward the instruction to the AP device and return the > >> result to QEMU. > >> > >> * If the mediated matrix device type is virtual: > >> > >> * Retrieve all of the real APQNs mapped to the virtual > >> adapter and domain IDs configured in the mediated matrix > >> device's sysfs attribute files > >> * If there is more than one APQN mapping, then determine > >> which would be best to use - algorithm TBD > >> * Forward the instruction to the AP device and return the > >> result. > > ...and two distinct paths for most instructions here as well. > The driver would require additional ioctls to handle > interception of all AP instructions for virtual matrices and additional > code to remap virtual APQNs to real APQNs and determine which real APQN > to which intercepted instructions should be forwarded. > > > >> Of course, these are just preliminary ideas at this time. > >> I've only prototyped the sysfs configuration interfaces. No > >> back end prototyping has been undertaken yet. If the ideas do > >> not pan out, however; I think virtualization can be introduced > >> as an independent design. > > Yes, let's cross that bridge when we get to it. > That is the plan. Given Pierre's objections, I thought it might help > to touch on this. OK, so I admit that I lost track a bit. Are there any remaining issues beyond the feature handling? Would it make sense to post a v2?