On 15/05/2018 18:07, Tony Krowiak wrote:
On 05/15/2018 10:55 AM, Pierre Morel wrote:
On 07/05/2018 17:11, Tony Krowiak wrote:
Provides interfaces to manage the AP adapters, usage domains
and control domains assigned to a KVM guest.
The guest's SIE state description has a satellite structure called the
Crypto Control Block (CRYCB) containing three bitmask fields
identifying the adapters, queues (domains) and control domains
assigned to the KVM guest:
This function (ap_validate_queue_sharing) only verifies that VM don't
What about the queues used by a host application?
How can that be verified from this function? I suppose I could put a
check in here to
verify that the queues are reserved by the vfio_ap device driver, but
be redundant because an AP queue can not be assigned to a mediated
via its sysfs attributes unless it is reserved by the vfio_ap device
patches 7, 8 and 9).
I understand that you want to implement these checks within KVM but
related to which queue devices are bound to the matrix and which one
See my comments above and below about AP queue assignment to the
device. The one verification we can't do when the devices are assigned
another guest is using the queue because assignment occurs before the
the queue is started in which case we have no access to KVM. It makes
no sense to
do so at assignment time anyway because it doesn't matter until the
the mediated matrix device is started, so that check is done in KVM.
I think that this should be related somehow to the bounded queue
therefor implemented inside the matrix driver.
As I stated above, when an AP queue is assigned to the mediated matrix
its sysfs attributes, a check is done to verify that it is bound to
device driver (see patches 7, 8 and 9). If not, then assignment will
therefore, it will not be possible to configure a CRYCB with AP queues
not bound to the device driver.
This patch and te followed patches take care that the queues are bound
matrix driver when they are assigned to the matrix using the sysfs entries.
But they do not take care that the queue can not be unbound before you
the guest, and they are not in the path if the admin decide to unbind a
at some later time.
Linux/KVM/QEMU in Böblingen - Germany