Received: by 10.213.65.68 with SMTP id h4csp24267imn; Thu, 15 Mar 2018 08:28:37 -0700 (PDT) X-Google-Smtp-Source: AG47ELsy/USltlLPLAC+xyxvTB6oakDhYuZJx6Jv5r+HpEwLN88tSibDTjsAnJBb0ba81mqxNaVd X-Received: by 2002:a17:902:650c:: with SMTP id b12-v6mr8607287plk.147.1521127717051; Thu, 15 Mar 2018 08:28:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521127717; cv=none; d=google.com; s=arc-20160816; b=sh8YMRxq/rJkyD01/jXpLnvhE4q4G6qHTsmhccxMk6FJcEADvD2HhYh6gN787T7qXp cm/8Das+H7OU6vNDd4xPn6oGFOydeWOUkVtBazSV+uVwJ/7pihac7e6i2KvqbK2P5BNZ GsK6wdmOpRGU6KocJk+47bL5zjexi97nHnaMeKLNjoCA2EIXdwowJYo+Wl/Q0znj+i5X uMxo1FQ6O+wkbBi5ZxAkJ4u6I/jVLb0emb0rGZLXaUuvduZj91oGgPwivapb1lz2Ldn7 VNRBcESnZ0VeYJl1PsfpkHt32UYsoV6F92L7di0zGA64TMdJXAhne8q32rJp/f6BGjMF b7Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:arc-authentication-results; bh=U0Mhxb6eq5lTRFos1lDX8UNneTSK1QmDxThbWU0pIp8=; b=y5zKAmThySDAfXStqHVOKeen7FJPRCeEgf1aXQ72JeE/eLQbki5H/8mKqigV/jWg8i wLeP+AqFlB/XQiPQIuayp1W44+H1G2qCsYiTE93iH3mlo4CJOMtGW4y8bKs8JCk4Ghtc eZD5T1u3o+JBC+sikyzPwVsncJzfg60qwbrZXWh4VfXq9MSuAg8XCwPW/yk1hvUXctIt v2gc39RdCTNL2VpN2jE3h2NTfmsouZzItmLcTg7pJFuQxapK4RQ0mBV/wUHWfDydyMRV +hN+buDZ49ouLaJ0vgBT/s1rBp3x86QJ6XBksYo/zfloMFtaA1OxqwVMj/kl/6rvyAFk Zl9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t9-v6si4088023plr.558.2018.03.15.08.28.21; Thu, 15 Mar 2018 08:28:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932498AbeCOP1E (ORCPT + 99 others); Thu, 15 Mar 2018 11:27:04 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:64040 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752277AbeCOP1C (ORCPT ); Thu, 15 Mar 2018 11:27:02 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2FFOkPb043901 for ; Thu, 15 Mar 2018 11:27:01 -0400 Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by mx0a-001b2d01.pphosted.com with ESMTP id 2gqs5ryuq1-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Thu, 15 Mar 2018 11:27:00 -0400 Received: from localhost by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 15 Mar 2018 09:26:56 -0600 Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17) by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 15 Mar 2018 09:26:53 -0600 Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w2FFQq5e13828532; Thu, 15 Mar 2018 08:26:52 -0700 Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2E4FC136040; Thu, 15 Mar 2018 09:26:52 -0600 (MDT) Received: from oc8043147753.ibm.com (unknown [9.80.217.151]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 73BF1136043; Thu, 15 Mar 2018 09:26:49 -0600 (MDT) Subject: Re: [PATCH v3 04/14] KVM: s390: device attribute to set AP interpretive execution To: Pierre Morel , Halil Pasic , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1521051954-25715-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1521051954-25715-5-git-send-email-akrowiak@linux.vnet.ibm.com> <21bd029b-3500-3461-ce98-68ad3ae9b647@linux.vnet.ibm.com> From: Tony Krowiak Date: Thu, 15 Mar 2018 11:26:48 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <21bd029b-3500-3461-ce98-68ad3ae9b647@linux.vnet.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18031515-8235-0000-0000-00000D2A6439 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008679; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000254; SDB=6.01003445; UDB=6.00510675; IPR=6.00782772; MB=3.00020051; MTD=3.00000008; XFM=3.00000015; UTC=2018-03-15 15:26:56 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18031515-8236-0000-0000-00004012AC88 Message-Id: <46a7e838-2be2-9587-6eb2-3bba95485609@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-15_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1803150167 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/15/2018 09:00 AM, Pierre Morel wrote: > On 14/03/2018 22:57, Halil Pasic wrote: >> >> On 03/14/2018 07:25 PM, Tony Krowiak wrote: >>> The VFIO AP device model exploits interpretive execution of AP >>> instructions (APIE) to provide guests passthrough access to AP >>> devices. This patch introduces a new device attribute in the >>> KVM_S390_VM_CRYPTO device attribute group to set APIE from >>> the VFIO AP device defined on the guest. >>> >>> Signed-off-by: Tony Krowiak >>> --- >> [..] >> >>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c >>> index a60c45b..bc46b67 100644 >>> --- a/arch/s390/kvm/kvm-s390.c >>> +++ b/arch/s390/kvm/kvm-s390.c >>> @@ -815,6 +815,19 @@ static int kvm_s390_vm_set_crypto(struct kvm >>> *kvm, struct kvm_device_attr *attr) >>> sizeof(kvm->arch.crypto.crycb->dea_wrapping_key_mask)); >>> VM_EVENT(kvm, 3, "%s", "DISABLE: DEA keywrapping support"); >>> break; >>> + case KVM_S390_VM_CRYPTO_INTERPRET_AP: >>> + if (attr->addr) { >>> + if (!test_kvm_cpu_feat(kvm, KVM_S390_VM_CPU_FEAT_AP)) >> Unlock mutex before returning? >> >> Maybe flip conditions (don't allow manipulating apie if feature not >> there). >> Clearing the anyways clear apie if feature not there ain't too bad, but >> rejecting the operation appears nicer to me. >> >>> + return -EOPNOTSUPP; >>> + kvm->arch.crypto.apie = 1; >>> + VM_EVENT(kvm, 3, "%s", >>> + "ENABLE: AP interpretive execution"); >>> + } else { >>> + kvm->arch.crypto.apie = 0; >>> + VM_EVENT(kvm, 3, "%s", >>> + "DISABLE: AP interpretive execution"); >>> + } >>> + break; >>> default: >>> mutex_unlock(&kvm->lock); >>> return -ENXIO; >> I wonder how the loop after this switch works for >> KVM_S390_VM_CRYPTO_INTERPRET_AP: >> >> kvm_for_each_vcpu(i, vcpu, kvm) { >> kvm_s390_vcpu_crypto_setup(vcpu); >> exit_sie(vcpu); >> } >> >> From not doing something like for KVM_S390_VM_CRYPTO_INTERPRET_AP >> >> if (kvm->created_vcpus) { >> mutex_unlock(&kvm->lock); >> return -EBUSY; >> and from the aforementioned loop I guess ECA.28 can be changed >> for a running guest. >> >> If there are running vcpus when KVM_S390_VM_CRYPTO_INTERPRET_AP is >> changed (set) these will be taken out of SIE by exit_sie(). Then for the >> corresponding threads the control probably goes to QEMU (the emulator in >> the userspace). And it puts that vcpu back into the SIE, and then that >> cpu starts acting according to the new ECA.28 value. While other vcpus >> may still work with the old value of ECA.28. >> >> I'm not saying what I describe above is necessarily something broken. >> But I would like to have it explained, why is it OK -- provided I did >> not >> make any errors in my reasoning (assumptions included). >> >> Can you help me understand this code? >> >> Regards, >> Halil >> >> [..] >> > > I have the same concerns as Halil. > > We do not need to change the virtulization type > (hardware/software) on the fly for the current use case. > > Couldn't we delay this until we have one and in between only make the > vCPU hotplug clean? > > We only need to let the door open for the day we have such a use case. Are you suggesting this code be removed? If so, then where and under what conditions would you suggest setting ECA.28 given you objected to setting it based on whether the AP feature is installed? > > > Pierre > > >