Received: by 10.192.165.148 with SMTP id m20csp3196635imm; Mon, 7 May 2018 08:13:08 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpLQCKeC03MjRAc6dpRaQQksmKQ5muYHh36gvqeZV7CQ9Ggk6QULdKCx5p21mPsKz+GdynZ X-Received: by 2002:a9d:224d:: with SMTP id o71-v6mr14925157ota.101.1525705988100; Mon, 07 May 2018 08:13:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525705988; cv=none; d=google.com; s=arc-20160816; b=HeVwlCUEqU/zQCMhrJEYY4Wj0l/SGeubrFHb+ASwhGVvcpyb0E9eheli+Nc/16QljC sgEUOVP39VPMLAizUzDNNjwB8Hkzhbbgt+DnUpprGl0P88mHsQl1Iu6AHwaSfZSoaFUg 5TnHGrWFJ5cmQEDWRQiQCo9Sjd1gmdP9IwIiCAymsTdc8CslSebHQzsfj5VBD8UVp0Of itMXeDsHcA0q0NDX0RgHSuZaHTaJKR8micCdL4ZTSL8JFEMbBnw3sd2q5LxXV6m9/cCH og4Ay3g9H83akpAlCo6wctD+mz7jNmOB8tFS/b5m6n9tgtoO+XtwsFYxoncCTk1p0Ukz P3Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from:arc-authentication-results; bh=Z6OCTf3MA7NRyChE/LLkR7xTy7RpvOU3hJgzhH6JEmc=; b=T5QZa2L1G7bJ2uKfk1jU+TY3me5E9seHYHLha8csmUk5i00LY1L5m/6d4yELLpRK8A XtdKytSXbuJ1jgVLWYsLK4ZW1TKd7lweiXi4HZC67TMvvDQvFqK9Cl+mcGZ7TT3wk76J oyOOfbk1fpk07YDmcjSSAAXEjhNX9/G0gQIBJsaHMPOReFZvAtuU3ViWUePg++JW1TQu l03m4icHgNdcz6kYCAmJimr1CaJmrfdg83Hk51TZKeldHjOfjmlLx1set2XnoYFUEa7a 1/gTAPKD80V5XAg5DjvJ6PlR/qjcdRnRqL8zC4xyrrhIIQVYATKVvXCg3PVe4gjUR9eg JqSw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y125-v6si849140oig.434.2018.05.07.08.12.53; Mon, 07 May 2018 08:13:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752437AbeEGPMY (ORCPT + 99 others); Mon, 7 May 2018 11:12:24 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:41732 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752082AbeEGPMQ (ORCPT ); Mon, 7 May 2018 11:12:16 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w47F9LdM043189 for ; Mon, 7 May 2018 11:12:15 -0400 Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158]) by mx0b-001b2d01.pphosted.com with ESMTP id 2htqdgwfyw-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 07 May 2018 11:12:14 -0400 Received: from localhost by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 7 May 2018 09:12:13 -0600 Received: from b03cxnp08026.gho.boulder.ibm.com (9.17.130.18) by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 7 May 2018 09:12:10 -0600 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w47FC8pY11862326; Mon, 7 May 2018 08:12:08 -0700 Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C07F2C603E; Mon, 7 May 2018 09:12:08 -0600 (MDT) Received: from localhost.localdomain (unknown [9.85.146.27]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTPS id 73556C6042; Mon, 7 May 2018 09:12:06 -0600 (MDT) From: Tony Krowiak To: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com, akrowiak@linux.vnet.ibm.com Subject: [PATCH v5 03/13] KVM: s390: CPU model support for AP virtualization Date: Mon, 7 May 2018 11:11:42 -0400 X-Mailer: git-send-email 1.7.1 In-Reply-To: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com> References: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18050715-0024-0000-0000-0000185BEEB3 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008987; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000258; SDB=6.01028858; UDB=6.00525678; IPR=6.00807992; MB=3.00020972; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-07 15:12:13 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18050715-0025-0000-0000-00004FDB7735 Message-Id: <1525705912-12815-4-git-send-email-akrowiak@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-07_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805070154 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Introduces a new CPU model feature and two CPU model facilities to support AP virtualization for KVM guests. CPU model feature: The KVM_S390_VM_CPU_FEAT_AP feature indicates that AP instructions are available on the guest. This feature will be enabled by the kernel only if the AP instructions are installed on the linux host. This feature must be specifically turned on for the KVM guest from userspace to use the VFIO AP device driver for guest access to AP devices. By default, AP instructions will be interpreted if this feature is turned on for the KVM guest. This guarantees that AP instructions executed on the guest will not be met with an operation exception due to the fact that there are no handlers to process intercepted AP instructions. CPU model facilities: 1. AP Query Configuration Information (QCI) facility is installed. This is indicated by setting facilities bit 12 for the guest. The kernel will not enable this facility for the guest if it is not set on the host. This facility must not be set by userspace if the KVM_S390_VM_CPU_FEAT_AP feature is not installed. If this facility is not set for the KVM guest, then only APQNs with an APQI less than 16 will be available to the guest regardless of the guest's matrix configuration. This is a limitation of the AP bus running on the guest. 2. AP Facilities Test facility (APFT) is installed. This is indicated by setting facilities bit 15 for the guest. The kernel will not enable this facility for the guest if it is not set on the host. This facility must not be set by userspace if the KVM_S390_VM_CPU_FEAT_AP feature is not installed. If this facility is not set for the KVM guest, then no AP devices will be available to the guest regardless of the guest's matrix configuration. This is a limitation of the AP bus running under the guest. Reviewed-by: Christian Borntraeger Reviewed-by: Halil Pasic Signed-off-by: Tony Krowiak --- arch/s390/include/asm/kvm_host.h | 2 ++ arch/s390/include/uapi/asm/kvm.h | 1 + arch/s390/kvm/kvm-s390.c | 12 ++++++++++++ arch/s390/tools/gen_facilities.c | 3 +++ 4 files changed, 18 insertions(+), 0 deletions(-) diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h index 5393c4d..ef4b237 100644 --- a/arch/s390/include/asm/kvm_host.h +++ b/arch/s390/include/asm/kvm_host.h @@ -186,6 +186,7 @@ struct kvm_s390_sie_block { #define ECA_AIV 0x00200000 #define ECA_VX 0x00020000 #define ECA_PROTEXCI 0x00002000 +#define ECA_APIE 0x00000008 #define ECA_SII 0x00000001 __u32 eca; /* 0x004c */ #define ICPT_INST 0x04 @@ -714,6 +715,7 @@ struct kvm_s390_crypto { __u32 crycbd; __u8 aes_kw; __u8 dea_kw; + __u8 apie; }; #define APCB0_MASK_SIZE 1 diff --git a/arch/s390/include/uapi/asm/kvm.h b/arch/s390/include/uapi/asm/kvm.h index 4cdaa55..a580dec 100644 --- a/arch/s390/include/uapi/asm/kvm.h +++ b/arch/s390/include/uapi/asm/kvm.h @@ -130,6 +130,7 @@ struct kvm_s390_vm_cpu_machine { #define KVM_S390_VM_CPU_FEAT_PFMFI 11 #define KVM_S390_VM_CPU_FEAT_SIGPIF 12 #define KVM_S390_VM_CPU_FEAT_KSS 13 +#define KVM_S390_VM_CPU_FEAT_AP 14 struct kvm_s390_vm_cpu_feat { __u64 feat[16]; }; diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 99779a6..81fbb0d 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -367,6 +367,11 @@ static void kvm_s390_cpu_feat_init(void) if (MACHINE_HAS_ESOP) allow_cpu_feat(KVM_S390_VM_CPU_FEAT_ESOP); + + /* Check if AP instructions installed on host */ + if (kvm_ap_instructions_available()) + allow_cpu_feat(KVM_S390_VM_CPU_FEAT_AP); + /* * We need SIE support, ESOP (PROT_READ protection for gmap_shadow), * 64bit SCAO (SCA passthrough) and IDTE (for gmap_shadow unshadowing). @@ -1928,6 +1933,8 @@ static void kvm_s390_crypto_init(struct kvm *kvm) kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb; kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb; kvm_s390_format_crycb(kvm); + /* Default setting indicating SIE shall interpret AP instructions */ + kvm->arch.crypto.apie = 1; } static void sca_dispose(struct kvm *kvm) @@ -2458,6 +2465,11 @@ static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd; + vcpu->arch.sie_block->eca &= ~ECA_APIE; + if (vcpu->kvm->arch.crypto.apie && + test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_AP)) + vcpu->arch.sie_block->eca |= ECA_APIE; + /* If MSAX3 is installed, set up protected key support */ if (test_kvm_facility(vcpu->kvm, 76)) { vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA); diff --git a/arch/s390/tools/gen_facilities.c b/arch/s390/tools/gen_facilities.c index 90a8c9e..e0e2c19 100644 --- a/arch/s390/tools/gen_facilities.c +++ b/arch/s390/tools/gen_facilities.c @@ -106,6 +106,9 @@ struct facility_def { .name = "FACILITIES_KVM_CPUMODEL", .bits = (int[]){ + 12, /* AP Query Configuration Information */ + 15, /* AP Facilities Test */ + 156, /* Execution Token facility */ -1 /* END */ } }, -- 1.7.1