lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e46c1ff0-9afb-ee8b-0104-92a04b385081@linux.ibm.com>
Date:   Wed, 20 Apr 2022 20:18:00 +0200
From:   Pierre Morel <pmorel@...ux.ibm.com>
To:     Matthew Rosato <mjrosato@...ux.ibm.com>, linux-s390@...r.kernel.org
Cc:     alex.williamson@...hat.com, cohuck@...hat.com,
        schnelle@...ux.ibm.com, farman@...ux.ibm.com,
        borntraeger@...ux.ibm.com, hca@...ux.ibm.com, gor@...ux.ibm.com,
        gerald.schaefer@...ux.ibm.com, agordeev@...ux.ibm.com,
        svens@...ux.ibm.com, frankja@...ux.ibm.com, david@...hat.com,
        imbrenda@...ux.ibm.com, vneethv@...ux.ibm.com,
        oberpar@...ux.ibm.com, freude@...ux.ibm.com, thuth@...hat.com,
        pasic@...ux.ibm.com, pbonzini@...hat.com, corbet@....net,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-doc@...r.kernel.org
Subject: Re: [PATCH v5 19/21] KVM: s390: add KVM_S390_ZPCI_OP to manage guest
 zPCI devices



On 4/20/22 16:10, Matthew Rosato wrote:
> On 4/19/22 6:07 AM, Pierre Morel wrote:
>>
>>
>> On 4/4/22 19:43, Matthew Rosato wrote:
>>> The KVM_S390_ZPCI_OP ioctl provides a mechanism for managing
>>> hardware-assisted virtualization features for s390X zPCI passthrough.
>>> Add the first 2 operations, which can be used to enable/disable
>>> the specified device for Adapter Event Notification interpretation.
>>>
>>> Signed-off-by: Matthew Rosato <mjrosato@...ux.ibm.com>
>>> ---
>>>   Documentation/virt/kvm/api.rst | 45 +++++++++++++++++++++++
>>>   arch/s390/kvm/kvm-s390.c       | 23 ++++++++++++
>>>   arch/s390/kvm/pci.c            | 65 ++++++++++++++++++++++++++++++++++
>>>   arch/s390/kvm/pci.h            |  2 ++
>>>   include/uapi/linux/kvm.h       | 31 ++++++++++++++++
>>>   5 files changed, 166 insertions(+)
>>>
>>> diff --git a/Documentation/virt/kvm/api.rst 
>>> b/Documentation/virt/kvm/api.rst
>>> index d13fa6600467..474f502c2ea0 100644
>>> --- a/Documentation/virt/kvm/api.rst
>>> +++ b/Documentation/virt/kvm/api.rst
>>> @@ -5645,6 +5645,51 @@ enabled with ``arch_prctl()``, but this may 
>>> change in the future.
>>>   The offsets of the state save areas in struct kvm_xsave follow the 
>>> contents
>>>   of CPUID leaf 0xD on the host.
>>> +4.135 KVM_S390_ZPCI_OP
>>> +--------------------
>>> +
>>> +:Capability: KVM_CAP_S390_ZPCI_OP
>>> +:Architectures: s390
>>> +:Type: vcpu ioctl
>>> +:Parameters: struct kvm_s390_zpci_op (in)
>>> +:Returns: 0 on success, <0 on error
>>> +
>>> +Used to manage hardware-assisted virtualization features for zPCI 
>>> devices.
>>> +
>>> +Parameters are specified via the following structure::
>>> +
>>> +  struct kvm_s390_zpci_op {
>>> +    /* in */
>>> +    __u32 fh;        /* target device */
>>> +    __u8  op;        /* operation to perform */
>>> +    __u8  pad[3];
>>> +    union {
>>> +        /* for KVM_S390_ZPCIOP_REG_AEN */
>>> +        struct {
>>> +            __u64 ibv;    /* Guest addr of interrupt bit vector */
>>> +            __u64 sb;    /* Guest addr of summary bit */
>>> +            __u32 flags;
>>> +            __u32 noi;    /* Number of interrupts */
>>> +            __u8 isc;    /* Guest interrupt subclass */
>>> +            __u8 sbo;    /* Offset of guest summary bit vector */
>>> +            __u16 pad;
>>> +        } reg_aen;
>>> +        __u64 reserved[8];
>>> +    } u;
>>> +  };
>>> +
>>> +The type of operation is specified in the "op" field.
>>> +KVM_S390_ZPCIOP_REG_AEN is used to register the VM for adapter event
>>> +notification interpretation, which will allow firmware delivery of 
>>> adapter
>>> +events directly to the vm, with KVM providing a backup delivery 
>>> mechanism;
>>> +KVM_S390_ZPCIOP_DEREG_AEN is used to subsequently disable 
>>> interpretation of
>>> +adapter event notifications.
>>> +
>>> +The target zPCI function must also be specified via the "fh" field. 
>>> For the
>>> +KVM_S390_ZPCIOP_REG_AEN operation, additional information to 
>>> establish firmware
>>> +delivery must be provided via the "reg_aen" struct.
>>> +
>>> +The "reserved" field is meant for future extensions.
>>>   5. The kvm_run structure
>>>   ========================
>>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
>>> index 704d85214f4f..65a53e22f686 100644
>>> --- a/arch/s390/kvm/kvm-s390.c
>>> +++ b/arch/s390/kvm/kvm-s390.c
>>> @@ -616,6 +616,12 @@ int kvm_vm_ioctl_check_extension(struct kvm 
>>> *kvm, long ext)
>>>       case KVM_CAP_S390_PROTECTED:
>>>           r = is_prot_virt_host();
>>>           break;
>>> +    case KVM_CAP_S390_ZPCI_OP:
>>> +        if (kvm_s390_pci_interp_allowed())
>>> +            r = 1;
>>> +        else
>>> +            r = 0;
>>> +        break;
>>>       default:
>>>           r = 0;
>>>       }
>>> @@ -2621,6 +2627,23 @@ long kvm_arch_vm_ioctl(struct file *filp,
>>>               r = -EFAULT;
>>>           break;
>>>       }
>>> +    case KVM_S390_ZPCI_OP: {
>>> +        struct kvm_s390_zpci_op args;
>>> +
>>> +        r = -EINVAL;
>>> +        if (!IS_ENABLED(CONFIG_VFIO_PCI))
>>> +            break;
>>> +        if (copy_from_user(&args, argp, sizeof(args))) {
>>> +            r = -EFAULT;
>>> +            break;
>>> +        }
>>> +        r = kvm_s390_pci_zpci_op(kvm, &args);
>>> +        if (r)
>>> +            break;
>>> +        if (copy_to_user(argp, &args, sizeof(args)))
>>> +            r = -EFAULT;
>>> +        break;
>>> +    }
>>>       default:
>>>           r = -ENOTTY;
>>>       }
>>> diff --git a/arch/s390/kvm/pci.c b/arch/s390/kvm/pci.c
>>> index 66565f5f3f43..d941657bcb39 100644
>>> --- a/arch/s390/kvm/pci.c
>>> +++ b/arch/s390/kvm/pci.c
>>> @@ -588,6 +588,71 @@ void kvm_s390_pci_clear_list(struct kvm *kvm)
>>>           unregister_kvm(kzdev->zdev);
>>>   }
>>> +static struct kvm_zdev *get_kzdev_by_fh(struct kvm *kvm, u32 fh)
>>> +{
>>> +    struct kvm_zdev *kzdev, *retval = NULL;
>>> +
>>> +    spin_lock(&kvm->arch.kzdev_list_lock);
>>> +    list_for_each_entry(kzdev, &kvm->arch.kzdev_list, entry) {
>>> +        if (kzdev->zdev->fh == fh) {
>>> +            retval = kzdev;
>>> +            break;
>>> +        }
>>> +    }
>>> +    spin_unlock(&kvm->arch.kzdev_list_lock);
>>> +
>>> +    return retval;
>>> +}
>>> +
>>> +static int kvm_s390_pci_zpci_reg_aen(struct zpci_dev *zdev,
>>> +                     struct kvm_s390_zpci_op *args)
>>> +{
>>> +    struct zpci_fib fib = {};
>>> +
>>> +    fib.fmt0.aibv = args->u.reg_aen.ibv;
>>> +    fib.fmt0.isc = args->u.reg_aen.isc;
>>> +    fib.fmt0.noi = args->u.reg_aen.noi;
>>> +    if (args->u.reg_aen.sb != 0) {
>>> +        fib.fmt0.aisb = args->u.reg_aen.sb;
>>> +        fib.fmt0.aisbo = args->u.reg_aen.sbo;
>>> +        fib.fmt0.sum = 1;
>>> +    } else {
>>> +        fib.fmt0.aisb = 0;
>>> +        fib.fmt0.aisbo = 0;
>>> +        fib.fmt0.sum = 0;
>>> +    }
>>> +
>>> +    if (args->u.reg_aen.flags & KVM_S390_ZPCIOP_REGAEN_HOST)
>>> +        return kvm_s390_pci_aif_enable(zdev, &fib, true);
>>> +    else
>>> +        return kvm_s390_pci_aif_enable(zdev, &fib, false);
>>> +}
>>> +
>>> +int kvm_s390_pci_zpci_op(struct kvm *kvm, struct kvm_s390_zpci_op 
>>> *args)
>>> +{
>>> +    struct kvm_zdev *kzdev;
>>> +    struct zpci_dev *zdev;
>>> +    int r;
>>> +
>>> +    kzdev = get_kzdev_by_fh(kvm, args->fh);
>>> +    if (!kzdev)
>>> +        return -ENODEV;
>>> +    zdev = kzdev->zdev;
>>> +
>>> +    switch (args->op) {
>>> +    case KVM_S390_ZPCIOP_REG_AEN:
>>> +        r = kvm_s390_pci_zpci_reg_aen(zdev, args);
>>> +        break;
>>> +    case KVM_S390_ZPCIOP_DEREG_AEN:
>>> +        r = kvm_s390_pci_aif_disable(zdev, false);
>>> +        break;
>>> +    default:
>>> +        r = -EINVAL;
>>> +    }
>>> +
>>> +    return r;
>>> +}
>>> +
>>>   int kvm_s390_pci_init(void)
>>>   {
>>>       aift = kzalloc(sizeof(struct zpci_aift), GFP_KERNEL);
>>> diff --git a/arch/s390/kvm/pci.h b/arch/s390/kvm/pci.h
>>> index cb5ec3208923..b053b50c0904 100644
>>> --- a/arch/s390/kvm/pci.h
>>> +++ b/arch/s390/kvm/pci.h
>>> @@ -59,6 +59,8 @@ void kvm_s390_pci_aen_exit(void);
>>>   void kvm_s390_pci_init_list(struct kvm *kvm);
>>>   void kvm_s390_pci_clear_list(struct kvm *kvm);
>>> +int kvm_s390_pci_zpci_op(struct kvm *kvm, struct kvm_s390_zpci_op 
>>> *args);
>>> +
>>>   int kvm_s390_pci_init(void);
>>>   static inline bool kvm_s390_pci_interp_allowed(void)
>>> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
>>> index 91a6fe4e02c0..014adb30d42c 100644
>>> --- a/include/uapi/linux/kvm.h
>>> +++ b/include/uapi/linux/kvm.h
>>> @@ -1144,6 +1144,7 @@ struct kvm_ppc_resize_hpt {
>>>   #define KVM_CAP_S390_MEM_OP_EXTENSION 211
>>>   #define KVM_CAP_PMU_CAPABILITY 212
>>>   #define KVM_CAP_DISABLE_QUIRKS2 213
>>> +#define KVM_CAP_S390_ZPCI_OP 214
>>>   #ifdef KVM_CAP_IRQ_ROUTING
>>> @@ -2060,4 +2061,34 @@ struct kvm_stats_desc {
>>>   /* Available with KVM_CAP_XSAVE2 */
>>>   #define KVM_GET_XSAVE2          _IOR(KVMIO,  0xcf, struct kvm_xsave)
>>> +/* Available with KVM_CAP_S390_ZPCI_OP */
>>> +#define KVM_S390_ZPCI_OP      _IOW(KVMIO,  0xd0, struct 
>>> kvm_s390_zpci_op)
>>> +
>>> +struct kvm_s390_zpci_op {
>>> +    /* in */
>>> +    __u32 fh;        /* target device */
>>> +    __u8  op;        /* operation to perform */
>>> +    __u8  pad[3];
>>> +    union {
>>> +        /* for KVM_S390_ZPCIOP_REG_AEN */
>>> +        struct {
>>> +            __u64 ibv;    /* Guest addr of interrupt bit vector */
>>> +            __u64 sb;    /* Guest addr of summary bit */
>>> +            __u32 flags;
>>> +            __u32 noi;    /* Number of interrupts */
>>> +            __u8 isc;    /* Guest interrupt subclass */
>>> +            __u8 sbo;    /* Offset of guest summary bit vector */
>>> +            __u16 pad;
>>> +        } reg_aen;
>>> +        __u64 reserved[8];
>>> +    } u;
>>> +};
>>> +
>>> +/* types for kvm_s390_zpci_op->op */
>>> +#define KVM_S390_ZPCIOP_REG_AEN        0
>>> +#define KVM_S390_ZPCIOP_DEREG_AEN    1
>>> +
>>> +/* flags for kvm_s390_zpci_op->u.reg_aen.flags */
>>> +#define KVM_S390_ZPCIOP_REGAEN_HOST    (1 << 0)
>>> +
>>>   #endif /* __LINUX_KVM_H */
>>>
>>
>>
>> The purpose is to setup the IRQ for the zPCI device wouldn't it be 
>> more logical to go through VFIO_DEVICE_SET_IRQS and there jump to the 
>> zPCI handling, like it is done for the capabilities, instead to go 
>> directly through KVM?
>> We would also spare the research for the real FH in KVM.
>>
> 
> We need the host FH anyway -- for load/store intepretation, the guest 
> must be using the FH that the firmware expects.  Plus we need that FH 
> when issuing the MPCIFC op 2.  I guess maybe you mean the lookup (get 
> the exact device associated with this fd vs scanning the list of PCI 
> devices associated with this KVM).

Obvious ly we need to get the real FH, yes, and yes I was speaking of 
scanning the list-pci but t is not the main idea.
The main idea is that going through the VFIO device ioctl seems to me 
the right way to go to handle IRQ for a device.

One can argue that it is not really PCI specific.
Right but we have no possibility to intercept it inside the vfio code.

unless we add some arch specific hook in vfio_device_fops_unl_ioctl().

> 
> One of the issues here is that, with load/store interpretation enabled, 
> vfio in QEMU will never get the config space notifiers triggered; these 
> are the things that end up calling vfio_enable_vectors() which will in 
> turn issue the VFIO_DEVICE_SET_IRQS (instead these guest config space 
> writes are executed interpretively)

What I mean is to add in vfio_pci_core_ioctl() a treatment for 
VFIO_DEVICE_SET_IRQS like you did for VFIO_DEVICE_GET_INFO with a 
specific operation or flag to call kvm_s390_pci_zpci_reg_aen().

Then, in QEMU we add a new call to VFIO_DEVICE_SET_IRQS with this 
special operation/flag in s390_pci_kvm_aif_enable() / disable


> 
> I did play around with this for a while, but if we were to call 
> VFIO_DEVICE_SET_IRQS ourselves from QEMU s390-pci instead of relying on 
> the config space notifier, we still have the issue of associating the 
> previously-established routes with the host function - because at the 
> end of it we need to issue a MPCIFC(2) specifying the host FH and 
> including the forwarding information (e.g. the work done in 
> kvm_s390_pci_aif_enable).  AFAICT today we can't derive the FH from 
> routes, that's where I got stuck.  But if you have an idea please share.

As I said no change about getting the FH, so no change for the MPCIFC(2)

Anyway, it touches VFIO and/or VFIO_PCI so @alex do you think it is 
interesting?
Knowing that the current version works it could also be done later.

Regards,
Pierre


-- 
Pierre Morel
IBM Lab Boeblingen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ