From: Tony Krowiak <akrowiak@linux.ibm.com>
To: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org
Cc: freude@linux.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com,
frankja@linux.ibm.com, david@redhat.com, schwidefsky@de.ibm.com,
heiko.carstens@de.ibm.com, pmorel@linux.ibm.com,
pasic@linux.ibm.com, alex.williamson@redhat.com,
kwankhede@nvidia.com, Tony Krowiak <akrowiak@linux.ibm.com>
Subject: [PATCH v2 1/8] s390: vfio-ap: maintain a shadow of the CRYCB in use by a guest
Date: Sat, 20 Apr 2019 17:49:33 -0400 [thread overview]
Message-ID: <1555796980-27920-2-git-send-email-akrowiak@linux.ibm.com> (raw)
In-Reply-To: <1555796980-27920-1-git-send-email-akrowiak@linux.ibm.com>
This patch introduces a shadow of the CRYCB being used by a guest. This
will enable to more effectively manage dynamic changes to the AP
resources installed on the host that may be assigned to an mdev device
and being used by a guest. For example:
* AP adapter cards can be dynamically added to and removed from the AP
configuration via the SE or an SCLP command.
* AP resources that disappear and reappear due to hardware malfunctions.
* AP queues bound to and unbound from the vfio_ap device driver by a
root user.
Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
---
drivers/s390/crypto/vfio_ap_ops.c | 69 ++++++++++++++++++++++++++++++++---
drivers/s390/crypto/vfio_ap_private.h | 2 +
2 files changed, 65 insertions(+), 6 deletions(-)
diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c
index 900b9cf20ca5..b0453e6c20d0 100644
--- a/drivers/s390/crypto/vfio_ap_ops.c
+++ b/drivers/s390/crypto/vfio_ap_ops.c
@@ -271,6 +271,29 @@ static int vfio_ap_mdev_verify_no_sharing(struct ap_matrix_mdev *matrix_mdev)
return 0;
}
+/*
+ * vfio_ap_mdev_update_crycb
+ *
+ * @matrix_mdev: the mediated matrix device
+ *
+ * Updates the AP matrix in the guest's CRYCB from it's shadow masks.
+ *
+ * Returns zero if the guest's CRYCB is successfully updated; otherwise,
+ * returns -ENODEV if a guest is not running or does not have a CRYCB.
+ */
+static int vfio_ap_mdev_update_crycb(struct ap_matrix_mdev *matrix_mdev)
+{
+ if (!matrix_mdev->kvm || !matrix_mdev->kvm->arch.crypto.crycbd)
+ return -ENODEV;
+
+ kvm_arch_crypto_set_masks(matrix_mdev->kvm,
+ matrix_mdev->shadow_crycb->apm,
+ matrix_mdev->shadow_crycb->aqm,
+ matrix_mdev->shadow_crycb->adm);
+
+ return 0;
+}
+
/**
* assign_adapter_store
*
@@ -340,6 +363,9 @@ static ssize_t assign_adapter_store(struct device *dev,
if (ret)
goto share_err;
+ if (matrix_mdev->shadow_crycb)
+ set_bit_inv(apid, matrix_mdev->shadow_crycb->apm);
+
ret = count;
goto done;
@@ -391,6 +417,9 @@ static ssize_t unassign_adapter_store(struct device *dev,
mutex_lock(&matrix_dev->lock);
clear_bit_inv((unsigned long)apid, matrix_mdev->matrix.apm);
+
+ if (matrix_mdev->shadow_crycb)
+ clear_bit_inv(apid, matrix_mdev->shadow_crycb->apm);
mutex_unlock(&matrix_dev->lock);
return count;
@@ -481,6 +510,9 @@ static ssize_t assign_domain_store(struct device *dev,
if (ret)
goto share_err;
+ if (matrix_mdev->shadow_crycb)
+ set_bit_inv(apqi, matrix_mdev->shadow_crycb->aqm);
+
ret = count;
goto done;
@@ -533,6 +565,10 @@ static ssize_t unassign_domain_store(struct device *dev,
mutex_lock(&matrix_dev->lock);
clear_bit_inv((unsigned long)apqi, matrix_mdev->matrix.aqm);
+
+ if (matrix_mdev->shadow_crycb)
+ clear_bit_inv(apqi, matrix_mdev->shadow_crycb->aqm);
+
mutex_unlock(&matrix_dev->lock);
return count;
@@ -582,6 +618,10 @@ static ssize_t assign_control_domain_store(struct device *dev,
*/
mutex_lock(&matrix_dev->lock);
set_bit_inv(id, matrix_mdev->matrix.adm);
+
+ if (matrix_mdev->shadow_crycb)
+ set_bit_inv(id, matrix_mdev->shadow_crycb->adm);
+
mutex_unlock(&matrix_dev->lock);
return count;
@@ -626,6 +666,10 @@ static ssize_t unassign_control_domain_store(struct device *dev,
mutex_lock(&matrix_dev->lock);
clear_bit_inv(domid, matrix_mdev->matrix.adm);
+
+ if (matrix_mdev->shadow_crycb)
+ clear_bit_inv(domid, matrix_mdev->shadow_crycb->adm);
+
mutex_unlock(&matrix_dev->lock);
return count;
@@ -779,14 +823,9 @@ static int vfio_ap_mdev_group_notifier(struct notifier_block *nb,
if (ret)
return NOTIFY_DONE;
- /* If there is no CRYCB pointer, then we can't copy the masks */
- if (!matrix_mdev->kvm->arch.crypto.crycbd)
+ if (vfio_ap_mdev_update_crycb(matrix_mdev))
return NOTIFY_DONE;
- kvm_arch_crypto_set_masks(matrix_mdev->kvm, matrix_mdev->matrix.apm,
- matrix_mdev->matrix.aqm,
- matrix_mdev->matrix.adm);
-
return NOTIFY_OK;
}
@@ -838,12 +877,28 @@ static int vfio_ap_mdev_reset_queues(struct mdev_device *mdev)
return rc;
}
+static int vfio_ap_mdev_create_shadow_crycb(struct ap_matrix_mdev *matrix_mdev)
+{
+ matrix_mdev->shadow_crycb = kzalloc(sizeof(*matrix_mdev->shadow_crycb),
+ GFP_KERNEL);
+ if (!matrix_mdev->shadow_crycb)
+ return -ENOMEM;
+
+ memcpy(matrix_mdev->shadow_crycb, &matrix_mdev->matrix,
+ sizeof(matrix_mdev->matrix));
+
+ return 0;
+}
+
static int vfio_ap_mdev_open(struct mdev_device *mdev)
{
struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
unsigned long events;
int ret;
+ ret = vfio_ap_mdev_create_shadow_crycb(matrix_mdev);
+ if (ret)
+ return ret;
if (!try_module_get(THIS_MODULE))
return -ENODEV;
@@ -873,6 +928,8 @@ static void vfio_ap_mdev_release(struct mdev_device *mdev)
&matrix_mdev->group_notifier);
matrix_mdev->kvm = NULL;
module_put(THIS_MODULE);
+ kfree(matrix_mdev->shadow_crycb);
+ matrix_mdev->shadow_crycb = NULL;
}
static int vfio_ap_mdev_get_device_info(unsigned long arg)
diff --git a/drivers/s390/crypto/vfio_ap_private.h b/drivers/s390/crypto/vfio_ap_private.h
index 76b7f98e47e9..e8457aa61976 100644
--- a/drivers/s390/crypto/vfio_ap_private.h
+++ b/drivers/s390/crypto/vfio_ap_private.h
@@ -72,6 +72,7 @@ struct ap_matrix {
* @list: allows the ap_matrix_mdev struct to be added to a list
* @matrix: the adapters, usage domains and control domains assigned to the
* mediated matrix device.
+ * @shadow_crycb: a shadow copy of the crycb in use by a guest
* @group_notifier: notifier block used for specifying callback function for
* handling the VFIO_GROUP_NOTIFY_SET_KVM event
* @kvm: the struct holding guest's state
@@ -79,6 +80,7 @@ struct ap_matrix {
struct ap_matrix_mdev {
struct list_head node;
struct ap_matrix matrix;
+ struct ap_matrix *shadow_crycb;
struct notifier_block group_notifier;
struct kvm *kvm;
};
--
2.7.4
next prev parent reply other threads:[~2019-04-20 21:50 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-20 21:49 [PATCH v2 0/8] s390: vfio-ap: dynamic configuration support Tony Krowiak
2019-04-20 21:49 ` Tony Krowiak [this message]
2019-04-20 21:49 ` [PATCH v2 2/8] s390: vfio-ap: sysfs interface to display guest CRYCB Tony Krowiak
2019-04-20 21:49 ` [PATCH v2 3/8] s390: vfio-ap: allow assignment of unavailable AP resources to mdev device Tony Krowiak
2019-04-23 12:46 ` Pierre Morel
2019-04-23 13:19 ` Tony Krowiak
2019-04-20 21:49 ` [PATCH v2 4/8] s390: vfio-ap: allow hot plug/unplug of AP resources using " Tony Krowiak
2019-04-20 21:49 ` [PATCH v2 5/8] s390: vfio-ap: wait for queue empty on queue reset Tony Krowiak
2019-04-23 12:50 ` Pierre Morel
2019-04-23 13:28 ` Tony Krowiak
2019-04-20 21:49 ` [PATCH v2 6/8] s390: kvm: test CRYCB masks before setting them Tony Krowiak
2019-04-20 21:49 ` [PATCH v2 7/8] s390: vfio-ap: handle bind and unbind of AP queue device Tony Krowiak
2019-04-23 13:08 ` Pierre Morel
2019-04-23 13:36 ` Tony Krowiak
2019-04-23 13:38 ` Pierre Morel
2019-04-23 14:53 ` Tony Krowiak
2019-04-23 13:54 ` Halil Pasic
2019-04-23 15:27 ` Tony Krowiak
2019-04-20 21:49 ` [PATCH v2 8/8] s390: vfio-ap: update documentation Tony Krowiak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1555796980-27920-2-git-send-email-akrowiak@linux.ibm.com \
--to=akrowiak@linux.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=pasic@linux.ibm.com \
--cc=pmorel@linux.ibm.com \
--cc=schwidefsky@de.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.