| Message ID | 20230815184333.6554-1-akrowiak@linux.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | s390/vfio_ap: crypto pass-through for SE guests | expand |
On 8/15/23 20:43, Tony Krowiak wrote: > This patch series is for the changes required in the vfio_ap device > driver to facilitate pass-through of crypto devices to a secure > execution guest. In particular, it is critical that no data from the > queues passed through to the SE guest is leaked when the guest is > destroyed. There are also some new response codes returned from the > PQAP(ZAPQ) and PQAP(TAPQ) commands that have been added to the > architecture in support of pass-through of crypto devices to SE guests; > these need to be accounted for when handling the reset of queues. > @Heiko: Once this has soaked a day or two, could you please apply this and create a feature branch that I can pull from?
On 8/16/23 13:39, Janosch Frank wrote: > On 8/15/23 20:43, Tony Krowiak wrote: >> This patch series is for the changes required in the vfio_ap device >> driver to facilitate pass-through of crypto devices to a secure >> execution guest. In particular, it is critical that no data from the >> queues passed through to the SE guest is leaked when the guest is >> destroyed. There are also some new response codes returned from the >> PQAP(ZAPQ) and PQAP(TAPQ) commands that have been added to the >> architecture in support of pass-through of crypto devices to SE guests; >> these need to be accounted for when handling the reset of queues. >> > > @Heiko: Once this has soaked a day or two, could you please apply this > and create a feature branch that I can pull from? Sorry for the noise, for some reason I still had Heiko's old address in the address book. I'll delete it in a second. Here we go again.
On Wed, Aug 16, 2023 at 02:12:50PM +0200, Janosch Frank wrote: > On 8/16/23 13:39, Janosch Frank wrote: > > On 8/15/23 20:43, Tony Krowiak wrote: > > > This patch series is for the changes required in the vfio_ap device > > > driver to facilitate pass-through of crypto devices to a secure > > > execution guest. In particular, it is critical that no data from the > > > queues passed through to the SE guest is leaked when the guest is > > > destroyed. There are also some new response codes returned from the > > > PQAP(ZAPQ) and PQAP(TAPQ) commands that have been added to the > > > architecture in support of pass-through of crypto devices to SE guests; > > > these need to be accounted for when handling the reset of queues. > > > > > > > @Heiko: Once this has soaked a day or two, could you please apply this > > and create a feature branch that I can pull from? > > Sorry for the noise, for some reason I still had Heiko's old address in the > address book. I'll delete it in a second. > > Here we go again. Series is now available via the vfio-ap branch, based on rc2 like your your branches within the kvms390 tree. https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git vfio-ap
This patch series is for the changes required in the vfio_ap device driver to facilitate pass-through of crypto devices to a secure execution guest. In particular, it is critical that no data from the queues passed through to the SE guest is leaked when the guest is destroyed. There are also some new response codes returned from the PQAP(ZAPQ) and PQAP(TAPQ) commands that have been added to the architecture in support of pass-through of crypto devices to SE guests; these need to be accounted for when handling the reset of queues. Janosch Frank (1): s390/uv: export uv_pin_shared for direct usage Tony Krowiak (11): s390/vfio-ap: No need to check the 'E' and 'I' bits in APQSW after TAPQ s390/vfio-ap: clean up irq resources if possible s390/vfio-ap: wait for response code 05 to clear on queue reset s390/vfio-ap: allow deconfigured queue to be passed through to a guest s390/vfio-ap: remove upper limit on wait for queue reset to complete s390/vfio-ap: store entire AP queue status word with the queue object s390/vfio-ap: use work struct to verify queue reset s390/vfio-ap: handle queue state change in progress on reset s390/vfio-ap: check for TAPQ response codes 0x35 and 0x36 kvm: s390: export kvm_s390_pv*_is_protected functions s390/vfio-ap: Make sure nib is shared arch/s390/include/asm/kvm_host.h | 3 + arch/s390/include/asm/uv.h | 6 + arch/s390/kernel/uv.c | 3 +- arch/s390/kvm/kvm-s390.h | 12 -- arch/s390/kvm/pv.c | 14 +++ drivers/s390/crypto/vfio_ap_ops.c | 164 +++++++++++++++++--------- drivers/s390/crypto/vfio_ap_private.h | 6 +- 7 files changed, 135 insertions(+), 73 deletions(-)