Re: [PATCH v11 00/26] guest dedicated crypto adapters

From: Cornelia Huck <cohuck@redhat.com>
To: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Cc: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org, freude@de.ibm.com, schwidefsky@de.ibm.com,
	heiko.carstens@de.ibm.com, borntraeger@de.ibm.com,
	kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com,
	pbonzini@redhat.com, alex.williamson@redhat.com,
	pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com,
	mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com,
	thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com,
	fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com,
	frankja@linux.ibm.com, Tony Krowiak <akrowiak@linux.ibm.com>
Subject: Re: [PATCH v11 00/26] guest dedicated crypto adapters
Date: Fri, 28 Sep 2018 12:16:04 +0200	[thread overview]
Message-ID: <20180928121604.65874dc1.cohuck@redhat.com> (raw)
In-Reply-To: <20180925231641.4954-1-akrowiak@linux.vnet.ibm.com>

On Tue, 25 Sep 2018 19:16:15 -0400
Tony Krowiak <akrowiak@linux.vnet.ibm.com> wrote:

> Abstract:
> ========
> 
> On s390, we have cryptographic coprocessor cards, which are modeled on
> Linux as devices on the AP bus. Each card can be partitioned into domains
> which can be thought of as a set of hardware registers for processing 
> crypto commands. Crypto commands are sent to a specific domain within a
> card is via a queue which is identified as a (card,domain) tuple. We model 
> this something like the following (assuming we have access to cards 3 and 
> 4 and domains 1 and 2):
> 
> AP -> card3 -> queue (3,1)
>             -> queue (3,2)
>    -> card4 -> queue (4,1)
>             -> queue (4,2)  
> 
> If we want to virtualize this, we can use a feature provided by the
> hardware. We basically attach a satellite control block to our main
> hardware virtualization control block and the hardware takes care of
> most of the rest.
> 
> For this control block, we don't specify explicit tuples, but a list of
> cards and a list of domains. The guest will get access to the cross
> product.
> 
> Because of this, we need to take care that the lists provided to
> different guests don't overlap; i.e., we need to enforce sane
> configurations. Otherwise, one guest may get access to things like
> secret keys for another guest.
> 
> The idea of this patch set is to introduce a new device, the matrix
> device. This matrix device hangs off a different root and acts as the
> parent node for mdev devices.
> 
> If you now want to give the tuples (4,1) and (4,2), you need to do the
> following:
> 
> - Make sure the queues (4,1) and (4,2) belong to vfio_ap (see patches
>   #5 and #6)
> - Create the mediated device.
> - Assign card 4 and domains 1 and 2 to the mediated device
> - Optionally activate the mediated device.
> 
> QEMU will now simply consume the mediated device and things should work.
> 
> For a complete description of the architecture and concepts underlying
> the design, see the Documentation/s390/vfio-ap.txt file included with this
> patch set.
> 
> v10 => v11 Change log:
> =====================
> * Fixed race condition when setting KVM in the notifier
> * Removed KVM_S390_VM_CPU_FEAT_AP, no longer necessary
> * Fail vfio_ap module inti if AP instructions not available on host
> * Remove KVM_S390_VM_CPU_FEAT_AP
> * Expose VM enable/disable APIE attributes only if AP instructions
>   available on host.

I think this version is good to go with the touchups mentioned.