Received: by 10.192.165.156 with SMTP id m28csp244604imm; Tue, 17 Apr 2018 09:25:06 -0700 (PDT) X-Google-Smtp-Source: AIpwx49tIWtCdfuiGuxjCzCH0ENnGZG5vfesw2zW26J3ewdkllBYefI9ciUbDQUXiDcYQYMRh8kF X-Received: by 10.99.176.8 with SMTP id h8mr2318576pgf.448.1523982306564; Tue, 17 Apr 2018 09:25:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523982306; cv=none; d=google.com; s=arc-20160816; b=iNc+Lo5LqejJPNAyvVQi/clm1KKFIzJRS9B2lcyq7K3Prly2yNlebItDuv5BEg40zB kEv32RYG+FwwH4VCxwI832JlBZKDaHYaItyS9I/Kq03jvUW5y56aog/8CbhV4pGIoIGO jYxTn8hr8MIqJE/5JtqirOGKKxS2Ucl0Jk3lG6W+YS7bBW+S/7CdA/XHV2JiKLTKPtBj EadHF04yMgzHlM0vUTUAafJ/jAFrxRjAc5Z3E9oVlLQN7SGahxwWxHb1ZUVK+NGW1wPG M8cG/jFA19ezkCJAFTZklyuR8oi3+CabldKUjIi5enmoWHg8mGKbfjPws2LFvlRvSWrc pYng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:arc-authentication-results; bh=I50k9sR2qoQLTevOGhPLNHZxmJM7WcgAlKppINwvi4Y=; b=ZRRDmE+MF0PZSC3orqPTZBx2c/YquBO0/QTEH4mE9IYfbR3CZw/adjvWU3X2UlXfsv rVvfVpQt8Pt9Pi7opSpkispUu2FYV6RiIIXB22WI1ANQ/RXSSd2bIr0Gk/ce3NC+Tj2P qDb0OYtwZ7NpqYzPICdoOzSlIFOHY4uGMNRNHmYsk6W8Dwm1n+axUEGsr9lO4UCxfqXw HIp/9+pkirbIMndU88McVJ8HjqR1FnWF2YEuCQFZ5RdJJowoab4w91N7+82TrwQ/taTa frJ1gMXFg4eqy8Tzs0E3jlbkZUHYy5NnXH16FaFxGdjj70vQAImbitV+vGEa7f0nP7Dg JJ3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u131si2869019pgc.11.2018.04.17.09.24.52; Tue, 17 Apr 2018 09:25:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755857AbeDQQWu (ORCPT + 99 others); Tue, 17 Apr 2018 12:22:50 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:40082 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755820AbeDQQWn (ORCPT ); Tue, 17 Apr 2018 12:22:43 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w3HGJ5Gv049623 for ; Tue, 17 Apr 2018 12:22:42 -0400 Received: from e16.ny.us.ibm.com (e16.ny.us.ibm.com [129.33.205.206]) by mx0a-001b2d01.pphosted.com with ESMTP id 2hdj4q000a-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Tue, 17 Apr 2018 12:22:42 -0400 Received: from localhost by e16.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 17 Apr 2018 12:22:41 -0400 Received: from b01cxnp22033.gho.pok.ibm.com (9.57.198.23) by e16.ny.us.ibm.com (146.89.104.203) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 17 Apr 2018 12:22:38 -0400 Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com [9.57.199.107]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w3HGMb8u47317042; Tue, 17 Apr 2018 16:22:37 GMT Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 20C7712403F; Tue, 17 Apr 2018 13:24:39 -0400 (EDT) Received: from oc8043147753.ibm.com (unknown [9.85.136.174]) by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP id CE0E0124035; Tue, 17 Apr 2018 13:24:37 -0400 (EDT) Subject: Re: [PATCH v4 05/15] KVM: s390: enable/disable AP interpretive execution To: Pierre Morel , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, buendgen@de.ibm.com Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com References: <1523827345-11600-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1523827345-11600-6-git-send-email-akrowiak@linux.vnet.ibm.com> <15b60572-40d6-0f03-11f9-c50cb7eb00e8@linux.vnet.ibm.com> <6cba35df-b0de-8000-bb39-c4cec8622c57@linux.vnet.ibm.com> From: Tony Krowiak Date: Tue, 17 Apr 2018 12:22:35 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <6cba35df-b0de-8000-bb39-c4cec8622c57@linux.vnet.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18041716-0024-0000-0000-000003494BFD X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008871; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000257; SDB=6.01019285; UDB=6.00519987; IPR=6.00798526; MB=3.00020619; MTD=3.00000008; XFM=3.00000015; UTC=2018-04-17 16:22:40 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18041716-0025-0000-0000-000047B2FEB2 Message-Id: <2b053349-071e-17ed-6ebd-a37bcfd2f330@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-04-17_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1804170143 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/17/2018 12:13 PM, Pierre Morel wrote: > On 17/04/2018 17:02, Tony Krowiak wrote: >> On 04/16/2018 06:51 AM, Pierre Morel wrote: >>> On 15/04/2018 23:22, Tony Krowiak wrote: >>>> The VFIO AP device model exploits interpretive execution of AP >>>> instructions (APIE) to provide guests passthrough access to AP >>>> devices. This patch introduces a new interface to enable and >>>> disable APIE. >>>> >>>> Signed-off-by: Tony Krowiak >>>> --- >>>> arch/s390/include/asm/kvm-ap.h | 16 ++++++++++++++++ >>>> arch/s390/include/asm/kvm_host.h | 1 + >>>> arch/s390/kvm/kvm-ap.c | 20 ++++++++++++++++++++ >>>> arch/s390/kvm/kvm-s390.c | 9 +++++++++ >>>> 4 files changed, 46 insertions(+), 0 deletions(-) >>>> >>>> diff --git a/arch/s390/include/asm/kvm-ap.h >>>> b/arch/s390/include/asm/kvm-ap.h >>>> index 736e93e..a6c092e 100644 >>>> --- a/arch/s390/include/asm/kvm-ap.h >>>> +++ b/arch/s390/include/asm/kvm-ap.h >>>> @@ -35,4 +35,20 @@ >>>> */ >>>> void kvm_ap_build_crycbd(struct kvm *kvm); >>>> >>>> +/** >>>> + * kvm_ap_interpret_instructions >>>> + * >>>> + * Indicate whether AP instructions shall be interpreted. If they >>>> are not >>>> + * interpreted, all AP instructions will be intercepted and routed >>>> back to >>>> + * userspace. >>>> + * >>>> + * @kvm: the virtual machine attributes >>>> + * @enable: indicates whether AP instructions are to be >>>> interpreted (true) or >>>> + * or not (false). >>>> + * >>>> + * Returns 0 if completed successfully; otherwise, returns >>>> -EOPNOTSUPP >>>> + * indicating that AP instructions are not installed on the guest. >>>> + */ >>>> +int kvm_ap_interpret_instructions(struct kvm *kvm, bool enable); >>>> + >>>> #endif /* _ASM_KVM_AP */ >>>> diff --git a/arch/s390/include/asm/kvm_host.h >>>> b/arch/s390/include/asm/kvm_host.h >>>> index 3162783..5470685 100644 >>>> --- a/arch/s390/include/asm/kvm_host.h >>>> +++ b/arch/s390/include/asm/kvm_host.h >>>> @@ -715,6 +715,7 @@ struct kvm_s390_crypto { >>>> __u32 crycbd; >>>> __u8 aes_kw; >>>> __u8 dea_kw; >>>> + __u8 apie; >>>> }; >>>> >>>> #define APCB0_MASK_SIZE 1 >>>> diff --git a/arch/s390/kvm/kvm-ap.c b/arch/s390/kvm/kvm-ap.c >>>> index 991bae4..55d11b5 100644 >>>> --- a/arch/s390/kvm/kvm-ap.c >>>> +++ b/arch/s390/kvm/kvm-ap.c >>>> @@ -58,3 +58,23 @@ void kvm_ap_build_crycbd(struct kvm *kvm) >>>> } >>>> } >>>> EXPORT_SYMBOL(kvm_ap_build_crycbd); >>>> + >>>> +int kvm_ap_interpret_instructions(struct kvm *kvm, bool enable) >>>> +{ >>>> + int ret = 0; >>>> + >>>> + mutex_lock(&kvm->lock); >>>> + >>>> + if (!test_kvm_cpu_feat(kvm, KVM_S390_VM_CPU_FEAT_AP)) { >>> >>> Do we really need to test CPU_FEAT_AP? >> >> Yes we do. > > really? why? The KVM_S390_VM_CPU_FEAT_AP will not be enabled by KVM if the AP instructions are not installed on the host. I assume - but have no way of verifying - that if the AP instructions are not installed on the host, that interpretation would fail. Do you know what would happen if AP instructions are interpreted when not installed on the host? > > >> >>> >>> >>> I understand that KVM_S390_VM_CPU_FEAT_AP means AP instructions are >>> interpreted. >>> shouldn't we add this information in the name? >>> like KVM_S390_VM_CPU_FEAT_APIE >> >> KVM_S390_VM_CPU_FEAT_AP does NOT mean AP instructions are >> interpreted, it means >> AP instructions are installed. > > Right same error I made all along this review. > But AFAIK it means AP instructions are provided to the guest. > Then should this function be called if the guest has no AP instructions ? > > >> >>> >>>> + ret = -EOPNOTSUPP; >>>> + goto done; >>>> + } >>>> + >>>> + kvm->arch.crypto.apie = enable; >>>> + kvm_s390_vcpu_crypto_reset_all(kvm); >>>> + >>>> +done: >>>> + mutex_unlock(&kvm->lock); >>>> + return ret; >>>> +} >>>> +EXPORT_SYMBOL(kvm_ap_interpret_instructions); >>>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c >>>> index 55cd897..1dc8566 100644 >>>> --- a/arch/s390/kvm/kvm-s390.c >>>> +++ b/arch/s390/kvm/kvm-s390.c >>>> @@ -1901,6 +1901,9 @@ static void kvm_s390_crypto_init(struct kvm >>>> *kvm) >>>> kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb; >>>> kvm_ap_build_crycbd(kvm); >>>> >>>> + /* Default setting indicating SIE shall interpret AP >>>> instructions */ >>>> + kvm->arch.crypto.apie = 1; >>>> + >>>> if (!test_kvm_facility(kvm, 76)) >>>> return; >>>> >>>> @@ -2434,6 +2437,12 @@ static void >>>> kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) >>>> { >>>> vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd; >>>> >>>> + vcpu->arch.sie_block->eca &= ~ECA_APIE; >>>> + if (vcpu->kvm->arch.crypto.apie && >>>> + test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_AP)) >>> >>> Do we call xxx_crypto_setup() if KVM does not support AP >>> interpretation? >> >> Yes, kvm_s390_vcpu_crypto_setup(vcpu) is called by >> kvm_arch_vcpu_setup(vcpu) >> as well as from kvm_s390_vcpu_crypto_reset_all(kvm). Calling it has >> nothing >> to do with whether AP interpretation is supported or not as it does much >> more than that, including setting up of wrapping keys and the CRYCBD. > > Sorry, still the same error I made about CPU_FEAT_AP meaning AP > instructions in the guest > and not AP interpretation available. > Could apie be set if AP instruction are not supported? > >> >>> >>>> + vcpu->arch.sie_block->eca |= ECA_APIE; >>>> + >>>> + >>>> if (!test_kvm_facility(vcpu->kvm, 76)) >>>> return; >>>> >>> >> >