Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1811698imm; Thu, 24 May 2018 01:01:23 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr9mhK57MalXHtxAZuL0z+jLE6EIRlYrnsE7n5gOSR/FEUXDSkDxDCYGf7J91SzsJ6qOSb6 X-Received: by 2002:a17:902:8d8d:: with SMTP id v13-v6mr6183065plo.362.1527148883345; Thu, 24 May 2018 01:01:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527148883; cv=none; d=google.com; s=arc-20160816; b=eErlfDXMsTPz8qdk8tHE9fGrW8ctyvnww5P4EJgKIUNXP/mwe+uUugE5My1O6kv8yH r0xqO8y4XEHuD3CvOvSX9TIheczhIg0+VMi5imEAR+EQBYW4y2EK228LSP6L+w3p2nRS kal17ME2luOwLpQ5mU1MeUy1oitImzNKTwbxafclE54zZmn711oFhCGrlgU2F2+vdrxo V1G5rCQuYQdzmAW5FPKghIoaq/r5Q2E0Bpj8VUl2mIjByEwya1Ny8HfXsW2KOscovkLE DxBz6knBJ3MqvBJsYM8otXocOu9Y78QD/MD6HqS+Q1BGV6jKpKdxXS8jOSpYgCNhT6bV N+aA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:reply-to:arc-authentication-results; bh=6WiJffozXA7BaBbQ0CXzMf1ExFlt3rYLbGkUzujjOaM=; b=QwpGYhTCkxP0RnEl07lkem6rYXR19lRDgOhOCcDkDNm/pe2l75MH1J8v4CWwcQTrGa xxv8JtBPpG4yW/d+C2vAQDw+IIFqKtyfv+zcHwSKEDMr5CR9CtLkMuR5MmTxTJ9pBiC7 w3VsKWEUIAGaAjAMz61n05SkjbRaSP0hK2iRLyXqQ2bSlIz8JdXKVbcpIc7CtLdKAYRO SiDmkkD4uyMgA/kPoEeXiMsuzdZxKnsKmV0Rh3ANE+Qql1fq+qs4/opRB82zwNv3seB4 OyGo8rhAwlV0kUokbshBfS5NSCYSkRzjDnGGQwIhGswxKzxXGviV7Y8vgjY4uc9QzlYZ Ga3w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u5-v6si20865686pfi.96.2018.05.24.01.00.26; Thu, 24 May 2018 01:01:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965202AbeEXHrN (ORCPT + 99 others); Thu, 24 May 2018 03:47:13 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:55142 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S965125AbeEXHrL (ORCPT ); Thu, 24 May 2018 03:47:11 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4O7hrZ8037949 for ; Thu, 24 May 2018 03:47:10 -0400 Received: from e06smtp15.uk.ibm.com (e06smtp15.uk.ibm.com [195.75.94.111]) by mx0b-001b2d01.pphosted.com with ESMTP id 2j5s580e17-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 24 May 2018 03:47:10 -0400 Received: from localhost by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 24 May 2018 08:47:08 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp15.uk.ibm.com (192.168.101.145) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 24 May 2018 08:47:00 +0100 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4O7kxVR2883970; Thu, 24 May 2018 07:46:59 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AF3E952045; Thu, 24 May 2018 07:36:56 +0100 (BST) Received: from [9.152.224.33] (unknown [9.152.224.33]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 0CD785203F; Thu, 24 May 2018 07:36:56 +0100 (BST) Reply-To: pmorel@linux.ibm.com Subject: Re: [PATCH v5 06/13] KVM: s390: interfaces to manage guest's AP matrix To: Tony Krowiak , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1525705912-12815-7-git-send-email-akrowiak@linux.vnet.ibm.com> <13331f80-8821-6de3-ca29-7a3ea869e4f1@linux.vnet.ibm.com> <1891f565-284f-ab30-ebc7-8fef85b5fba7@linux.ibm.com> <2ae0b04a-f091-6c06-dc07-b6fa265b484a@linux.ibm.com> <3e9035ce-0b41-f01e-526e-3ae3d3aba6b5@linux.vnet.ibm.com> From: Pierre Morel Date: Thu, 24 May 2018 09:46:58 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <3e9035ce-0b41-f01e-526e-3ae3d3aba6b5@linux.vnet.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18052407-0020-0000-0000-00000420B7FE X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18052407-0021-0000-0000-000042B5F9E3 Message-Id: <948007c6-c5bd-c828-c7d8-7c9c6ceb286b@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-24_02:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805240095 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 23/05/2018 16:29, Tony Krowiak wrote: > On 05/18/2018 04:55 AM, Pierre Morel wrote: >> On 16/05/2018 15:48, Tony Krowiak wrote: >>> On 05/16/2018 09:15 AM, Pierre Morel wrote: >>>> On 16/05/2018 15:12, Tony Krowiak wrote: >>>>> On 05/16/2018 03:48 AM, Pierre Morel wrote: >>>>>> On 15/05/2018 18:07, Tony Krowiak wrote: >>>>>>> On 05/15/2018 10:55 AM, Pierre Morel wrote: >>>>>>>> On 07/05/2018 17:11, Tony Krowiak wrote: >>>>>>>>> Provides interfaces to manage the AP adapters, usage domains >>>>>>>>> and control domains assigned to a KVM guest. >>>>>>>>> >>>>>>>>> The guest's SIE state description has a satellite structure >>>>>>>>> called the >>>>>>>>> Crypto Control Block (CRYCB) containing three bitmask fields >>>>>>>>> identifying the adapters, queues (domains) and control domains >>>>>>>>> assigned to the KVM guest: >>>>>>>>> >>>>>> ...snip... >>>>>>>>> +} >>>>>>>> >>>>>>>> This function (ap_validate_queue_sharing) only verifies that VM >>>>>>>> don't share queues. >>>>>>>> What about the queues used by a host application? >>>>>>> >>>>>>> How can that be verified from this function? I suppose I could >>>>>>> put a check in here to >>>>>>> verify that the queues are reserved by the vfio_ap device >>>>>>> driver, but that would >>>>>>> be redundant because an AP queue can not be assigned to a >>>>>>> mediated matrix device >>>>>>> via its sysfs attributes unless it is reserved by the vfio_ap >>>>>>> device driver (see >>>>>>> patches 7, 8 and 9). >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> I understand that you want to implement  these checks within >>>>>>>> KVM but this is >>>>>>>> related to which queue devices are bound to the matrix and >>>>>>>> which one are not. >>>>>>> >>>>>>> See my comments above and below about AP queue assignment to the >>>>>>> mediated matrix >>>>>>> device. The one verification we can't do when the devices are >>>>>>> assigned is whether >>>>>>> another guest is using the queue because assignment occurs >>>>>>> before the guest using >>>>>>> the queue is started in which case we have no access to KVM. It >>>>>>> makes no sense to >>>>>>> do so at assignment time anyway because it doesn't matter until >>>>>>> the guest using >>>>>>> the mediated matrix device is started, so that check is done in >>>>>>> KVM. >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> I think that this should be related somehow to the bounded >>>>>>>> queue devices and >>>>>>>> therefor implemented inside the matrix driver. >>>>>>> >>>>>>> As I stated above, when an AP queue is assigned to the mediated >>>>>>> matrix device via >>>>>>> its sysfs attributes, a check is done to verify that it is bound >>>>>>> to the vfio_ap >>>>>>> device driver (see patches 7, 8 and 9). If not, then assignment >>>>>>> will be rejected; >>>>>>> therefore, it will not be possible to configure a CRYCB with AP >>>>>>> queues that are >>>>>>> not bound to the device driver. >>>>>> >>>>>> This patch and te followed patches take care that the queues are >>>>>> bound to the >>>>>> matrix driver when they are assigned to the matrix using the >>>>>> sysfs entries. >>>>>> >>>>>> But they do not take care that the queue can not be unbound >>>>>> before you start >>>>>> the guest, and they are not in the path if the admin decide to >>>>>> unbind a queue >>>>>> at some later time. >>>>> >>>>> That is a good point. I need to put a check in the device driver >>>>> at the time >>>>> the mediated device fd is opened to verify that the queues being >>>>> configured in >>>>> the guest's CRYCB are bound to the driver. >>>> >>>> not only, you also need to avoid the possibility of unbinding the >>>> device. >>>> For this you need to use the remove callback from the driver. >>> >>> I thought I addressed this already. The definition of the remove >>> callback does >>> not specify a return value, so there is currently no way to prevent >>> the AP bus >>> from removing the queue device on unbind. I sent an email to Harald >>> to discuss >>> adding a return value to the callback. >> >> If you can not prevent the unbinding you must remove >> the according bits in the matrix. > > In which matrix? The bits in the matrix configured via the mediated > matrix device's > sysfs attributes files? The bits in the guest's CRYCB? If the latter, > then what happens > to in-process crypto transactions on the guest? Wouldn't this > essentially be like a hot > unplug of the device from the guest? Obviously from the CRYCB so that the guest do not access to the AP queues belonging to the AP card anymore. > >> >> >>> >>>> >>>> >>>>> >>>>>> >>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>> Pierre >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany