Received: by 10.192.165.148 with SMTP id m20csp452703imm;
        Fri, 4 May 2018 00:21:36 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpn4M9uYgEs1gr5Dx8B+MnpwdejC5Nh2ODfKARIYe02xmJ5lop8UxgWrq+JYaRbJPa7sl3A
X-Received: by 10.98.19.6 with SMTP id b6mr25412052pfj.58.1525418496734;
        Fri, 04 May 2018 00:21:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525418496; cv=none;
        d=google.com; s=arc-20160816;
        b=Zxx8/Orzshw+ppFmP4xZe014+rkiQj8kUk4at+xBKF5kLVOOgsYQ3I7Xms9mBgf7Lx
         /seFfxWbjy/4xdrE0MUzhpqCxjCReSNQRYAPFyDK3xA9zNwJ9lfZ9imo2HRs8Vbo6pec
         Pq5iWrpdF1ZZ2VevJqfgOIGSYcyCaym7Yucmpd1dkl/J2LAWLfCioxcDh2nI1VtKIl4e
         tD+z5VpxnOI/esH28YeDYdIKFqCvi05i98GT3kgTN+PB5tj2vt0juCu5/uzl41WO3egO
         we3vVLqT5311XDCcl7geg14uhxBJ7xNWqUaTVHsvYHfl485lYTGHKXcnNJ3Id/dE1qAT
         wk4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:organization:from:references:cc:to:subject
         :arc-authentication-results;
        bh=KoGq08YY6qoI8VbvZx1yQCla4wqPfC1FukluDq1k3bg=;
        b=zc9ashAk5zNCAtUC8g75LbzUQAk5AJAAK798naf68MCwIP0t4oHAP4IeINkfe3e93r
         0VWO2NC45CiiazQvOXpUmXsNWnVglqE4jBAOzO54fHLC7y6a1frnuE/1DwQbJ3ljUMF2
         TEYDXxuMMLCkrNfak2wMG3ly5KEGDOupcwMumvdK20YHQj7SdThMSyW7gcTNqYXuoiQY
         XRP04CHjgGmqU3GA0AiS41UQ9idmhL6GhO5QsNzuTu/59j2X7zCG3bop409kmlkrq+P+
         GfmX1PX/78tamwRH33ESlOmaKzfe6X/5/VLyOxLOs0BLWBMeyhrZA3CmFGZnMsVrxDAZ
         KbmA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j65-v6si12755679pge.336.2018.05.04.00.21.22;
        Fri, 04 May 2018 00:21:36 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751511AbeEDHT4 (ORCPT <rfc822;ereslibre@gmail.com> + 99 others);
        Fri, 4 May 2018 03:19:56 -0400
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:43792 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751059AbeEDHTy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 4 May 2018 03:19:54 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 75CF7EB706;
        Fri,  4 May 2018 07:19:53 +0000 (UTC)
Received: from [10.36.117.110] (ovpn-117-110.ams2.redhat.com [10.36.117.110])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 7C563111DCFB;
        Fri,  4 May 2018 07:19:46 +0000 (UTC)
Subject: Re: [PATCH v4 01/15] s390: zcrypt: externalize AP instructions
 available function
To:     Tony Krowiak <akrowiak@linux.vnet.ibm.com>,
        linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org
Cc:     freude@de.ibm.com, schwidefsky@de.ibm.com,
        heiko.carstens@de.ibm.com, borntraeger@de.ibm.com,
        cohuck@redhat.com, kwankhede@nvidia.com,
        bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com,
        alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com,
        alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com,
        jjherne@linux.vnet.ibm.com, thuth@redhat.com,
        pasic@linux.vnet.ibm.com, berrange@redhat.com,
        fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com
References: <1523827345-11600-1-git-send-email-akrowiak@linux.vnet.ibm.com>
 <1523827345-11600-2-git-send-email-akrowiak@linux.vnet.ibm.com>
From:   David Hildenbrand <david@redhat.com>
Organization: Red Hat GmbH
Message-ID: <7e537cfc-5d67-c188-2890-191608cb7b4f@redhat.com>
Date:   Fri, 4 May 2018 09:19:45 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <1523827345-11600-2-git-send-email-akrowiak@linux.vnet.ibm.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Fri, 04 May 2018 07:19:53 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Fri, 04 May 2018 07:19:53 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'david@redhat.com' RCPT:''
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 15.04.2018 23:22, Tony Krowiak wrote:
> If the AP instructions are not available on the linux host, then
> AP devices can not be interpreted by the SIE. The AP bus has a

This statement is wrong. The instructions can be interpreted by SIE e.g.
if there are no devices assigned to a guest. This is e.g. the case for
!CONFIG_ZCRYPT.

Also, doesn't this directly imply that the other execution control
should also not be used ("intercept AP instuctions"). This would be bad.
Just because !CONFIG_ZCRYPT does not imply that you can't emulate AP
devices for a guest.

Why isn't it sufficient to glue CONFIG_ZCRYPT to vfio-ap? This would
make more sense in my opinion. You have no "host devices" that you can
"pass through". But you can still emulate devices or emulate an empty bus.

> function it uses to determine if the AP instructions are
> available. This patch provides a new function that wraps the
> AP bus's function to externalize it for use by KVM.
> 
> Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
> Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
> Reviewed-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
> ---
>  arch/s390/include/asm/ap.h     |    7 +++++++
>  arch/s390/include/asm/kvm-ap.h |   23 +++++++++++++++++++++++
>  arch/s390/kvm/Makefile         |    2 +-
>  arch/s390/kvm/kvm-ap.c         |   21 +++++++++++++++++++++
>  drivers/s390/crypto/ap_bus.c   |    6 ++++++
>  5 files changed, 58 insertions(+), 1 deletions(-)
>  create mode 100644 arch/s390/include/asm/kvm-ap.h
>  create mode 100644 arch/s390/kvm/kvm-ap.c
> 
> diff --git a/arch/s390/include/asm/ap.h b/arch/s390/include/asm/ap.h
> index c1bedb4..7773bfd 100644
> --- a/arch/s390/include/asm/ap.h
> +++ b/arch/s390/include/asm/ap.h
> @@ -120,4 +120,11 @@ struct ap_queue_status ap_queue_irq_ctrl(ap_qid_t qid,
>  					 struct ap_qirq_ctrl qirqctrl,
>  					 void *ind);
>  
> +/**
> + * ap_instructions_installed() - Tests whether AP instructions are installed
> + *
> + * Returns 1 if the AP instructions are installed, otherwise; returns 0
> + */
> +int ap_instructions_installed(void);
> +
>  #endif /* _ASM_S390_AP_H_ */
> diff --git a/arch/s390/include/asm/kvm-ap.h b/arch/s390/include/asm/kvm-ap.h
> new file mode 100644
> index 0000000..84412a9
> --- /dev/null
> +++ b/arch/s390/include/asm/kvm-ap.h
> @@ -0,0 +1,23 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Adjunct Processor (AP) configuration management for KVM guests
> + *
> + * Copyright IBM Corp. 2018
> + *
> + * Author(s): Tony Krowiak <akrowia@linux.vnet.ibm.com>
> + */
> +
> +#ifndef _ASM_KVM_AP
> +#define _ASM_KVM_AP
> +
> +/**
> + * kvm_ap_instructions_installed()
> + *
> + * Tests whether AP instructions are installed on the linux host
> + *
> + * Returns 1 if the AP instructions are installed on the host, otherwise;
> + * returns 0
> + */
> +int kvm_ap_instructions_installed(void);
> +
> +#endif /* _ASM_KVM_AP */
> diff --git a/arch/s390/kvm/Makefile b/arch/s390/kvm/Makefile
> index 05ee90a..1876bfe 100644
> --- a/arch/s390/kvm/Makefile
> +++ b/arch/s390/kvm/Makefile
> @@ -9,6 +9,6 @@ common-objs = $(KVM)/kvm_main.o $(KVM)/eventfd.o  $(KVM)/async_pf.o $(KVM)/irqch
>  ccflags-y := -Ivirt/kvm -Iarch/s390/kvm
>  
>  kvm-objs := $(common-objs) kvm-s390.o intercept.o interrupt.o priv.o sigp.o
> -kvm-objs += diag.o gaccess.o guestdbg.o vsie.o
> +kvm-objs += diag.o gaccess.o guestdbg.o vsie.o kvm-ap.o
>  
>  obj-$(CONFIG_KVM) += kvm.o
> diff --git a/arch/s390/kvm/kvm-ap.c b/arch/s390/kvm/kvm-ap.c
> new file mode 100644
> index 0000000..1267588
> --- /dev/null
> +++ b/arch/s390/kvm/kvm-ap.c
> @@ -0,0 +1,21 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Adjunct Processor (AP) configuration management for KVM guests
> + *
> + * Copyright IBM Corp. 2018
> + *
> + * Author(s): Tony Krowiak <akrowia@linux.vnet.ibm.com>
> + */
> +#include <linux/kernel.h>
> +#include <asm/kvm-ap.h>
> +#include <asm/ap.h>
> +
> +int kvm_ap_instructions_installed(void)
> +{
> +#ifdef CONFIG_ZCRYPT
> +	return ap_instructions_installed();
> +#else
> +	return 0;
> +#endif
> +}
> +EXPORT_SYMBOL(kvm_ap_instructions_installed);
> diff --git a/drivers/s390/crypto/ap_bus.c b/drivers/s390/crypto/ap_bus.c
> index 35a0c2b..9d108b6 100644
> --- a/drivers/s390/crypto/ap_bus.c
> +++ b/drivers/s390/crypto/ap_bus.c
> @@ -210,6 +210,12 @@ int ap_query_configuration(struct ap_config_info *info)
>  }
>  EXPORT_SYMBOL(ap_query_configuration);
>  
> +int ap_instructions_installed(void)
> +{
> +	return (ap_instructions_available() == 0);
> +}
> +EXPORT_SYMBOL(ap_instructions_installed);
> +
>  /**
>   * ap_init_configuration(): Allocate and query configuration array.
>   */
> 


-- 

Thanks,

David / dhildenb