Re: [PATCH v4 13/15] KVM: s390: configure the guest's AP devices

From: Pierre Morel
Date: Tue Apr 17 2018 - 12:19:08 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.9 56/66] s390/qdio: dont merge ERROR output buffers"
Previous message: Daniel Vetter: "Re: [PATCH] gpu: drm: i915: Change return type to vm_fault_t"
In reply to: Tony Krowiak: "Re: [PATCH v4 13/15] KVM: s390: configure the guest's AP devices"
Next in thread: Tony Krowiak: "Re: [PATCH v4 13/15] KVM: s390: configure the guest's AP devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 17/04/2018 18:08, Tony Krowiak wrote:

On 04/16/2018 09:05 AM, Pierre Morel wrote:

On 15/04/2018 23:22, Tony Krowiak wrote:

Registers a group notifier during the open of the mediated
matrix device to get information on KVM presence through the
VFIO_GROUP_NOTIFY_SET_KVM event. When notified, the pointer
to the kvm structure is saved inside the mediated matrix
device. Once the VFIO AP device driver has access to KVM,
access to the APs can be configured for the guest.

Access to APs is configured when the file descriptor for the
mediated matrix device is opened by userspace. The items to be
configured are:

1. The ECA.28 bit in the SIE state description determines whether
ÂÂÂ AP instructions are interpreted by the hardware or intercepted.
ÂÂÂ The VFIO AP device driver relies interpretive execution of
ÂÂÂ AP instructions so the ECA.28 bit will be set

2. Guest access to AP adapters, usage domains and control domains
ÂÂÂ is controlled by three bit masks referenced from the
ÂÂÂ Crypto Control Block (CRYCB) referenced from the guest's SIE state
ÂÂÂ description:

ÂÂÂ * The AP Mask (APM) controls access to the AP adapters. Each bit
ÂÂÂÂÂ in the APM represents an adapter number - from most significant
ÂÂÂÂÂ to least significant bit - from 0 to 255. The bits in the APM
ÂÂÂÂÂ are set according to the adapter numbers assigned to the mediated
ÂÂÂÂÂ matrix device via its 'assign_adapter' sysfs attribute file.

ÂÂÂ * The AP Queue (AQM) controls access to the AP queues. Each bit
ÂÂÂÂÂ in the AQM represents an AP queue index - from most significant
ÂÂÂÂÂ to least significant bit - from 0 to 255. A queue index references
ÂÂÂÂÂ a specific domain and is synonymous with the domian number. The
ÂÂÂÂÂ bits in the AQM are set according to the domain numbers assigned
ÂÂÂÂÂ to the mediated matrix device via its 'assign_domain' sysfs
ÂÂÂÂÂ attribute file.

ÂÂÂ * The AP Domain Mask (ADM) controls access to the AP control domains.
ÂÂÂÂÂ Each bit in the ADM represents a control domain - from most
ÂÂÂÂÂ significant to least significant bit - from 0-255. The
ÂÂÂÂÂ bits in the ADM are set according to the domain numbers assigned
ÂÂÂÂÂ to the mediated matrix device via its 'assign_control_domain'
ÂÂÂÂÂ sysfs attribute file.

Signed-off-by: Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx>
---
Â drivers/s390/crypto/vfio_ap_ops.cÂÂÂÂ |ÂÂ 50 +++++++++++++++++++++++++++++++++
Â drivers/s390/crypto/vfio_ap_private.h |ÂÂÂ 2 +
Â 2 files changed, 52 insertions(+), 0 deletions(-)

diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c
index bc2b05e..e3ff5ab 100644
--- a/drivers/s390/crypto/vfio_ap_ops.c
+++ b/drivers/s390/crypto/vfio_ap_ops.c
@@ -53,6 +53,54 @@ static int vfio_ap_mdev_remove(struct mdev_device *mdev)
ÂÂÂÂÂ return 0;
Â }

+static int vfio_ap_mdev_group_notifier(struct notifier_block *nb,
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ unsigned long action, void *data)
+{
+ÂÂÂ struct ap_matrix_mdev *matrix_mdev;
+
+ÂÂÂ if (action == VFIO_GROUP_NOTIFY_SET_KVM) {
+ÂÂÂÂÂÂÂ matrix_mdev = container_of(nb, struct ap_matrix_mdev,
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ group_notifier);
+ÂÂÂÂÂÂÂ matrix_mdev->kvm = data;
+ÂÂÂ }
+
+ÂÂÂ return NOTIFY_OK;
+}
+
+static int vfio_ap_mdev_open(struct mdev_device *mdev)
+{
+ÂÂÂ struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
+ÂÂÂ unsigned long events;
+ÂÂÂ int ret;
+
+ÂÂÂ matrix_mdev->group_notifier.notifier_call = vfio_ap_mdev_group_notifier;
+ÂÂÂ events = VFIO_GROUP_NOTIFY_SET_KVM;
+
+ÂÂÂ ret = vfio_register_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY,
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ &events, &matrix_mdev->group_notifier);
+ÂÂÂ if (ret)
+ÂÂÂÂÂÂÂ return ret;
+
+ÂÂÂ ret = kvm_ap_interpret_instructions(matrix_mdev->kvm, true);

Do you need this call ?
apie is always enabled in KVM if AP instructions are available.

I suppose we don't, in which case we don't need the kvm_ap_interpret_instructions()
function either ... at least not until we implement interception.

Setting or not the interpretation is done for the VM in a all.
It is not the right place to do it here since open is device dependent.

As I stated above, at this time we probably do not need this, however;
that will not always be the case. The setting is and always will be for the
VM in all - unless the architecture changes - because it is controlled by a
single bit (ECA.28). If you recall, I originally set interpretation in the
vfio_ap device driver when notified of the VFIO_GROUP_NOTIFY_SET_KVM event.
I believe ultimately that it is the device driver that should set the value
for apie.

Or we only have one device in the VM at a time.
In this case, shouldn't we make it official by returning -EEXIST for the second call?

We do allow only one vfio-ap device at a time. QEMU will allow only one vfio-ap device
to be configured for a guest. Should we also put a check in here?

QEMU is not the only possible user of this interface.

+ÂÂÂ if (ret)
+ÂÂÂÂÂÂÂ return ret;
+
+ÂÂÂ ret = kvm_ap_configure_matrix(matrix_mdev->kvm,
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ matrix_mdev->matrix);
+
+ÂÂÂ return ret;
+}
+
+static void vfio_ap_mdev_release(struct mdev_device *mdev)
+{
+ÂÂÂ struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
+
+ÂÂÂ kvm_ap_deconfigure_matrix(matrix_mdev->kvm);
+ÂÂÂ kvm_ap_interpret_instructions(matrix_mdev->kvm, false);

This call clears the apie in KVM.
This is only OK if we have a single device present until the end of the VM,
otherwise AP instructions in the guest will fail after the release until the end of the VM
or until a new device is plugged.

See Message ID: <1523819244-29954-5-git-send-email-akrowiak@xxxxxxxxxxxxxxxxxx> on the
qemu mailing list. There will be only one vfio-ap device allowed for the MVP model.

dito.
Anyone can write a userland application using this interface.

+ vfio_unregister_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY,
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ &matrix_mdev->group_notifier);
+}
+
Â static ssize_t name_show(struct kobject *kobj, struct device *dev, char *buf)
Â {
ÂÂÂÂÂ return sprintf(buf, "%s\n", VFIO_AP_MDEV_NAME_HWVIRT);
@@ -754,6 +802,8 @@ static ssize_t matrix_show(struct device *dev, struct device_attribute *attr,
ÂÂÂÂÂ .mdev_attr_groupsÂÂÂ = vfio_ap_mdev_attr_groups,
ÂÂÂÂÂ .createÂÂÂÂÂÂÂÂÂÂÂ = vfio_ap_mdev_create,
ÂÂÂÂÂ .removeÂÂÂÂÂÂÂÂÂÂÂ = vfio_ap_mdev_remove,
+ÂÂÂ .openÂÂÂÂÂÂÂÂÂÂÂ = vfio_ap_mdev_open,
+ÂÂÂ .releaseÂÂÂÂÂÂÂ = vfio_ap_mdev_release,
Â };

Â int vfio_ap_mdev_register(struct ap_matrix *ap_matrix)
diff --git a/drivers/s390/crypto/vfio_ap_private.h b/drivers/s390/crypto/vfio_ap_private.h
index f248faf..48e2806 100644
--- a/drivers/s390/crypto/vfio_ap_private.h
+++ b/drivers/s390/crypto/vfio_ap_private.h
@@ -31,6 +31,8 @@ struct ap_matrix {

Â struct ap_matrix_mdev {
ÂÂÂÂÂ struct kvm_ap_matrix *matrix;
+ÂÂÂ struct notifier_block group_notifier;
+ÂÂÂ struct kvm *kvm;
Â };

Â static inline struct ap_matrix *to_ap_matrix(struct device *dev)

--
Pierre Morel
Linux/KVM/QEMU in BÃblingen - Germany

Next message: Greg Kroah-Hartman: "[PATCH 4.9 56/66] s390/qdio: dont merge ERROR output buffers"
Previous message: Daniel Vetter: "Re: [PATCH] gpu: drm: i915: Change return type to vm_fault_t"
In reply to: Tony Krowiak: "Re: [PATCH v4 13/15] KVM: s390: configure the guest's AP devices"
Next in thread: Tony Krowiak: "Re: [PATCH v4 13/15] KVM: s390: configure the guest's AP devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]