| Message ID | 20210331152256.28129-1-akrowiak@linux.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | s390/vfio-ap: dynamic configuration support | expand |
On Wed, 31 Mar 2021 11:22:43 -0400 Tony Krowiak <akrowiak@linux.ibm.com> wrote: > Change log v13-v14: > ------------------ When testing I've experienced this kernel panic. [ 4422.479706] vfio_ap matrix: MDEV: Registered [ 4422.516999] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: Adding to iommu group 1 [ 4422.517037] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: MDEV: group_id = 1 [ 4577.906708] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: Removing from iommu group 1 [ 4577.906917] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: MDEV: detaching iommu [ 4577.908093] Unable to handle kernel pointer dereference in virtual kernel address space [ 4577.908097] Failing address: 00000006ec02f000 TEID: 00000006ec02f403 [ 4577.908100] Fault in home space mode while using kernel ASCE. [ 4577.908106] AS:000000035eb4c007 R3:0000000000000024 [ 4577.908126] Oops: 003b ilc:3 [#1] PREEMPT SMP [ 4577.908132] Modules linked in: vfio_ap vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_R EJECT xt_tcpudp nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp nft_counter bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf _reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink sunrpc s390_trng eadm_s ch vfio_ccw vfio_mdev mdev vfio_iommu_type1 vfio sch_fq_codel configfs ip_tables x_tables dm_service_time ghash_s390 prng aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common nvme nvme_core zfcp scsi_transport_fc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_mirror d m_region_hash dm_log dm_mod rng_core autofs4 [ 4577.908181] CPU: 0 PID: 14315 Comm: nose2 Not tainted 5.12.0-rc5-00030-g4cd110385fa2 #55 [ 4577.908183] Hardware name: IBM 8561 T01 701 (LPAR) [ 4577.908185] Krnl PSW : 0404e00180000000 000000035d2a50f4 (__lock_acquire+0xdc/0x7c8) [ 4577.908194] R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3 [ 4577.908232] Krnl GPRS: 000000039d168d46 00000006ec02f538 000000035e7de940 0000000000000000 [ 4577.908235] 0000000000000000 0000000000000000 0000000000000001 00000000f9e04150 [ 4577.908237] 000000035fa8b100 006b6b6b680c417f 00000000f9e04150 000000035e61e8d0 [ 4577.908239] 000000035fa8b100 0000000000000000 0000038010c4b7d8 0000038010c4b738 [ 4577.908247] Krnl Code: 000000035d2a50e4: eb110003000d sllg %r1,%r1,3 [ 4577.908247] 000000035d2a50ea: b9080012 agr %r1,%r2 [ 4577.908247] #000000035d2a50ee: e31003b80008 ag %r1,952 [ 4577.908247] >000000035d2a50f4: eb011000007a agsi 0(%r1),1 [ 4577.908247] 000000035d2a50fa: a718ffff lhi %r1,-1 [ 4577.908247] 000000035d2a50fe: eb1103a800f8 laa %r1,%r1,936 [ 4577.908247] 000000035d2a5104: ec18026b017e cij %r1,1,8,000000035d2a55da [ 4577.908247] 000000035d2a510a: c4180086d01f lgrl %r1,000000035e37f148 [ 4577.908262] Call Trace: [ 4577.908264] [<000000035d2a50f4>] __lock_acquire+0xdc/0x7c8 [ 4577.908267] [<000000035d2a41ac>] lock_acquire.part.0+0xec/0x1e8 [ 4577.908270] [<000000035d2a4360>] lock_acquire+0xb8/0x208 [ 4577.908272] [<000000035de6fa2a>] _raw_spin_lock_irqsave+0x6a/0xd8 [ 4577.908279] [<000000035d2874fe>] prepare_to_wait_event+0x2e/0x1e0 [ 4577.908281] [<000003ff805d539a>] vfio_ap_mdev_remove_queue+0x122/0x148 [vfio_ap] [ 4577.908287] [<000000035de20e94>] ap_device_remove+0x4c/0xf0 [ 4577.908292] [<000000035db268a2>] __device_release_driver+0x18a/0x230 [ 4577.908298] [<000000035db27cf0>] device_driver_detach+0x58/0xd0 [ 4577.908301] [<000000035db25000>] device_reprobe+0x30/0xc0 [ 4577.908304] [<000000035de22570>] __ap_revise_reserved+0x110/0x148 [ 4577.908307] [<000000035db2408c>] bus_for_each_dev+0x7c/0xb8 [ 4577.908310] [<000000035de2290c>] apmask_store+0xd4/0x118 [ 4577.908313] [<000000035d639316>] kernfs_fop_write_iter+0x13e/0x1e0 [ 4577.908317] [<000000035d542d22>] new_sync_write+0x10a/0x198 [ 4577.908321] [<000000035d5433ee>] vfs_write.part.0+0x196/0x290 [ 4577.908323] [<000000035d545f44>] ksys_write+0x6c/0xf8 [ 4577.908326] [<000000035d1ce7ae>] do_syscall+0x7e/0xd0 [ 4577.908330] [<000000035de5fc00>] __do_syscall+0xc0/0xd8 [ 4577.908334] [<000000035de70c22>] system_call+0x72/0x98 [ 4577.908337] INFO: lockdep is turned off. [ 4577.908338] Last Breaking-Event-Address: [ 4577.908340] [<0000038010c4b648>] 0x38010c4b648 [ 4577.908345] Kernel panic - not syncing: Fatal exception: panic_on_oops
On 4/1/21 3:17 PM, Halil Pasic wrote: > On Wed, 31 Mar 2021 11:22:43 -0400 > Tony Krowiak <akrowiak@linux.ibm.com> wrote: > >> Change log v13-v14: >> ------------------ > When testing I've experienced this kernel panic. I am able to recreate this, but only when the kernel is built with the debug_defconfig configuration. I'll look into this to try to figure out why. > > > [ 4422.479706] vfio_ap matrix: MDEV: Registered > [ 4422.516999] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: Adding to iommu group 1 > [ 4422.517037] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: MDEV: group_id = 1 > [ 4577.906708] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: Removing from iommu group 1 > [ 4577.906917] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: MDEV: detaching iommu > [ 4577.908093] Unable to handle kernel pointer dereference in virtual kernel address space > [ 4577.908097] Failing address: 00000006ec02f000 TEID: 00000006ec02f403 > [ 4577.908100] Fault in home space mode while using kernel ASCE. > [ 4577.908106] AS:000000035eb4c007 R3:0000000000000024 > [ 4577.908126] Oops: 003b ilc:3 [#1] PREEMPT SMP > [ 4577.908132] Modules linked in: vfio_ap vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_R > EJECT xt_tcpudp nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp nft_counter bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf > _reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink sunrpc s390_trng eadm_s > ch vfio_ccw vfio_mdev mdev vfio_iommu_type1 vfio sch_fq_codel configfs ip_tables x_tables dm_service_time ghash_s390 prng aes_s390 des_s390 libdes sha3_512_s390 > sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common nvme nvme_core zfcp scsi_transport_fc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_mirror d > m_region_hash dm_log dm_mod rng_core autofs4 > [ 4577.908181] CPU: 0 PID: 14315 Comm: nose2 Not tainted 5.12.0-rc5-00030-g4cd110385fa2 #55 > [ 4577.908183] Hardware name: IBM 8561 T01 701 (LPAR) > [ 4577.908185] Krnl PSW : 0404e00180000000 000000035d2a50f4 (__lock_acquire+0xdc/0x7c8) > [ 4577.908194] R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3 > [ 4577.908232] Krnl GPRS: 000000039d168d46 00000006ec02f538 000000035e7de940 0000000000000000 > [ 4577.908235] 0000000000000000 0000000000000000 0000000000000001 00000000f9e04150 > [ 4577.908237] 000000035fa8b100 006b6b6b680c417f 00000000f9e04150 000000035e61e8d0 > [ 4577.908239] 000000035fa8b100 0000000000000000 0000038010c4b7d8 0000038010c4b738 > [ 4577.908247] Krnl Code: 000000035d2a50e4: eb110003000d sllg %r1,%r1,3 > [ 4577.908247] 000000035d2a50ea: b9080012 agr %r1,%r2 > [ 4577.908247] #000000035d2a50ee: e31003b80008 ag %r1,952 > [ 4577.908247] >000000035d2a50f4: eb011000007a agsi 0(%r1),1 > [ 4577.908247] 000000035d2a50fa: a718ffff lhi %r1,-1 > [ 4577.908247] 000000035d2a50fe: eb1103a800f8 laa %r1,%r1,936 > [ 4577.908247] 000000035d2a5104: ec18026b017e cij %r1,1,8,000000035d2a55da > [ 4577.908247] 000000035d2a510a: c4180086d01f lgrl %r1,000000035e37f148 > [ 4577.908262] Call Trace: > [ 4577.908264] [<000000035d2a50f4>] __lock_acquire+0xdc/0x7c8 > [ 4577.908267] [<000000035d2a41ac>] lock_acquire.part.0+0xec/0x1e8 > [ 4577.908270] [<000000035d2a4360>] lock_acquire+0xb8/0x208 > [ 4577.908272] [<000000035de6fa2a>] _raw_spin_lock_irqsave+0x6a/0xd8 > [ 4577.908279] [<000000035d2874fe>] prepare_to_wait_event+0x2e/0x1e0 > [ 4577.908281] [<000003ff805d539a>] vfio_ap_mdev_remove_queue+0x122/0x148 [vfio_ap] > [ 4577.908287] [<000000035de20e94>] ap_device_remove+0x4c/0xf0 > [ 4577.908292] [<000000035db268a2>] __device_release_driver+0x18a/0x230 > [ 4577.908298] [<000000035db27cf0>] device_driver_detach+0x58/0xd0 > [ 4577.908301] [<000000035db25000>] device_reprobe+0x30/0xc0 > [ 4577.908304] [<000000035de22570>] __ap_revise_reserved+0x110/0x148 > [ 4577.908307] [<000000035db2408c>] bus_for_each_dev+0x7c/0xb8 > [ 4577.908310] [<000000035de2290c>] apmask_store+0xd4/0x118 > [ 4577.908313] [<000000035d639316>] kernfs_fop_write_iter+0x13e/0x1e0 > [ 4577.908317] [<000000035d542d22>] new_sync_write+0x10a/0x198 > [ 4577.908321] [<000000035d5433ee>] vfs_write.part.0+0x196/0x290 > [ 4577.908323] [<000000035d545f44>] ksys_write+0x6c/0xf8 > [ 4577.908326] [<000000035d1ce7ae>] do_syscall+0x7e/0xd0 > [ 4577.908330] [<000000035de5fc00>] __do_syscall+0xc0/0xd8 > [ 4577.908334] [<000000035de70c22>] system_call+0x72/0x98 > [ 4577.908337] INFO: lockdep is turned off. > [ 4577.908338] Last Breaking-Event-Address: > [ 4577.908340] [<0000038010c4b648>] 0x38010c4b648 > [ 4577.908345] Kernel panic - not syncing: Fatal exception: panic_on_oops
Given what I finally was able to figure out, it is interesting to note that this failure only occurred when building the kernel with the debug_defconfig configuration. The problem occurs when the vfio_ap_mdev_remove_queue() callback is called subsequent to the mdev being removed via the vfio_ap_mdev_remove() callback. The failure results because the vfio_ap_queue object representing the queue device being removed still has a link to the mdev to which the queue is assigned. The fix is to remove the link to the mdev from all vfio_ap_queue objects when the mdev is removed. I will provide a new set of patches with the fix included. On 4/1/21 3:17 PM, Halil Pasic wrote: > On Wed, 31 Mar 2021 11:22:43 -0400 > Tony Krowiak <akrowiak@linux.ibm.com> wrote: > >> Change log v13-v14: >> ------------------ > When testing I've experienced this kernel panic. > > > [ 4422.479706] vfio_ap matrix: MDEV: Registered > [ 4422.516999] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: Adding to iommu group 1 > [ 4422.517037] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: MDEV: group_id = 1 > [ 4577.906708] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: Removing from iommu group 1 > [ 4577.906917] vfio_mdev b2013234-18b2-49bf-badd-a4be9c78b120: MDEV: detaching iommu > [ 4577.908093] Unable to handle kernel pointer dereference in virtual kernel address space > [ 4577.908097] Failing address: 00000006ec02f000 TEID: 00000006ec02f403 > [ 4577.908100] Fault in home space mode while using kernel ASCE. > [ 4577.908106] AS:000000035eb4c007 R3:0000000000000024 > [ 4577.908126] Oops: 003b ilc:3 [#1] PREEMPT SMP > [ 4577.908132] Modules linked in: vfio_ap vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_R > EJECT xt_tcpudp nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp nft_counter bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf > _reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink sunrpc s390_trng eadm_s > ch vfio_ccw vfio_mdev mdev vfio_iommu_type1 vfio sch_fq_codel configfs ip_tables x_tables dm_service_time ghash_s390 prng aes_s390 des_s390 libdes sha3_512_s390 > sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common nvme nvme_core zfcp scsi_transport_fc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_mirror d > m_region_hash dm_log dm_mod rng_core autofs4 > [ 4577.908181] CPU: 0 PID: 14315 Comm: nose2 Not tainted 5.12.0-rc5-00030-g4cd110385fa2 #55 > [ 4577.908183] Hardware name: IBM 8561 T01 701 (LPAR) > [ 4577.908185] Krnl PSW : 0404e00180000000 000000035d2a50f4 (__lock_acquire+0xdc/0x7c8) > [ 4577.908194] R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3 > [ 4577.908232] Krnl GPRS: 000000039d168d46 00000006ec02f538 000000035e7de940 0000000000000000 > [ 4577.908235] 0000000000000000 0000000000000000 0000000000000001 00000000f9e04150 > [ 4577.908237] 000000035fa8b100 006b6b6b680c417f 00000000f9e04150 000000035e61e8d0 > [ 4577.908239] 000000035fa8b100 0000000000000000 0000038010c4b7d8 0000038010c4b738 > [ 4577.908247] Krnl Code: 000000035d2a50e4: eb110003000d sllg %r1,%r1,3 > [ 4577.908247] 000000035d2a50ea: b9080012 agr %r1,%r2 > [ 4577.908247] #000000035d2a50ee: e31003b80008 ag %r1,952 > [ 4577.908247] >000000035d2a50f4: eb011000007a agsi 0(%r1),1 > [ 4577.908247] 000000035d2a50fa: a718ffff lhi %r1,-1 > [ 4577.908247] 000000035d2a50fe: eb1103a800f8 laa %r1,%r1,936 > [ 4577.908247] 000000035d2a5104: ec18026b017e cij %r1,1,8,000000035d2a55da > [ 4577.908247] 000000035d2a510a: c4180086d01f lgrl %r1,000000035e37f148 > [ 4577.908262] Call Trace: > [ 4577.908264] [<000000035d2a50f4>] __lock_acquire+0xdc/0x7c8 > [ 4577.908267] [<000000035d2a41ac>] lock_acquire.part.0+0xec/0x1e8 > [ 4577.908270] [<000000035d2a4360>] lock_acquire+0xb8/0x208 > [ 4577.908272] [<000000035de6fa2a>] _raw_spin_lock_irqsave+0x6a/0xd8 > [ 4577.908279] [<000000035d2874fe>] prepare_to_wait_event+0x2e/0x1e0 > [ 4577.908281] [<000003ff805d539a>] vfio_ap_mdev_remove_queue+0x122/0x148 [vfio_ap] > [ 4577.908287] [<000000035de20e94>] ap_device_remove+0x4c/0xf0 > [ 4577.908292] [<000000035db268a2>] __device_release_driver+0x18a/0x230 > [ 4577.908298] [<000000035db27cf0>] device_driver_detach+0x58/0xd0 > [ 4577.908301] [<000000035db25000>] device_reprobe+0x30/0xc0 > [ 4577.908304] [<000000035de22570>] __ap_revise_reserved+0x110/0x148 > [ 4577.908307] [<000000035db2408c>] bus_for_each_dev+0x7c/0xb8 > [ 4577.908310] [<000000035de2290c>] apmask_store+0xd4/0x118 > [ 4577.908313] [<000000035d639316>] kernfs_fop_write_iter+0x13e/0x1e0 > [ 4577.908317] [<000000035d542d22>] new_sync_write+0x10a/0x198 > [ 4577.908321] [<000000035d5433ee>] vfs_write.part.0+0x196/0x290 > [ 4577.908323] [<000000035d545f44>] ksys_write+0x6c/0xf8 > [ 4577.908326] [<000000035d1ce7ae>] do_syscall+0x7e/0xd0 > [ 4577.908330] [<000000035de5fc00>] __do_syscall+0xc0/0xd8 > [ 4577.908334] [<000000035de70c22>] system_call+0x72/0x98 > [ 4577.908337] INFO: lockdep is turned off. > [ 4577.908338] Last Breaking-Event-Address: > [ 4577.908340] [<0000038010c4b648>] 0x38010c4b648 > [ 4577.908345] Kernel panic - not syncing: Fatal exception: panic_on_oops
Note: Patch 1, "s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks" does not belong to this series. It is currently being merged and is included here because it is a pre-req for this series. Ignore checkpatch warnings regarding unknown commit IDs, those appears to be made in error. The current design for AP pass-through does not support making dynamic changes to the AP matrix of a running guest resulting in a few deficiencies this patch series is intended to mitigate: 1. Adapters, domains and control domains can not be added to or removed from a running guest. In order to modify a guest's AP configuration, the guest must be terminated; only then can AP resources be assigned to or unassigned from the guest's matrix mdev. The new AP configuration becomes available to the guest when it is subsequently restarted. 2. The AP bus's /sys/bus/ap/apmask and /sys/bus/ap/aqmask interfaces can be modified by a root user without any restrictions. A change to either mask can result in AP queue devices being unbound from the vfio_ap device driver and bound to a zcrypt device driver even if a guest is using the queues, thus giving the host access to the guest's private crypto data and vice versa. 3. The APQNs derived from the Cartesian product of the APIDs of the adapters and APQIs of the domains assigned to a matrix mdev must reference an AP queue device bound to the vfio_ap device driver. The AP architecture allows assignment of AP resources that are not available to the system, so this artificial restriction is not compliant with the architecture. 4. The AP configuration profile can be dynamically changed for the linux host after a KVM guest is started. For example, a new domain can be dynamically added to the configuration profile via the SE or an HMC connected to a DPM enabled lpar. Likewise, AP adapters can be dynamically configured (online state) and deconfigured (standby state) using the SE, an SCLP command or an HMC connected to a DPM enabled lpar. This can result in inadvertent sharing of AP queues between the guest and host. 5. A root user can manually unbind an AP queue device representing a queue in use by a KVM guest via the vfio_ap device driver's sysfs unbind attribute. In this case, the guest will be using a queue that is not bound to the driver which violates the device model. This patch series introduces the following changes to the current design to alleviate the shortcomings described above as well as to implement more of the AP architecture: 1. A root user will be prevented from making edits to the AP bus's /sys/bus/ap/apmask or /sys/bus/ap/aqmask if the change would transfer ownership of an APQN from the vfio_ap device driver to a zcrypt driver while the APQN is assigned to a matrix mdev. 2. Allow a root user to hot plug/unplug AP adapters, domains and control domains for a KVM guest using the matrix mdev via its sysfs assign/unassign attributes. 4. Allow assignment of an AP adapter or domain to a matrix mdev even if it results in assignment of an APQN that does not reference an AP queue device bound to the vfio_ap device driver, as long as the APQN is not reserved for use by the default zcrypt drivers (also known as over-provisioning of AP resources). Allowing over-provisioning of AP resources better models the architecture which does not preclude assigning AP resources that are not yet available in the system. Such APQNs, however, will not be assigned to the guest using the matrix mdev; only APQNs referencing AP queue devices bound to the vfio_ap device driver will actually get assigned to the guest. 5. Handle dynamic changes to the AP device model. 1. Rationale for changes to AP bus's apmask/aqmask interfaces: ---------------------------------------------------------- Due to the extremely sensitive nature of cryptographic data, it is imperative that great care be taken to ensure that such data is secured. Allowing a root user, either inadvertently or maliciously, to configure these masks such that a queue is shared between the host and a guest is not only avoidable, it is advisable. It was suggested that this scenario is better handled in user space with management software, but that does not preclude a malicious administrator from using the sysfs interfaces to gain access to a guest's crypto data. It was also suggested that this scenario could be avoided by taking access to the adapter away from the guest and zeroing out the queues prior to the vfio_ap driver releasing the device; however, stealing an adapter in use from a guest as a by-product of an operation is bad and will likely cause problems for the guest unnecessarily. It was decided that the most effective solution with the least number of negative side effects is to prevent the situation at the source. 2. Rationale for hot plug/unplug using matrix mdev sysfs interfaces: ---------------------------------------------------------------- Allowing a user to hot plug/unplug AP resources using the matrix mdev sysfs interfaces circumvents the need to terminate the guest in order to modify its AP configuration. Allowing dynamic configuration makes reconfiguring a guest's AP matrix much less disruptive. 3. Rationale for allowing over-provisioning of AP resources: ----------------------------------------------------------- Allowing assignment of AP resources to a matrix mdev and ultimately to a guest better models the AP architecture. The architecture does not preclude assignment of unavailable AP resources. If a queue subsequently becomes available while a guest using the matrix mdev to which its APQN is assigned, the guest will be given access to it. If an APQN is dynamically unassigned from the underlying host system, it will automatically become unavailable to the guest. Change log v13-v14: ------------------ * Removed patch "s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated". The patch is not necessary because that is handled with patch 1 of this series (currently being merged) and commit f21916ec4826 ("s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated") * Removed patch "s390/vfio-ap: No need to disable IRQ after queue reset", that has already been merged with commit 6c12a6384e0c ("s390/vfio-ap: No need to disable IRQ after queue reset"). * Initialize the vfio_ap_queue object before setting the drvdata in the probe callback * Change return code from mdev assignment interfaces to -EAGAIN when mutex_trylock fails for the mdev lock. * Restored missing hunk from v12 in the group notifier callback, but had to restore it to the vfio_ap_mdev_set_kvm() function due to changes made via merged commits noted above. * Reordered patch "s390/vfio-ap: sysfs attribute to display the guest's matrix" to follow the patches that modify the shadow APCB. * Remove queue from APCB before resetting it in the remove callback. * Split the vfio_ap_mdev_unlink_queue() function into two functions: one to remove the link from the matrix mdev to the queue; and, one to remove the link from the queue to the matrix mdev. * Removed the QCI call and the shadow_apcb memcpy from the vfio_ap_mdev_filter_apcb() function. * Do not clear shadow_apcb when there are not adapters or domains assigned. * Moved filtering code from "s390/vfio-ap: allow hot plug/unplug of AP resources using mdev device" into its own patch. * Squashed the two patches comprising the handling of changes to the AP configuration into one patch. * Added code to delay hot plug during probe until the AP bus scan is complete if the APID of the queue is in the bitmap of adapters currently being added to the AP configuration. Change log v12-v13: ------------------ * Combined patches 12/13 from previous series into one patch * Moved all changes for linking queues and mdevs into a single patch * Re-ordered some patches to aid in review * Using mutex_trylock() function in adapter/domain assignment functions to avoid potential deadlock condition with in_use callback * Using filtering function for refreshing the guest's APCB for all events that change the APCB: assign/unassign adapters, domains, control domains; bind/unbind of queue devices; and, changes to the host AP configuration. Change log v11-v12: ------------------ * Moved matrix device lock to protect group notifier callback * Split the 'No need to disable IRQ after queue reset' patch into multiple patches for easier review (move probe/remove callback functions and remove disable IRQ after queue reset) * Added code to decrement reference count for KVM in group notifier callback * Using mutex_trylock() in functions implementing the sysfs assign_adapter and assign_domain as well as the in_use callback to avoid deadlock between the AP bus's ap_perms mutex and the matrix device lock used by vfio_ap driver. * The sysfs guest_matrix attribute of the vfio_ap mdev will now display the shadow APCB regardless of whether a guest is using the mdev or not * Replaced vfio_ap mdev filtering function with a function that initializes the guest's APCB by filtering the vfio_ap mdev by APID. * No longer using filtering function during adapter/domain assignment to/from the vfio_ap mdev; replaced with new hot plug/unplug adapter/domain functions. * No longer using filtering function during bind/unbind; replaced with hot plug/unplug queue functions. * No longer using filtering function for bulk assignment of new adapters and domains in on_scan_complete callback; replaced with new hot plug functions. Change log v10-v11: ------------------ * The matrix mdev's configuration is not filtered by APID so that if any APQN assigned to the mdev is not bound to the vfio_ap device driver, the adapter will not get plugged into the KVM guest on startup, or when a new adapter is assigned to the mdev. * Replaced patch 8 by squashing patches 8 (filtering patch) and 15 (handle probe/remove). * Added a patch 1 to remove disable IRQ after a reset because the reset already disables a queue. * Now using filtering code to update the KVM guest's matrix when notified that AP bus scan has completed. * Fixed issue with probe/remove not inititiated by a configuration change occurring within a config change. Change log v9-v10: ----------------- * Updated the documentation in vfio-ap.rst to include information about the AP dynamic configuration support Change log v8-v9: ---------------- * Fixed errors flagged by the kernel test robot * Fixed issue with guest losing queues when a new queue is probed due to manual bind operation. Change log v7-v8: ---------------- * Now logging a message when an attempt to reserve APQNs for the zcrypt drivers will result in taking a queue away from a KVM guest to provide the sysadmin a way to ascertain why the sysfs operation failed. * Created locked and unlocked versions of the ap_parse_mask_str() function. * Now using new interface provided by an AP bus patch - s390/ap: introduce new ap function ap_get_qdev() - to retrieve struct ap_queue representing an AP queue device. This patch is not a part of this series but is a prerequisite for this series. Change log v6-v7: ---------------- * Added callbacks to AP bus: - on_config_changed: Notifies implementing drivers that the AP configuration has changed since last AP device scan. - on_scan_complete: Notifies implementing drivers that the device scan has completed. - implemented on_config_changed and on_scan_complete callbacks for vfio_ap device driver. - updated vfio_ap device driver's probe and remove callbacks to handle dynamic changes to the AP device model. * Added code to filter APQNs when assigning AP resources to a KVM guest's CRYCB Change log v5-v6: ---------------- * Fixed a bug in ap_bus.c introduced with patch 2/7 of the v5 series. Harald Freudenberer pointed out that the mutex lock for ap_perms_mutex in the apmask_store and aqmask_store functions was not being freed. * Removed patch 6/7 which added logging to the vfio_ap driver to expedite acceptance of this series. The logging will be introduced with a separate patch series to allow more time to explore options such as DBF logging vs. tracepoints. * Added 3 patches related to ensuring that APQNs that do not reference AP queue devices bound to the vfio_ap device driver are not assigned to the guest CRYCB: Patch 4: Filter CRYCB bits for unavailable queue devices Patch 5: sysfs attribute to display the guest CRYCB Patch 6: update guest CRYCB in vfio_ap probe and remove callbacks * Added a patch (Patch 9) to version the vfio_ap module. * Reshuffled patches to allow the in_use callback implementation to invoke the vfio_ap_mdev_verify_no_sharing() function introduced in patch 2. Change log v4-v5: ---------------- * Added a patch to provide kernel s390dbf debug logs for VFIO AP Change log v3->v4: ----------------- * Restored patches preventing root user from changing ownership of APQNs from zcrypt drivers to the vfio_ap driver if the APQN is assigned to an mdev. * No longer enforcing requirement restricting guest access to queues represented by a queue device bound to the vfio_ap device driver. * Removed shadow CRYCB and now directly updating the guest CRYCB from the matrix mdev's matrix. * Rebased the patch series on top of 'vfio: ap: AP Queue Interrupt Control' patches. * Disabled bind/unbind sysfs interfaces for vfio_ap driver Change log v2->v3: ----------------- * Allow guest access to an AP queue only if the queue is bound to the vfio_ap device driver. * Removed the patch to test CRYCB masks before taking the vCPUs out of SIE. Now checking the shadow CRYCB in the vfio_ap driver. Change log v1->v2: ----------------- * Removed patches preventing root user from unbinding AP queues from the vfio_ap device driver * Introduced a shadow CRYCB in the vfio_ap driver to manage dynamic changes to the AP guest configuration due to root user interventions or hardware anomalies. Tony Krowiak (13): s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks s390/vfio-ap: use new AP bus interface to search for queue devices s390/vfio-ap: move probe and remove callbacks to vfio_ap_ops.c s390/vfio-ap: manage link between queue struct and matrix mdev s390/vfio-ap: introduce shadow APCB s390/vfio-ap: refresh guest's APCB by filtering APQNs assigned to mdev s390/vfio-ap: allow assignment of unavailable AP queues to mdev device s390/vfio-ap: allow hot plug/unplug of AP resources using mdev device s390/zcrypt: driver callback to indicate resource in use s390/vfio-ap: implement in-use callback for vfio_ap driver s390/vfio-ap: sysfs attribute to display the guest's matrix s390/zcrypt: notify drivers on config changed and scan complete callbacks s390/vfio-ap: update docs to include dynamic config support Documentation/s390/vfio-ap.rst | 383 ++++++--- drivers/s390/crypto/ap_bus.c | 249 +++++- drivers/s390/crypto/ap_bus.h | 16 + drivers/s390/crypto/vfio_ap_drv.c | 46 +- drivers/s390/crypto/vfio_ap_ops.c | 1090 ++++++++++++++++++------- drivers/s390/crypto/vfio_ap_private.h | 29 +- 6 files changed, 1347 insertions(+), 466 deletions(-) -- 2.21.3