Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2087386imm; Wed, 16 May 2018 07:42:24 -0700 (PDT) X-Google-Smtp-Source: AB8JxZp7Z64Kr+YKvJX9iyioT8AaVWoIql+VI3HncHcirdEBQxIu0QW1jn3kzSNrWj9oE7iTVeKG X-Received: by 2002:a17:902:bd0a:: with SMTP id p10-v6mr1240512pls.69.1526481744164; Wed, 16 May 2018 07:42:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526481744; cv=none; d=google.com; s=arc-20160816; b=XXsMKDQHh3Y+DZq4ae0+Luboyx29Aex7r0ILkoVhQc9sDqKfPMx0IT26gHsvAqXxuh v/ytYZAg/CrXqphTHq0VQRo/OStmLZ0PlEsVb0Bupmt5F4wkOWZ36clEqPu7lsMij4Ae f3D6Rj40ZX0mEdDCNuTCl8f2G86xRO1Ozygk85TjglztEKFwceJ3H6/QBUOq53Ghf4oT 7X27R9zpg2I/mwDuyPAOGAFt+Mii/FxW2yMG2BK7tTNXWTlwEw4qLqCd7/yUdI4ZTOdQ JaLQUq696U0ajX+4cUNCYikrRDOblTn+nYu3oSf81AMqrRbSe5xWPXnI38IA+X3l8fSl Xhhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:reply-to:arc-authentication-results; bh=FPgBc/uWG0kmgUJXp86vF9zuNMCQdGa4VgcN6ErGhUE=; b=XUfNPQzt8q6TkgbdHgHjJNDPhoOGg1VXobOeDGACWgK+bTuzvy/Ig3boNEFkn/oV2B 9Z4+e3uDUXHE4KHxd4h2Tboh/dSWSf4F33NeDaVOsa5eqFHH4NbuyiP5K0tE6p11SfkF ZEtASrJOa//rBgSgYDVxiXdtfv5UsHIEHwQALT59vnNk1Er2qZmFk6xiibYWZJlCBI4t HW/dXyrrr0a7c6uaM1WfRADzKgslX4w99tI+kh9gNVWsk73EqXA6szvola4vMpYm1ehE TqnjVUfa5ZoGRm3QhdRL3RFFWoWYejzTgopudQbRY9bjase5LbJQKEUFpqD+akibI445 YQbQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r10-v6si2000576pgv.499.2018.05.16.07.42.09; Wed, 16 May 2018 07:42:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751013AbeEPOlw (ORCPT + 99 others); Wed, 16 May 2018 10:41:52 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:36150 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750835AbeEPOlu (ORCPT ); Wed, 16 May 2018 10:41:50 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4GEduXh041968 for ; Wed, 16 May 2018 10:41:50 -0400 Received: from e06smtp13.uk.ibm.com (e06smtp13.uk.ibm.com [195.75.94.109]) by mx0a-001b2d01.pphosted.com with ESMTP id 2j0kc4j7wd-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 May 2018 10:41:49 -0400 Received: from localhost by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 16 May 2018 15:41:47 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp13.uk.ibm.com (192.168.101.143) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 16 May 2018 15:41:43 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4GEfg9A10486132; Wed, 16 May 2018 14:41:42 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6AD16AE051; Wed, 16 May 2018 15:31:02 +0100 (BST) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 930CFAE045; Wed, 16 May 2018 15:31:01 +0100 (BST) Received: from [9.152.224.33] (unknown [9.152.224.33]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 May 2018 15:31:01 +0100 (BST) Reply-To: pmorel@linux.ibm.com Subject: Re: [PATCH v5 06/13] KVM: s390: interfaces to manage guest's AP matrix To: Tony Krowiak , Halil Pasic , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1525705912-12815-7-git-send-email-akrowiak@linux.vnet.ibm.com> From: Pierre Morel Date: Wed, 16 May 2018 16:41:41 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18051614-0012-0000-0000-000005D736FC X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18051614-0013-0000-0000-000019545C95 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-16_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805160149 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 16/05/2018 16:29, Tony Krowiak wrote: > On 05/11/2018 12:08 PM, Halil Pasic wrote: >> >> >> On 05/07/2018 05:11 PM, Tony Krowiak wrote: >>> Provides interfaces to manage the AP adapters, usage domains >>> and control domains assigned to a KVM guest. >>> >>> The guest's SIE state description has a satellite structure called the >>> Crypto Control Block (CRYCB) containing three bitmask fields >>> identifying the adapters, queues (domains) and control domains >>> assigned to the KVM guest: >> >> [..] >> >>> index 00bcfb0..98b53c7 100644 >>> --- a/arch/s390/kvm/kvm-ap.c >>> +++ b/arch/s390/kvm/kvm-ap.c >>> @@ -7,6 +7,7 @@ >> >> [..] >> >>> + >>> +/** >>> + * kvm_ap_validate_queue_sharing >>> + * >>> + * Verifies that the APQNs derived from the cross product of the AP >>> adapter IDs >>> + * and AP queue indexes comprising the AP matrix are not configured >>> for >>> + * another guest. AP queue sharing is not allowed. >>> + * >>> + * @kvm: the KVM guest >>> + * @matrix: the AP matrix >>> + * >>> + * Returns 0 if the APQNs are valid, otherwise; returns -EBUSY. >>> + */ >>> +static int kvm_ap_validate_queue_sharing(struct kvm *kvm, >>> +                     struct kvm_ap_matrix *matrix) >>> +{ >>> +    struct kvm *vm; >>> +    unsigned long *apm, *aqm; >>> +    unsigned long apid, apqi; >>> + >>> + >>> +    /* No other VM may share an AP Queue with the input VM */ >>> +    list_for_each_entry(vm, &vm_list, vm_list) { >>> +        if (kvm == vm) >>> +            continue; >>> + >>> +        apm = kvm_ap_get_crycb_apm(vm); >>> +        if (!bitmap_and(apm, apm, matrix->apm, matrix->apm_max + 1)) >>> +            continue; >>> + >>> +        aqm = kvm_ap_get_crycb_aqm(vm); >>> +        if (!bitmap_and(aqm, aqm, matrix->aqm, matrix->aqm_max + 1)) >>> +            continue; >>> + >>> +        for_each_set_bit_inv(apid, apm, matrix->apm_max + 1) >>> +            for_each_set_bit_inv(apqi, aqm, matrix->aqm_max + 1) >>> +                kvm_ap_log_sharing_err(vm, apid, apqi); >>> + >>> +        return -EBUSY; >>> +    } >>> + >>> +    return 0; >>> +} >>> + >>> +int kvm_ap_configure_matrix(struct kvm *kvm, struct kvm_ap_matrix >>> *matrix) >>> +{ >>> +    int ret = 0; >>> + >>> +    mutex_lock(&kvm->lock); >> >> You seem to take only kvm->lock, vm_list however (used in >> kvm_ap_validate_queue_sharing()) seems to be protected by >> kvm_lock. >> >> Can you tell me why is this supposed to be safe? >> >> What is supposed to prevent an execution like >> vm1: call kvm_ap_configure_matrix(m1) >> vm2: call kvm_ap_configure_matrix(m2) >> vm1: call kvm_ap_validate_queue_sharing(m1) >> vm2: call kvm_ap_validate_queue_sharing(m2) >> vm1: call kvm_ap_set_crycb_masks(m1) >> vm2: call kvm_ap_set_crycb_masks(m2) >> >> where, let's say, m1 and m2 are equal in the sense that the >> mask values are the same? > > vm1 will get the kvm->lock first in your scenario when > kvm_ap_configure_matrix(m1) is invoked. Since the other > functions - i.e., kvm_ap_validate_queue_sharing(m1) and > kvm_ap_set_crycb_masks(m1) - are static and only called > from the kvm_ap_configure_matrix(m1), your scenario > can never happen because vm2 will not get the lock until > kvm_ap_configure_matrix(m1) has completed. I see your > point, however, and maybe I should also acquire the kvm_lock. AFAIU the locks you are talking about are KVM specific but the example from Halil use two different VM, i.e. two different locks are used and vm2 never wait for vw1. > >> >> >> Regards, >> Halil >> >>> + >>> +    ret = kvm_ap_validate_queue_sharing(kvm, matrix); >>> +    if (ret) >>> +        goto done; >>> + >>> +    kvm_ap_set_crycb_masks(kvm, matrix); >>> + >>> +done: >>> +    mutex_unlock(&kvm->lock); >>> + >>> +    return ret; >>> +} >>> +EXPORT_SYMBOL(kvm_ap_configure_matrix); >>> + > > -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany