[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1560454780-20359-5-git-send-email-akrowiak@linux.ibm.com>
Date: Thu, 13 Jun 2019 15:39:37 -0400
From: Tony Krowiak <akrowiak@...ux.ibm.com>
To: linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: freude@...ux.ibm.com, borntraeger@...ibm.com, cohuck@...hat.com,
frankja@...ux.ibm.com, david@...hat.com, mjrosato@...ux.ibm.com,
schwidefsky@...ibm.com, heiko.carstens@...ibm.com,
pmorel@...ux.ibm.com, pasic@...ux.ibm.com,
alex.williamson@...hat.com, kwankhede@...dia.com,
Tony Krowiak <akrowiak@...ux.ibm.com>
Subject: [PATCH v4 4/7] s390: vfio-ap: implement in-use callback for vfio_ap driver
Let's implement the callback to indicate when an APQN
is in use by the vfio_ap device driver. The callback is
invoked whenever a change to the apmask or aqmask may
result in one or APQNs being removed from the driver. The
vfio_ap device driver will indicate a resource is in use
if any of the removed APQNs are assigned to any of the matrix
mdev devices.
To ensure that the AP bus apmask/aqmask interfaces are used to control
which AP queues get manually bound to or unbound from the
vfio_ap device driver, the bind/unbind sysfs interfaces will
be disabled for the vfio_ap device driver. The reasons for this are:
* To prevent unbinding an AP queue device from the vfio_ap device
driver representing a queue that is assigned to an mdev device.
* To enforce the policy that the the AP resources must first be
unassigned from the mdev device - which will hot unplug them from a
guest using the mdev device - before changing ownership of APQNs
from the vfio_ap driver to a zcrypt driver. This ensures that private
crypto data intended for the guest will never be accessible from the
host.
* It takes advantage of the AP architecture to prevent dynamic changes
to the LPAR configuration using the SE or SCLP commands from
compromising the guest crypto devices. For example:
* Even if an adapter is configured off, if and when it is configured
back on, the queue devices associated with the adapter will be bound
back to the vfio_ap driver and the queues will automatically be
available to a guest using the mdev to which the APQN of the queue
device is assigned.
* If adapters or domains are dynamically unassigned from the LPAR
in which the linux guest is running, effective masking will
prevent access to the AP resources by a guest using them.
Signed-off-by: Tony Krowiak <akrowiak@...ux.ibm.com>
---
drivers/s390/crypto/vfio_ap_drv.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/drivers/s390/crypto/vfio_ap_drv.c b/drivers/s390/crypto/vfio_ap_drv.c
index 3c60df70891b..7b52393007c6 100644
--- a/drivers/s390/crypto/vfio_ap_drv.c
+++ b/drivers/s390/crypto/vfio_ap_drv.c
@@ -164,6 +164,28 @@ static void vfio_ap_matrix_dev_destroy(void)
root_device_unregister(root_device);
}
+static bool vfio_ap_resource_in_use(unsigned long *apm, unsigned long *aqm)
+{
+ bool in_use = false;
+ struct ap_matrix_mdev *matrix_mdev;
+
+ mutex_lock(&matrix_dev->lock);
+
+ list_for_each_entry(matrix_mdev, &matrix_dev->mdev_list, node) {
+ if (bitmap_intersects(matrix_mdev->matrix.apm,
+ apm, AP_DEVICES) &&
+ bitmap_intersects(matrix_mdev->matrix.aqm,
+ aqm, AP_DOMAINS)) {
+ in_use = true;
+ break;
+ }
+ }
+
+ mutex_unlock(&matrix_dev->lock);
+
+ return in_use;
+}
+
static int __init vfio_ap_init(void)
{
int ret;
@@ -179,7 +201,9 @@ static int __init vfio_ap_init(void)
memset(&vfio_ap_drv, 0, sizeof(vfio_ap_drv));
vfio_ap_drv.probe = vfio_ap_queue_dev_probe;
vfio_ap_drv.remove = vfio_ap_queue_dev_remove;
+ vfio_ap_drv.in_use = vfio_ap_resource_in_use;
vfio_ap_drv.ids = ap_queue_ids;
+ vfio_ap_drv.driver.suppress_bind_attrs = true;
ret = ap_driver_register(&vfio_ap_drv, THIS_MODULE, VFIO_AP_DRV_NAME);
if (ret) {
--
2.7.4
Powered by blists - more mailing lists