Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp916197imm; Wed, 23 May 2018 07:29:56 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrbHlgb61d8CBgzRvMnhoO2Qv1jR5tq/NRAv12d3yNP6RKVtW6qO3I409bAI/uq0ytr2Cvn X-Received: by 2002:a17:902:164:: with SMTP id 91-v6mr3249215plb.134.1527085796058; Wed, 23 May 2018 07:29:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527085796; cv=none; d=google.com; s=arc-20160816; b=pF54Hzo53RdWZHFCrx5dwsur2yUiBVPs0UTL03YEb2fdNT3Qv8LRkqwGhYv6nRl+CA KPRP7sPwe1hJjGMi/KWpPvXhtPs4Q1odbuzVOyJebpdoC+8Es2qniupPUvejHUgSOwtP oCDEltwuUPasqH389I+sKAaDuqwDT8LCx0QhJiZDysmaoPNxCxvFeM3J1GhK1RYl1ePX SX6Q7X/JQyGc6kM94p+2MxUXLrT3zY0AKlmqjbpzXL1P0Wqu8bo08Xe26XlSJ3a+S1/A sm0BlLmAqw2nCPvZwp7iMnTD1ndxhLhWTuN8EdqA6PMOq7tr+C2ips02Zy5bf9awQz8p +5Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:to:subject:cc:arc-authentication-results; bh=VZkXC3TBXIixPJ97kI1gbbP+aYFn2pjhANH1KKybeeI=; b=h0Js89+M8OfDvhC3vq0/5m9oGejJiNzFVQNgXe6xlSdBpzjiZpaPIUzhyNeVF2/fe/ /OStlNw0JK0Q6gCHrkBSCFLu4MzQI0vXhQVr8aAXFy4rygMI1K/2OU4BRlgR+NIhkx4v 1lj62bjwNp2QytxYR4WJkqPRY8WNZMCxKbA3EeZvIrdJJYFSeRrECxebwVZ6N5l9LKvg pwLdqj50o/SRx91vPMtLsTgjhUeic7zL5RDMlOddfngIBIFojH1Kr4oi8EDOM91plLYB +YCNXlyknETcyIMU/6GvpSlXcGGXDh7x+cPwTtFhW5clB2UojcPGpYMMbrmCZtA45GTy D+DQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 11-v6si19048356plc.466.2018.05.23.07.29.41; Wed, 23 May 2018 07:29:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933149AbeEWO3c (ORCPT + 99 others); Wed, 23 May 2018 10:29:32 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:35012 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754327AbeEWO3a (ORCPT ); Wed, 23 May 2018 10:29:30 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4NETQg1046808 for ; Wed, 23 May 2018 10:29:30 -0400 Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) by mx0b-001b2d01.pphosted.com with ESMTP id 2j57wkqrtg-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 23 May 2018 10:29:27 -0400 Received: from localhost by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 23 May 2018 08:29:21 -0600 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 23 May 2018 08:29:17 -0600 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4NETFOt12058944; Wed, 23 May 2018 07:29:15 -0700 Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 09B727805C; Wed, 23 May 2018 08:29:15 -0600 (MDT) Received: from oc8043147753.ibm.com (unknown [9.85.159.1]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id 0422178056; Wed, 23 May 2018 08:29:11 -0600 (MDT) Cc: akrowiak@linux.vnet.ibm.com, freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com Subject: Re: [PATCH v5 06/13] KVM: s390: interfaces to manage guest's AP matrix To: pmorel@linux.ibm.com, linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1525705912-12815-7-git-send-email-akrowiak@linux.vnet.ibm.com> <13331f80-8821-6de3-ca29-7a3ea869e4f1@linux.vnet.ibm.com> <1891f565-284f-ab30-ebc7-8fef85b5fba7@linux.ibm.com> <2ae0b04a-f091-6c06-dc07-b6fa265b484a@linux.ibm.com> From: Tony Krowiak Date: Wed, 23 May 2018 10:29:11 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <2ae0b04a-f091-6c06-dc07-b6fa265b484a@linux.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18052314-0020-0000-0000-00000DFEABF4 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00009072; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000261; SDB=6.01036522; UDB=6.00530260; IPR=6.00815649; MB=3.00021258; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-23 14:29:19 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18052314-0021-0000-0000-0000618679DC Message-Id: <3e9035ce-0b41-f01e-526e-3ae3d3aba6b5@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-23_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805230147 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/18/2018 04:55 AM, Pierre Morel wrote: > On 16/05/2018 15:48, Tony Krowiak wrote: >> On 05/16/2018 09:15 AM, Pierre Morel wrote: >>> On 16/05/2018 15:12, Tony Krowiak wrote: >>>> On 05/16/2018 03:48 AM, Pierre Morel wrote: >>>>> On 15/05/2018 18:07, Tony Krowiak wrote: >>>>>> On 05/15/2018 10:55 AM, Pierre Morel wrote: >>>>>>> On 07/05/2018 17:11, Tony Krowiak wrote: >>>>>>>> Provides interfaces to manage the AP adapters, usage domains >>>>>>>> and control domains assigned to a KVM guest. >>>>>>>> >>>>>>>> The guest's SIE state description has a satellite structure >>>>>>>> called the >>>>>>>> Crypto Control Block (CRYCB) containing three bitmask fields >>>>>>>> identifying the adapters, queues (domains) and control domains >>>>>>>> assigned to the KVM guest: >>>>>>>> >>>>> ...snip... >>>>>>>> +} >>>>>>> >>>>>>> This function (ap_validate_queue_sharing) only verifies that VM >>>>>>> don't share queues. >>>>>>> What about the queues used by a host application? >>>>>> >>>>>> How can that be verified from this function? I suppose I could >>>>>> put a check in here to >>>>>> verify that the queues are reserved by the vfio_ap device driver, >>>>>> but that would >>>>>> be redundant because an AP queue can not be assigned to a >>>>>> mediated matrix device >>>>>> via its sysfs attributes unless it is reserved by the vfio_ap >>>>>> device driver (see >>>>>> patches 7, 8 and 9). >>>>>> >>>>>>> >>>>>>> >>>>>>> I understand that you want to implement these checks within KVM >>>>>>> but this is >>>>>>> related to which queue devices are bound to the matrix and which >>>>>>> one are not. >>>>>> >>>>>> See my comments above and below about AP queue assignment to the >>>>>> mediated matrix >>>>>> device. The one verification we can't do when the devices are >>>>>> assigned is whether >>>>>> another guest is using the queue because assignment occurs before >>>>>> the guest using >>>>>> the queue is started in which case we have no access to KVM. It >>>>>> makes no sense to >>>>>> do so at assignment time anyway because it doesn't matter until >>>>>> the guest using >>>>>> the mediated matrix device is started, so that check is done in KVM. >>>>>> >>>>>>> >>>>>>> >>>>>>> I think that this should be related somehow to the bounded queue >>>>>>> devices and >>>>>>> therefor implemented inside the matrix driver. >>>>>> >>>>>> As I stated above, when an AP queue is assigned to the mediated >>>>>> matrix device via >>>>>> its sysfs attributes, a check is done to verify that it is bound >>>>>> to the vfio_ap >>>>>> device driver (see patches 7, 8 and 9). If not, then assignment >>>>>> will be rejected; >>>>>> therefore, it will not be possible to configure a CRYCB with AP >>>>>> queues that are >>>>>> not bound to the device driver. >>>>> >>>>> This patch and te followed patches take care that the queues are >>>>> bound to the >>>>> matrix driver when they are assigned to the matrix using the sysfs >>>>> entries. >>>>> >>>>> But they do not take care that the queue can not be unbound before >>>>> you start >>>>> the guest, and they are not in the path if the admin decide to >>>>> unbind a queue >>>>> at some later time. >>>> >>>> That is a good point. I need to put a check in the device driver at >>>> the time >>>> the mediated device fd is opened to verify that the queues being >>>> configured in >>>> the guest's CRYCB are bound to the driver. >>> >>> not only, you also need to avoid the possibility of unbinding the >>> device. >>> For this you need to use the remove callback from the driver. >> >> I thought I addressed this already. The definition of the remove >> callback does >> not specify a return value, so there is currently no way to prevent >> the AP bus >> from removing the queue device on unbind. I sent an email to Harald >> to discuss >> adding a return value to the callback. > > If you can not prevent the unbinding you must remove > the according bits in the matrix. In which matrix? The bits in the matrix configured via the mediated matrix device's sysfs attributes files? The bits in the guest's CRYCB? If the latter, then what happens to in-process crypto transactions on the guest? Wouldn't this essentially be like a hot unplug of the device from the guest? > > >> >>> >>> >>>> >>>>> >>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Pierre >>>>>>> >>>>>> >>>>> >>>> >>> >> >