[PATCH v7 16/22] s390: vfio-ap: implement mediated device open callback

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Tony Krowiak <akrowiak@xxxxxxxxxxxxx>

Implements the open callback on the mediated matrix device.
The function registers a group notifier to receive notification
of the VFIO_GROUP_NOTIFY_SET_KVM event. When notified,
the vfio_ap device driver will get access to the guest's
kvm structure. The open callback must ensure that only one
mediated device shall be opened per guest.

Signed-off-by: Tony Krowiak <akrowiak@xxxxxxxxxxxxx>
Acked-by: Halil Pasic <pasic@xxxxxxxxxxxxx>
Tested-by: Michael Mueller <mimu@xxxxxxxxxxxxx>
Tested-by: Farhan Ali <alifm@xxxxxxxxxxxxx>
Tested-by: Pierre Morel <pmorel@xxxxxxxxxxxxx>
Acked-by: Pierre Morel <pmorel@xxxxxxxxxxxxx>
Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
---
 drivers/s390/crypto/vfio_ap_ops.c     | 195 +++++++++++++++++++++++++-
 drivers/s390/crypto/vfio_ap_private.h |   2 +
 2 files changed, 196 insertions(+), 1 deletion(-)

diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c
index 675aa97612f6..d06067a23000 100644
--- a/drivers/s390/crypto/vfio_ap_ops.c
+++ b/drivers/s390/crypto/vfio_ap_ops.c
@@ -9,6 +9,10 @@
 #include <linux/device.h>
 #include <linux/list.h>
 #include <linux/ctype.h>
+#include <linux/bitops.h>
+#include <linux/kvm_host.h>
+#include <linux/module.h>
+#include <asm/kvm.h>
 
 #include "vfio_ap_private.h"
 
@@ -602,12 +606,21 @@ static int vfio_ap_mdev_activate(struct ap_matrix_mdev *matrix_mdev)
 
 static int vfio_ap_mdev_deactivate(struct ap_matrix_mdev *matrix_mdev)
 {
+	int ret = 0;
+
 	if (!matrix_mdev->activated)
 		return 0;
 
+	if (matrix_mdev->kvm) {
+		pr_warn("%s: %s: deactivate failed, mdev %s is in use by guest %s\n",
+			VFIO_AP_MODULE_NAME, __func__, matrix_mdev->name,
+			matrix_mdev->kvm->arch.dbf->name);
+		return -EBUSY;
+	}
+
 	matrix_mdev->activated = false;
 
-	return 0;
+	return ret;
 }
 
 static ssize_t activate_store(struct device *dev, struct device_attribute *attr,
@@ -676,12 +689,192 @@ static const struct attribute_group *vfio_ap_mdev_attr_groups[] = {
 	NULL
 };
 
+/**
+ * Verify that the AP instructions are available on the guest and are to be
+ * interpreted by the firmware. The former is indicated via the
+ * KVM_S390_VM_CPU_FEAT_AP CPU model feature and the latter by apie crypto
+ * flag.
+ */
+static int kvm_ap_validate_crypto_setup(struct kvm *kvm)
+{
+	if (test_bit_inv(KVM_S390_VM_CPU_FEAT_AP, kvm->arch.cpu_feat) &&
+	    kvm->arch.crypto.apie)
+		return 0;
+
+	pr_warn("%s: interpretation of AP instructions not available\n",
+		VFIO_AP_MODULE_NAME);
+
+	return -EOPNOTSUPP;
+}
+
+static void kvm_ap_merge_bitmasks(unsigned long *dst, unsigned long *mask1,
+				  unsigned long *mask2, unsigned long nbits)
+{
+	int i;
+
+	for (i = 0; i < BITS_TO_LONGS(nbits); i++)
+		dst[i] = mask1[i] | mask2[i];
+}
+
+static void vfio_ap_mdev_copy_masks(struct ap_matrix_mdev *matrix_mdev,
+				    struct kvm_s390_crypto_cb *crycb)
+{
+	int nbytes;
+	unsigned long *apm, *aqm, *adm;
+
+	switch (matrix_mdev->kvm->arch.crypto.crycbd & CRYCB_FORMAT_MASK) {
+	case CRYCB_FORMAT2:
+		apm = (unsigned long *)crycb->apcb1.apm;
+		aqm = (unsigned long *)crycb->apcb1.aqm;
+		adm = (unsigned long *)crycb->apcb1.adm;
+		break;
+	case CRYCB_FORMAT1:
+	case CRYCB_FORMAT0:
+	default:
+		apm = (unsigned long *)crycb->apcb0.apm;
+		aqm = (unsigned long *)crycb->apcb0.aqm;
+		adm = (unsigned long *)crycb->apcb0.adm;
+		break;
+	}
+
+	nbytes = DIV_ROUND_UP(matrix_mdev->matrix.apm_max + 1, BITS_PER_BYTE);
+	memcpy(apm, matrix_mdev->matrix.apm, nbytes);
+	nbytes = DIV_ROUND_UP(matrix_mdev->matrix.aqm_max + 1, BITS_PER_BYTE);
+	memcpy(aqm, matrix_mdev->matrix.aqm, nbytes);
+	kvm_ap_merge_bitmasks(adm, aqm, adm, matrix_mdev->matrix.adm_max + 1);
+}
+
+static int vfio_ap_mdev_group_notifier(struct notifier_block *nb,
+				       unsigned long action, void *data)
+{
+	int ret;
+	struct ap_matrix_mdev *matrix_mdev;
+	struct kvm_s390_crypto_cb *crycb;
+
+	if (action == VFIO_GROUP_NOTIFY_SET_KVM) {
+		matrix_mdev = container_of(nb, struct ap_matrix_mdev,
+					   group_notifier);
+		matrix_mdev->kvm = data;
+		crycb  = matrix_mdev->kvm->arch.crypto.crycb;
+
+		ret = kvm_ap_validate_crypto_setup(matrix_mdev->kvm);
+		if (ret)
+			return ret;
+
+		/* NOTE: Happens before any vcpu is running (no hotplug). */
+		vfio_ap_mdev_copy_masks(matrix_mdev, crycb);
+		if (ret)
+			return ret;
+	}
+
+	return NOTIFY_OK;
+}
+
+/**
+ * vfio_ap_mdev_open_once
+ *
+ * @matrix_mdev: a mediated matrix device
+ *
+ * Return 0 if no other mediated matrix device has been opened for the
+ * KVM guest assigned to @matrix_mdev; otherwise, returns an error.
+ */
+static int vfio_ap_mdev_open_once(struct ap_matrix_mdev *matrix_mdev)
+{
+	int ret = 0;
+	struct ap_matrix_mdev *lstdev;
+
+	list_for_each_entry(lstdev, &matrix_dev.mdev_list, list) {
+		if ((lstdev->kvm == matrix_mdev->kvm) &&
+		    (lstdev != matrix_mdev)) {
+			ret = -EPERM;
+			break;
+		}
+	}
+
+	if (ret) {
+		pr_warn("%s: mdev %s open failed for guest %s\n",
+			VFIO_AP_MODULE_NAME, matrix_mdev->name,
+			matrix_mdev->kvm->arch.dbf->name);
+		pr_warn("%s: mdev %s already opened for guest %s\n",
+			VFIO_AP_MODULE_NAME, lstdev->name,
+			lstdev->kvm->arch.dbf->name);
+	}
+
+	return ret;
+}
+
+static int vfio_ap_mdev_open(struct mdev_device *mdev)
+{
+	struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
+	unsigned long events;
+	int ret;
+
+
+	if (!try_module_get(THIS_MODULE)) {
+		ret = -ENODEV;
+		goto done;
+	}
+
+	mutex_lock(&matrix_dev.lock);
+	if (!matrix_mdev->activated) {
+		ret = vfio_ap_mdev_activate(matrix_mdev);
+		if (ret)
+			goto mod_err;
+	}
+
+	matrix_mdev->group_notifier.notifier_call = vfio_ap_mdev_group_notifier;
+	events = VFIO_GROUP_NOTIFY_SET_KVM;
+
+	ret = vfio_register_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY,
+				     &events, &matrix_mdev->group_notifier);
+	if (ret)
+		goto mod_err;
+
+	ret = vfio_ap_mdev_open_once(matrix_mdev);
+	if (ret)
+		goto out_kvm_err;
+
+	if (matrix_mdev->kvm) {
+		ret = kvm_ap_validate_crypto_setup(matrix_mdev->kvm);
+		if (ret)
+			goto out_kvm_err;
+	}
+
+	ret = 0;
+	goto done;
+
+out_kvm_err:
+	vfio_unregister_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY,
+				 &matrix_mdev->group_notifier);
+	matrix_mdev->kvm = NULL;
+mod_err:
+	module_put(THIS_MODULE);
+done:
+	mutex_unlock(&matrix_dev.lock);
+	return ret;
+}
+
+static void vfio_ap_mdev_release(struct mdev_device *mdev)
+{
+	struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
+
+	mutex_lock(&matrix_dev.lock);
+	kvm_arch_crypto_clear_masks(matrix_mdev->kvm);
+	vfio_unregister_notifier(mdev_dev(mdev), VFIO_GROUP_NOTIFY,
+				 &matrix_mdev->group_notifier);
+	matrix_mdev->kvm = NULL;
+	mutex_unlock(&matrix_dev.lock);
+	module_put(THIS_MODULE);
+}
+
 static const struct mdev_parent_ops vfio_ap_matrix_ops = {
 	.owner			= THIS_MODULE,
 	.supported_type_groups	= vfio_ap_mdev_type_groups,
 	.mdev_attr_groups	= vfio_ap_mdev_attr_groups,
 	.create			= vfio_ap_mdev_create,
 	.remove			= vfio_ap_mdev_remove,
+	.open			= vfio_ap_mdev_open,
+	.release		= vfio_ap_mdev_release,
 };
 
 int vfio_ap_mdev_register(void)
diff --git a/drivers/s390/crypto/vfio_ap_private.h b/drivers/s390/crypto/vfio_ap_private.h
index df1996e6fce3..34be9afe9ced 100644
--- a/drivers/s390/crypto/vfio_ap_private.h
+++ b/drivers/s390/crypto/vfio_ap_private.h
@@ -64,6 +64,8 @@ struct ap_matrix_mdev {
 	struct list_head list;
 	struct ap_matrix matrix;
 	bool activated;
+	struct notifier_block group_notifier;
+	struct kvm *kvm;
 };
 
 static inline struct device *to_device(struct ap_matrix_dev *matrix_dev)
-- 
2.17.0
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux