[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From heinz-werner_se...@de.ibm.com 2019-02-05 03:48 EDT--- IBM Bugzilla status -> closed, Fix Released for all distros -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Fix Released Status in libvirt package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in qemu package in Ubuntu: Fix Released Status in libvirt source package in Bionic: Fix Released Status in linux source package in Bionic: Fix Released Status in qemu source package in Bionic: Fix Released Status in libvirt source package in Cosmic: Fix Released Status in linux source package in Cosmic: Fix Released Status in qemu source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: [Impact] * The ability to pass through more cryptographic capabilities is a very important feature for users of s390x as virtualization platform. Its availability upstream now and its backport in this bug allows to exploit the crypto cards as new HW for these virtualization use cases. * This falls under both "other safe cases" SRU exceptions: - For Long Term Support releases we regularly want to enable new hardware ... - For Long Term Support releases we sometimes want to introduce new features. They must not change the behaviour on existing installations ... * This bug has three main components: - kernel (ability to do all of this) - qemu (add feature to exploit the new code) - libvirt (make the feature user consumable) [Test Case] * In general this consists of a few steps - get the updated kernel/qemu/libvirt - mask the card & domains from the usual driver - load vfio-ap - assign card&domain to vfio-ap - prepare a guest - configure a guest to use the card * See comment #66 how to do all of that in detail https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/66 [Regression Potential] * The changes are mostly s390x only and adding a new feature so regressions to existing components should be low. But to backport it slight changes to the MDEV handling had to be applied as well. The potential regressions I can see are in that MDEV handling if one of the backports would be bad. Fortunately we know that without the related libvirt fixes we added here using MDEVs didn't work at all yet, and people very rarely use qemu without libvirt for anything else than experiments. Therefore I'm confident that even if there would be a flaw in the MDEV changes no one is hugely relying on it. [Other Info] * n/a == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pu
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-12-06 03:54 EDT--- @paelzer You picked the correct commit to resolve the display property problem which you encountered. https://libvirt.org/git/?p=libvirt.git;a=commit;h=d6f97d1338ba9470f7c745fab317d272cde84d38 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Fix Committed Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: Fix Released Status in libvirt source package in Bionic: Fix Committed Status in linux source package in Bionic: Fix Released Status in qemu source package in Bionic: Fix Committed Status in libvirt source package in Cosmic: In Progress Status in linux source package in Cosmic: Fix Released Status in qemu source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: [Impact] * The ability to pass through more cryptographic capabilities is a very important feature for users of s390x as virtualization platform. Its availability upstream now and its backport in this bug allows to exploit the crypto cards as new HW for these virtualization use cases. * This falls under both "other safe cases" SRU exceptions: - For Long Term Support releases we regularly want to enable new hardware ... - For Long Term Support releases we sometimes want to introduce new features. They must not change the behaviour on existing installations ... * This bug has three main components: - kernel (ability to do all of this) - qemu (add feature to exploit the new code) - libvirt (make the feature user consumable) [Test Case] * In general this consists of a few steps - get the updated kernel/qemu/libvirt - mask the card & domains from the usual driver - load vfio-ap - assign card&domain to vfio-ap - prepare a guest - configure a guest to use the card * See comment #66 how to do all of that in detail https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/66 [Regression Potential] * The changes are mostly s390x only and adding a new feature so regressions to existing components should be low. But to backport it slight changes to the MDEV handling had to be applied as well. The potential regressions I can see are in that MDEV handling if one of the backports would be bad. Fortunately we know that without the related libvirt fixes we added here using MDEVs didn't work at all yet, and people very rarely use qemu without libvirt for anything else than experiments. Therefore I'm confident that even if there would be a flaw in the MDEV changes no one is hugely relying on it. [Other Info] * n/a == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualizat
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-12-05 12:34 EDT--- Confirmed. I installed bionic, add bionic-proposed used virt-install to install a guest shut down guest and added a hostdev to guest started guest: [root@localhost ~]# lszcrypt CARD.DOMAIN TYPE MODESTATUS REQUEST_CNT - 06 CEX6A Accelerator online0 06.001a CEX6A Accelerator online0 08 CEX6C CCA-Coproc online1 08.001a CEX6C CCA-Coproc online1 0a CEX6P EP11-Coproc online0 0a.001a CEX6P EP11-Coproc online0 Good to go from proposed into updates. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Fix Committed Status in libvirt package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: Fix Released Status in libvirt source package in Bionic: Fix Committed Status in linux source package in Bionic: Fix Released Status in qemu source package in Bionic: Fix Committed Status in libvirt source package in Cosmic: Fix Committed Status in linux source package in Cosmic: Fix Released Status in qemu source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: [Impact] * The ability to pass through more cryptographic capabilities is a very important feature for users of s390x as virtualization platform. Its availability upstream now and its backport in this bug allows to exploit the crypto cards as new HW for these virtualization use cases. * This falls under both "other safe cases" SRU exceptions: - For Long Term Support releases we regularly want to enable new hardware ... - For Long Term Support releases we sometimes want to introduce new features. They must not change the behaviour on existing installations ... * This bug has three main components: - kernel (ability to do all of this) - qemu (add feature to exploit the new code) - libvirt (make the feature user consumable) [Test Case] * In general this consists of a few steps - get the updated kernel/qemu/libvirt - mask the card & domains from the usual driver - load vfio-ap - assign card&domain to vfio-ap - prepare a guest - configure a guest to use the card * See comment #66 how to do all of that in detail https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/66 [Regression Potential] * The changes are mostly s390x only and adding a new feature so regressions to existing components should be low. But to backport it slight changes to the MDEV handling had to be applied as well. The potential regressions I can see are in that MDEV handling if one of the backports would be bad. Fortunately we know that without the related libvirt fixes we added here using MDEVs didn't work at all yet, and people very rarely use qemu without libvirt for anything else than experiments. Therefore I'm confident that even if there would be a flaw in the MDEV changes no one is hugely relying on it. [Other Info] * n/a == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FOR
Re: [Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
On Thu, Nov 22, 2018 at 6:35 PM bugproxy wrote: > --- Comment From boris_fiuczyn...@de.ibm.com 2018-11-22 12:21 > EDT--- > @Christian E.: > You listed two libvirt commit IDs > > https://libvirt.org/git/?p=libvirt.git;a=commit;h=faab373b53e1a4eacf0d6f524eb47df243f21fac > > https://libvirt.org/git/?p=libvirt.git;a=commit;h=f865d58028ccd568b6e7909608678584b12d3c90 > that I cannot find in libvirt. Maybe it's just a copy&paste error. > Hmm, yeah that was copy-pasta :-/ The files in my branch are actually good already for completeness here on the bug the patches that work unmodified on 4.6 are: https://libvirt.org/git/?p=libvirt.git;a=commit;h=11708641983e9107a129c62fd343d0fec228342f https://libvirt.org/git/?p=libvirt.git;a=commit;h=208d6e6f5aafa102d04ce300c6338b0736bb52df https://libvirt.org/git/?p=libvirt.git;a=commit;h=25dde373730545894f60ce5b1497f19d61714c69 I just looked at patch 6 again and it is correct that I have included > code from another commit (most likely > d54e45b6edd7623e488a19e30bc4148a21fa8b03) to make the refactoring work > and compile without noting it down as origin in the commit message. > Sorry about that. > No problem at all. d54e45b6 is qemuDomainMdevDefValidate which is in patch #5 actually already. But #6 is is qemuDomainMdevDefVFIOAPValidate from 25dde373 and the extension for AP in 208d6e6f fused into one. But that is ok, an SRU wants to only pick what is needed and not rework all the rest - I just wanted to make sure references are ok. It is mostly for housekeeping and to make it "traceable" for the upcoming SRU review. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus supp
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-22 12:21 EDT--- @Christian E.: You listed two libvirt commit IDs https://libvirt.org/git/?p=libvirt.git;a=commit;h=faab373b53e1a4eacf0d6f524eb47df243f21fac https://libvirt.org/git/?p=libvirt.git;a=commit;h=f865d58028ccd568b6e7909608678584b12d3c90 that I cannot find in libvirt. Maybe it's just a copy&paste error. I just looked at patch 6 again and it is correct that I have included code from another commit (most likely d54e45b6edd7623e488a19e30bc4148a21fa8b03) to make the refactoring work and compile without noting it down as origin in the commit message. Sorry about that. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. V
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-21 03:06 EDT--- I successfully tested on s390 the provided libvirt packages as requested in point 4 of paelzer last comment. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization") But for that an updated qemu and
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-20 02:26 EDT--- I forgot to mention that with the patches provided in the tar.gz I was able to successfully run a guest with guest-dedicated crypto adapters. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization")
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-19 11:04 EDT--- @paelzer I am still trying to sort out the vfio-ap required patches for libvirt. I hope to get it done by tomorrow. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization") But for that an updated q
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-19 07:37 EDT--- On bionic I tested the kernel from proposed together with the qemu from the ppa 3520. The vfio-ap functionality works. Can somebody else change the state on the launchpad site? The ibm bugzilla mirror does not allow me to do this. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More de
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-19 02:56 EDT--- Question for canonical: What combinations (linux,qemu,libvirt) and from where are we supposed to test? The bug covers multiple components. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization") But for th
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-16 04:33 EDT--- (In reply to comment #65) > FYI: build log of the current incomplete backport: > https://launchpadlibrarian.net/397706595/buildlog_ubuntu-bionic-s390x. > libvirt_4.0.0-1ubuntu8.6~ppa1_BUILDING.txt.gz The build error is due to the changes in the enum virMediatedDeviceModelType Change the assignment from 2 to 1 for VIR_MDEV_MODEL_TYPE_VFIO_AP. --- a/src/util/virmdev.h +++ b/src/util/virmdev.h @@ -26,6 +26,7 @@ typedef enum { VIR_MDEV_MODEL_TYPE_VFIO_PCI = 0, +VIR_MDEV_MODEL_TYPE_VFIO_AP = 2, VIR_MDEV_MODEL_TYPE_LAST } virMediatedDeviceModelType; There is most likely also trouble ahead regarding the use of the macro virReportEnumRangeError. This needs to be replaced with virReportError(VIR_ERR_INTERNAL_ERROR, _("Unexpected enum value %d for " "virMediatedDeviceModelType"), mdevsrc->model); I will try to create a patch series based on v4.0.0 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but lo
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-15 08:40 EDT--- Boris can you have a look and comment on libvirt? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: In Progress Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization") But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too. (
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-15 07:35 EDT--- Re 2: there are no hard dependency. If any of the component is on an old level you can of course not use the new feature, but no existing feature should break. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: In Progress Status in linux package in Ubuntu: Fix Committed Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: In Progress Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualiza
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-09 13:00 EDT--- Another thing: There is currently this SRU on the list and acked. [SRU][Bionic][PATCH 0/5] Fixes for LP1799184 [v2] This will reduce the size of this pull request -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: In Progress Status in qemu package in Ubuntu: Incomplete Status in linux source package in Bionic: In Progress Status in linux source package in Cosmic: Triaged Status in linux source package in Disco: In Progress Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualizatio
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-09 11:53 EDT--- Some comments: 1. the majority of the code is in one new device driver and a Documentation file 2. The code review was done upstream. All commits are part of linux 4.19 or 4.20-rc1 so it will hit disco soon 3. most commits contain one or more reviews. Almost all commits are almost identical to the relevant upstream commit with only minimal changes during the backport so I would consider that the original review still holds -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: In Progress Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: In Progress Status in qemu package in Ubuntu: Incomplete Status in linux source package in Bionic: In Progress Status in linux source package in Cosmic: Triaged Status in linux source package in Disco: In Progress Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/c
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From aekro...@us.ibm.com 2018-11-08 10:35 EDT--- I successfully tested the guest support on backport for ap on the 18.04 ubuntu kernel -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization") But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too. (So this is only the kernel part of that ticket.) __ Description: Allow kvm to dedicate crypto adapters (and domains) as passth
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From fre...@de.ibm.com 2018-11-07 10:16 EDT--- I installed a fresh Ubuntu 18.04.1 on a LPAR and after booting these both packages on top: linux-image-4.15.0-38-generic_4.15.0-38.42~lp1787405_s390x.deb linux-modules-4.15.0-38-generic_4.15.0-38.42~lp1787405_s390x.deb then I needed to configure zipl to something usefull as the modified zipl.conf obviously is somewhat broken after package install: [defaultboot] defaultmenu=menu [UBUNTU18.04.1] target=/boot image=/boot/vmlinuz.old parameters="scsi_mod.scsi_logging_level=4605 printk.time=1 zfcp.dbfsize=100 root=/dev/disk/by-path/ccw-0.0.e96b-part1" ramdisk=/boot/initrd.img.old [newkernel] target=/boot image=/boot/vmlinuz parameters="scsi_mod.scsi_logging_level=4605 printk.time=1 zfcp.dbfsize=100 root=/dev/disk/by-path/ccw-0.0.e96b-part1" ramdisk=/boot/initrd.img :menu target=/boot 1 = UBUNTU18.04.1 2 = newkernel default = 2 prompt = 1 timeout = 10 after boot the new kernel is active: uname -a Linux s83lp75 4.15.0-38-generic #42~lp1787405 SMP Mon Nov 5 21:13:01 UTC 2018 s390x s390x s390x GNU/Linux then I ran my brand new developed zcrypttest and all the testcases ran fine. This is at least an indication that the zcrypt dd is not broken, multi domain and multi adapter works and all the 3 kinds of adapters can get addressed with all the different cprbs and work as expected. Even more some basic assumptions about request scheduling memory consumptions are tested. What's not covered is the new functionallity coming with the apmask and aqmask. I'll do this later as I'd like to devel some testcases for this feature in the next days. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() retur
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From peter.mor...@de.ibm.com 2018-11-06 11:01 EDT--- Thanks for providing the kernel image so quickly. I successfully tested the AP passthrough function using the following components: Distribution: Ubuntu 18.04 LTS Host kernel: Linux KVMCrypto 4.15.0-38-generic #42~lp1787405 SMP Mon Nov 5 21:13:01 UTC 2018 s390x s390x s390x GNU/Linux KVM guest kernel: Linux f6c59abfb01a 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:57:21 UTC 2018 s390x Linux Qemu: QEMU emulator version 3.0.50 (v3.0.0-1732-gef30274865-dirty) Thanks! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/ap
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-05 14:25 EDT--- so I retried on bionic: # cat /etc/os-release NAME="Ubuntu" VERSION="18.04.1 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.1 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/"; SUPPORT_URL="https://help.ubuntu.com/"; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"; VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic git head= 3dfd30e6cf9cbd8dcac852f959d08eeba0e0fafd (branch apbionic from my tree) # diff -u /boot/config-4.15.0-29-generic .config | grep AP +CONFIG_VFIO_AP=m +CONFIG_S390_AP_IOMMU=y This kernel builds fine Can you maybe compare your branch against my branch (folders arch/s390/kvm/ and drivers/s390/crypto/ ) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. V
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-05 13:57 EDT--- I build the kernel on a different system (not bionic) but yes it built fine. What config and what compile error do you have? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization") But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too. (So this is only the kernel part of that ticket.) __ Description: Allow kvm to dedicate
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-05 04:58 EDT--- FWIW, parts of the commits mentioned here are already part of IBM Bug 172503 - LP1799184. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization") But for that an updated qemu and libvirt should be in place - that's addressed in LP1787405, too. (So this is only the kernel part of that ticket.) __ Description: Allow kvm to dedicate crypto adapters (and domains) as pa
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-05 04:04 EDT--- I gave this a quick spin. The resulting backport on top of the bionic master branch is at https://git.kernel.org/pub/scm/linux/kernel/git/borntraeger/linux.git/log/?h=apbionic Feel free to use this branch as a "cheat sheet" for the patches that need backport. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtualization") But for that an updated qemu and libvirt should be in place - that'
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-02 10:52 EDT--- We also need these commits: (before the remaining ones) 20c922f04b17 KVM: s390: reset crypto attributes for all vcpus to make the KVM commits apply cleanly. (the first one has a simple merge conflict) The AP patches also have some minor conflicts due to the missing efda7adec7a5 s390/zcrypt: Make ap init functions static. d485235b0054 s390: assume diag308 set always works but it is probably simpler to fixup the patches. --- Comment From cborn...@de.ibm.com 2018-11-02 11:03 EDT--- We also need a define that is added with af4a72276d49 s390/zcrypt: Support up to 256 crypto adapters. (to fit on 4.15 you would then need 71cbbff8c4fd s390/zcrypt: Remove deprecated zcrypt proc interface. 2a80786d477a s390/zcrypt: Remove deprecated ioctls. ) The alternative is to define MAX_ZDEV_ENTRIES_EXT but just cherry- picking these 3 commits is probably less risky. We then need the following kernel config options. CONFIG_VFIO_AP CONFIG_VFIO_MDEV CONFIG_VFIO_MDEV_DEVICE CONFIG_S390_AP_IOMMU=y in the kernel config. With that I can use crypto cards with the bionic kernel -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summ
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-02 10:15 EDT--- The list is also valid for 4.15. Please note that this still has the same dependencies on the crypto ap driver. (I think there is a separate feature request for that). I already mentioned these commit ids. There are some more commit in the crypto area between 4.15 and 4.18 but none of thoese seems to be required. Harald, can you confirm? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Invalid Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: == SRU Justification == (Kernel SRU) Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. (Since all kernel patches/commits are from kernel 4.19, they will automagically land in 'Disco'.) == Fix == 9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit") 3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART") e585b24 ("KVM: s390: refactor crypto initialization") 1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver") 65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework") 96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters") 3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains") 3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains") 81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix") 4210459 ("KVM: s390: interface to clear CRYCB masks") 258287c ("s390: vfio-ap: implement mediated device open callback") e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") 46a7263 ("s390: vfio-ap: zeroize the AP queues") cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl") 6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE") d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first") 3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear") 56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2") 19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1") 6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0") c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1") 6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2") 9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2") 37940fb ("KVM: s390: device attrs to enable/disable AP interpretation") 112c24d ("KVM: s390: CPU model support for AP virtualization") 492a6be ("s390: doc: detailed specifications for AP virtualization") <-- till here in 'kvm/next' (https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) --> 8e41bd5 ("KVM: s390: fix locking for crypto setting error path") 0e237e4 ("KVM: s390: Tracing APCB changes") 76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function") <-- till here in 'kvms390/next' (https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/) --> <-- In addition to that some prereqs for the 'ap/crypto' driver are necessary --> ea3c418 ("s390/zcrypt: Add ZAPQ inline function.") df80c03 ("s390/zcrypt: Review inline assembler constraints.") f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.") 2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes") 7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)") 3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.") fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus") <-- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12 --> == PATCH == Above git commits are all from 4.19. The git commands for 4.18 would be: $ git cherry-pick (112c24d "KVM: s390: CPU model support for AP virtualization" may have a trivial merge conflict with the etoken patch) $ git cherry-pick $ git cherry-pick == Regression Potential == Low to mid: - mid because in summary there are a lot of changes, but low - they are all limited to the s390x architecture - and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver - Test kernel was built for testting. == Test Case == Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka crypto-) adapters installed. Verify that the AP bus created a sysfs device for each APQN, like: /sys/devices/ap/card04/04.0006 /sys/devices/ap/card04/04.0047 /sys/devices/ap/card0a/0a.0006 /sys/devices/ap/card0a/0a.0047 Verify the APQN range via the following two sysfs files: /sys/bus/ap/apmask /sys/bus/ap/aqmask Configure and start a guest. More details see: 492a6be ("s390: doc: detailed specifications for AP virtuali
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-10-30 12:04 EDT--- the libvirt patches have landed as well a017bae1ae news: Update news for vfio-ap support 1170864198 qemu: vfio-ap device support dc788d2540 qemu: add vfio-ap capability -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Invalid Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: Description: Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. This functionality will be contribute to following packages. --kernel, qemu and libvirt. Currently these functions are not finalized and therefore no git-commit are avalable, - kernel > 4.19 - libvirt > 4.6.0 - qemu > 3.0 We will provide these as soon as possible. This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical. But the main intention is, to get this integrated into 18.04 LTS !! Thererfore, the backports will be required for both distros.! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1787405/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-10-30 11:51 EDT--- the qemu patches are (in reverse order) 694a8d703b s390: doc: detailed specifications for AP virtualization 2fe2942cd6 s390x/vfio: ap: Introduce VFIO AP device a51b31535a s390x/ap: base Adjunct Processor (AP) object model 1d7db85b61 s390x/kvm: enable AP instruction interpretation for guest c5cd17afdd s390x/cpumodel: Set up CPU model for AP device support 8f3cd250a8 linux-headers: update There are some minor merge conflicts that are easy to solve when merging into 3.0,2.12 or older -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Invalid Status in linux package in Ubuntu: Confirmed Status in qemu package in Ubuntu: Incomplete Bug description: Description: Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. This functionality will be contribute to following packages. --kernel, qemu and libvirt. Currently these functions are not finalized and therefore no git-commit are avalable, - kernel > 4.19 - libvirt > 4.6.0 - qemu > 3.0 We will provide these as soon as possible. This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical. But the main intention is, to get this integrated into 18.04 LTS !! Thererfore, the backports will be required for both distros.! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1787405/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp