From: Tony Krowiak <akrowiak@linux.ibm.com>
To: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org
Cc: jjherne@linux.ibm.com, freude@linux.ibm.com,
borntraeger@de.ibm.com, cohuck@redhat.com,
mjrosato@linux.ibm.com, pasic@linux.ibm.com,
alex.williamson@redhat.com, kwankhede@nvidia.com,
fiuczy@linux.ibm.com, Viktor Mihajlovski <mihajlov@linux.ibm.com>
Subject: [PATCH 05/12] s390/vfio-ap: remove upper limit on wait for queue reset to complete
Date: Tue, 15 Aug 2023 14:43:26 -0400 [thread overview]
Message-ID: <20230815184333.6554-6-akrowiak@linux.ibm.com> (raw)
In-Reply-To: <20230815184333.6554-1-akrowiak@linux.ibm.com>
The architecture does not define an upper limit on how long a queue reset
(RAPQ/ZAPQ) can take to complete. In order to ensure both the security
requirements and prevent resource leakage and corruption in the hypervisor,
it is necessary to remove the upper limit (200ms) the vfio_ap driver
currently waits for a reset to complete. This, of course, may result in a
hang which is a less than desirable user experience, but until a firmware
solution is provided, this is a necessary evil.
Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
---
drivers/s390/crypto/vfio_ap_ops.c | 64 +++++++++++++++++--------------
1 file changed, 35 insertions(+), 29 deletions(-)
diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c
index a489536c508a..2517868aad56 100644
--- a/drivers/s390/crypto/vfio_ap_ops.c
+++ b/drivers/s390/crypto/vfio_ap_ops.c
@@ -30,7 +30,6 @@
#define AP_QUEUE_UNASSIGNED "unassigned"
#define AP_QUEUE_IN_USE "in use"
-#define MAX_RESET_CHECK_WAIT 200 /* Sleep max 200ms for reset check */
#define AP_RESET_INTERVAL 20 /* Reset sleep interval (20ms) */
static int vfio_ap_mdev_reset_queues(struct ap_queue_table *qtable);
@@ -1622,58 +1621,66 @@ static int apq_status_check(int apqn, struct ap_queue_status *status)
}
}
+#define WAIT_MSG "Waited %dms for reset of queue %02x.%04x (%u, %u, %u)"
+
static int apq_reset_check(struct vfio_ap_queue *q)
{
- int ret;
- int iters = MAX_RESET_CHECK_WAIT / AP_RESET_INTERVAL;
+ int ret = -EBUSY, elapsed = 0;
struct ap_queue_status status;
- for (; iters > 0; iters--) {
+ while (true) {
msleep(AP_RESET_INTERVAL);
+ elapsed += AP_RESET_INTERVAL;
status = ap_tapq(q->apqn, NULL);
ret = apq_status_check(q->apqn, &status);
- if (ret != -EBUSY)
+ if (ret == -EIO)
return ret;
+ if (ret == -EBUSY) {
+ pr_notice_ratelimited(WAIT_MSG, elapsed,
+ AP_QID_CARD(q->apqn),
+ AP_QID_QUEUE(q->apqn),
+ status.response_code,
+ status.queue_empty,
+ status.irq_enabled);
+ } else {
+ if (q->reset_rc == AP_RESPONSE_RESET_IN_PROGRESS ||
+ q->reset_rc == AP_RESPONSE_BUSY) {
+ status = ap_zapq(q->apqn, 0);
+ q->reset_rc = status.response_code;
+ continue;
+ }
+ /*
+ * When an AP adapter is deconfigured, the associated
+ * queues are reset, so let's set the status response
+ * code to 0 so the queue may be passed through (i.e.,
+ * not filtered).
+ */
+ if (q->reset_rc == AP_RESPONSE_DECONFIGURED)
+ q->reset_rc = 0;
+ if (q->saved_isc != VFIO_AP_ISC_INVALID)
+ vfio_ap_free_aqic_resources(q);
+ break;
+ }
}
- WARN_ONCE(iters <= 0,
- "timeout verifying reset of queue %02x.%04x (%u, %u, %u)",
- AP_QID_CARD(q->apqn), AP_QID_QUEUE(q->apqn),
- status.queue_empty, status.irq_enabled, status.response_code);
return ret;
}
static int vfio_ap_mdev_reset_queue(struct vfio_ap_queue *q)
{
struct ap_queue_status status;
- int ret;
+ int ret = 0;
if (!q)
return 0;
-retry_zapq:
status = ap_zapq(q->apqn, 0);
q->reset_rc = status.response_code;
switch (status.response_code) {
case AP_RESPONSE_NORMAL:
- ret = 0;
- if (!status.irq_enabled)
- vfio_ap_free_aqic_resources(q);
- if (!status.queue_empty || status.irq_enabled) {
- ret = apq_reset_check(q);
- if (status.irq_enabled && ret == 0)
- vfio_ap_free_aqic_resources(q);
- }
- break;
case AP_RESPONSE_RESET_IN_PROGRESS:
case AP_RESPONSE_BUSY:
- /*
- * There is a reset issued by another process in progress. Let's wait
- * for that to complete. Since we have no idea whether it was a RAPQ or
- * ZAPQ, then if it completes successfully, let's issue the ZAPQ.
- */
+ /* Let's verify whether the ZAPQ completed successfully */
ret = apq_reset_check(q);
- if (ret)
- break;
- goto retry_zapq;
+ break;
case AP_RESPONSE_DECONFIGURED:
/*
* When an AP adapter is deconfigured, the associated
@@ -1682,7 +1689,6 @@ static int vfio_ap_mdev_reset_queue(struct vfio_ap_queue *q)
* return a value indicating the reset completed successfully.
*/
q->reset_rc = 0;
- ret = 0;
vfio_ap_free_aqic_resources(q);
break;
default:
--
2.39.3
next prev parent reply other threads:[~2023-08-15 18:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-15 18:43 [PATCH 00/12] s390/vfio_ap: crypto pass-through for SE guests Tony Krowiak
2023-08-15 18:43 ` [PATCH 01/12] s390/vfio-ap: No need to check the 'E' and 'I' bits in APQSW after TAPQ Tony Krowiak
2023-08-15 18:43 ` [PATCH 02/12] s390/vfio-ap: clean up irq resources if possible Tony Krowiak
2023-08-15 18:43 ` [PATCH 03/12] s390/vfio-ap: wait for response code 05 to clear on queue reset Tony Krowiak
2023-08-15 18:43 ` [PATCH 04/12] s390/vfio-ap: allow deconfigured queue to be passed through to a guest Tony Krowiak
2023-08-15 18:43 ` Tony Krowiak [this message]
2023-08-15 18:43 ` [PATCH 06/12] s390/vfio-ap: store entire AP queue status word with the queue object Tony Krowiak
2023-08-15 18:43 ` [PATCH 07/12] s390/vfio-ap: use work struct to verify queue reset Tony Krowiak
2023-08-15 18:43 ` [PATCH 08/12] s390/vfio-ap: handle queue state change in progress on reset Tony Krowiak
2023-08-15 18:43 ` [PATCH 09/12] s390/vfio-ap: check for TAPQ response codes 0x35 and 0x36 Tony Krowiak
2023-08-15 18:43 ` [PATCH 10/12] s390/uv: export uv_pin_shared for direct usage Tony Krowiak
2023-08-15 18:43 ` [PATCH 11/12] kvm: s390: export kvm_s390_pv*_is_protected functions Tony Krowiak
2023-08-15 18:43 ` [PATCH 12/12] s390/vfio-ap: Make sure nib is shared Tony Krowiak
2023-08-16 11:39 ` [PATCH 00/12] s390/vfio_ap: crypto pass-through for SE guests Janosch Frank
2023-08-16 12:12 ` Janosch Frank
2023-08-18 13:35 ` Heiko Carstens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230815184333.6554-6-akrowiak@linux.ibm.com \
--to=akrowiak@linux.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=fiuczy@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=jjherne@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mihajlov@linux.ibm.com \
--cc=mjrosato@linux.ibm.com \
--cc=pasic@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox