Received: by 2002:a25:5b86:0:0:0:0:0 with SMTP id p128csp1318227ybb; Fri, 29 Mar 2019 02:01:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqzG3ISjV3xeqtypSP2vrI+6u8/qrJgs8Jq+SJ9kziSKbsTRnuSmA4YemuzOVKaXoXztyOm5 X-Received: by 2002:a63:2a8f:: with SMTP id q137mr44248133pgq.31.1553850064144; Fri, 29 Mar 2019 02:01:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553850064; cv=none; d=google.com; s=arc-20160816; b=SYUHyXY1kUe3dGaXL2oNquQ1VqEneDDfOv0cH6/80xIf8zfIQ3bN4OjVZZR8sjTvan /Ra6x467fyJGc+NOj8S2fqb9incdSEYVR/OavBcKEZVSMiYGsyGztsUGUSNKbHbw4RjK ej96XqdglK03jteaOL40XfuCBn/8WFro6Vm8pB1QQt3sQNuttZZ9VOtf7pgSdAYamRV1 M5UDDZ9kc1hkG2xPFViybaeF/7iIMNKt7Yy7/OLMlFZqm5n5gcPh8CWXQ5UwJ2VrHaLe En0KtAn5m5vyx8HgxfK1A29LPtZ/Ofioex13of0l1NDrieFG8bVK3Wj47XUFNxQN6hLB wAyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date:from :references:cc:to:subject:reply-to; bh=Cutdpw+wQ3SXm5fMuzBFqOHWFf5lJ7JcPXkrVGFRqGw=; b=JBN//rBln4FDV80K5Nz466TTXxyXq4WwIwAeWGjmd6rw2ZfoXNmrPsrmjADwt4cdb+ k0952Jl/rhFr25m1doleujmJrSFDTGV5JP5LpTRBi9nsPGNg5PYBZvSERHhegzP8G6MV O4Zymlh5g70txbsTxyv6xm/JSGsdWQ0Ev3kJjds9Y8284Jgb5KAuz9MSiutH5jFHqui4 iHXTjzTF462U1kx+B3iL0YoyakpOi9+Pf8/bn9jb68AKAtiTBmy5qaYxj6r5x95ugTX/ 3w2LbVGE5rgRq/vgFYihPofR0XxPoRIGkTHwky4GWAIFBTWBzvcXbQQQfz087ZDTpmYl 2vFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 62si1450543plc.224.2019.03.29.02.00.47; Fri, 29 Mar 2019 02:01:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729128AbfC2I6w (ORCPT + 99 others); Fri, 29 Mar 2019 04:58:52 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:51692 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729168AbfC2I6v (ORCPT ); Fri, 29 Mar 2019 04:58:51 -0400 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x2T8rvne091129 for ; Fri, 29 Mar 2019 04:58:50 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2rhfysh58h-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 29 Mar 2019 04:58:50 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 29 Mar 2019 08:58:48 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Fri, 29 Mar 2019 08:58:44 -0000 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x2T8whYe41484398 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 29 Mar 2019 08:58:43 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0CE8152050; Fri, 29 Mar 2019 08:58:43 +0000 (GMT) Received: from [9.152.222.62] (unknown [9.152.222.62]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 6D42F52051; Fri, 29 Mar 2019 08:58:42 +0000 (GMT) Reply-To: pmorel@linux.ibm.com Subject: Re: [PATCH v6 3/7] s390: ap: setup relation betwen KVM and mediated device To: Tony Krowiak , borntraeger@de.ibm.com Cc: alex.williamson@redhat.com, cohuck@redhat.com, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, kvm@vger.kernel.org, frankja@linux.ibm.com, pasic@linux.ibm.com, david@redhat.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, freude@linux.ibm.com, mimu@linux.ibm.com References: <1553265828-27823-1-git-send-email-pmorel@linux.ibm.com> <1553265828-27823-4-git-send-email-pmorel@linux.ibm.com> <1ea236d1-ca0b-03c0-3699-0c0deb435785@linux.ibm.com> <3cd496d0-3eec-78e8-9ea5-4d62fe0cff1c@linux.ibm.com> From: Pierre Morel Date: Fri, 29 Mar 2019 09:58:42 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19032908-0028-0000-0000-00000359E94D X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19032908-0029-0000-0000-00002418AD37 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-03-29_05:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903290066 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 28/03/2019 18:25, Tony Krowiak wrote: > On 3/28/19 12:27 PM, Pierre Morel wrote: >> On 28/03/2019 17:12, Tony Krowiak wrote: >>> On 3/22/19 10:43 AM, Pierre Morel wrote: >>>> When the mediated device is open we setup the relation with KVM >>>> unset it >>>> when the mediated device is released. >>> >>> s/open we setup/open, we set up/ >>> s/with KVM unset/with KVM and unset/ >>> >>>> >>>> We lock the matrix mediated device to avoid any change until the >>>> open is done. >>>> We make sure that KVM is present when opening the mediated device >>>> otherwise we return an error. >>> >>> s/mediated device/mediated device,/ >>> >>>> >>>> Increase kvm's refcount to ensure the KVM structures are still >>>> available >>>> during the use of the mediated device by the guest. >>>> >>>> Signed-off-by: Pierre Morel >>>> --- >>>>   drivers/s390/crypto/vfio_ap_ops.c | 143 >>>> +++++++++++++++++++++----------------- >>>>   1 file changed, 79 insertions(+), 64 deletions(-) >>>> >>>> diff --git a/drivers/s390/crypto/vfio_ap_ops.c >>>> b/drivers/s390/crypto/vfio_ap_ops.c >>>> index 77f7bac..bdb36e0 100644 >>>> --- a/drivers/s390/crypto/vfio_ap_ops.c >>>> +++ b/drivers/s390/crypto/vfio_ap_ops.c >>>> @@ -787,74 +787,24 @@ static const struct attribute_group >>>> *vfio_ap_mdev_attr_groups[] = { >>>>       NULL >>>>   }; >>>> -/** >>>> - * vfio_ap_mdev_set_kvm >>>> - * >>>> - * @matrix_mdev: a mediated matrix device >>>> - * @kvm: reference to KVM instance >>>> - * >>>> - * Verifies no other mediated matrix device has @kvm and sets a >>>> reference to >>>> - * it in @matrix_mdev->kvm. >>>> - * >>>> - * Return 0 if no other mediated matrix device has a reference to >>>> @kvm; >>>> - * otherwise, returns an -EPERM. >>>> - */ >>>> -static int vfio_ap_mdev_set_kvm(struct ap_matrix_mdev *matrix_mdev, >>>> -                struct kvm *kvm) >>>> -{ >>>> -    struct ap_matrix_mdev *m; >>>> - >>>> -    mutex_lock(&matrix_dev->lock); >>>> - >>>> -    list_for_each_entry(m, &matrix_dev->mdev_list, node) { >>>> -        if ((m != matrix_mdev) && (m->kvm == kvm)) { >>>> -            mutex_unlock(&matrix_dev->lock); >>>> -            return -EPERM; >>>> -        } >>>> -    } >>>> - >>>> -    matrix_mdev->kvm = kvm; >>>> -    mutex_unlock(&matrix_dev->lock); >>>> - >>>> -    return 0; >>>> -} >>>> - >>>>   static int vfio_ap_mdev_group_notifier(struct notifier_block *nb, >>>>                          unsigned long action, void *data) >>>>   { >>>> -    int ret; >>>>       struct ap_matrix_mdev *matrix_mdev; >>>>       if (action != VFIO_GROUP_NOTIFY_SET_KVM) >>>>           return NOTIFY_OK; >>>>       matrix_mdev = container_of(nb, struct ap_matrix_mdev, >>>> group_notifier); >>>> - >>>> -    if (!data) { >>>> -        matrix_mdev->kvm = NULL; >>>> -        return NOTIFY_OK; >>>> -    } >>>> - >>>> -    ret = vfio_ap_mdev_set_kvm(matrix_mdev, data); >>>> -    if (ret) >>>> -        return NOTIFY_DONE; >>>> - >>>> -    /* If there is no CRYCB pointer, then we can't copy the masks */ >>>> -    if (!matrix_mdev->kvm->arch.crypto.crycbd) >>>> -        return NOTIFY_DONE; >>>> - >>>> -    kvm_arch_crypto_set_masks(matrix_mdev->kvm, >>>> matrix_mdev->matrix.apm, >>>> -                  matrix_mdev->matrix.aqm, >>>> -                  matrix_mdev->matrix.adm); >>>> +    matrix_mdev->kvm = data; >>>>       return NOTIFY_OK; >>>>   } >>>> -static int vfio_ap_mdev_reset_queues(struct mdev_device *mdev) >>>> +static int vfio_ap_mdev_reset_queues(struct ap_matrix_mdev >>>> *matrix_mdev) >>>>   { >>>>       int ret; >>>>       int rc = 0; >>>> -    struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev); >>>>       struct vfio_ap_queue *q; >>>>       list_for_each_entry(q, &matrix_mdev->qlist, list) { >>>> @@ -871,41 +821,106 @@ static int vfio_ap_mdev_reset_queues(struct >>>> mdev_device *mdev) >>>>       return rc; >>>>   } >>>> +/** >>>> + * vfio_ap_mdev_set_kvm >>>> + * >>>> + * @matrix_mdev: a mediated matrix device >>>> + * >>>> + * - Verifies that the hook is free and install the PQAP hook >>>> + * - Copy the matrix masks inside the CRYCB >>>> + * - Increment the KVM rerference count >>>> + * >>>> + * Return 0 if no other mediated matrix device has a reference to >>>> @kvm; >>>> + * otherwise, returns an -EPERM. >>>> + */ >>>> +static int vfio_ap_mdev_set_kvm(struct ap_matrix_mdev *matrix_mdev) >>>> +{ >>>> +    if (matrix_mdev->kvm->arch.crypto.pqap_hook) >>>> +        return -EPERM; >>> >>> How would this happen; in other words, why are we checking this? >> >> I check this to verify that no other AP mediated device is already in >> use by this VM. > > Maybe you should insert a comment to that effect. Please notice that there is already a comment on this in the description of the function. Regards, Pierre -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany