Received: by 10.213.65.68 with SMTP id h4csp2729389imn; Mon, 2 Apr 2018 12:55:21 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+rF3HqKuNgIZGSi/EnYrKIzrq/Qlm8XqABcasJ1Gvm4/3HxmjpKKg858eLg5m4gaduGU47 X-Received: by 10.98.223.16 with SMTP id u16mr8347518pfg.146.1522698921719; Mon, 02 Apr 2018 12:55:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522698921; cv=none; d=google.com; s=arc-20160816; b=MwnVWq2tskqFReFQpbZnfIksSG0QVeQGiO0I7py2yfEkZu5e4p+WdtuzKsDq/QOyDF ExQY3Jf2siq74fJ0yY4HlR4/4pS/ppeUh67kwxEMGAb2cLZrZ9aDqLn2Y3JhZPiDUIYK T76qLXiUF7xtkJgZoiHEEv0Zi7z7gbEI5NBljIVkyEQOFtQ1RbwJ85hCPr3rkcuHYWaK qaUggVktxKUE71ygOMHs/ShMb/EXDRM6As0SyS0/1cYiPSMgLpxWBpIHDRFTDsg6YSbs 2JDb3yjc4lguT/H5ztStnpsTZ5HzuUG9kkNLp6xOZa1v1s9/oOnyHMdmfpiXQPYTb5LF TvxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:arc-authentication-results; bh=GPaH2ksCBNjkYIEfN0D4aD6AiztIznLLx8b7KjkDGso=; b=ftKofXgBsjBpzGknVrd8y7Y4yPA0tmpUxYHptY9fx3IO6mmHaaBjhSKtgYvg0gIxx/ 3bHTtvw63axlG2vEgepxB+LDoxBcGOQSBsKRzv6L8GksOwlM0/5/ktJJ6aZ4jYgiGSC7 G3pXCNztMBSalNiOyoDJ3ZauITLpHAXB3UeXY8NGK+khx7NfGJN9Jzr4nZetOi3URLAE 4u7QrAy3c61R4YvnT908kDql3GRKHY7N9e43+hGW+2nf8Z+A7/IJfArXNO+kJjVOzR5r 6bK1V+sbk8hFwg4R3MfxQVZ8oypydKBHHn7WO0QbreeMB921Yt9EaEasMQHYFSvcHZf/ M2Xg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q4si647979pgv.822.2018.04.02.12.55.07; Mon, 02 Apr 2018 12:55:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755435AbeDBS4A (ORCPT + 99 others); Mon, 2 Apr 2018 14:56:00 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:32924 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756544AbeDBSzz (ORCPT ); Mon, 2 Apr 2018 14:55:55 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w32It3dQ031314 for ; Mon, 2 Apr 2018 14:55:54 -0400 Received: from e19.ny.us.ibm.com (e19.ny.us.ibm.com [129.33.205.209]) by mx0a-001b2d01.pphosted.com with ESMTP id 2h3sc41yfn-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Mon, 02 Apr 2018 14:55:54 -0400 Received: from localhost by e19.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 2 Apr 2018 14:55:53 -0400 Received: from b01cxnp22034.gho.pok.ibm.com (9.57.198.24) by e19.ny.us.ibm.com (146.89.104.206) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 2 Apr 2018 14:55:49 -0400 Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w32ItmLN53542922; Mon, 2 Apr 2018 18:55:48 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 395482803F; Mon, 2 Apr 2018 14:55:12 -0400 (EDT) Received: from oc8043147753.ibm.com (unknown [9.80.198.232]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP id D406C28041; Mon, 2 Apr 2018 14:55:10 -0400 (EDT) Subject: Re: [PATCH v3 04/14] KVM: s390: device attribute to set AP interpretive execution To: Halil Pasic , Pierre Morel , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1521051954-25715-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1521051954-25715-5-git-send-email-akrowiak@linux.vnet.ibm.com> <21bd029b-3500-3461-ce98-68ad3ae9b647@linux.vnet.ibm.com> <46a7e838-2be2-9587-6eb2-3bba95485609@linux.vnet.ibm.com> <5ed8017b-0168-9a50-234b-cfe9258eab72@linux.vnet.ibm.com> <17683324-f6e4-4328-54c1-1fce572faecd@linux.vnet.ibm.com> <8e10f1cb-3722-d231-2603-b7867420ac0a@linux.vnet.ibm.com> <5dd1bcd3-5d17-37c1-1184-7f75a1fd32bc@linux.vnet.ibm.com> <68e9e3ea-f99a-da88-5e56-21e38b438b4f@linux.vnet.ibm.com> <1347ed2e-7bdb-e455-971a-cf60899e3c19@linux.vnet.ibm.com> <6c42b3e2-0f32-b84b-ea73-4e99157720d3@linux.vnet.ibm.com> From: Tony Krowiak Date: Mon, 2 Apr 2018 14:55:46 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <6c42b3e2-0f32-b84b-ea73-4e99157720d3@linux.vnet.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18040218-0056-0000-0000-000004368428 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008790; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000255; SDB=6.01012147; UDB=6.00515819; IPR=6.00791417; MB=3.00020378; MTD=3.00000008; XFM=3.00000015; UTC=2018-04-02 18:55:52 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18040218-0057-0000-0000-00000878965B Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-04-02_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1804020206 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/20/2018 06:48 PM, Halil Pasic wrote: > > On 03/20/2018 06:58 PM, Tony Krowiak wrote: >> I spoke with Christian this morning and he made a suggestion which I think would provide the best solution here. >> This is my proposal: >> 1. Get rid of the KVM_S390_VM_CRYPTO_INTERPRET_AP device attribute and return to setting ECA.28 from the >> mdev device open callback. >> 2. Since there may be vcpus online at the time the mdev device open is called, we must first take all running vcpus out of >> SIE and block them. Christian suggested the kvm_s390_vcpu_block_all(struct kvm *kvm) function will do the trick. So I >> propose introducing a function like the following to be called during mdev open: > There is one thing you missed, otherwise I'm *very* satisfied with this > proposal. > > What you have missed IMHO is vcpu hottplug. So IMHO you should keep > kvm->arch.crypto.apie, and update it accordingly ... I agree, I will fix it. > > >> int kvm_ap_set_interpretive_exec(struct kvm *kvm, bool enable) >> { >> int i; >> struct kvm_vcpu *vcpu; >> >> if (!test_kvm_cpu_feat(kvm, KVM_S390_VM_CPU_FEAT_AP)) >> return -EOPNOTSUPP; >> >> mutex_lock(&kvm->lock); >> >> kvm_s390_vcpu_block_all(kvm); > ... let's say here. Yep > >> kvm_for_each_vcpu(i, vcpu, kvm) { > And here you can call kvm_s390_vcpu_crypto_setup(vcpu) (the changes to > this function will be required for hotplug) if you like Sounds good to me. > >> if (enable) >> vcpu->arch.sie_block->eca |= ECA_APIE; >> else >> vcpu->arch.sie_block->eca &= ~ECA_APIE; > or keep this stuff, it does not really matter to me. I'll call the kvm_s390_vcpu_crypto_setup(vcpu) to set ECA_APIE. > >> } >> >> kvm_s390_vcpu_unblock_all(kvm); >> >> mutex_unlock(&kvm->lock); >> >> return 0; >> } >> >> This interface allows us to set ECA.28 even if vcpus are running > I tend to agree. I will give it a proper review when this gets more > formal (e.g. v4 (preferably) or patches to be fixed up to this series). > > Please don't forget to revisit the discussion on kvm_s390_vm_set_crypto: > if the mechanism there isn't right for ECA.28 I think you should tell > us why it's OK for the other attributes if it's OK. If it is not then > I guess you will want to do a stand alone patch for that. That will no longer be a part of this patch series. We can revisit that as a separate issue at a future time. >