Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp3944871iog; Tue, 21 Jun 2022 08:55:24 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vytx6CoXVbcmd3yOuOERW1GkN+FtbN3EmgBnsVTMwz9B5m6ESaEs0x+ck44z/d42a6R1HR X-Received: by 2002:a17:907:6e28:b0:722:e601:a0c0 with SMTP id sd40-20020a1709076e2800b00722e601a0c0mr2795707ejc.347.1655826924187; Tue, 21 Jun 2022 08:55:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655826924; cv=none; d=google.com; s=arc-20160816; b=vuOpYWmOVOvQAopYepiwSb5KMx6y4SckBMgxnDgJdAo//w+6HaAyWa7cUUjSV/8Wr8 LakbDS8ju39Sl/d4zRMvTIz5Og6nIjx8Rqpp7O4IxKO0+sOwhQ1di74W2t2zx7Iocztb XYVpsuFKQWkLb1N2wJLElFk0ZoBN4jNQHAxsAUpR7Nn6LI3y4O1xCn/z69lFgX4Roggt oUQBo4dz6mAyv0kPt04YQIGCpcI68ocQtjpmsQNHMbgglZloPPHsR6zJIZz4FpYgeIYg sggy5UABcL30O1KiR3p6elncNxi8EcaUopIGyB/tY11trC9u9P/IPOIrUNtDvjVNLRRY nl1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=GXUxIzDknzFVzSioQ55vTWl0ZAwt5yESEoZh1HOMPHg=; b=wVCG6B5NLhcrDLE/hzI3+cLsnXd+sxSCI/NKnIVw2q00snFuYy/ZoD2ugRVYa7QBk1 3mg8XuU6AqZEharGwlHORNBndcpLmvwoQPpaoe9YTPUehXHQo8Nxfimjnwvw6+Z5sVig zG5D/KlEWMVsgZyseYMt99ZxXsegOr2vkvtffBLvKKkx+Xnb62l7oj6IV74mLMums1ce N8XxJSJGp7W/dL8vZH+quNHuM9PwLCCngb8wf3GKQVFwmltc4h8xwuxt+zX9osd1UEYA 7VtV/Va4XnMnj78xO8vlroUb6VH8Ig//eV9ae/SMR+8W/FELIW8G4bg8EaYyJK5VELOf j0Bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PzRI5hgn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k19-20020aa7c393000000b0043575a516c1si8579748edq.625.2022.06.21.08.54.57; Tue, 21 Jun 2022 08:55:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PzRI5hgn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353270AbiFUPwF (ORCPT + 99 others); Tue, 21 Jun 2022 11:52:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353117AbiFUPvx (ORCPT ); Tue, 21 Jun 2022 11:51:53 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9EE22CE22; Tue, 21 Jun 2022 08:51:45 -0700 (PDT) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 25LFkmIN020940; Tue, 21 Jun 2022 15:51:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=GXUxIzDknzFVzSioQ55vTWl0ZAwt5yESEoZh1HOMPHg=; b=PzRI5hgnmk7EM0bI6FjuZI0NnhbHZGWQ3zhTXHj9likwV3tK8ZHUnJ/rC1g7ng/K9Gsh xWHzOaZgjVkE6WIS8VRzxqpF1prU7cVEYkg/+JTYyrYlccjRlO23uakZCQZJCaBTU7o9 gjTQQkZQ733CNmCvI+Kd7ya8Hc24T50nJIlZaBXsnfqM7QQdAGB45vZrEzzLF23OOMxV vickzFnIqj/H7pBvHPbhEY4LpfmDkj7H0g3bM+AN6JGKcOpuOspXB47KA4wTgWMlhiKD Ejh6eO++tPqFc5bM31xxg1MBp6waNNOe47sAQX3gCXClyhwDpBnkYl1OdR5J+f2c6Plh Rw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3gugx9850f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Jun 2022 15:51:43 +0000 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 25LFlXw4028363; Tue, 21 Jun 2022 15:51:42 GMT Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3gugx984yy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Jun 2022 15:51:42 +0000 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 25LFZe2c007699; Tue, 21 Jun 2022 15:51:42 GMT Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma03dal.us.ibm.com with ESMTP id 3gs6b9j238-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Jun 2022 15:51:42 +0000 Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 25LFpeVI31588654 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 21 Jun 2022 15:51:40 GMT Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9A050136055; Tue, 21 Jun 2022 15:51:40 +0000 (GMT) Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 98E4F136051; Tue, 21 Jun 2022 15:51:39 +0000 (GMT) Received: from li-fed795cc-2ab6-11b2-a85c-f0946e4a8dff.ibm.com.com (unknown [9.160.18.227]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 21 Jun 2022 15:51:39 +0000 (GMT) From: Tony Krowiak To: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: jjherne@linux.ibm.com, freude@linux.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, mjrosato@linux.ibm.com, pasic@linux.ibm.com, alex.williamson@redhat.com, kwankhede@nvidia.com, fiuczy@linux.ibm.com Subject: [PATCH v20 04/20] s390/vfio-ap: introduce shadow APCB Date: Tue, 21 Jun 2022 11:51:18 -0400 Message-Id: <20220621155134.1932383-5-akrowiak@linux.ibm.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220621155134.1932383-1-akrowiak@linux.ibm.com> References: <20220621155134.1932383-1-akrowiak@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 87eHQkxgV9dQBTPBzVzCSfrzw7pPfxwi X-Proofpoint-GUID: dAkUj9jL7hWyUbYqBNP-K_u3VKpwalrx X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.64.514 definitions=2022-06-21_08,2022-06-21_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 priorityscore=1501 clxscore=1015 mlxscore=0 adultscore=0 spamscore=0 malwarescore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2206210066 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The APCB is a field within the CRYCB that provides the AP configuration to a KVM guest. Let's introduce a shadow copy of the KVM guest's APCB and maintain it for the lifespan of the guest. The shadow APCB serves the following purposes: 1. The shadow APCB can be maintained even when the mediated device is not currently in use by a KVM guest. Since the mediated device's AP configuration is filtered to ensure that no AP queues are passed through to the KVM guest that are not bound to the vfio_ap device driver or available to the host, the mediated device's AP configuration may differ from the guest's. Having a shadow of a guest's APCB allows us to provide a sysfs interface to view the guest's APCB even if the mediated device is not currently passed through to a KVM guest. This can aid in problem determination when the guest is unexpectedly missing AP resources. 2. If filtering was done in-place for the real APCB, the guest could pick up a transient state. Doing the filtering on a shadow and transferring the AP configuration to the real APCB after the guest is started or when AP resources are assigned to or unassigned from the mediated device, or when the host configuration changes, the guest's AP configuration will never be in a transient state. Signed-off-by: Tony Krowiak Reviewed-by: Halil Pasic --- drivers/s390/crypto/vfio_ap_ops.c | 10 ++++++---- drivers/s390/crypto/vfio_ap_private.h | 2 ++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index 77840d26220b..b50fc35d4395 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -466,6 +466,7 @@ static int vfio_ap_mdev_probe(struct mdev_device *mdev) matrix_mdev->mdev = mdev; vfio_ap_matrix_init(&matrix_dev->info, &matrix_mdev->matrix); matrix_mdev->pqap_hook = handle_pqap; + vfio_ap_matrix_init(&matrix_dev->info, &matrix_mdev->shadow_apcb); hash_init(matrix_mdev->qtable.queues); dev_set_drvdata(&mdev->dev, matrix_mdev); mutex_lock(&matrix_dev->lock); @@ -1308,10 +1309,11 @@ static int vfio_ap_mdev_set_kvm(struct ap_matrix_mdev *matrix_mdev, kvm_get_kvm(kvm); matrix_mdev->kvm = kvm; - kvm_arch_crypto_set_masks(kvm, - matrix_mdev->matrix.apm, - matrix_mdev->matrix.aqm, - matrix_mdev->matrix.adm); + memcpy(&matrix_mdev->shadow_apcb, &matrix_mdev->matrix, + sizeof(struct ap_matrix)); + kvm_arch_crypto_set_masks(kvm, matrix_mdev->shadow_apcb.apm, + matrix_mdev->shadow_apcb.aqm, + matrix_mdev->shadow_apcb.adm); mutex_unlock(&kvm->lock); mutex_unlock(&matrix_dev->lock); diff --git a/drivers/s390/crypto/vfio_ap_private.h b/drivers/s390/crypto/vfio_ap_private.h index 44d2eeb795a0..acb3f9d22025 100644 --- a/drivers/s390/crypto/vfio_ap_private.h +++ b/drivers/s390/crypto/vfio_ap_private.h @@ -91,6 +91,7 @@ struct ap_queue_table { * @node: allows the ap_matrix_mdev struct to be added to a list * @matrix: the adapters, usage domains and control domains assigned to the * mediated matrix device. + * @shadow_apcb: the shadow copy of the APCB field of the KVM guest's CRYCB * @iommu_notifier: notifier block used for specifying callback function for * handling the VFIO_IOMMU_NOTIFY_DMA_UNMAP even * @kvm: the struct holding guest's state @@ -103,6 +104,7 @@ struct ap_matrix_mdev { struct vfio_device vdev; struct list_head node; struct ap_matrix matrix; + struct ap_matrix shadow_apcb; struct notifier_block iommu_notifier; struct kvm *kvm; crypto_hook pqap_hook; -- 2.35.3