lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <b1094c57-18dd-f4fd-b528-f1682b8fc078@linux.ibm.com>
Date:   Thu, 9 Aug 2018 16:27:38 -0400
From:   Tony Krowiak <akrowiak@...ux.ibm.com>
To:     David Hildenbrand <david@...hat.com>,
        Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org
Cc:     freude@...ibm.com, schwidefsky@...ibm.com,
        heiko.carstens@...ibm.com, borntraeger@...ibm.com,
        cohuck@...hat.com, kwankhede@...dia.com,
        bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
        alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
        alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
        jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
        pasic@...ux.vnet.ibm.com, berrange@...hat.com,
        fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com,
        frankja@...ux.ibm.com
Subject: Re: [PATCH v8 21/22] KVM: s390: CPU model support for AP
 virtualization

On 08/09/2018 04:17 AM, David Hildenbrand wrote:
> On 08.08.2018 16:44, Tony Krowiak wrote:
>> From: Tony Krowiak <akrowiak@...ux.ibm.com>
>>
>> Introduces a new CPU model feature and two CPU model
>> facilities to support AP virtualization for KVM guests.
>>
>> CPU model feature:
>>
>> The KVM_S390_VM_CPU_FEAT_AP feature indicates that
>> AP instructions are available on the guest. This
>> feature will be enabled by the kernel only if the AP
>> instructions are installed on the linux host. This feature
>> must be specifically turned on for the KVM guest from
>> userspace to use the VFIO AP device driver for guest
>> access to AP devices.
>>
>> CPU model facilities:
>>
>> 1. AP Query Configuration Information (QCI) facility is installed.
>>
>>     This is indicated by setting facilities bit 12 for
>>     the guest. The kernel will not enable this facility
>>     for the guest if it is not set on the host. This facility
>>     must not be set by userspace if the KVM_S390_VM_CPU_FEAT_AP
>>     feature is not installed.
> Could it happen on real HW (not frankenstein CPU models), that
>
> !AP, but STFL 12 or 15  are indicated?

I suspect that if AP instructions are not installed, then neither
STFLE.12 nor STFLE.15 would be set in the real hardware. This
comment, however, is talking about an administrator setting the
facility for a guest, not real hardware. Having said that and after
thinking about it a little more, I am going to remove that last sentence
because the CPU model configuration (e.g., as specified on the qemu
command line) will fail if the QCI or APFT facility is enabled when the
CPU model feature KVM_S390_VM_CPU_FEAT_AP is not.

>
>>     If this facility is not set for the KVM guest, then only
>>     APQNs with an APQI less than 16 will be used by a Linux
>>     guest regardless of the matrix configuration for the virtual
>>     machine. This is a limitation of the Linux AP bus.
>>
>> 2. AP Facilities Test facility (APFT) is installed.
>>
>>     This is indicated by setting facilities bit 15 for
>>     the guest. The kernel will not enable this facility for
>>     the guest if it is not set on the host. This facility
>>     must not be set by userspace if the KVM_S390_VM_CPU_FEAT_AP
>>     feature is not installed.
>>
>>     If this facility is not set for the KVM guest, then no
>>     AP devices will be available to the guest regardless of
>>     the guest's matrix configuration for the virtual
>>     machine. This is a limitation of the Linux AP bus.
>>
>> Signed-off-by: Tony Krowiak <akrowiak@...ux.ibm.com>
>> Reviewed-by: Christian Borntraeger <borntraeger@...ibm.com>
>> Reviewed-by: Halil Pasic <pasic@...ux.ibm.com>
>> Tested-by: Michael Mueller <mimu@...ux.ibm.com>
>> Tested-by: Farhan Ali <alifm@...ux.ibm.com>
>> Signed-off-by: Christian Borntraeger <borntraeger@...ibm.com>
>> ---
>>   arch/s390/kvm/kvm-s390.c         |    7 +++++++
>>   arch/s390/tools/gen_facilities.c |    2 ++
>>   2 files changed, 9 insertions(+), 0 deletions(-)
>>
>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
>> index 9203f0b..7d4fe9b 100644
>> --- a/arch/s390/kvm/kvm-s390.c
>> +++ b/arch/s390/kvm/kvm-s390.c
>> @@ -367,6 +367,13 @@ static void kvm_s390_cpu_feat_init(void)
>>   
>>   	if (MACHINE_HAS_ESOP)
>>   		allow_cpu_feat(KVM_S390_VM_CPU_FEAT_ESOP);
>> +
>> +	/*
>> +	 * Check if AP instructions installed on host
>> +	 */
> Make this a one-line comment, please.

Will do

>
>> +	if (ap_instructions_available() == 0)
>> +		allow_cpu_feat(KVM_S390_VM_CPU_FEAT_AP);
>> +
>>   	/*
>>   	 * We need SIE support, ESOP (PROT_READ protection for gmap_shadow),
>>   	 * 64bit SCAO (SCA passthrough) and IDTE (for gmap_shadow unshadowing).
>> diff --git a/arch/s390/tools/gen_facilities.c b/arch/s390/tools/gen_facilities.c
>> index 90a8c9e..a52290b 100644
>> --- a/arch/s390/tools/gen_facilities.c
>> +++ b/arch/s390/tools/gen_facilities.c
>> @@ -106,6 +106,8 @@ struct facility_def {
>>   
>>   		.name = "FACILITIES_KVM_CPUMODEL",
>>   		.bits = (int[]){
>> +			12, /* AP Query Configuration Information */
>> +			15, /* AP Facilities Test */
>>   			-1  /* END */
>>   		}
>>   	},
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ