Re: [PATCH v4 13/15] KVM: s390: configure the guest's AP devices

[Pierre Morel <pmorel@linux.vnet.ibm.com>]

On 15/04/2018 23:22, Tony Krowiak wrote:
> Registers a group notifier during the open of the mediated
> matrix device to get information on KVM presence through the
> VFIO_GROUP_NOTIFY_SET_KVM event. When notified, the pointer
> to the kvm structure is saved inside the mediated matrix
> device. Once the VFIO AP device driver has access to KVM,
> access to the APs can be configured for the guest.
>
> Access to APs is configured when the file descriptor for the
> mediated matrix device is opened by userspace. The items to be
> configured are:
>
> 1. The ECA.28 bit in the SIE state description determines whether
>     AP instructions are interpreted by the hardware or intercepted.
>     The VFIO AP device driver relies interpretive execution of
>     AP instructions so the ECA.28 bit will be set
>
> 2. Guest access to AP adapters, usage domains and control domains
>     is controlled by three bit masks referenced from the
>     Crypto Control Block (CRYCB) referenced from the guest's SIE state
>     description:
>
>     * The AP Mask (APM) controls access to the AP adapters. Each bit
>       in the APM represents an adapter number - from most significant
>       to least significant bit - from 0 to 255. The bits in the APM
>       are set according to the adapter numbers assigned to the mediated
>       matrix device via its 'assign_adapter' sysfs attribute file.
>
>     * The AP Queue (AQM) controls access to the AP queues. Each bit
>       in the AQM represents an AP queue index - from most significant
>       to least significant bit - from 0 to 255. A queue index references
>       a specific domain and is synonymous with the domian number. The
>       bits in the AQM are set according to the domain numbers assigned
>       to the mediated matrix device via its 'assign_domain' sysfs
>       attribute file.
>
>     * The AP Domain Mask (ADM) controls access to the AP control domains.
>       Each bit in the ADM represents a control domain - from most
>       significant to least significant bit - from 0-255. The
>       bits in the ADM are set according to the domain numbers assigned
>       to the mediated matrix device via its 'assign_control_domain'
>       sysfs attribute file.
>
> Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
> ---
>   drivers/s390/crypto/vfio_ap_ops.c     |   50 +++++++++++++++++++++++++++++++++
>   drivers/s390/crypto/vfio_ap_private.h |    2 +
>   2 files changed, 52 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c
> index bc2b05e..e3ff5ab 100644
> --- a/drivers/s390/crypto/vfio_ap_ops.c
> +++ b/drivers/s390/crypto/vfio_ap_ops.c
> @@ -53,6 +53,54 @@ static int vfio_ap_mdev_remove(struct mdev_device *mdev)
>   	return 0;
>   }
>
> +static int vfio_ap_mdev_group_notifier(struct notifier_block *nb,
> +				       unsigned long action, void *data)
> +{
> +	struct ap_matrix_mdev *matrix_mdev;
> +
> +	if (action == VFIO_GROUP_NOTIFY_SET_KVM) {
> +		matrix_mdev = container_of(nb, struct ap_matrix_mdev,
> +					   group_notifier);
> +		matrix_mdev->kvm = data;
> +	}
> +
> +	return NOTIFY_OK;
> +}
> +
> +static int vfio_ap_mdev_open(struct mdev_device *mdev)
> +{
> +	struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
> +	unsigned long events;
> +	int ret;
> +
> +	matrix_mdev->group_notifier.notifier_call = vfio_ap_mdev_group_notifier;
> +	events = VFIO_GROUP_NOTIFY_SET_KVM;
> +
> +	ret = vfio_register_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY,
> +				     &events, &matrix_mdev->group_notifier);
> +	if (ret)
> +		return ret;
> +
> +	ret = kvm_ap_interpret_instructions(matrix_mdev->kvm, true);
> +	if (ret)
> +		return ret;
> +
> +	ret = kvm_ap_configure_matrix(matrix_mdev->kvm,
> +				      matrix_mdev->matrix);

If all went OK, you may want to increase the module reference count
to avoid removing the module while in use by QEMU.

> +
> +	return ret;
> +}
> +
> +static void vfio_ap_mdev_release(struct mdev_device *mdev)
> +{
> +	struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
> +
> +	kvm_ap_deconfigure_matrix(matrix_mdev->kvm);
> +	kvm_ap_interpret_instructions(matrix_mdev->kvm, false);
> +	vfio_unregister_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY,
> +				 &matrix_mdev->group_notifier);

... and also decrease the reference count.

> +}
> +
>   static ssize_t name_show(struct kobject *kobj, struct device *dev, char *buf)
>   {
>   	return sprintf(buf, "%s\n", VFIO_AP_MDEV_NAME_HWVIRT);
> @@ -754,6 +802,8 @@ static ssize_t matrix_show(struct device *dev, struct device_attribute *attr,
>   	.mdev_attr_groups	= vfio_ap_mdev_attr_groups,
>   	.create			= vfio_ap_mdev_create,
>   	.remove			= vfio_ap_mdev_remove,
> +	.open			= vfio_ap_mdev_open,
> +	.release		= vfio_ap_mdev_release,
>   };
>
>   int vfio_ap_mdev_register(struct ap_matrix *ap_matrix)
> diff --git a/drivers/s390/crypto/vfio_ap_private.h b/drivers/s390/crypto/vfio_ap_private.h
> index f248faf..48e2806 100644
> --- a/drivers/s390/crypto/vfio_ap_private.h
> +++ b/drivers/s390/crypto/vfio_ap_private.h
> @@ -31,6 +31,8 @@ struct ap_matrix {
>
>   struct ap_matrix_mdev {
>   	struct kvm_ap_matrix *matrix;
> +	struct notifier_block group_notifier;
> +	struct kvm *kvm;
>   };
>
>   static inline struct ap_matrix *to_ap_matrix(struct device *dev)


-- 
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany