Received: by 10.192.165.148 with SMTP id m20csp3201685imm; Mon, 7 May 2018 08:17:47 -0700 (PDT) X-Google-Smtp-Source: AB8JxZq4v+QnFGDLOaPFK2L+DR0UmLrkNKvPckK/weyCpQ8H+zIXsWlfRw19VklVdmcs5kksW/QK X-Received: by 2002:a6b:61f:: with SMTP id 31-v6mr41236042iog.80.1525706267375; Mon, 07 May 2018 08:17:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525706267; cv=none; d=google.com; s=arc-20160816; b=SYUE+hy40nwP6eY+vofaPKDQ5djzYm1SUM/1KjALiYgyINE0TDarh32QTrWwv5p8mt TB6O6tidd0/vL2d4GrSLMajF+qGHC/j/jIg/9YUA0qvdo4oHaEtPtCCk0cVARlhgbxVe LRApaPCk93yuM2bHGgpDMhUW+7JoGDF8kzBJ+g1bNnhucePohk0GGdBVJq16ArvKRzzT KiMO3XkqdkKskZ2AOFY9CMZYL9t2aId5FxxjvRman/85zlRYu7ep6NxLuJ82rwt9pgq4 EG+kweE61oP7SntIQxhHFKgj14KvCERJPX0+BeRFALCBrNCX612Q3bK45kq/gVaM6Qb9 DKZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=bgR8RIFwmwheod9FmqntYUwquVcZ6AeFEUG90k4QvpY=; b=Vf7yNY0EfhVc4N/onRhpgwSBHy8Pyy7tNcIATAV3VX5cwICMf/lTgBrDwYPNn2vTIz Z9KCoQLg+ApKeWIp0nenB9y7oVOXIQhr+fmyrMDB40arzM/wDVhzz7G+G4t8pq57zsEt p/CIgpaD+SzcLY078KyUo0SCc9a+evzpZ8NArGvDr9wclwFA3nQ0DPykWaWPX1bxiFqC pjvkkDrTIwBQiH07Zw+OVMRVOfgG9E6/MMMQHDPjjsIhc/bQUDUXvjxStj95NLU36Gvc etcHLWE8ij2lqZAxe7EihyJiBkV1mV9C8SZuk9TM6ywREqojQWxc1i1cyUtEzC6KbN+j j8ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j62-v6si7790667ith.116.2018.05.07.08.17.33; Mon, 07 May 2018 08:17:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752242AbeEGPMK (ORCPT + 99 others); Mon, 7 May 2018 11:12:10 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:44420 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752133AbeEGPMH (ORCPT ); Mon, 7 May 2018 11:12:07 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w47F9eTj050076 for ; Mon, 7 May 2018 11:12:06 -0400 Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158]) by mx0a-001b2d01.pphosted.com with ESMTP id 2htqx33vu4-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 07 May 2018 11:12:05 -0400 Received: from localhost by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 7 May 2018 09:12:04 -0600 Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20) by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 7 May 2018 09:12:00 -0600 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w47FBwi310879310; Mon, 7 May 2018 08:11:58 -0700 Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6CFB2C6042; Mon, 7 May 2018 09:11:58 -0600 (MDT) Received: from localhost.localdomain (unknown [9.85.146.27]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTPS id 21FCCC603E; Mon, 7 May 2018 09:11:56 -0600 (MDT) From: Tony Krowiak To: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com, akrowiak@linux.vnet.ibm.com Subject: [PATCH v5 00/13] s390: vfio-ap: guest dedicated crypto adapters Date: Mon, 7 May 2018 11:11:39 -0400 X-Mailer: git-send-email 1.7.1 X-TM-AS-GCONF: 00 x-cbid: 18050715-0024-0000-0000-0000185BEEA3 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008987; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000258; SDB=6.01028858; UDB=6.00525678; IPR=6.00807992; MB=3.00020972; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-07 15:12:03 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18050715-0025-0000-0000-00004FDB7711 Message-Id: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-07_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805070154 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On s390, we have cryptographic coprocessor cards, which are modeled on Linux as devices on the AP bus. Each card can be partitioned into domains which can be thought of as a set of hardware registers for processing crypto commands. Crypto commands are sent to a specific domain within a card is via a queue which is identified as a (card,domain) tuple. We model this something like the following (assuming we have access to cards 3 and 4 and domains 1 and 2): AP -> card3 -> queue (3,1) -> queue (3,2) -> card4 -> queue (4,1) -> queue (4,2) If we want to virtualize this, we can use a feature provided by the hardware. We basically attach a satellite control block to our main hardware virtualization control block and the hardware takes care of most of the rest. For this control block, we don't specify explicit tuples, but a list of cards and a list of domains. The guest will get access to the cross product. Because of this, we need to take care that the lists provided to different guests don't overlap; i.e., we need to enforce sane configurations. Otherwise, one guest may get access to things like secret keys for another guest. The idea of this patch set is to introduce a new device, the matrix device. This matrix device hangs off a different root and acts as the parent node for mdev devices. If you now want to give the tuples (4,1) and (4,2), you need to do the following: - Unbind the (4,1) and (4,2) tuples from their ap bus driver. - Bind the (4,1) and (4,2) tuples to the vfio_ap driver. - Create the mediated device. - Assign card 4 and domains 1 and 2 to the mediated device QEMU will now simply consume the mediated device and things should work. For a complete description of the architecture and concepts underlying the design, see the Documentation/s390/vfio-ap.txt file included with this patch set. v4 => v5 Change log: =================== * Added code to mdev open callback to ensure not more than one vfio-ap device can be opened by a guest. * Interpret AP instructions by default * Removed patch implementing interface to enable/disable AP interpretation, since that will now be done by default * Removed patch to reset crypto attributes for ALL vcpus. That will be submitted as a single patch since it will not be needed in this series - i.e., it was called from the interface to enable/disable AP instructions * All code for initializing crypto for a guest has been moved back to kvm-s390.c, kvm_s390_crypto_init(kvm) function * Maintaining a module reference count for the vfio_ap module so it is not removed while a guest with AP devices is running. * AP bus interfaces needed by KVM that are unavailable if CONFIG_ZCRYPT=n are temporarily embedded in KVM until available statically via future patch. Tony Krowiak (13): KVM: s390: Interface to test whether APXA installed KVM: s390: refactor crypto initialization KVM: s390: CPU model support for AP virtualization s390: vfio-ap: base implementation of VFIO AP device driver s390: vfio-ap: register matrix device with VFIO mdev framework KVM: s390: interfaces to manage guest's AP matrix s390: vfio-ap: sysfs interfaces to configure adapters s390: vfio-ap: sysfs interfaces to configure domains s390: vfio-ap: sysfs interfaces to configure control domains s390: vfio-ap: sysfs interface to view matrix mdev matrix KVM: s390: implement mediated device open callback s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl s390: doc: detailed specifications for AP virtualization Documentation/s390/vfio-ap.txt | 575 +++++++++++++++++++++ MAINTAINERS | 13 + arch/s390/Kconfig | 11 + arch/s390/include/asm/kvm-ap.h | 133 +++++ arch/s390/include/asm/kvm_host.h | 5 + arch/s390/include/uapi/asm/kvm.h | 1 + arch/s390/kvm/Makefile | 2 +- arch/s390/kvm/kvm-ap.c | 263 ++++++++++ arch/s390/kvm/kvm-s390.c | 116 +++--- arch/s390/tools/gen_facilities.c | 3 + drivers/s390/crypto/Makefile | 4 + drivers/s390/crypto/vfio_ap_drv.c | 143 ++++++ drivers/s390/crypto/vfio_ap_ops.c | 906 +++++++++++++++++++++++++++++++++ drivers/s390/crypto/vfio_ap_private.h | 76 +++ include/uapi/linux/vfio.h | 2 + 15 files changed, 2194 insertions(+), 59 deletions(-) create mode 100644 Documentation/s390/vfio-ap.txt create mode 100644 arch/s390/include/asm/kvm-ap.h create mode 100644 arch/s390/kvm/kvm-ap.c create mode 100644 drivers/s390/crypto/vfio_ap_drv.c create mode 100644 drivers/s390/crypto/vfio_ap_ops.c create mode 100644 drivers/s390/crypto/vfio_ap_private.h