Received: by 10.213.65.68 with SMTP id h4csp34884imn; Thu, 15 Mar 2018 08:47:25 -0700 (PDT) X-Google-Smtp-Source: AG47ELvGnFTKlsyjcX+INe4Vo9ZxovUTW9wo5e0QpDTlM1cqKy07zXblrbXSX595yzTQwJVinOxG X-Received: by 10.99.8.4 with SMTP id 4mr7097848pgi.289.1521128845202; Thu, 15 Mar 2018 08:47:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521128845; cv=none; d=google.com; s=arc-20160816; b=DkbzmHtqjz3lazwLa/trZPJHh3R3+7puCLG/gtiENZcpau/Us+SPbJiwsoGGJrOu6B xVEU2dMN0FP94IKz3lQggqX4UNTUdffduuEHta79LWJy/6NRE3k/NlBTx36Di6tE9Phg FM7F51YqY9mLB/wEDmLwuje9AN7+wQbzAngcx929eJ7xKi0IVwFXFRsyQ8Y+DEuk51Y9 NGEEmvByfUBMgWHwKBPtCyS2Fo9nTnEFJlACpn5y8HcUWGI10YD3PjIGkvos4GbZhypn 6mXCL1T4DL3HsGHyDxzmYOV1SE6msZaoZX5OYRkgDr9EzQP6AJIve6tjSvNNV1Bf3xg/ UQfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:arc-authentication-results; bh=EAvKZh++0MsEwj7lCYaQMpr2dS7RYcuxSs65g8601Sg=; b=n93y2M7B5q6xJ6q3i8M7+f06iguONHQzwGlxzmC/TO4FPD06/2yEF9YywOP5kdgdJ6 Z7T+53vRjBHONWR66311AJdUsQj4ZFoN+kJxX3Dyh+XaZNV1KQ9BzS55qX75YW2Df7mY aE8yJXQV7LO5IwQV7q44H/6BlLb8ZdFiZCTGZqv2wjaIKalm/h6rZsPPecHvI+t6/vWG Yv8C0ksb75LrBXao2YrhhvxxEe2pmfZZIpG3tqRW3uV8cQgYUCnxGXR0LKvGV4cTUWJ2 g+TdbM8Emkh6dkLvh6KVUhQc6tyFTTFdHYLi6V4MZB5wcg+UyoEFbqd36MLgpFoz+b08 Kn6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e3si3523425pgs.809.2018.03.15.08.47.09; Thu, 15 Mar 2018 08:47:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932641AbeCOPpp (ORCPT + 99 others); Thu, 15 Mar 2018 11:45:45 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:46834 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932457AbeCOPpn (ORCPT ); Thu, 15 Mar 2018 11:45:43 -0400 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2FFjFbr135375 for ; Thu, 15 Mar 2018 11:45:43 -0400 Received: from e06smtp15.uk.ibm.com (e06smtp15.uk.ibm.com [195.75.94.111]) by mx0a-001b2d01.pphosted.com with ESMTP id 2gqunkra66-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Thu, 15 Mar 2018 11:45:42 -0400 Received: from localhost by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 15 Mar 2018 15:45:39 -0000 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp15.uk.ibm.com (192.168.101.145) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 15 Mar 2018 15:45:36 -0000 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w2FFjaRo57212968; Thu, 15 Mar 2018 15:45:36 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9D3E04203F; Thu, 15 Mar 2018 15:37:49 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C76F142052; Thu, 15 Mar 2018 15:37:48 +0000 (GMT) Received: from [9.152.224.146] (unknown [9.152.224.146]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 15 Mar 2018 15:37:48 +0000 (GMT) Subject: Re: [PATCH v3 04/14] KVM: s390: device attribute to set AP interpretive execution To: Tony Krowiak , Halil Pasic , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1521051954-25715-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1521051954-25715-5-git-send-email-akrowiak@linux.vnet.ibm.com> <21bd029b-3500-3461-ce98-68ad3ae9b647@linux.vnet.ibm.com> <46a7e838-2be2-9587-6eb2-3bba95485609@linux.vnet.ibm.com> From: Pierre Morel Date: Thu, 15 Mar 2018 16:45:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <46a7e838-2be2-9587-6eb2-3bba95485609@linux.vnet.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18031515-0020-0000-0000-000004054FC2 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18031515-0021-0000-0000-000042995921 Message-Id: <5ed8017b-0168-9a50-234b-cfe9258eab72@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-15_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1803150174 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15/03/2018 16:26, Tony Krowiak wrote: > On 03/15/2018 09:00 AM, Pierre Morel wrote: >> On 14/03/2018 22:57, Halil Pasic wrote: >>> >>> On 03/14/2018 07:25 PM, Tony Krowiak wrote: >>>> The VFIO AP device model exploits interpretive execution of AP >>>> instructions (APIE) to provide guests passthrough access to AP >>>> devices. This patch introduces a new device attribute in the >>>> KVM_S390_VM_CRYPTO device attribute group to set APIE from >>>> the VFIO AP device defined on the guest. >>>> >>>> Signed-off-by: Tony Krowiak >>>> --- >>> [..] >>> >>>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c >>>> index a60c45b..bc46b67 100644 >>>> --- a/arch/s390/kvm/kvm-s390.c >>>> +++ b/arch/s390/kvm/kvm-s390.c >>>> @@ -815,6 +815,19 @@ static int kvm_s390_vm_set_crypto(struct kvm >>>> *kvm, struct kvm_device_attr *attr) >>>> sizeof(kvm->arch.crypto.crycb->dea_wrapping_key_mask)); >>>>           VM_EVENT(kvm, 3, "%s", "DISABLE: DEA keywrapping support"); >>>>           break; >>>> +    case KVM_S390_VM_CRYPTO_INTERPRET_AP: >>>> +        if (attr->addr) { >>>> +            if (!test_kvm_cpu_feat(kvm, KVM_S390_VM_CPU_FEAT_AP)) >>> Unlock mutex before returning? >>> >>> Maybe flip conditions (don't allow manipulating apie if feature not >>> there). >>> Clearing the anyways clear apie if feature not there ain't too bad, but >>> rejecting the operation appears nicer to me. >>> >>>> +                return -EOPNOTSUPP; >>>> +            kvm->arch.crypto.apie = 1; >>>> +            VM_EVENT(kvm, 3, "%s", >>>> +                 "ENABLE: AP interpretive execution"); >>>> +        } else { >>>> +            kvm->arch.crypto.apie = 0; >>>> +            VM_EVENT(kvm, 3, "%s", >>>> +                 "DISABLE: AP interpretive execution"); >>>> +        } >>>> +        break; >>>>       default: >>>>           mutex_unlock(&kvm->lock); >>>>           return -ENXIO; >>> I wonder how the loop after this switch works for >>> KVM_S390_VM_CRYPTO_INTERPRET_AP: >>> >>>          kvm_for_each_vcpu(i, vcpu, kvm) { >>>                  kvm_s390_vcpu_crypto_setup(vcpu); >>>                  exit_sie(vcpu); >>>          } >>> >>>  From not doing something like for KVM_S390_VM_CRYPTO_INTERPRET_AP >>> >>>          if (kvm->created_vcpus) { >>>                  mutex_unlock(&kvm->lock); >>>                  return -EBUSY; >>> and from the aforementioned loop I guess ECA.28 can be changed >>> for a running guest. >>> >>> If there are running vcpus when KVM_S390_VM_CRYPTO_INTERPRET_AP is >>> changed (set) these will be taken out of SIE by exit_sie(). Then for >>> the >>> corresponding threads the control probably goes to QEMU (the >>> emulator in >>> the userspace). And it puts that vcpu back into the SIE, and then that >>> cpu starts acting according to the new ECA.28 value.  While other vcpus >>> may still work with the old value of ECA.28. >>> >>> I'm not saying what I describe above is necessarily something broken. >>> But I would like to have it explained, why is it OK -- provided I >>> did not >>> make any errors in my reasoning (assumptions included). >>> >>> Can you help me understand this code? >>> >>> Regards, >>> Halil >>> >>> [..] >>> >> >> I have the same concerns as Halil. >> >> We do not need to change the virtulization type >> (hardware/software) on the fly for the current use case. >> >> Couldn't we delay this until we have one and in between only make the >> vCPU hotplug clean? >> >> We only need to let the door open for the day we have such a use case. > Are you suggesting this code be removed? If so, then where and under > what conditions would > you suggest setting ECA.28 given you objected to setting it based on > whether the > AP feature is installed? I would only call kvm_s390_vcpu_crypto_setup() from inside kvm_arch_vcpu_init() as it is already. >> >> >> Pierre >> >> >> > -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany