Let's allow adapters, domains and control domains to be assigned to or unassigned from an AP matrix mdev device while it is in use by a guest. When an adapter, domain or control domain is assigned to or unassigned from an mdev device while a guest is using it, the guest's CRYCB will be updated thus giving access to the resource assigned, or taking access away from the resource unassigned for the guest. Signed-off-by: Tony Krowiak <akrowiak@xxxxxxxxxxxxx> --- drivers/s390/crypto/vfio_ap_ops.c | 68 +++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index cb3e4f7671be..cda1d216ee38 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -155,6 +155,24 @@ static int vfio_ap_mdev_verify_no_sharing(struct ap_matrix_mdev *matrix_mdev) return 0; } +/* + * vfio_ap_mdev_update_crycb + * + * @matrix_mdev: the mediated matrix device + * + * Updates the AP matrix in the guest's CRYCB from the masks configured for the + * mediated matrix device via its sysfs interfaces. + */ +static void vfio_ap_mdev_update_crycb(struct ap_matrix_mdev *matrix_mdev) +{ + if (matrix_mdev->kvm) { + kvm_arch_crypto_set_masks(matrix_mdev->kvm, + matrix_mdev->matrix.apm, + matrix_mdev->matrix.aqm, + matrix_mdev->matrix.adm); + } +} + /** * assign_adapter_store * @@ -196,10 +214,6 @@ static ssize_t assign_adapter_store(struct device *dev, struct mdev_device *mdev = mdev_from_dev(dev); struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev); - /* If the guest is running, disallow assignment of adapter */ - if (matrix_mdev->kvm) - return -EBUSY; - ret = kstrtoul(buf, 0, &apid); if (ret) return ret; @@ -214,16 +228,12 @@ static ssize_t assign_adapter_store(struct device *dev, */ mutex_lock(&matrix_dev->lock); - ret = vfio_ap_mdev_verify_queues_reserved_for_apid(matrix_mdev, apid); - if (ret) - goto done; - set_bit_inv(apid, matrix_mdev->matrix.apm); ret = ap_apqn_in_matrix_owned_by_def_drv(matrix_mdev->matrix.apm, matrix_mdev->matrix.aqm); - /* If any APQN is reserved for used by the default drivers */ + /* If any APQN is owned by the default drivers */ ret = (ret == 1) ? -EADDRNOTAVAIL : ret; if (ret) goto error; @@ -232,6 +242,7 @@ static ssize_t assign_adapter_store(struct device *dev, if (ret) goto error; + vfio_ap_mdev_update_crycb(matrix_mdev); ret = count; goto done; @@ -270,10 +281,6 @@ static ssize_t unassign_adapter_store(struct device *dev, struct mdev_device *mdev = mdev_from_dev(dev); struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev); - /* If the guest is running, disallow un-assignment of adapter */ - if (matrix_mdev->kvm) - return -EBUSY; - ret = kstrtoul(buf, 0, &apid); if (ret) return ret; @@ -283,6 +290,7 @@ static ssize_t unassign_adapter_store(struct device *dev, mutex_lock(&matrix_dev->lock); clear_bit_inv((unsigned long)apid, matrix_mdev->matrix.apm); + vfio_ap_mdev_update_crycb(matrix_mdev); mutex_unlock(&matrix_dev->lock); return count; @@ -331,10 +339,6 @@ static ssize_t assign_domain_store(struct device *dev, struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev); unsigned long max_apqi = matrix_mdev->matrix.aqm_max; - /* If the guest is running, disallow assignment of domain */ - if (matrix_mdev->kvm) - return -EBUSY; - ret = kstrtoul(buf, 0, &apqi); if (ret) return ret; @@ -355,12 +359,13 @@ static ssize_t assign_domain_store(struct device *dev, ret = vfio_ap_mdev_verify_no_sharing(matrix_mdev); if (ret) - goto share_err; + goto error; + vfio_ap_mdev_update_crycb(matrix_mdev); ret = count; goto done; -share_err: +error: clear_bit_inv(apqi, matrix_mdev->matrix.aqm); done: mutex_unlock(&matrix_dev->lock); @@ -396,10 +401,6 @@ static ssize_t unassign_domain_store(struct device *dev, struct mdev_device *mdev = mdev_from_dev(dev); struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev); - /* If the guest is running, disallow un-assignment of domain */ - if (matrix_mdev->kvm) - return -EBUSY; - ret = kstrtoul(buf, 0, &apqi); if (ret) return ret; @@ -409,6 +410,7 @@ static ssize_t unassign_domain_store(struct device *dev, mutex_lock(&matrix_dev->lock); clear_bit_inv((unsigned long)apqi, matrix_mdev->matrix.aqm); + vfio_ap_mdev_update_crycb(matrix_mdev); mutex_unlock(&matrix_dev->lock); return count; @@ -440,10 +442,6 @@ static ssize_t assign_control_domain_store(struct device *dev, struct mdev_device *mdev = mdev_from_dev(dev); struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev); - /* If the guest is running, disallow assignment of control domain */ - if (matrix_mdev->kvm) - return -EBUSY; - ret = kstrtoul(buf, 0, &id); if (ret) return ret; @@ -451,13 +449,16 @@ static ssize_t assign_control_domain_store(struct device *dev, if (id > matrix_mdev->matrix.adm_max) return -ENODEV; - /* Set the bit in the ADM (bitmask) corresponding to the AP control - * domain number (id). The bits in the mask, from most significant to - * least significant, correspond to IDs 0 up to the one less than the - * number of control domains that can be assigned. + /* + * Set the bits in the ADM (bitmask) corresponding to the AP control + * domain numbers in dommask. The bits in the mask, from left to right, + * correspond to IDs 0 up to the one less than the number of control + * domains that can be assigned. + * */ mutex_lock(&matrix_dev->lock); set_bit_inv(id, matrix_mdev->matrix.adm); + vfio_ap_mdev_update_crycb(matrix_mdev); mutex_unlock(&matrix_dev->lock); return count; @@ -490,10 +491,6 @@ static ssize_t unassign_control_domain_store(struct device *dev, struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev); unsigned long max_domid = matrix_mdev->matrix.adm_max; - /* If the guest is running, disallow un-assignment of control domain */ - if (matrix_mdev->kvm) - return -EBUSY; - ret = kstrtoul(buf, 0, &domid); if (ret) return ret; @@ -502,6 +499,7 @@ static ssize_t unassign_control_domain_store(struct device *dev, mutex_lock(&matrix_dev->lock); clear_bit_inv(domid, matrix_mdev->matrix.adm); + vfio_ap_mdev_update_crycb(matrix_mdev); mutex_unlock(&matrix_dev->lock); return count; -- 2.7.4