mbox series

[v11,0/6] s390x: vfio-ap: guest dedicated crypto adapters

Message ID 20181010170309.12045-1-akrowiak@linux.ibm.com (mailing list archive)
Headers show
Series s390x: vfio-ap: guest dedicated crypto adapters | expand

Message

Anthony Krowiak Oct. 10, 2018, 5:03 p.m. UTC
This patch series is the QEMU counterpart to the KVM/kernel support for 
guest dedicated crypto adapters. The KVM/kernel model is built on the 
VFIO mediated device framework and provides the infrastructure for 
granting exclusive guest access to crypto devices installed on the linux 
host. This patch series introduces a new QEMU command line option, QEMU 
object model and CPU model features to exploit the KVM/kernel model.

See the detailed specifications for AP virtualization provided by this 
patch set in docs/vfio-ap.txt for a more complete discussion of the 
design introduced by this patch series.

v10 => v11 Change log:
=====================
* Replaced DO_UPCAST macros in ap.c
* Initializing GError in vfio_ap_get_group() function (BUG)
* Updated s390 maintainers with new files in MAINTAINERS
* Fixed memory leak in vfio_ap_get_group() function

v9 => v10 Change log:
====================
* Removed KVM_S390_VM_CPU_FEAT_AP feature from kvm.h
* Moved check for KVM_S390_VM_CRYPTO_ENABLE_APIE from patch 2/6 to patch
  3/6
* Removed vfio from all function names in ap-bridge.c 
* Removed unused macros and structure from ap-bridge.h
* Removed unused macros from ap-device.h

v8 => v9 Change log:
===================
* Removed all references to VFIO in AP bridge and bus
* Expose AP feature only if the KVM_S390_VM_CRYPTO_ENABLE_APIE VM attribute
  is exposed by KVM - i.e., if AP instructions are available on the linux
  host.
* Enable AP interpretation only if AP feature is switched on; no need to
  disable because it is disabled by default.

v7 => v8 Change log:
===================
* Enable SIE interpretation AP instructions if the CPU model feature for
  AP instructions is turned on for the guest.

v6 => v7 Change log;
===================
* Changed email address for Signed-off-by

v5 => v6 Change log:
===================
* Added reset handling fo vfio-ap device
* Added a bridge/bus to AP device object model - thanks to Halil Pasic

v4 => v5 Change log:
===================
* Added MAINTAINERS entries for VFIO AP
* Added explanation for why we are only supporting zEC12 and newer CPU 
  models.
* Changed CPU model feature qci=on|off to apqci=on|off
* Misc. minor changes

v3 => v4 Change log:
===================
* Made vfio-ap device unpluggable for now
* Renamed command line CPU model feature for QCI: qci=on -> apqci=on
* Removed call to KVM_S390_VM_CRYPTO_INTERPRET_AP ioctl - ioctl was 
  removed from kernel and AP instruction interpretation is set from the
  VFIO device driver
* Added check to ensure only one vfio-ap device can be configured per 
  guest
* Removed AP instruction interception handlers: AP instructions will be 
  interpreted by default if AP facilities are installed to handle the case
  where feature ap=on and no vfio-ap device is configured for the guest.


Tony Krowiak (6):
  linux-headers: linux header updates for AP support
  s390x/cpumodel: Set up CPU model for AP device support
  s390x/kvm: enable AP instruction interpretation for guest
  s390x/ap: base Adjunct Processor (AP) object model
  s390x/vfio: ap: Introduce VFIO AP device
  s390: doc: detailed specifications for AP virtualization

 MAINTAINERS                       |  16 +
 default-configs/s390x-softmmu.mak |   1 +
 docs/vfio-ap.txt                  | 825 ++++++++++++++++++++++++++++++
 hw/s390x/Makefile.objs            |   2 +
 hw/s390x/ap-bridge.c              |  78 +++
 hw/s390x/ap-device.c              |  38 ++
 hw/s390x/s390-virtio-ccw.c        |   4 +
 hw/vfio/Makefile.objs             |   1 +
 hw/vfio/ap.c                      | 179 +++++++
 include/hw/s390x/ap-bridge.h      |  19 +
 include/hw/s390x/ap-device.h      |  22 +
 include/hw/vfio/vfio-common.h     |   1 +
 linux-headers/asm-s390/kvm.h      |   2 +
 linux-headers/linux/vfio.h        |   2 +
 target/s390x/cpu_features.c       |   3 +
 target/s390x/cpu_features_def.h   |   3 +
 target/s390x/cpu_models.c         |   2 +
 target/s390x/gen-features.c       |   3 +
 target/s390x/kvm.c                |  19 +
 19 files changed, 1220 insertions(+)
 create mode 100644 docs/vfio-ap.txt
 create mode 100644 hw/s390x/ap-bridge.c
 create mode 100644 hw/s390x/ap-device.c
 create mode 100644 hw/vfio/ap.c
 create mode 100644 include/hw/s390x/ap-bridge.h
 create mode 100644 include/hw/s390x/ap-device.h

Comments

Christian Borntraeger Oct. 10, 2018, 6:15 p.m. UTC | #1
On 10/10/2018 07:03 PM, Tony Krowiak wrote:
> This patch series is the QEMU counterpart to the KVM/kernel support for 
> guest dedicated crypto adapters. The KVM/kernel model is built on the 
> VFIO mediated device framework and provides the infrastructure for 
> granting exclusive guest access to crypto devices installed on the linux 
> host. This patch series introduces a new QEMU command line option, QEMU 
> object model and CPU model features to exploit the KVM/kernel model.
> 
> See the detailed specifications for AP virtualization provided by this 
> patch set in docs/vfio-ap.txt for a more complete discussion of the 
> design introduced by this patch series.
> 
> v10 => v11 Change log:



Series seems to work fine.

Christian


> =====================
> * Replaced DO_UPCAST macros in ap.c
> * Initializing GError in vfio_ap_get_group() function (BUG)
> * Updated s390 maintainers with new files in MAINTAINERS
> * Fixed memory leak in vfio_ap_get_group() function
> 
> v9 => v10 Change log:
> ====================
> * Removed KVM_S390_VM_CPU_FEAT_AP feature from kvm.h
> * Moved check for KVM_S390_VM_CRYPTO_ENABLE_APIE from patch 2/6 to patch
>   3/6
> * Removed vfio from all function names in ap-bridge.c 
> * Removed unused macros and structure from ap-bridge.h
> * Removed unused macros from ap-device.h
> 
> v8 => v9 Change log:
> ===================
> * Removed all references to VFIO in AP bridge and bus
> * Expose AP feature only if the KVM_S390_VM_CRYPTO_ENABLE_APIE VM attribute
>   is exposed by KVM - i.e., if AP instructions are available on the linux
>   host.
> * Enable AP interpretation only if AP feature is switched on; no need to
>   disable because it is disabled by default.
> 
> v7 => v8 Change log:
> ===================
> * Enable SIE interpretation AP instructions if the CPU model feature for
>   AP instructions is turned on for the guest.
> 
> v6 => v7 Change log;
> ===================
> * Changed email address for Signed-off-by
> 
> v5 => v6 Change log:
> ===================
> * Added reset handling fo vfio-ap device
> * Added a bridge/bus to AP device object model - thanks to Halil Pasic
> 
> v4 => v5 Change log:
> ===================
> * Added MAINTAINERS entries for VFIO AP
> * Added explanation for why we are only supporting zEC12 and newer CPU 
>   models.
> * Changed CPU model feature qci=on|off to apqci=on|off
> * Misc. minor changes
> 
> v3 => v4 Change log:
> ===================
> * Made vfio-ap device unpluggable for now
David Hildenbrand Oct. 11, 2018, 8:12 a.m. UTC | #2
On 10/10/2018 20:15, Christian Borntraeger wrote:
> 
> On 10/10/2018 07:03 PM, Tony Krowiak wrote:
>> This patch series is the QEMU counterpart to the KVM/kernel support for 
>> guest dedicated crypto adapters. The KVM/kernel model is built on the 
>> VFIO mediated device framework and provides the infrastructure for 
>> granting exclusive guest access to crypto devices installed on the linux 
>> host. This patch series introduces a new QEMU command line option, QEMU 
>> object model and CPU model features to exploit the KVM/kernel model.
>>
>> See the detailed specifications for AP virtualization provided by this 
>> patch set in docs/vfio-ap.txt for a more complete discussion of the 
>> design introduced by this patch series.
>>
>> v10 => v11 Change log:
> 
> 
> 
> Series seems to work fine.
> 
> Christian

Had a quick glimpse over all patches, looks good and clean to me.
Thomas Huth Oct. 11, 2018, 9:32 a.m. UTC | #3
On 2018-10-11 10:12, David Hildenbrand wrote:
> On 10/10/2018 20:15, Christian Borntraeger wrote:
>>
>> On 10/10/2018 07:03 PM, Tony Krowiak wrote:
>>> This patch series is the QEMU counterpart to the KVM/kernel support for 
>>> guest dedicated crypto adapters. The KVM/kernel model is built on the 
>>> VFIO mediated device framework and provides the infrastructure for 
>>> granting exclusive guest access to crypto devices installed on the linux 
>>> host. This patch series introduces a new QEMU command line option, QEMU 
>>> object model and CPU model features to exploit the KVM/kernel model.
>>>
>>> See the detailed specifications for AP virtualization provided by this 
>>> patch set in docs/vfio-ap.txt for a more complete discussion of the 
>>> design introduced by this patch series.
>>>
>>> v10 => v11 Change log:
>>
>> Series seems to work fine.
>>
>> Christian
> 
> Had a quick glimpse over all patches, looks good and clean to me.

FWIW, with one additional g_free() in patch 5, the series now also looks
fine to me.

 Thomas
Cornelia Huck Oct. 11, 2018, 9:48 a.m. UTC | #4
On Wed, 10 Oct 2018 20:15:55 +0200
Christian Borntraeger <borntraeger@de.ibm.com> wrote:

> On 10/10/2018 07:03 PM, Tony Krowiak wrote:
> > This patch series is the QEMU counterpart to the KVM/kernel support for 
> > guest dedicated crypto adapters. The KVM/kernel model is built on the 
> > VFIO mediated device framework and provides the infrastructure for 
> > granting exclusive guest access to crypto devices installed on the linux 
> > host. This patch series introduces a new QEMU command line option, QEMU 
> > object model and CPU model features to exploit the KVM/kernel model.
> > 
> > See the detailed specifications for AP virtualization provided by this 
> > patch set in docs/vfio-ap.txt for a more complete discussion of the 
> > design introduced by this patch series.
> > 
> > v10 => v11 Change log:  
> 
> 
> 
> Series seems to work fine.
> 
> Christian

Is that a Tested-by:, or just 'looks sane'?
Christian Borntraeger Oct. 11, 2018, 10 a.m. UTC | #5
On 10/11/2018 11:48 AM, Cornelia Huck wrote:
> On Wed, 10 Oct 2018 20:15:55 +0200
> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> 
>> On 10/10/2018 07:03 PM, Tony Krowiak wrote:
>>> This patch series is the QEMU counterpart to the KVM/kernel support for 
>>> guest dedicated crypto adapters. The KVM/kernel model is built on the 
>>> VFIO mediated device framework and provides the infrastructure for 
>>> granting exclusive guest access to crypto devices installed on the linux 
>>> host. This patch series introduces a new QEMU command line option, QEMU 
>>> object model and CPU model features to exploit the KVM/kernel model.
>>>
>>> See the detailed specifications for AP virtualization provided by this 
>>> patch set in docs/vfio-ap.txt for a more complete discussion of the 
>>> design introduced by this patch series.
>>>
>>> v10 => v11 Change log:  
>>
>>
>>
>> Series seems to work fine.
>>
>> Christian
> 
> Is that a Tested-by:, or just 'looks sane'?

It was limited to some cases, but lets make it a tested-by.
Pierre Morel Oct. 11, 2018, 11:21 a.m. UTC | #6
On 11/10/2018 12:00, Christian Borntraeger wrote:
> 
> 
> On 10/11/2018 11:48 AM, Cornelia Huck wrote:
>> On Wed, 10 Oct 2018 20:15:55 +0200
>> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
>>
>>> On 10/10/2018 07:03 PM, Tony Krowiak wrote:
>>>> This patch series is the QEMU counterpart to the KVM/kernel support for
>>>> guest dedicated crypto adapters. The KVM/kernel model is built on the
>>>> VFIO mediated device framework and provides the infrastructure for
>>>> granting exclusive guest access to crypto devices installed on the linux
>>>> host. This patch series introduces a new QEMU command line option, QEMU
>>>> object model and CPU model features to exploit the KVM/kernel model.
>>>>
>>>> See the detailed specifications for AP virtualization provided by this
>>>> patch set in docs/vfio-ap.txt for a more complete discussion of the
>>>> design introduced by this patch series.
>>>>
>>>> v10 => v11 Change log:
>>>
>>>
>>>
>>> Series seems to work fine.
>>>
>>> Christian
>>
>> Is that a Tested-by:, or just 'looks sane'?
> 
> It was limited to some cases, but lets make it a tested-by.
> 
> 

I tested it yesterday, so you can keep my tested-by too.
Cornelia Huck Oct. 11, 2018, 11:41 a.m. UTC | #7
On Wed, 10 Oct 2018 13:03:02 -0400
Tony Krowiak <akrowiak@linux.ibm.com> wrote:

> This patch series is the QEMU counterpart to the KVM/kernel support for 
> guest dedicated crypto adapters. The KVM/kernel model is built on the 
> VFIO mediated device framework and provides the infrastructure for 
> granting exclusive guest access to crypto devices installed on the linux 
> host. This patch series introduces a new QEMU command line option, QEMU 
> object model and CPU model features to exploit the KVM/kernel model.
> 
> See the detailed specifications for AP virtualization provided by this 
> patch set in docs/vfio-ap.txt for a more complete discussion of the 
> design introduced by this patch series.

I added the missing g_free and device category in patch 5 and replaced
patch 1 with a headers-update against kvm/next.

Thanks, applied.