Re: [PATCH v5 11/13] KVM: s390: implement mediated device open callback

[Pierre Morel <pmorel@linux.ibm.com>]

On 06/06/2018 16:28, Tony Krowiak wrote:
> On 06/05/2018 08:19 AM, Pierre Morel wrote:
>> On 30/05/2018 16:33, Tony Krowiak wrote:
>>> On 05/24/2018 05:08 AM, Pierre Morel wrote:
>>>> On 23/05/2018 16:45, Tony Krowiak wrote:
>>>>> On 05/16/2018 04:03 AM, Pierre Morel wrote:
>>>>>> On 07/05/2018 17:11, Tony Krowiak wrote:
>>>>>>> Implements the open callback on the mediated matrix device.
>>>>>>> The function registers a group notifier to receive notification
>>>>>>> of the VFIO_GROUP_NOTIFY_SET_KVM event. When notified,
>>>>>>> the vfio_ap device driver will get access to the guest's
>>>>>>> kvm structure. With access to this structure the driver will:
>>>>>>>
>>>>>>> 1. Ensure that only one mediated device is opened for the guest
>>>>
>>>> You should explain why.
>>>>
>>>>>>>
>>>>>>> 2. Configure access to the AP devices for the guest.
>>>>>>>
>>>> ...snip...
>>>>>>> +void kvm_ap_refcount_inc(struct kvm *kvm)
>>>>>>> +{
>>>>>>> +    atomic_inc(&kvm->arch.crypto.aprefs);
>>>>>>> +}
>>>>>>> +EXPORT_SYMBOL(kvm_ap_refcount_inc);
>>>>>>> +
>>>>>>> +void kvm_ap_refcount_dec(struct kvm *kvm)
>>>>>>> +{
>>>>>>> +    atomic_dec(&kvm->arch.crypto.aprefs);
>>>>>>> +}
>>>>>>> +EXPORT_SYMBOL(kvm_ap_refcount_dec);
>>>>>>
>>>>>> Why are these functions inside kvm-ap ?
>>>>>> Will anyone use this outer of vfio-ap ?
>>>>>
>>>>> As I've stated before, I made the choice to contain all interfaces 
>>>>> that
>>>>> access KVM in kvm-ap because I don't think it is appropriate for 
>>>>> the device
>>>>> driver to have to have "knowledge" of the inner workings of KVM. 
>>>>> Why does
>>>>> it matter whether any entity outside of the vfio_ap device driver 
>>>>> calls
>>>>> these functions? I could ask a similar question if the interfaces 
>>>>> were
>>>>> contained in vfio-ap; what if another device driver needs access 
>>>>> to these
>>>>> interfaces?
>>>>
>>>> This is very driver specific and only used during initialization.
>>>> It is not a common property of the cryptographic interface.
>>>>
>>>> I really think you should handle this inside the driver.
>>>
>>> We are going to have to agree to disagree on this one. Is it not 
>>> possible
>>> that future drivers - e.g., when full virtualization is implemented 
>>> - will
>>> require access to KVM?
>>
>> I do not think that an access to KVM is required for full 
>> virtualization.
>
> You may be right, but at this point, there is no guarantee. I stand by my
> design on this one.

I really regret that we abandoned the initial design with the matrix bus 
and one
single parent matrix device per guest.
We would not have the problem of these KVM dependencies.

It had the advantage of taking care of having only one device per guest
(available_instance = 1), could take care of provisioning as you have
sysfs entries available for a matrix without having a guest and a mediated
device.

it also had advantage for virtualization to keep host side and guest 
side matrix
separate inside parent (host side) and mediated device (guest side).

Shouldn't we treat this problem with a design using standard interfaces
Instead of adding new dedicated interfaces?

Regards,

Pierre


-- 
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany