Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1811698imm;
        Thu, 24 May 2018 01:01:23 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZr9mhK57MalXHtxAZuL0z+jLE6EIRlYrnsE7n5gOSR/FEUXDSkDxDCYGf7J91SzsJ6qOSb6
X-Received: by 2002:a17:902:8d8d:: with SMTP id v13-v6mr6183065plo.362.1527148883345;
        Thu, 24 May 2018 01:01:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527148883; cv=none;
        d=google.com; s=arc-20160816;
        b=eErlfDXMsTPz8qdk8tHE9fGrW8ctyvnww5P4EJgKIUNXP/mwe+uUugE5My1O6kv8yH
         r0xqO8y4XEHuD3CvOvSX9TIheczhIg0+VMi5imEAR+EQBYW4y2EK228LSP6L+w3p2nRS
         kal17ME2luOwLpQ5mU1MeUy1oitImzNKTwbxafclE54zZmn711oFhCGrlgU2F2+vdrxo
         V1G5rCQuYQdzmAW5FPKghIoaq/r5Q2E0Bpj8VUl2mIjByEwya1Ny8HfXsW2KOscovkLE
         DxBz6knBJ3MqvBJsYM8otXocOu9Y78QD/MD6HqS+Q1BGV6jKpKdxXS8jOSpYgCNhT6bV
         N+aA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :from:references:cc:to:subject:reply-to:arc-authentication-results;
        bh=6WiJffozXA7BaBbQ0CXzMf1ExFlt3rYLbGkUzujjOaM=;
        b=QwpGYhTCkxP0RnEl07lkem6rYXR19lRDgOhOCcDkDNm/pe2l75MH1J8v4CWwcQTrGa
         xxv8JtBPpG4yW/d+C2vAQDw+IIFqKtyfv+zcHwSKEDMr5CR9CtLkMuR5MmTxTJ9pBiC7
         w3VsKWEUIAGaAjAMz61n05SkjbRaSP0hK2iRLyXqQ2bSlIz8JdXKVbcpIc7CtLdKAYRO
         SiDmkkD4uyMgA/kPoEeXiMsuzdZxKnsKmV0Rh3ANE+Qql1fq+qs4/opRB82zwNv3seB4
         OyGo8rhAwlV0kUokbshBfS5NSCYSkRzjDnGGQwIhGswxKzxXGviV7Y8vgjY4uc9QzlYZ
         Ga3w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u5-v6si20865686pfi.96.2018.05.24.01.00.26;
        Thu, 24 May 2018 01:01:23 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S965202AbeEXHrN (ORCPT <rfc822;jimmypw@gmail.com> + 99 others);
        Thu, 24 May 2018 03:47:13 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:55142 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S965125AbeEXHrL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 May 2018 03:47:11 -0400
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
        by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4O7hrZ8037949
        for <linux-kernel@vger.kernel.org>; Thu, 24 May 2018 03:47:10 -0400
Received: from e06smtp15.uk.ibm.com (e06smtp15.uk.ibm.com [195.75.94.111])
        by mx0b-001b2d01.pphosted.com with ESMTP id 2j5s580e17-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Thu, 24 May 2018 03:47:10 -0400
Received: from localhost
        by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <pmorel@linux.ibm.com>;
        Thu, 24 May 2018 08:47:08 +0100
Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196)
        by e06smtp15.uk.ibm.com (192.168.101.145) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Thu, 24 May 2018 08:47:00 +0100
Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232])
        by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4O7kxVR2883970;
        Thu, 24 May 2018 07:46:59 GMT
Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id AF3E952045;
        Thu, 24 May 2018 07:36:56 +0100 (BST)
Received: from [9.152.224.33] (unknown [9.152.224.33])
        by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 0CD785203F;
        Thu, 24 May 2018 07:36:56 +0100 (BST)
Reply-To: pmorel@linux.ibm.com
Subject: Re: [PATCH v5 06/13] KVM: s390: interfaces to manage guest's AP
 matrix
To:     Tony Krowiak <akrowiak@linux.vnet.ibm.com>,
        linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org
Cc:     freude@de.ibm.com, schwidefsky@de.ibm.com,
        heiko.carstens@de.ibm.com, borntraeger@de.ibm.com,
        cohuck@redhat.com, kwankhede@nvidia.com,
        bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com,
        alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com,
        alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com,
        jjherne@linux.vnet.ibm.com, thuth@redhat.com,
        pasic@linux.vnet.ibm.com, berrange@redhat.com,
        fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com
References: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com>
 <1525705912-12815-7-git-send-email-akrowiak@linux.vnet.ibm.com>
 <f2646170-1aaf-8447-4c02-0679909d754f@linux.ibm.com>
 <a9206728-2673-c8de-851b-323027a398fa@linux.vnet.ibm.com>
 <f8c88504-55dc-99a8-90a1-2ddf63a20091@linux.ibm.com>
 <13331f80-8821-6de3-ca29-7a3ea869e4f1@linux.vnet.ibm.com>
 <1891f565-284f-ab30-ebc7-8fef85b5fba7@linux.ibm.com>
 <a02a8fa0-9b05-41cf-4507-d4540b279247@linux.vnet.ibm.com>
 <2ae0b04a-f091-6c06-dc07-b6fa265b484a@linux.ibm.com>
 <3e9035ce-0b41-f01e-526e-3ae3d3aba6b5@linux.vnet.ibm.com>
From:   Pierre Morel <pmorel@linux.ibm.com>
Date:   Thu, 24 May 2018 09:46:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <3e9035ce-0b41-f01e-526e-3ae3d3aba6b5@linux.vnet.ibm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-TM-AS-GCONF: 00
x-cbid: 18052407-0020-0000-0000-00000420B7FE
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18052407-0021-0000-0000-000042B5F9E3
Message-Id: <948007c6-c5bd-c828-c7d8-7c9c6ceb286b@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-24_02:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1805240095
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 23/05/2018 16:29, Tony Krowiak wrote:
> On 05/18/2018 04:55 AM, Pierre Morel wrote:
>> On 16/05/2018 15:48, Tony Krowiak wrote:
>>> On 05/16/2018 09:15 AM, Pierre Morel wrote:
>>>> On 16/05/2018 15:12, Tony Krowiak wrote:
>>>>> On 05/16/2018 03:48 AM, Pierre Morel wrote:
>>>>>> On 15/05/2018 18:07, Tony Krowiak wrote:
>>>>>>> On 05/15/2018 10:55 AM, Pierre Morel wrote:
>>>>>>>> On 07/05/2018 17:11, Tony Krowiak wrote:
>>>>>>>>> Provides interfaces to manage the AP adapters, usage domains
>>>>>>>>> and control domains assigned to a KVM guest.
>>>>>>>>>
>>>>>>>>> The guest's SIE state description has a satellite structure 
>>>>>>>>> called the
>>>>>>>>> Crypto Control Block (CRYCB) containing three bitmask fields
>>>>>>>>> identifying the adapters, queues (domains) and control domains
>>>>>>>>> assigned to the KVM guest:
>>>>>>>>>
>>>>>> ...snip...
>>>>>>>>> +}
>>>>>>>>
>>>>>>>> This function (ap_validate_queue_sharing) only verifies that VM 
>>>>>>>> don't share queues.
>>>>>>>> What about the queues used by a host application?
>>>>>>>
>>>>>>> How can that be verified from this function? I suppose I could 
>>>>>>> put a check in here to
>>>>>>> verify that the queues are reserved by the vfio_ap device 
>>>>>>> driver, but that would
>>>>>>> be redundant because an AP queue can not be assigned to a 
>>>>>>> mediated matrix device
>>>>>>> via its sysfs attributes unless it is reserved by the vfio_ap 
>>>>>>> device driver (see
>>>>>>> patches 7, 8 and 9).
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I understand that you want to implement  these checks within 
>>>>>>>> KVM but this is
>>>>>>>> related to which queue devices are bound to the matrix and 
>>>>>>>> which one are not.
>>>>>>>
>>>>>>> See my comments above and below about AP queue assignment to the 
>>>>>>> mediated matrix
>>>>>>> device. The one verification we can't do when the devices are 
>>>>>>> assigned is whether
>>>>>>> another guest is using the queue because assignment occurs 
>>>>>>> before the guest using
>>>>>>> the queue is started in which case we have no access to KVM. It 
>>>>>>> makes no sense to
>>>>>>> do so at assignment time anyway because it doesn't matter until 
>>>>>>> the guest using
>>>>>>> the mediated matrix device is started, so that check is done in 
>>>>>>> KVM.
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I think that this should be related somehow to the bounded 
>>>>>>>> queue devices and
>>>>>>>> therefor implemented inside the matrix driver.
>>>>>>>
>>>>>>> As I stated above, when an AP queue is assigned to the mediated 
>>>>>>> matrix device via
>>>>>>> its sysfs attributes, a check is done to verify that it is bound 
>>>>>>> to the vfio_ap
>>>>>>> device driver (see patches 7, 8 and 9). If not, then assignment 
>>>>>>> will be rejected;
>>>>>>> therefore, it will not be possible to configure a CRYCB with AP 
>>>>>>> queues that are
>>>>>>> not bound to the device driver.
>>>>>>
>>>>>> This patch and te followed patches take care that the queues are 
>>>>>> bound to the
>>>>>> matrix driver when they are assigned to the matrix using the 
>>>>>> sysfs entries.
>>>>>>
>>>>>> But they do not take care that the queue can not be unbound 
>>>>>> before you start
>>>>>> the guest, and they are not in the path if the admin decide to 
>>>>>> unbind a queue
>>>>>> at some later time.
>>>>>
>>>>> That is a good point. I need to put a check in the device driver 
>>>>> at the time
>>>>> the mediated device fd is opened to verify that the queues being 
>>>>> configured in
>>>>> the guest's CRYCB are bound to the driver.
>>>>
>>>> not only, you also need to avoid the possibility of unbinding the 
>>>> device.
>>>> For this you need to use the remove callback from the driver.
>>>
>>> I thought I addressed this already. The definition of the remove 
>>> callback does
>>> not specify a return value, so there is currently no way to prevent 
>>> the AP bus
>>> from removing the queue device on unbind. I sent an email to Harald 
>>> to discuss
>>> adding a return value to the callback.
>>
>> If you can not prevent the unbinding you must remove
>> the according bits in the matrix.
>
> In which matrix? The bits in the matrix configured via the mediated 
> matrix device's
> sysfs attributes files? The bits in the guest's CRYCB? If the latter, 
> then what happens
> to in-process crypto transactions on the guest? Wouldn't this 
> essentially be like a hot
> unplug of the device from the guest?

Obviously from the CRYCB so that the guest do not access to the AP queues
belonging to the AP card anymore.

>
>>
>>
>>>
>>>>
>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Pierre
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

-- 
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany