| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Apr 2022 10:55:17 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Matthew Rosato <mjrosato@...ux.ibm.com>
Cc: alex.williamson@...hat.com, linux-s390@...r.kernel.org,
cohuck@...hat.com, schnelle@...ux.ibm.com, farman@...ux.ibm.com,
pmorel@...ux.ibm.com, borntraeger@...ux.ibm.com, hca@...ux.ibm.com,
gor@...ux.ibm.com, gerald.schaefer@...ux.ibm.com,
agordeev@...ux.ibm.com, svens@...ux.ibm.com, frankja@...ux.ibm.com,
david@...hat.com, imbrenda@...ux.ibm.com, vneethv@...ux.ibm.com,
oberpar@...ux.ibm.com, freude@...ux.ibm.com, thuth@...hat.com,
pasic@...ux.ibm.com, pbonzini@...hat.com, corbet@....net,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org
Subject: Re: [PATCH v5 16/21] KVM: vfio: add s390x hook to register KVM guest
designation
On Tue, Apr 12, 2022 at 09:39:44AM -0400, Matthew Rosato wrote:
> On 4/8/22 8:45 AM, Jason Gunthorpe wrote:
> > On Mon, Apr 04, 2022 at 01:43:44PM -0400, Matthew Rosato wrote:
> > > At the time a KVM is associated with a vfio group, s390x zPCI devices
> > > must register a special guest indication (GISA designation) to allow
> > > for the use of interpretive execution facilities. This indication is
> > > used to ensure that only the specified KVM can interact with the device.
> > > Similarly, the indication must be removed once the KVM is no longer
> > > associated with the device.
> > >
> > > This patch adds an s390-specific hook to invoke a KVM registration routine
> > > for each device associated with the iommu group; in reality, it will be a
> > > NOP for all but zPCI devices on s390x.
> > >
> > > Signed-off-by: Matthew Rosato <mjrosato@...ux.ibm.com>
> > > virt/kvm/vfio.c | 35 ++++++++++++++++++++++++++++++++++-
> > > 1 file changed, 34 insertions(+), 1 deletion(-)
> >
> > I wonder if this should be done in the vfio_pci side from the existing
> > kvm notifier
> >
>
> So you mean rather than hooking into virt as I do here, drive something out
> of drivers/vfio/vfio.c:vfio_group_set_kvm? Note, the kvm notifier is
> handled in vfio, not vfio_pci, so if you want to handle it in vfio_pci I
> think we'd need to add a new routine to vfio_device_ops and only define it
> vfio_pci for s390
I've been thinking about doing that anyhow, exactly for reasons like
this..
> static const struct vfio_device_ops vfio_pci_ops = {
> .name = "vfio-pci",
> [...]
> #ifdef CONFIG_S390
> .set_kvm = vfio_pci_zdev_set_kvm,
> #endif
> };
>
> and something like...
>
> void vfio_group_set_kvm(struct vfio_group *group, struct kvm *kvm)
> {
> struct vfio_device *vdev;
> group->kvm = kvm;
>
> mutex_lock(&group->device_lock);
> list_for_each_entry(vdev, &group->device_list, group_next) {
> if (vdev->ops->set_kvm)
> it->ops->set_kvm(vdev, kvm);
> }
> mutex_unlock(&group->device_lock);
Almost, the device should be open before calling the callback
And you have to inject a callback during open if the device is opened
after the kvm was set.
But I don't think you need to do this, you can just register a
notifier in zpci when it hooks open_device like everything else,
right?
Jason
Powered by blists - more mailing lists