Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3169816yba; Tue, 16 Apr 2019 06:15:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqxxX1McfNnvlCJPxKSVWKRRHMoBZDRq2F4ULRPrjjRWcg/KAwv9u8TTOly915bgy/CqLQky X-Received: by 2002:a17:902:54c:: with SMTP id 70mr50241034plf.210.1555420511759; Tue, 16 Apr 2019 06:15:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555420511; cv=none; d=google.com; s=arc-20160816; b=kIrCr27n1Yrohl1qfz/3RSov6/Ahc7RuU+zEY6cGXtv6KnN0d75FDVIRt+AKqrGh/B SO/uNSp0Ey24cBKVVR99E5D531QkfPgTpE/9TW1E/kztpwb1352UrtyMvNtrqEBherLE BMks8TzbLT+RricpVycGUyV3nDb28we73sw/CRXw2EFB+BfZRhIaGcLDqbDO1MaKIFj9 31XkkPUoS9W2TzR8xkeuYbO0TR2WkXJYTWQNyBnyHH1Ar2DOy11qKHoALRHP4LVOwcoP bsclBpVB52fGZUZAZw6PWFCRdvpQ6+jv6BriuXC8rYlu0bh1zlpwP9BMKiTSG+u6+iH7 abzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date:from :references:cc:to:subject:reply-to; bh=uAQryBUGfkUgt92zfYvO6ZWn0l7sCviVqZonemgJguA=; b=QbhqDVc+mpnsaZ3wxjy5C1Qk7Vh0+Ne/AZcNOT3EDoyd1A3p+ukvfdMp7aBit4hulc 2jc2uj4DVqEOIB6Hi1lTD5wlES0lqgnUtI5umQsCnXvXktM+8eAeNjhnc8bwaEEZ6/R5 9wFZgX10mpn90CSaF80QbVmoMbC8qW5gHMi+zRygVTOnsxsFMnsS4slveL1KIZullaEO mFKs5z2g4YVoiqdLtcgwk7k0JDnvd0Bvm9ZLQw8tIuNv/WF1Bm1umI21Do2JZDoa/GDj 9h+O0AnEa1k6vNbHYbyuEDnM6EsHTn9N0YUy67sAT0ICPdkKSwTfaXq7+Z0hI1I641W3 u5ug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i40si29333272plb.177.2019.04.16.06.14.55; Tue, 16 Apr 2019 06:15:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729374AbfDPNOK (ORCPT + 99 others); Tue, 16 Apr 2019 09:14:10 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:37836 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727030AbfDPNOH (ORCPT ); Tue, 16 Apr 2019 09:14:07 -0400 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x3GCxLrB078457 for ; Tue, 16 Apr 2019 09:14:07 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2rwe1t51h7-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 16 Apr 2019 09:14:06 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 16 Apr 2019 14:14:04 +0100 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 16 Apr 2019 14:14:01 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x3GDDxxm30802022 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 16 Apr 2019 13:13:59 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8ACC6A4076; Tue, 16 Apr 2019 13:13:59 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EF444A406E; Tue, 16 Apr 2019 13:13:58 +0000 (GMT) Received: from [9.152.222.226] (unknown [9.152.222.226]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 16 Apr 2019 13:13:58 +0000 (GMT) Reply-To: pmorel@linux.ibm.com Subject: Re: [PATCH 1/7] s390: zcrypt: driver callback to indicate resource in use To: Tony Krowiak , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@linux.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, frankja@linux.ibm.com, david@redhat.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, pasic@linux.ibm.com, alex.williamson@redhat.com, kwankhede@nvidia.com References: <1555016604-2008-1-git-send-email-akrowiak@linux.ibm.com> <1555016604-2008-2-git-send-email-akrowiak@linux.ibm.com> <8ee6f624-b698-bf83-2ae0-e292ad2512fc@linux.ibm.com> From: Pierre Morel Date: Tue, 16 Apr 2019 15:13:58 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <8ee6f624-b698-bf83-2ae0-e292ad2512fc@linux.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19041613-0028-0000-0000-000003616D7B X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19041613-0029-0000-0000-00002420A4F4 Message-Id: <46d627f1-9414-8636-6975-793bbe11b616@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-16_05:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904160088 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 16/04/2019 15:11, Tony Krowiak wrote: > On 4/16/19 3:52 AM, Pierre Morel wrote: >> On 11/04/2019 23:03, Tony Krowiak wrote: >>> Introduces a new driver callback to prevent a root user from unbinding >>> an AP queue from its device driver if the queue is in use. This prevents >>> a root user from inadvertently taking a queue away from a guest and >>> giving it to the host, or vice versa. The callback will be invoked >>> whenever a change to the AP bus's apmask or aqmask sysfs interfaces may >>> result in one or more AP queues being removed from its driver. If the >>> callback responds in the affirmative for any driver queried, the change >>> to the apmask or aqmask will be rejected with a device in use error. >>> >>> For this patch, only non-default drivers will be queried. Currently, >>> there is only one non-default driver, the vfio_ap device driver. The >>> vfio_ap device driver manages AP queues passed through to one or more >>> guests and we don't want to unexpectedly take AP resources away from >>> guests which are most likely independently administered. >>> >>> Signed-off-by: Tony Krowiak >>> --- >>>   drivers/s390/crypto/ap_bus.c | 138 >>> +++++++++++++++++++++++++++++++++++++++++-- >>>   drivers/s390/crypto/ap_bus.h |   3 + >>>   2 files changed, 135 insertions(+), 6 deletions(-) >>> >>> diff --git a/drivers/s390/crypto/ap_bus.c b/drivers/s390/crypto/ap_bus.c >>> index 1546389d71db..66a5a9d9fae6 100644 >>> --- a/drivers/s390/crypto/ap_bus.c >>> +++ b/drivers/s390/crypto/ap_bus.c >>> @@ -35,6 +35,7 @@ >>>   #include >>>   #include >>>   #include >>> +#include >>>   #include "ap_bus.h" >>>   #include "ap_debug.h" >>> @@ -980,9 +981,11 @@ int ap_parse_mask_str(const char *str, >>>       newmap = kmalloc(size, GFP_KERNEL); >>>       if (!newmap) >>>           return -ENOMEM; >>> -    if (mutex_lock_interruptible(lock)) { >>> -        kfree(newmap); >>> -        return -ERESTARTSYS; >>> +    if (lock) { >>> +        if (mutex_lock_interruptible(lock)) { >>> +            kfree(newmap); >>> +            return -ERESTARTSYS; >>> +        } >>>       } >>>       if (*str == '+' || *str == '-') { >>> @@ -994,7 +997,10 @@ int ap_parse_mask_str(const char *str, >>>       } >>>       if (rc == 0) >>>           memcpy(bitmap, newmap, size); >>> -    mutex_unlock(lock); >>> + >>> +    if (lock) >>> +        mutex_unlock(lock); >>> + >>>       kfree(newmap); >>>       return rc; >>>   } >>> @@ -1181,12 +1187,72 @@ static ssize_t apmask_show(struct bus_type >>> *bus, char *buf) >>>       return rc; >>>   } >>> +static int __verify_card_reservations(struct device_driver *drv, >>> void *data) >>> +{ >>> +    int rc = 0; >>> +    struct ap_driver *ap_drv = to_ap_drv(drv); >>> +    unsigned long *newapm = (unsigned long *)data; >>> + >>> +    /* >>> +     * If the reserved bits do not identify cards reserved for use >>> by the >>> +     * non-default driver, there is no need to verify the driver is >>> using >>> +     * the queues. >>> +     */ >>> +    if (ap_drv->flags & AP_DRIVER_FLAG_DEFAULT) >>> +        return 0; >> >> I prefer you suppress this asymmetry with the assumption that the >> "default driver" will not register a "in_use" callback. > > Based on comments by Connie, I plan on removing this patch from the > next version. Yes it was the goal. > >> >> >>> + >>> +    /* Pin the driver's module code */ >>> +    if (!try_module_get(drv->owner)) >>> +        return 0; >>> + >>> +    if (ap_drv->in_use) >>> +        if (ap_drv->in_use(newapm, ap_perms.aqm)) >>> +            rc = -EADDRINUSE; >>> + >>> +    module_put(drv->owner); >>> + >>> +    return rc; >>> +} >>> + >> > -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany