[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180514160016.3b689728.cohuck@redhat.com>
Date: Mon, 14 May 2018 16:00:16 +0200
From: Cornelia Huck <cohuck@...hat.com>
To: Halil Pasic <pasic@...ux.ibm.com>
Cc: Dong Jia Shi <bjsdjshi@...ux.ibm.com>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-s390@...r.kernel.org
Subject: Re: [PATCH 1/1] s390: vfio-ccw: push down unsupported IDA check
On Mon, 14 May 2018 15:37:17 +0200
Halil Pasic <pasic@...ux.ibm.com> wrote:
> On 05/14/2018 01:55 PM, Cornelia Huck wrote:
> > On Wed, 9 May 2018 19:36:47 +0200
> > Halil Pasic <pasic@...ux.ibm.com> wrote:
> >
> >> There is at least one relevant control program (CP) that don't set the
> >
> > I'd prefer not to talk about 'control program' here, as it is not a
> > term commonly used in Linux. Call it 'guest'?
> >
> > Also, s/don't/doesn't/
> >
> >
>
> I will use guest instead.
>
> >> IDA flags in the ORB as we would like them, but never uses any IDA. So
> >> instead of saying -EOPNOTSUPP when observing an ORB such that a channel
> >> program specified by it could be a not supported one, let us say
> >> -EOPNOTSUPP only if the channel program is a not supported one.
> >>
> >> Of course, the real solution would be doing proper translation for all
> >> IDA. This is possible, but given the current code not straight forward.
> >
> > I agree, this seems useful for now, but we really need to support the
> > different ida flags to be fully architecture compliant.
> >
>
> I think this support is deeply buried in Dong Jia's backlog. FWIW
> I'm unaware of any (relevant) exploiter (guest) for the old IDA.
> Thus testing could also prove challenging, that is require extra
> test code. So given the estimated pain/gain ratio I don't see this
> coming soon.
Yes, the only practical outcome from implementing this is that we can
claim architecture compliance. Would be good if we could do that, but
as long as there are more pressing issues around...
>
> With my QEMU changes related to this patch we will also get the full
> IDA support as soon as the kernel is there.
Nod.
>
> >>
> >> Signed-off-by: Halil Pasic <pasic@...ux.ibm.com>
> >> Tested-by: Jason J. Herne <jjherne@...ux.ibm.com>
> >> ---
> >>
> >> QEMU counterpart comming soon.
> >> ---
> >> drivers/s390/cio/vfio_ccw_cp.c | 19 ++++++++++++++++---
> >> 1 file changed, 16 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c
> >> index 2c7550797ec2..adfff492dc83 100644
> >> --- a/drivers/s390/cio/vfio_ccw_cp.c
> >> +++ b/drivers/s390/cio/vfio_ccw_cp.c
> >> @@ -365,6 +365,9 @@ static void cp_unpin_free(struct channel_program *cp)
> >> * This is the chain length not considering any TICs.
> >> * You need to do a new round for each TIC target.
> >> *
> >> + * The program is also validated for absence of not yet supported
> >> + * indirect data addressing scenarios.
> >> + *
> >> * Returns: the length of the ccw chain or -errno.
> >> */
> >> static int ccwchain_calc_length(u64 iova, struct channel_program *cp)
> >> @@ -391,6 +394,14 @@ static int ccwchain_calc_length(u64 iova, struct channel_program *cp)
> >> do {
> >> cnt++;
> >>
> >> + /*
> >> + * 2k byte block IDAWs (fmt1 or fmt2) are not yet supported.
> >> + * There are however CPs that don't use IDA at all, and can
> >> + * benefit from not failing until failure is eminent.
> >
> > The second sentence is confusing (What is 'CP' referring to here?
> > 'Control program' or struct channel_program?)
>
> Control program. I was under impression that in mainframe context CP
> mostly stands for control program.
Yes, but it is very confusing as there is also a variable named 'cp' in
this function.
>
> >
> > What about:
> >
> > "As we don't want to fail direct addressing even if the orb specified
> > one of the unsupported formats, we defer checking for IDAWs in
> > unsupported formats to here."
>
> Was the second sentence only confusing because of CP? I'm not perfectly
> satisfied with your version either:
> * 'fail direct addressing even if the orb specified one of the unsupported formats'
> I wanted to say: 'hey it does not matter what format for IDA the orb implies
> if the channel program does not use any IDA at all'. That could be paraphrased
> as channel programs using direct addressing exclusively. But failing the direct
> addressing does not fit for me.
But that's effectively what happens now, no? We reject the orb out of
hand due to unsupported flags that do not have any relevance for the
channel program in that case.
Or maybe 'channel programs using direct addressing only'?
> * 'defer' is IMHO trivial from the perspective that we used to fence the unsupported
> scenarios earlier (by just looking at the orb). But if one just reads the new code
> defer does not make much sense to me.
I think it still makes sense if you look at how the functions are
called.
>
> But no strong opinions here. If you think your version is the way to go I
> will just take it.
I certainly don't want to dictate things :)
>
> >
> >> + */
> >> + if ((!cp->orb.cmd.c64 || cp->orb.cmd.i2k) && ccw_is_idal(ccw))
> >> + return -EOPNOTSUPP;
> >> +
> >> if ((!ccw_is_chain(ccw)) && (!ccw_is_tic(ccw)))
> >> break;
> >>
> >> @@ -656,10 +667,8 @@ int cp_init(struct channel_program *cp, struct device *mdev, union orb *orb)
> >> /*
> >> * XXX:
> >> * Only support prefetch enable mode now.
> >> - * Only support 64bit addressing idal.
> >> - * Only support 4k IDAW.
> >> */
> >> - if (!orb->cmd.pfch || !orb->cmd.c64 || orb->cmd.i2k)
> >> + if (!orb->cmd.pfch)
> >> return -EOPNOTSUPP;
> >>
> >> INIT_LIST_HEAD(&cp->ccwchain_list);
> >> @@ -688,6 +697,10 @@ int cp_init(struct channel_program *cp, struct device *mdev, union orb *orb)
> >> ret = ccwchain_loop_tic(chain, cp);
> >> if (ret)
> >> cp_unpin_free(cp);
> >> + /* It is safe to force: if not set but idals used
> >> + * ccwchain_calc_length returns an error.
> >
> > s/returns/already returned/ ?
> >
>
> Yes we can do that. I think returns is also grammatical. Present simple
> can be used for expressing something that is always true.
I think it makes it clearer that we already checked earlier in the call
sequence.
>
> >> + */
> >> + cp->orb.cmd.c64 = 1;
> >>
> >> return ret;
> >> }
> >
> > The patch looks sane, I have only issues with the description/comments.
> >
>
> Thanks for having a look. Please give me short feedback about the one
> open point and I will respin with the requested changes.
Does anybody else have feedback?
Powered by blists - more mailing lists