From: Janosch Frank <frankja@linux.ibm.com>
To: Collin Walling <walling@linux.ibm.com>,
qemu-devel@nongnu.org, qemu-s390x@nongnu.org
Cc: thuth@redhat.com, mst@redhat.com, cohuck@redhat.com,
david@redhat.com, pasic@linux.ibm.com, borntraeger@de.ibm.com,
svens@linux.ibm.com, pbonzini@redhat.com, mihajlov@linux.ibm.com,
rth@twiddle.net
Subject: Re: [PATCH v2 6/8] s390/sclp: add extended-length sccb support for kvm guest
Date: Mon, 25 May 2020 12:50:07 +0200 [thread overview]
Message-ID: <a530a9e4-86d7-8e86-5bd3-d2b033d5371f@linux.ibm.com> (raw)
In-Reply-To: <ae819a26-2436-ec4d-3476-1a1fdca07d4b@linux.ibm.com>
[-- Attachment #1.1: Type: text/plain, Size: 8125 bytes --]
On 5/18/20 4:31 PM, Collin Walling wrote:
> On 5/18/20 4:55 AM, Janosch Frank wrote:
>> On 5/16/20 12:20 AM, Collin Walling wrote:
>>> As more features and facilities are added to the Read SCP Info (RSCPI)
>>> response, more space is required to store them. The space used to store
>>> these new features intrudes on the space originally used to store CPU
>>> entries. This means as more features and facilities are added to the
>>> RSCPI response, less space can be used to store CPU entries.
>>>
>>> With the Extended-Length SCCB (ELS) facility, a KVM guest can execute
>>> the RSCPI command and determine if the SCCB is large enough to store a
>>> complete reponse. If it is not large enough, then the required length
>>> will be set in the SCCB header.
>>>
>>> The caller of the SCLP command is responsible for creating a
>>> large-enough SCCB to store a complete response. Proper checking should
>>> be in place, and the caller should execute the command once-more with
>>> the large-enough SCCB.
>>>
>>> This facility also enables an extended SCCB for the Read CPU Info
>>> (RCPUI) command.
>>>
>>> When this facility is enabled, the boundary violation response cannot
>>> be a result from the RSCPI, RSCPI Forced, or RCPUI commands.
>>>
>>> In order to tolerate kernels that do not yet have full support for this
>>> feature, a "fixed" offset to the start of the CPU Entries within the
>>> Read SCP Info struct is set to allow for the original 248 max entries
>>> when this feature is disabled.
>>>
>>> Additionally, this is introduced as a CPU feature to protect the guest
>>> from migrating to a machine that does not support storing an extended
>>> SCCB. This could otherwise hinder the VM from being able to read all
>>> available CPU entries after migration (such as during re-ipl).
>>>
>>> Signed-off-by: Collin Walling <walling@linux.ibm.com>
>>> ---
>>> hw/s390x/sclp.c | 21 ++++++++++++++++++++-
>>> include/hw/s390x/sclp.h | 1 +
>>> target/s390x/cpu_features_def.inc.h | 1 +
>>> target/s390x/gen-features.c | 1 +
>>> target/s390x/kvm.c | 4 ++++
>>> 5 files changed, 27 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
>>> index 755f5f3fab..bde4c5420e 100644
>>> --- a/hw/s390x/sclp.c
>>> +++ b/hw/s390x/sclp.c
>>> @@ -56,6 +56,18 @@ static bool sccb_has_valid_boundary(uint64_t sccb_addr, uint32_t code,
>>> uint64_t allowed_len = (sccb_addr & PAGE_MASK) + PAGE_SIZE;
>>>
>>> switch (code & SCLP_CMD_CODE_MASK) {
>>> + case SCLP_CMDW_READ_SCP_INFO:
>>> + case SCLP_CMDW_READ_SCP_INFO_FORCED:
>>> + case SCLP_CMDW_READ_CPU_INFO:
>>> + /*
>>> + * An extended-length SCCB is only allowed for RSCPI and RSCPU and is
>>> + * allowed to exceed the 4k boundary. The respective commands will
>>> + * set the length field to the required length if an insufficient
>>> + * SCCB length is provided.
>>> + */
>>> + if (s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB)) {
>>> + return true;
>>> + }
>>> default:
>>> if (current_len <= allowed_len) {
>>> return true;
>>> @@ -72,6 +84,10 @@ static bool sccb_has_sufficient_len(SCCB *sccb, int num_cpus, int data_len)
>>>
>>> if (be16_to_cpu(sccb->h.length) < required_len) {
>>> sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
>>> + if (s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) &&
>>> + sccb->h.control_mask[2] & SCLP_VARIABLE_LENGTH_RESPONSE) {
>>> + sccb->h.length = required_len;
>>> + }
>>> return false;
>>> }
>>> return true;
>>> @@ -101,7 +117,9 @@ static void prepare_cpu_entries(MachineState *ms, CPUEntry *entry, int *count)
>>> */
>>> static int get_read_scp_info_data_len(void)
>>> {
>>> - return offsetof(ReadInfo, entries);
>>> + return s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) ?
>>> + offsetof(ReadInfo, entries) :
>>> + SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET;
>>> }
>>>
>>> /* Provide information about the configuration, CPUs and storage */
>>> @@ -116,6 +134,7 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
>>> CPUEntry *entries_start = (void *)sccb + data_len;
>>>
>>> if (!sccb_has_sufficient_len(sccb, machine->possible_cpus->len, data_len)) {
>>> + warn_report("insufficient sccb size to store full read scp info response");
>>> return;
>>> }
>>>
>>> diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
>>> index 822eff4396..ef2d63eae9 100644
>>> --- a/include/hw/s390x/sclp.h
>>> +++ b/include/hw/s390x/sclp.h
>>> @@ -110,6 +110,7 @@ typedef struct CPUEntry {
>>> uint8_t reserved1;
>>> } QEMU_PACKED CPUEntry;
>>>
>>> +#define SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET 128
>>> typedef struct ReadInfo {
>>> SCCBHeader h;
>>> uint16_t rnmax;
>>> diff --git a/target/s390x/cpu_features_def.inc.h b/target/s390x/cpu_features_def.inc.h
>>> index 60db28351d..3548d65a69 100644
>>> --- a/target/s390x/cpu_features_def.inc.h
>>> +++ b/target/s390x/cpu_features_def.inc.h
>>> @@ -97,6 +97,7 @@ DEF_FEAT(GUARDED_STORAGE, "gs", STFL, 133, "Guarded-storage facility")
>>> DEF_FEAT(VECTOR_PACKED_DECIMAL, "vxpd", STFL, 134, "Vector packed decimal facility")
>>> DEF_FEAT(VECTOR_ENH, "vxeh", STFL, 135, "Vector enhancements facility")
>>> DEF_FEAT(MULTIPLE_EPOCH, "mepoch", STFL, 139, "Multiple-epoch facility")
>>> +DEF_FEAT(EXTENDED_LENGTH_SCCB, "els", STFL, 140, "Extended-length SCCB facility")
>>> DEF_FEAT(TEST_PENDING_EXT_INTERRUPTION, "tpei", STFL, 144, "Test-pending-external-interruption facility")
>>> DEF_FEAT(INSERT_REFERENCE_BITS_MULT, "irbm", STFL, 145, "Insert-reference-bits-multiple facility")
>>> DEF_FEAT(MSA_EXT_8, "msa8-base", STFL, 146, "Message-security-assist-extension-8 facility (excluding subfunctions)")
>>> diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
>>> index 8ddeebc544..6857f657fb 100644
>>> --- a/target/s390x/gen-features.c
>>> +++ b/target/s390x/gen-features.c
>>> @@ -522,6 +522,7 @@ static uint16_t full_GEN12_GA1[] = {
>>> S390_FEAT_AP_QUEUE_INTERRUPT_CONTROL,
>>> S390_FEAT_AP_FACILITIES_TEST,
>>> S390_FEAT_AP,
>>> + S390_FEAT_EXTENDED_LENGTH_SCCB,
>>> };
>>>
>>> static uint16_t full_GEN12_GA2[] = {
>>> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
>>> index 69881a0da0..380fb81822 100644
>>> --- a/target/s390x/kvm.c
>>> +++ b/target/s390x/kvm.c
>>> @@ -2456,6 +2456,10 @@ void kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp)
>>> KVM_S390_VM_CRYPTO_ENABLE_APIE)) {
>>> set_bit(S390_FEAT_AP, model->features);
>>> }
>>> +
>>> + /* Extended-Length SCCB is handled entirely within QEMU */
>>> + set_bit(S390_FEAT_EXTENDED_LENGTH_SCCB, model->features);
>>> +
>>
>> We need to fence this for secure guests as the SIDA is only 4k at the
>> moment.
>>
>
> I don't know much about the SE stuff, so I'll take your word for it.
> Should this follow the same fencing as diag 318 and simply check for pv
> mode?
So I had another look into it and I take everything back I said:
* The stfle bit is controlled by the UV, so it's not indicated to the
guest in PV mode
* If the guest tries to execute a long SCCB the UV will return a
boundary violation error on its own (well after a notification exit anyway).
Let's therefore throw in a comment:
For PV guests this is completely fenced by the Ultravisor as Service
Call error checking and STFLE interpretation are handled by SIE.
>
>> Do we need to take extra steps for migration safety?
>> I guess this is only available with host-passthrough or -model?
>>
>>> /* strip of features that are not part of the maximum model */
>>> bitmap_and(model->features, model->features, model->def->full_feat,
>>> S390_FEAT_MAX);
>>>
>>
>>
>
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-05-25 10:51 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 22:20 [PATCH v2 0/8] s390: Extended-Length SCCB & DIAGNOSE 0x318 Collin Walling
2020-05-15 22:20 ` [PATCH v2 1/8] s390/sclp: get machine once during read scp/cpu info Collin Walling
2020-05-18 8:38 ` David Hildenbrand
2020-05-18 17:30 ` Collin Walling
2020-06-11 11:33 ` Thomas Huth
2020-05-15 22:20 ` [PATCH v2 2/8] s390/sclp: check sccb len before filling in data Collin Walling
2020-05-18 8:37 ` Janosch Frank
2020-05-18 11:46 ` David Hildenbrand
2020-05-18 14:32 ` Collin Walling
2020-05-18 15:43 ` David Hildenbrand
2020-05-18 17:31 ` Collin Walling
2020-06-11 12:01 ` Thomas Huth
2020-06-15 15:47 ` Collin Walling
2020-05-15 22:20 ` [PATCH v2 3/8] s390/sclp: rework sclp boundary and length checks Collin Walling
2020-05-18 8:50 ` Janosch Frank
2020-05-18 15:15 ` Collin Walling
2020-05-19 13:19 ` Cornelia Huck
2020-05-25 10:53 ` Janosch Frank
2020-06-11 12:56 ` Thomas Huth
2020-06-15 15:47 ` Collin Walling
2020-05-15 22:20 ` [PATCH v2 4/8] s390/sclp: read sccb from mem based on sccb length Collin Walling
2020-06-11 13:05 ` Thomas Huth
2020-05-15 22:20 ` [PATCH v2 5/8] s390/sclp: use cpu offset to locate cpu entries Collin Walling
2020-06-11 14:33 ` Thomas Huth
2020-05-15 22:20 ` [PATCH v2 6/8] s390/sclp: add extended-length sccb support for kvm guest Collin Walling
2020-05-18 8:55 ` Janosch Frank
2020-05-18 14:31 ` Collin Walling
2020-05-25 10:50 ` Janosch Frank [this message]
2020-05-26 14:38 ` Collin Walling
2020-05-19 13:47 ` Cornelia Huck
2020-05-15 22:20 ` [PATCH v2 7/8] s390/kvm: header sync for diag318 Collin Walling
2020-05-15 22:20 ` [PATCH v2 8/8] s390: guest support for diagnose 0x318 Collin Walling
2020-05-20 11:30 ` Cornelia Huck
2020-05-21 6:18 ` Collin Walling
2020-05-16 6:41 ` [PATCH v2 0/8] s390: Extended-Length SCCB & DIAGNOSE 0x318 no-reply
2020-05-18 17:34 ` Collin Walling
2020-05-18 17:51 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a530a9e4-86d7-8e86-5bd3-d2b033d5371f@linux.ibm.com \
--to=frankja@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=mihajlov@linux.ibm.com \
--cc=mst@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
--cc=svens@linux.ibm.com \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).