Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1658055imm; Wed, 16 May 2018 00:49:34 -0700 (PDT) X-Google-Smtp-Source: AB8JxZovrCe9Y59fU9G60MEWznoQSOGOX6auGRx85bd74yLsTO/FNJuLcoMrGtoJM6t4bvAdRcCG X-Received: by 2002:a62:62c2:: with SMTP id w185-v6mr18710846pfb.78.1526456974843; Wed, 16 May 2018 00:49:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526456974; cv=none; d=google.com; s=arc-20160816; b=feva6jTwpXU2NAnqZN5bJeh18sjBW/oOXjzhAVYHQb3yjhftoTcK2URIpToObmcUr/ RBPnck8SW6qobdfIaK/5hHlYEHWAySAYvv7dWD6Jsr6NeSufZJ+DQEteLDIm7KTu3biw 6gt1YGmBd9eDbknmkVvND2iCPByry/hN+cJHamXHK6hGY1xy8yxmbffsV5RsHb0ETB7P u90qB6d7mZjatqJL5U0t5jTMfFBkPGIXDKOyFLMFJXaZYkZblMdxDaBeST8YV7p8UK3R H/QGuzSSapKvdmN9R86tSu6m5emv8VhL1ksLa9ldkkECsZQa4TEv1qjBwRLJkTXqqTrn vL/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:reply-to:arc-authentication-results; bh=uhlBb4zzjGw6tcomcwPJszOTx++v2F2QCeB4sEQlY6A=; b=SmDn/FgB9kkxOofAMTIkcPplvp7QvMmdynrtbEIM1dfxjAM/45MbD0fqH8E4+XDUb2 TQmse/uAnfhm++jIBkvkU9zEqwoouKn9F5N8thUgbQhVbSI6qAa+5rEYWw5w8i3eaTWM TBU9bqZ/uT+5UI/IscjMeFMyc8M4GOOX7RBCfgEVpPqJsqhUeIeNYQg0ZyeGHtgW14aC mDfKC7DqM00H5z3Nd+wF1msAmuv8n0FzrLXdxBGlHXlBzidciAlkG+h3RbEgpbW+SgKm V5FNRn1ce8MuGfGRK8leLa90FJ2vkvbm896jGwVKA3SPgINAegdvZGkmIv2XOZWOYt5U d4Gg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n3-v6si1628327pgr.342.2018.05.16.00.49.20; Wed, 16 May 2018 00:49:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752669AbeEPHtD (ORCPT + 99 others); Wed, 16 May 2018 03:49:03 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:40186 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751786AbeEPHtB (ORCPT ); Wed, 16 May 2018 03:49:01 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4G7jr1B123495 for ; Wed, 16 May 2018 03:49:01 -0400 Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110]) by mx0a-001b2d01.pphosted.com with ESMTP id 2j0fusa9ek-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 May 2018 03:49:00 -0400 Received: from localhost by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 16 May 2018 08:48:58 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 16 May 2018 08:48:54 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4G7mqfF64815112; Wed, 16 May 2018 07:48:52 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9825411C052; Wed, 16 May 2018 08:40:08 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CCFEC11C04C; Wed, 16 May 2018 08:40:07 +0100 (BST) Received: from [9.152.224.33] (unknown [9.152.224.33]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 May 2018 08:40:07 +0100 (BST) Reply-To: pmorel@linux.ibm.com Subject: Re: [PATCH v5 06/13] KVM: s390: interfaces to manage guest's AP matrix To: Tony Krowiak , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1525705912-12815-7-git-send-email-akrowiak@linux.vnet.ibm.com> From: Pierre Morel Date: Wed, 16 May 2018 09:48:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18051607-0044-0000-0000-00000552F38B X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18051607-0045-0000-0000-000028945EF5 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-16_03:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805160079 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15/05/2018 18:07, Tony Krowiak wrote: > On 05/15/2018 10:55 AM, Pierre Morel wrote: >> On 07/05/2018 17:11, Tony Krowiak wrote: >>> Provides interfaces to manage the AP adapters, usage domains >>> and control domains assigned to a KVM guest. >>> >>> The guest's SIE state description has a satellite structure called the >>> Crypto Control Block (CRYCB) containing three bitmask fields >>> identifying the adapters, queues (domains) and control domains >>> assigned to the KVM guest: >>> ...snip... >>> +} >> >> This function (ap_validate_queue_sharing) only verifies that VM don't >> share queues. >> What about the queues used by a host application? > > How can that be verified from this function? I suppose I could put a > check in here to > verify that the queues are reserved by the vfio_ap device driver, but > that would > be redundant because an AP queue can not be assigned to a mediated > matrix device > via its sysfs attributes unless it is reserved by the vfio_ap device > driver (see > patches 7, 8 and 9). > >> >> >> I understand that you want to implement  these checks within KVM but >> this is >> related to which queue devices are bound to the matrix and which one >> are not. > > See my comments above and below about AP queue assignment to the > mediated matrix > device. The one verification we can't do when the devices are assigned > is whether > another guest is using the queue because assignment occurs before the > guest using > the queue is started in which case we have no access to KVM. It makes > no sense to > do so at assignment time anyway because it doesn't matter until the > guest using > the mediated matrix device is started, so that check is done in KVM. > >> >> >> I think that this should be related somehow to the bounded queue >> devices and >> therefor implemented inside the matrix driver. > > As I stated above, when an AP queue is assigned to the mediated matrix > device via > its sysfs attributes, a check is done to verify that it is bound to > the vfio_ap > device driver (see patches 7, 8 and 9). If not, then assignment will > be rejected; > therefore, it will not be possible to configure a CRYCB with AP queues > that are > not bound to the device driver. This patch and te followed patches take care that the queues are bound to the matrix driver when they are assigned to the matrix using the sysfs entries. But they do not take care that the queue can not be unbound before you start the guest, and they are not in the path if the admin decide to unbind a queue at some later time. > >> >> >> Regards, >> >> Pierre >> > -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany