From: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
To: Cornelia Huck <cohuck@redhat.com>
Cc: Pierre Morel <pmorel@linux.vnet.ibm.com>,
linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, freude@de.ibm.com, schwidefsky@de.ibm.com,
heiko.carstens@de.ibm.com, borntraeger@de.ibm.com,
kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com,
pbonzini@redhat.com, alex.williamson@redhat.com,
alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com,
qemu-s390x@nongnu.org, jjherne@linux.vnet.ibm.com,
thuth@redhat.com, pasic@linux.vnet.ibm.com
Subject: Re: [RFC 00/19] KVM: s390/crypto/vfio: guest dedicated crypto adapters
Date: Mon, 27 Nov 2017 19:39:32 -0500 [thread overview]
Message-ID: <e1e1f8e1-e274-fde0-4358-4ba89d034c1e@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171122144750.1ceffe41.cohuck@redhat.com>
On 11/22/2017 08:47 AM, Cornelia Huck wrote:
> On Tue, 21 Nov 2017 11:08:01 -0500
> Tony Krowiak <akrowiak@linux.vnet.ibm.com> wrote:
>
>
>> I am not quite sure what you are asking, but I'll attempt to answer
>> what I think you're asking. A new type of mediated matrix device
>> will be introduced to configure a virtual matrix for a guest that
>> provides the interfaces to map a virtual adapter/domain ID to one
>> or more real adapter/domain IDs. If by virtualization facility,
>> you are talking about the VFIO AP matrix driver, then yes,
>> the driver will handle ioctl requests based on the type of the
>> mediated matrix device through which the request was submitted:
>>
>> If the request is to configure the KVM guest's matrix:
>>
>> * If the mediated matrix device type is passthrough:
>> * Do validation of matrix
>> * Configure the APM, AQM and ADM in the KVM guest's CRYCB
>> according to the configuration specified via the mediated
>> device's sysfs attribute files.
>> * If the mediated matrix device type is virtual:
>> * Do validation of matrix
>> * No need to configure CRYCB since all instructions will be
>> intercepted
> Ok, so we would have two distinct paths here...
It depends upon what you mean by two distinct paths. Configuring the
mediated device would require a new mediated device type for virtualized
AP matrices. The ioctl for configuring the KVM guest's CRYCB would
require an additional check to determine whether the CRYCB need be
configured or not.
>
>> If the request is to execute an intercepted AP instruction:
>>
>> * If the mediated matrix device type is passthrough:
>> * Forward the instruction to the AP device and return the
>> result to QEMU.
>>
>> * If the mediated matrix device type is virtual:
>>
>> * Retrieve all of the real APQNs mapped to the virtual
>> adapter and domain IDs configured in the mediated matrix
>> device's sysfs attribute files
>> * If there is more than one APQN mapping, then determine
>> which would be best to use - algorithm TBD
>> * Forward the instruction to the AP device and return the
>> result.
> ...and two distinct paths for most instructions here as well.
The driver would require additional ioctls to handle
interception of all AP instructions for virtual matrices and additional
code to remap virtual APQNs to real APQNs and determine which real APQN
to which intercepted instructions should be forwarded.
>
>> Of course, these are just preliminary ideas at this time.
>> I've only prototyped the sysfs configuration interfaces. No
>> back end prototyping has been undertaken yet. If the ideas do
>> not pan out, however; I think virtualization can be introduced
>> as an independent design.
> Yes, let's cross that bridge when we get to it.
That is the plan. Given Pierre's objections, I thought it might help
to touch on this.
>
next prev parent reply other threads:[~2017-11-28 0:39 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-13 17:38 [RFC 00/19] KVM: s390/crypto/vfio: guest dedicated crypto adapters Tony Krowiak
2017-10-13 17:38 ` [RFC 01/19] KVM: s390: SIE considerations for AP Queue virtualization Tony Krowiak
2017-11-02 11:54 ` Christian Borntraeger
2017-11-02 19:53 ` Tony Krowiak
2017-10-13 17:38 ` [RFC 02/19] KVM: s390: refactor crypto initialization Tony Krowiak
2017-11-02 12:41 ` Christian Borntraeger
2017-11-14 11:50 ` Cornelia Huck
2017-11-14 15:53 ` Tony Krowiak
2017-10-13 17:38 ` [RFC 03/19] s390/zcrypt: new AP matrix bus Tony Krowiak
2017-10-16 8:47 ` Martin Schwidefsky
2017-10-16 15:02 ` Tony Krowiak
2017-11-14 11:58 ` Cornelia Huck
2017-11-14 13:19 ` Tony Krowiak
2017-11-14 15:54 ` Tony Krowiak
2017-11-14 16:07 ` Tony Krowiak
2017-10-13 17:38 ` [RFC 04/19] s390/zcrypt: create an AP matrix device on the " Tony Krowiak
2017-10-18 16:20 ` Cornelia Huck
2017-10-18 17:54 ` Tony Krowiak
2017-10-13 17:38 ` [RFC 05/19] s390/zcrypt: base implementation of AP matrix device driver Tony Krowiak
2017-10-16 8:59 ` Martin Schwidefsky
2017-10-16 15:56 ` Tony Krowiak
2017-11-14 12:40 ` Cornelia Huck
2017-11-14 16:37 ` Tony Krowiak
2017-11-14 17:00 ` Cornelia Huck
2017-11-14 18:15 ` Tony Krowiak
2017-11-15 10:31 ` Cornelia Huck
2017-11-16 12:02 ` Pierre Morel
2017-11-16 12:35 ` Cornelia Huck
2017-11-16 14:25 ` Tony Krowiak
2017-11-16 16:47 ` Cornelia Huck
2017-11-17 21:13 ` Tony Krowiak
2017-11-20 17:15 ` Cornelia Huck
2017-11-16 14:25 ` Pierre Morel
2017-10-13 17:38 ` [RFC 06/19] s390/zcrypt: register matrix device with VFIO mediated device framework Tony Krowiak
2017-10-16 9:03 ` Martin Schwidefsky
2017-10-16 16:09 ` Tony Krowiak
2017-11-14 13:14 ` Cornelia Huck
2017-11-16 15:37 ` Tony Krowiak
2017-10-13 17:38 ` [RFC 07/19] KVM: s390: introduce AP matrix configuration interface Tony Krowiak
2017-10-16 9:10 ` Martin Schwidefsky
2017-10-16 16:26 ` Tony Krowiak
2017-11-14 13:16 ` Cornelia Huck
2017-11-16 15:41 ` Tony Krowiak
2017-10-13 17:38 ` [RFC 08/19] s390/zcrypt: support for assigning adapters to matrix mdev Tony Krowiak
2017-11-14 13:22 ` Cornelia Huck
2017-11-16 23:53 ` Tony Krowiak
2017-11-17 9:50 ` Cornelia Huck
2017-10-13 17:38 ` [RFC 09/19] s390/zcrypt: validate adapter assignment Tony Krowiak
2017-10-13 17:38 ` [RFC 10/19] s390/zcrypt: sysfs interfaces supporting AP domain assignment Tony Krowiak
2017-10-13 17:38 ` [RFC 11/19] s390/zcrypt: validate " Tony Krowiak
2017-10-13 17:38 ` [RFC 12/19] s390/zcrypt: sysfs support for control " Tony Krowiak
2017-10-13 17:38 ` [RFC 13/19] s390/zcrypt: validate " Tony Krowiak
2017-10-16 9:13 ` Martin Schwidefsky
2017-10-13 17:38 ` [RFC 14/19] KVM: s390: Connect the AP mediated matrix device to KVM Tony Krowiak
2017-10-13 17:39 ` [RFC 15/19] s390/zcrypt: introduce ioctl access to VFIO AP Matrix driver Tony Krowiak
2017-10-13 17:39 ` [RFC 16/19] KVM: s390: interface to configure KVM guest's AP matrix Tony Krowiak
2017-10-16 20:22 ` Tony Krowiak
2017-11-14 13:46 ` Cornelia Huck
2017-10-13 17:39 ` [RFC 17/19] KVM: s390: validate input to AP matrix config interface Tony Krowiak
2017-10-13 17:39 ` [RFC 18/19] KVM: s390: New ioctl to configure KVM guest's AP matrix Tony Krowiak
2017-11-02 18:55 ` Tony Krowiak
2017-10-13 17:39 ` [RFC 19/19] s390/facilities: enable AP facilities needed by guest Tony Krowiak
2017-10-16 9:25 ` Martin Schwidefsky
2017-11-02 12:08 ` Christian Borntraeger
2017-11-02 12:23 ` Halil Pasic
[not found] ` <af1bb867-f9a0-458b-b7b2-c0bb9456eb7f@linux.vnet.ibm.com>
2017-11-02 15:53 ` Christian Borntraeger
2017-11-02 18:49 ` Tony Krowiak
2017-11-03 8:47 ` Christian Borntraeger
2017-12-02 1:30 ` Tony Krowiak
2017-12-05 7:52 ` Harald Freudenberger
2017-12-05 14:04 ` Cornelia Huck
2017-12-05 14:23 ` Pierre Morel
2017-12-05 14:30 ` Cornelia Huck
2017-12-05 14:47 ` Pierre Morel
2017-12-05 15:14 ` Tony Krowiak
2017-12-05 15:01 ` Tony Krowiak
2017-12-06 9:15 ` Pierre Morel
2017-12-06 10:15 ` Cornelia Huck
2017-12-05 14:14 ` Tony Krowiak
[not found] ` <OF182217F7.6A47A64E-ON002581CD.002BCF58-C12581CD.002D4127@notes.na.collabserv.com>
2017-11-03 8:49 ` Christian Borntraeger
2017-10-16 9:27 ` [RFC 00/19] KVM: s390/crypto/vfio: guest dedicated crypto adapters Martin Schwidefsky
2017-10-16 10:06 ` Christian Borntraeger
2017-10-16 16:30 ` Tony Krowiak
2017-10-16 10:05 ` Cornelia Huck
2017-10-16 16:27 ` Tony Krowiak
2017-10-18 16:43 ` Christian Borntraeger
2017-10-29 11:11 ` Cornelia Huck
2017-10-30 8:57 ` Christian Borntraeger
2017-10-30 19:04 ` Tony Krowiak
2017-10-31 19:39 ` Tony Krowiak
2017-11-14 13:57 ` Cornelia Huck
2017-11-16 15:23 ` Tony Krowiak
2017-11-16 16:06 ` Pierre Morel
2017-11-16 17:03 ` Cornelia Huck
2017-11-16 20:25 ` Pierre Morel
2017-11-16 23:35 ` Tony Krowiak
2017-11-17 7:07 ` Pierre Morel
2017-11-17 10:07 ` Cornelia Huck
2017-11-17 20:28 ` Tony Krowiak
2017-11-20 17:13 ` Cornelia Huck
2017-11-21 16:08 ` Tony Krowiak
2017-11-22 13:47 ` Cornelia Huck
2017-11-28 0:39 ` Tony Krowiak [this message]
2017-12-05 14:06 ` Cornelia Huck
2017-12-05 15:09 ` Tony Krowiak
2017-11-16 16:49 ` Cornelia Huck
2017-11-16 23:41 ` Tony Krowiak
2017-11-17 9:49 ` Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e1e1f8e1-e274-fde0-4358-4ba89d034c1e@linux.vnet.ibm.com \
--to=akrowiak@linux.vnet.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=alifm@linux.vnet.ibm.com \
--cc=bjsdjshi@linux.vnet.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=freude@de.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=jjherne@linux.vnet.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mjrosato@linux.vnet.ibm.com \
--cc=pasic@linux.vnet.ibm.com \
--cc=pbonzini@redhat.com \
--cc=pmorel@linux.vnet.ibm.com \
--cc=qemu-s390x@nongnu.org \
--cc=schwidefsky@de.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox