Received: by 10.192.165.148 with SMTP id m20csp452703imm; Fri, 4 May 2018 00:21:36 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpn4M9uYgEs1gr5Dx8B+MnpwdejC5Nh2ODfKARIYe02xmJ5lop8UxgWrq+JYaRbJPa7sl3A X-Received: by 10.98.19.6 with SMTP id b6mr25412052pfj.58.1525418496734; Fri, 04 May 2018 00:21:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525418496; cv=none; d=google.com; s=arc-20160816; b=Zxx8/Orzshw+ppFmP4xZe014+rkiQj8kUk4at+xBKF5kLVOOgsYQ3I7Xms9mBgf7Lx /seFfxWbjy/4xdrE0MUzhpqCxjCReSNQRYAPFyDK3xA9zNwJ9lfZ9imo2HRs8Vbo6pec Pq5iWrpdF1ZZ2VevJqfgOIGSYcyCaym7Yucmpd1dkl/J2LAWLfCioxcDh2nI1VtKIl4e tD+z5VpxnOI/esH28YeDYdIKFqCvi05i98GT3kgTN+PB5tj2vt0juCu5/uzl41WO3egO we3vVLqT5311XDCcl7geg14uhxBJ7xNWqUaTVHsvYHfl485lYTGHKXcnNJ3Id/dE1qAT wk4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :arc-authentication-results; bh=KoGq08YY6qoI8VbvZx1yQCla4wqPfC1FukluDq1k3bg=; b=zc9ashAk5zNCAtUC8g75LbzUQAk5AJAAK798naf68MCwIP0t4oHAP4IeINkfe3e93r 0VWO2NC45CiiazQvOXpUmXsNWnVglqE4jBAOzO54fHLC7y6a1frnuE/1DwQbJ3ljUMF2 TEYDXxuMMLCkrNfak2wMG3ly5KEGDOupcwMumvdK20YHQj7SdThMSyW7gcTNqYXuoiQY XRP04CHjgGmqU3GA0AiS41UQ9idmhL6GhO5QsNzuTu/59j2X7zCG3bop409kmlkrq+P+ GfmX1PX/78tamwRH33ESlOmaKzfe6X/5/VLyOxLOs0BLWBMeyhrZA3CmFGZnMsVrxDAZ KbmA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j65-v6si12755679pge.336.2018.05.04.00.21.22; Fri, 04 May 2018 00:21:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751511AbeEDHT4 (ORCPT + 99 others); Fri, 4 May 2018 03:19:56 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:43792 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751059AbeEDHTy (ORCPT ); Fri, 4 May 2018 03:19:54 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 75CF7EB706; Fri, 4 May 2018 07:19:53 +0000 (UTC) Received: from [10.36.117.110] (ovpn-117-110.ams2.redhat.com [10.36.117.110]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7C563111DCFB; Fri, 4 May 2018 07:19:46 +0000 (UTC) Subject: Re: [PATCH v4 01/15] s390: zcrypt: externalize AP instructions available function To: Tony Krowiak , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1523827345-11600-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1523827345-11600-2-git-send-email-akrowiak@linux.vnet.ibm.com> From: David Hildenbrand Organization: Red Hat GmbH Message-ID: <7e537cfc-5d67-c188-2890-191608cb7b4f@redhat.com> Date: Fri, 4 May 2018 09:19:45 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <1523827345-11600-2-git-send-email-akrowiak@linux.vnet.ibm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Fri, 04 May 2018 07:19:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Fri, 04 May 2018 07:19:53 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'david@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15.04.2018 23:22, Tony Krowiak wrote: > If the AP instructions are not available on the linux host, then > AP devices can not be interpreted by the SIE. The AP bus has a This statement is wrong. The instructions can be interpreted by SIE e.g. if there are no devices assigned to a guest. This is e.g. the case for !CONFIG_ZCRYPT. Also, doesn't this directly imply that the other execution control should also not be used ("intercept AP instuctions"). This would be bad. Just because !CONFIG_ZCRYPT does not imply that you can't emulate AP devices for a guest. Why isn't it sufficient to glue CONFIG_ZCRYPT to vfio-ap? This would make more sense in my opinion. You have no "host devices" that you can "pass through". But you can still emulate devices or emulate an empty bus. > function it uses to determine if the AP instructions are > available. This patch provides a new function that wraps the > AP bus's function to externalize it for use by KVM. > > Signed-off-by: Tony Krowiak > Reviewed-by: Pierre Morel > Reviewed-by: Harald Freudenberger > --- > arch/s390/include/asm/ap.h | 7 +++++++ > arch/s390/include/asm/kvm-ap.h | 23 +++++++++++++++++++++++ > arch/s390/kvm/Makefile | 2 +- > arch/s390/kvm/kvm-ap.c | 21 +++++++++++++++++++++ > drivers/s390/crypto/ap_bus.c | 6 ++++++ > 5 files changed, 58 insertions(+), 1 deletions(-) > create mode 100644 arch/s390/include/asm/kvm-ap.h > create mode 100644 arch/s390/kvm/kvm-ap.c > > diff --git a/arch/s390/include/asm/ap.h b/arch/s390/include/asm/ap.h > index c1bedb4..7773bfd 100644 > --- a/arch/s390/include/asm/ap.h > +++ b/arch/s390/include/asm/ap.h > @@ -120,4 +120,11 @@ struct ap_queue_status ap_queue_irq_ctrl(ap_qid_t qid, > struct ap_qirq_ctrl qirqctrl, > void *ind); > > +/** > + * ap_instructions_installed() - Tests whether AP instructions are installed > + * > + * Returns 1 if the AP instructions are installed, otherwise; returns 0 > + */ > +int ap_instructions_installed(void); > + > #endif /* _ASM_S390_AP_H_ */ > diff --git a/arch/s390/include/asm/kvm-ap.h b/arch/s390/include/asm/kvm-ap.h > new file mode 100644 > index 0000000..84412a9 > --- /dev/null > +++ b/arch/s390/include/asm/kvm-ap.h > @@ -0,0 +1,23 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Adjunct Processor (AP) configuration management for KVM guests > + * > + * Copyright IBM Corp. 2018 > + * > + * Author(s): Tony Krowiak > + */ > + > +#ifndef _ASM_KVM_AP > +#define _ASM_KVM_AP > + > +/** > + * kvm_ap_instructions_installed() > + * > + * Tests whether AP instructions are installed on the linux host > + * > + * Returns 1 if the AP instructions are installed on the host, otherwise; > + * returns 0 > + */ > +int kvm_ap_instructions_installed(void); > + > +#endif /* _ASM_KVM_AP */ > diff --git a/arch/s390/kvm/Makefile b/arch/s390/kvm/Makefile > index 05ee90a..1876bfe 100644 > --- a/arch/s390/kvm/Makefile > +++ b/arch/s390/kvm/Makefile > @@ -9,6 +9,6 @@ common-objs = $(KVM)/kvm_main.o $(KVM)/eventfd.o $(KVM)/async_pf.o $(KVM)/irqch > ccflags-y := -Ivirt/kvm -Iarch/s390/kvm > > kvm-objs := $(common-objs) kvm-s390.o intercept.o interrupt.o priv.o sigp.o > -kvm-objs += diag.o gaccess.o guestdbg.o vsie.o > +kvm-objs += diag.o gaccess.o guestdbg.o vsie.o kvm-ap.o > > obj-$(CONFIG_KVM) += kvm.o > diff --git a/arch/s390/kvm/kvm-ap.c b/arch/s390/kvm/kvm-ap.c > new file mode 100644 > index 0000000..1267588 > --- /dev/null > +++ b/arch/s390/kvm/kvm-ap.c > @@ -0,0 +1,21 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Adjunct Processor (AP) configuration management for KVM guests > + * > + * Copyright IBM Corp. 2018 > + * > + * Author(s): Tony Krowiak > + */ > +#include > +#include > +#include > + > +int kvm_ap_instructions_installed(void) > +{ > +#ifdef CONFIG_ZCRYPT > + return ap_instructions_installed(); > +#else > + return 0; > +#endif > +} > +EXPORT_SYMBOL(kvm_ap_instructions_installed); > diff --git a/drivers/s390/crypto/ap_bus.c b/drivers/s390/crypto/ap_bus.c > index 35a0c2b..9d108b6 100644 > --- a/drivers/s390/crypto/ap_bus.c > +++ b/drivers/s390/crypto/ap_bus.c > @@ -210,6 +210,12 @@ int ap_query_configuration(struct ap_config_info *info) > } > EXPORT_SYMBOL(ap_query_configuration); > > +int ap_instructions_installed(void) > +{ > + return (ap_instructions_available() == 0); > +} > +EXPORT_SYMBOL(ap_instructions_installed); > + > /** > * ap_init_configuration(): Allocate and query configuration array. > */ > -- Thanks, David / dhildenb