[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From heinz-werner_se...@de.ibm.com 2019-02-05 03:48 EDT---
IBM Bugzilla status -> closed, Fix Released for all distros
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Fix Released
Status in libvirt package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in libvirt source package in Bionic:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in qemu source package in Bionic:
Fix Released
Status in libvirt source package in Cosmic:
Fix Released
Status in linux source package in Cosmic:
Fix Released
Status in qemu source package in Cosmic:
Fix Released
Status in linux source package in Disco:
Fix Released
Bug description:
[Impact]
* The ability to pass through more cryptographic capabilities is a very
important feature for users of s390x as virtualization platform.
Its availability upstream now and its backport in this bug allows to
exploit the crypto cards as new HW for these virtualization use
cases.
* This falls under both "other safe cases" SRU exceptions:
- For Long Term Support releases we regularly want to enable new
hardware ...
- For Long Term Support releases we sometimes want to introduce new
features. They must not change the behaviour on existing
installations ...
* This bug has three main components:
- kernel (ability to do all of this)
- qemu (add feature to exploit the new code)
- libvirt (make the feature user consumable)
[Test Case]
* In general this consists of a few steps
- get the updated kernel/qemu/libvirt
- mask the card & domains from the usual driver
- load vfio-ap
- assign card&domain to vfio-ap
- prepare a guest
- configure a guest to use the card
* See comment #66 how to do all of that in detail
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/66
[Regression Potential]
* The changes are mostly s390x only and adding a new feature so
regressions to existing components should be low. But to backport it
slight changes to the MDEV handling had to be applied as well.
The potential regressions I can see are in that MDEV handling if one
of the backports would be bad.
Fortunately we know that without the related libvirt fixes we added
here using MDEVs didn't work at all yet, and people very rarely use
qemu without libvirt for anything else than experiments.
Therefore I'm confident that even if there would be a flaw in the
MDEV changes no one is hugely relying on it.
[Other Info]
* n/a
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pu
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-12-06 03:54 EDT---
@paelzer
You picked the correct commit to resolve the display property problem which you
encountered.
https://libvirt.org/git/?p=libvirt.git;a=commit;h=d6f97d1338ba9470f7c745fab317d272cde84d38
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
Fix Released
Status in libvirt source package in Bionic:
Fix Committed
Status in linux source package in Bionic:
Fix Released
Status in qemu source package in Bionic:
Fix Committed
Status in libvirt source package in Cosmic:
In Progress
Status in linux source package in Cosmic:
Fix Released
Status in qemu source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
[Impact]
* The ability to pass through more cryptographic capabilities is a very
important feature for users of s390x as virtualization platform.
Its availability upstream now and its backport in this bug allows to
exploit the crypto cards as new HW for these virtualization use
cases.
* This falls under both "other safe cases" SRU exceptions:
- For Long Term Support releases we regularly want to enable new
hardware ...
- For Long Term Support releases we sometimes want to introduce new
features. They must not change the behaviour on existing
installations ...
* This bug has three main components:
- kernel (ability to do all of this)
- qemu (add feature to exploit the new code)
- libvirt (make the feature user consumable)
[Test Case]
* In general this consists of a few steps
- get the updated kernel/qemu/libvirt
- mask the card & domains from the usual driver
- load vfio-ap
- assign card&domain to vfio-ap
- prepare a guest
- configure a guest to use the card
* See comment #66 how to do all of that in detail
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/66
[Regression Potential]
* The changes are mostly s390x only and adding a new feature so
regressions to existing components should be low. But to backport it
slight changes to the MDEV handling had to be applied as well.
The potential regressions I can see are in that MDEV handling if one
of the backports would be bad.
Fortunately we know that without the related libvirt fixes we added
here using MDEVs didn't work at all yet, and people very rarely use
qemu without libvirt for anything else than experiments.
Therefore I'm confident that even if there would be a flaw in the
MDEV changes no one is hugely relying on it.
[Other Info]
* n/a
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualizat
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-12-05 12:34 EDT---
Confirmed. I installed bionic,
add bionic-proposed
used virt-install to install a guest
shut down guest
and added a hostdev to guest
started guest:
[root@localhost ~]# lszcrypt
CARD.DOMAIN TYPE MODESTATUS REQUEST_CNT
-
06 CEX6A Accelerator online0
06.001a CEX6A Accelerator online0
08 CEX6C CCA-Coproc online1
08.001a CEX6C CCA-Coproc online1
0a CEX6P EP11-Coproc online0
0a.001a CEX6P EP11-Coproc online0
Good to go from proposed into updates.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in libvirt package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
Fix Released
Status in libvirt source package in Bionic:
Fix Committed
Status in linux source package in Bionic:
Fix Released
Status in qemu source package in Bionic:
Fix Committed
Status in libvirt source package in Cosmic:
Fix Committed
Status in linux source package in Cosmic:
Fix Released
Status in qemu source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
[Impact]
* The ability to pass through more cryptographic capabilities is a very
important feature for users of s390x as virtualization platform.
Its availability upstream now and its backport in this bug allows to
exploit the crypto cards as new HW for these virtualization use
cases.
* This falls under both "other safe cases" SRU exceptions:
- For Long Term Support releases we regularly want to enable new
hardware ...
- For Long Term Support releases we sometimes want to introduce new
features. They must not change the behaviour on existing
installations ...
* This bug has three main components:
- kernel (ability to do all of this)
- qemu (add feature to exploit the new code)
- libvirt (make the feature user consumable)
[Test Case]
* In general this consists of a few steps
- get the updated kernel/qemu/libvirt
- mask the card & domains from the usual driver
- load vfio-ap
- assign card&domain to vfio-ap
- prepare a guest
- configure a guest to use the card
* See comment #66 how to do all of that in detail
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/66
[Regression Potential]
* The changes are mostly s390x only and adding a new feature so
regressions to existing components should be low. But to backport it
slight changes to the MDEV handling had to be applied as well.
The potential regressions I can see are in that MDEV handling if one
of the backports would be bad.
Fortunately we know that without the related libvirt fixes we added
here using MDEVs didn't work at all yet, and people very rarely use
qemu without libvirt for anything else than experiments.
Therefore I'm confident that even if there would be a flaw in the
MDEV changes no one is hugely relying on it.
[Other Info]
* n/a
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FOR
Re: [Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
On Thu, Nov 22, 2018 at 6:35 PM bugproxy wrote:
> --- Comment From boris_fiuczyn...@de.ibm.com 2018-11-22 12:21
> EDT---
> @Christian E.:
> You listed two libvirt commit IDs
>
> https://libvirt.org/git/?p=libvirt.git;a=commit;h=faab373b53e1a4eacf0d6f524eb47df243f21fac
>
> https://libvirt.org/git/?p=libvirt.git;a=commit;h=f865d58028ccd568b6e7909608678584b12d3c90
> that I cannot find in libvirt. Maybe it's just a copy&paste error.
>
Hmm, yeah that was copy-pasta :-/
The files in my branch are actually good already for completeness here on
the bug the patches that work unmodified on 4.6 are:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=11708641983e9107a129c62fd343d0fec228342f
https://libvirt.org/git/?p=libvirt.git;a=commit;h=208d6e6f5aafa102d04ce300c6338b0736bb52df
https://libvirt.org/git/?p=libvirt.git;a=commit;h=25dde373730545894f60ce5b1497f19d61714c69
I just looked at patch 6 again and it is correct that I have included
> code from another commit (most likely
> d54e45b6edd7623e488a19e30bc4148a21fa8b03) to make the refactoring work
> and compile without noting it down as origin in the commit message.
> Sorry about that.
>
No problem at all.
d54e45b6 is qemuDomainMdevDefValidate which is in patch #5 actually already.
But #6 is is qemuDomainMdevDefVFIOAPValidate from 25dde373 and the
extension for AP in 208d6e6f fused into one.
But that is ok, an SRU wants to only pick what is needed and not rework all
the rest - I just wanted to make sure references are ok.
It is mostly for housekeeping and to make it "traceable" for the upcoming
SRU review.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus supp
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-22 12:21 EDT---
@Christian E.:
You listed two libvirt commit IDs
https://libvirt.org/git/?p=libvirt.git;a=commit;h=faab373b53e1a4eacf0d6f524eb47df243f21fac
https://libvirt.org/git/?p=libvirt.git;a=commit;h=f865d58028ccd568b6e7909608678584b12d3c90
that I cannot find in libvirt. Maybe it's just a copy&paste error.
I just looked at patch 6 again and it is correct that I have included
code from another commit (most likely
d54e45b6edd7623e488a19e30bc4148a21fa8b03) to make the refactoring work
and compile without noting it down as origin in the commit message.
Sorry about that.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
V
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-21 03:06 EDT---
I successfully tested on s390 the provided libvirt packages as requested in
point 4 of paelzer last comment.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
But for that an updated qemu and
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-20 02:26 EDT---
I forgot to mention that with the patches provided in the tar.gz I was able to
successfully run a guest with guest-dedicated crypto adapters.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-19 11:04 EDT---
@paelzer
I am still trying to sort out the vfio-ap required patches for libvirt. I hope
to get it done by tomorrow.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
But for that an updated q
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-19 07:37 EDT---
On bionic I tested the kernel from proposed together with the qemu from the ppa
3520. The vfio-ap functionality works. Can somebody else change the state on
the launchpad site? The ibm bugzilla mirror does not allow me to do this.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More de
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-19 02:56 EDT---
Question for canonical: What combinations (linux,qemu,libvirt) and from where
are we supposed to test?
The bug covers multiple components.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
But for th
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From boris_fiuczyn...@de.ibm.com 2018-11-16 04:33 EDT---
(In reply to comment #65)
> FYI: build log of the current incomplete backport:
> https://launchpadlibrarian.net/397706595/buildlog_ubuntu-bionic-s390x.
> libvirt_4.0.0-1ubuntu8.6~ppa1_BUILDING.txt.gz
The build error is due to the changes in the enum virMediatedDeviceModelType
Change the assignment from 2 to 1 for VIR_MDEV_MODEL_TYPE_VFIO_AP.
--- a/src/util/virmdev.h
+++ b/src/util/virmdev.h
@@ -26,6 +26,7 @@
typedef enum {
VIR_MDEV_MODEL_TYPE_VFIO_PCI = 0,
+VIR_MDEV_MODEL_TYPE_VFIO_AP = 2,
VIR_MDEV_MODEL_TYPE_LAST
} virMediatedDeviceModelType;
There is most likely also trouble ahead regarding the use of the macro
virReportEnumRangeError. This needs to be replaced with
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Unexpected enum value %d for "
"virMediatedDeviceModelType"),
mdevsrc->model);
I will try to create a patch series based on v4.0.0
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but lo
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-15 08:40 EDT---
Boris can you have a look and comment on libvirt?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
In Progress
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
But for that an updated qemu and libvirt should be in place - that's
addressed in LP1787405, too.
(
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-15 07:35 EDT---
Re 2: there are no hard dependency. If any of the component is on an old level
you can of course not use the new feature, but no existing feature should break.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
In Progress
Status in linux package in Ubuntu:
Fix Committed
Status in qemu package in Ubuntu:
In Progress
Status in linux source package in Bionic:
In Progress
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualiza
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-09 13:00 EDT---
Another thing: There is currently this SRU on the list and acked.
[SRU][Bionic][PATCH 0/5] Fixes for LP1799184 [v2]
This will reduce the size of this pull request
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
In Progress
Status in qemu package in Ubuntu:
Incomplete
Status in linux source package in Bionic:
In Progress
Status in linux source package in Cosmic:
Triaged
Status in linux source package in Disco:
In Progress
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualizatio
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-09 11:53 EDT---
Some comments:
1. the majority of the code is in one new device driver and a Documentation file
2. The code review was done upstream. All commits are part of linux 4.19 or
4.20-rc1 so it will hit disco soon
3. most commits contain one or more reviews. Almost all commits are almost
identical to the relevant upstream commit with only minimal changes during the
backport so I would consider that the original review still holds
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
In Progress
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
In Progress
Status in qemu package in Ubuntu:
Incomplete
Status in linux source package in Bionic:
In Progress
Status in linux source package in Cosmic:
Triaged
Status in linux source package in Disco:
In Progress
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/c
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From aekro...@us.ibm.com 2018-11-08 10:35 EDT---
I successfully tested the guest support on backport for ap on the 18.04 ubuntu
kernel
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
But for that an updated qemu and libvirt should be in place - that's
addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__
Description:
Allow kvm to dedicate crypto adapters (and domains) as passth
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From fre...@de.ibm.com 2018-11-07 10:16 EDT---
I installed a fresh Ubuntu 18.04.1 on a LPAR and after booting
these both packages on top:
linux-image-4.15.0-38-generic_4.15.0-38.42~lp1787405_s390x.deb
linux-modules-4.15.0-38-generic_4.15.0-38.42~lp1787405_s390x.deb
then I needed to configure zipl to something usefull as the modified
zipl.conf obviously is somewhat broken after package install:
[defaultboot]
defaultmenu=menu
[UBUNTU18.04.1]
target=/boot
image=/boot/vmlinuz.old
parameters="scsi_mod.scsi_logging_level=4605 printk.time=1 zfcp.dbfsize=100
root=/dev/disk/by-path/ccw-0.0.e96b-part1"
ramdisk=/boot/initrd.img.old
[newkernel]
target=/boot
image=/boot/vmlinuz
parameters="scsi_mod.scsi_logging_level=4605 printk.time=1 zfcp.dbfsize=100
root=/dev/disk/by-path/ccw-0.0.e96b-part1"
ramdisk=/boot/initrd.img
:menu
target=/boot
1 = UBUNTU18.04.1
2 = newkernel
default = 2
prompt = 1
timeout = 10
after boot the new kernel is active:
uname -a
Linux s83lp75 4.15.0-38-generic #42~lp1787405 SMP Mon Nov 5 21:13:01 UTC 2018
s390x s390x s390x GNU/Linux
then I ran my brand new developed zcrypttest and all the testcases ran fine.
This is at least an indication that the zcrypt dd is not broken, multi domain
and multi adapter works and all the 3 kinds of adapters can get addressed with
all the different cprbs and work as expected. Even more some basic assumptions
about request scheduling memory consumptions are tested.
What's not covered is the new functionallity coming with the apmask and
aqmask. I'll do this later as I'd like to devel some testcases for this
feature in the next days.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() retur
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From peter.mor...@de.ibm.com 2018-11-06 11:01 EDT---
Thanks for providing the kernel image so quickly.
I successfully tested the AP passthrough function using the following
components:
Distribution:
Ubuntu 18.04 LTS
Host kernel:
Linux KVMCrypto 4.15.0-38-generic #42~lp1787405 SMP Mon Nov 5 21:13:01 UTC 2018
s390x s390x s390x GNU/Linux
KVM guest kernel:
Linux f6c59abfb01a 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:57:21 UTC
2018 s390x Linux
Qemu:
QEMU emulator version 3.0.50 (v3.0.0-1732-gef30274865-dirty)
Thanks!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/ap
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-05 14:25 EDT---
so I retried on bionic:
# cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.1 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.1 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/";
SUPPORT_URL="https://help.ubuntu.com/";
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/";
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy";
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
git head= 3dfd30e6cf9cbd8dcac852f959d08eeba0e0fafd (branch apbionic from
my tree)
# diff -u /boot/config-4.15.0-29-generic .config | grep AP
+CONFIG_VFIO_AP=m
+CONFIG_S390_AP_IOMMU=y
This kernel builds fine
Can you maybe compare your branch against my branch (folders
arch/s390/kvm/ and drivers/s390/crypto/ )
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
V
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-05 13:57 EDT---
I build the kernel on a different system (not bionic) but yes it built fine.
What config and what compile error do you have?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
But for that an updated qemu and libvirt should be in place - that's
addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__
Description:
Allow kvm to dedicate
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-05 04:58 EDT---
FWIW, parts of the commits mentioned here are already part of IBM Bug 172503 -
LP1799184.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
But for that an updated qemu and libvirt should be in place - that's
addressed in LP1787405, too.
(So this is only the kernel part of that ticket.)
__
Description:
Allow kvm to dedicate crypto adapters (and domains) as pa
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-05 04:04 EDT---
I gave this a quick spin. The resulting backport on top of the bionic master
branch is at
https://git.kernel.org/pub/scm/linux/kernel/git/borntraeger/linux.git/log/?h=apbionic
Feel free to use this branch as a "cheat sheet" for the patches that
need backport.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtualization")
But for that an updated qemu and libvirt should be in place - that'
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-02 10:52 EDT---
We also need these commits: (before the remaining ones)
20c922f04b17 KVM: s390: reset crypto attributes for all vcpus
to make the KVM commits apply cleanly. (the first one has a simple merge
conflict)
The AP patches also have some minor conflicts due to the missing
efda7adec7a5 s390/zcrypt: Make ap init functions static.
d485235b0054 s390: assume diag308 set always works
but it is probably simpler to fixup the patches.
--- Comment From cborn...@de.ibm.com 2018-11-02 11:03 EDT---
We also need a define that is added with
af4a72276d49 s390/zcrypt: Support up to 256 crypto adapters.
(to fit on 4.15 you would then need
71cbbff8c4fd s390/zcrypt: Remove deprecated zcrypt proc interface.
2a80786d477a s390/zcrypt: Remove deprecated ioctls.
)
The alternative is to define MAX_ZDEV_ENTRIES_EXT but just cherry-
picking these 3 commits is probably less risky.
We then need the following kernel config options.
CONFIG_VFIO_AP
CONFIG_VFIO_MDEV
CONFIG_VFIO_MDEV_DEVICE
CONFIG_S390_AP_IOMMU=y
in the kernel config.
With that I can use crypto cards with the bionic kernel
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summ
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-11-02 10:15 EDT---
The list is also valid for 4.15. Please note that this still has the same
dependencies on the crypto ap driver. (I think there is a separate feature
request for that). I already mentioned these commit ids.
There are some more commit in the crypto area between 4.15 and 4.18 but
none of thoese seems to be required. Harald, can you confirm?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787405
Title:
[19.04 FEAT] Guest-dedicated Crypto Adapters
Status in Ubuntu on IBM z Systems:
Triaged
Status in libvirt package in Ubuntu:
Invalid
Status in linux package in Ubuntu:
Triaged
Status in qemu package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
(Kernel SRU)
Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to
a KVM guest such that the hypervisor cannot observe the communication of the
guest with the device.
(Since all kernel patches/commits are from kernel 4.19, they will
automagically land in 'Disco'.)
== Fix ==
9ea5972 ("KVM: s390: vsie: simulate VCPU SIE entry/exit")
3194cdb ("KVM: s390: introduce and use KVM_REQ_VSIE_RESTART")
e585b24 ("KVM: s390: refactor crypto initialization")
1fde573 ("s390: vfio-ap: base implementation of VFIO AP device driver")
65f0671 ("s390: vfio-ap: register matrix device with VFIO mdev framework")
96d152b ("s390: vfio-ap: sysfs interfaces to configure adapters")
3211da0 ("s390: vfio-ap: sysfs interfaces to configure domains")
3b1eab7 ("s390: vfio-ap: sysfs interfaces to configure control domains")
81b2b4b ("s390: vfio-ap: sysfs interface to view matrix mdev matrix")
4210459 ("KVM: s390: interface to clear CRYCB masks")
258287c ("s390: vfio-ap: implement mediated device open callback")
e06670c ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl")
46a7263 ("s390: vfio-ap: zeroize the AP queues")
cd8a377 ("s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl")
6cc571b ("KVM: s390: Clear Crypto Control Block when using vSIE")
d6f6959 ("KVM: s390: vsie: Do the CRYCB validation first")
3af84de ("KVM: s390: vsie: Make use of CRYCB FORMAT2 clear")
56019f9 ("KVM: s390: vsie: Allow CRYCB FORMAT-2")
19fd83a ("KVM: s390: vsie: allow CRYCB FORMAT-1")
6ee7409 ("KVM: s390: vsie: allow CRYCB FORMAT-0")
c9ba8c2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1")
6b79de4 ("KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2")
9ee71f2 ("KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2")
37940fb ("KVM: s390: device attrs to enable/disable AP interpretation")
112c24d ("KVM: s390: CPU model support for AP virtualization")
492a6be ("s390: doc: detailed specifications for AP virtualization")
<-- till here in 'kvm/next'
(https://git.kernel.org/pub/scm/virt/kvm/kvm.git/) -->
8e41bd5 ("KVM: s390: fix locking for crypto setting error path")
0e237e4 ("KVM: s390: Tracing APCB changes")
76c7829 ("s390: vfio-ap: setup APCB mask using KVM dedicated function")
<-- till here in 'kvms390/next'
(https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/)
-->
<-- In addition to that some prereqs for the 'ap/crypto' driver are
necessary -->
ea3c418 ("s390/zcrypt: Add ZAPQ inline function.")
df80c03 ("s390/zcrypt: Review inline assembler constraints.")
f1b0a43 ("s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.")
2395103 ("s390/zcrypt: fix ap_instructions_available() returncodes")
7e0bdbe ("s390/zcrypt: AP bus support for alternate driver(s)")
3d8f60d3 ("s390/zcrypt: hex string mask improvements for apmask and aqmask.")
fa108f9 ("s390/zcrypt: remove VLA usage from the AP bus")
<--
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787405/comments/12
-->
== PATCH ==
Above git commits are all from 4.19.
The git commands for 4.18 would be:
$ git cherry-pick
(112c24d "KVM: s390: CPU model support for AP virtualization" may have
a trivial merge conflict with the etoken patch)
$ git cherry-pick
$ git cherry-pick
== Regression Potential ==
Low to mid:
- mid because in summary there are a lot of changes, but low
- they are all limited to the s390x architecture
- and again limited to KVM/s390x, vfio-ap and the zcrypt (aka ap) driver
- Test kernel was built for testting.
== Test Case ==
Setup a system for KVM use on an s390x LPAR that has CryptoExpress (aka
crypto-) adapters installed.
Verify that the AP bus created a sysfs device for each APQN, like:
/sys/devices/ap/card04/04.0006
/sys/devices/ap/card04/04.0047
/sys/devices/ap/card0a/0a.0006
/sys/devices/ap/card0a/0a.0047
Verify the APQN range via the following two sysfs files:
/sys/bus/ap/apmask
/sys/bus/ap/aqmask
Configure and start a guest.
More details see: 492a6be ("s390: doc: detailed specifications for AP
virtuali
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-10-30 12:04 EDT--- the libvirt patches have landed as well a017bae1ae news: Update news for vfio-ap support 1170864198 qemu: vfio-ap device support dc788d2540 qemu: add vfio-ap capability -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Invalid Status in linux package in Ubuntu: Triaged Status in qemu package in Ubuntu: Incomplete Bug description: Description: Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. This functionality will be contribute to following packages. --kernel, qemu and libvirt. Currently these functions are not finalized and therefore no git-commit are avalable, - kernel > 4.19 - libvirt > 4.6.0 - qemu > 3.0 We will provide these as soon as possible. This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical. But the main intention is, to get this integrated into 18.04 LTS !! Thererfore, the backports will be required for both distros.! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1787405/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1787405] Comment bridged from LTC Bugzilla
--- Comment From cborn...@de.ibm.com 2018-10-30 11:51 EDT--- the qemu patches are (in reverse order) 694a8d703b s390: doc: detailed specifications for AP virtualization 2fe2942cd6 s390x/vfio: ap: Introduce VFIO AP device a51b31535a s390x/ap: base Adjunct Processor (AP) object model 1d7db85b61 s390x/kvm: enable AP instruction interpretation for guest c5cd17afdd s390x/cpumodel: Set up CPU model for AP device support 8f3cd250a8 linux-headers: update There are some minor merge conflicts that are easy to solve when merging into 3.0,2.12 or older -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787405 Title: [19.04 FEAT] Guest-dedicated Crypto Adapters Status in Ubuntu on IBM z Systems: Triaged Status in libvirt package in Ubuntu: Invalid Status in linux package in Ubuntu: Confirmed Status in qemu package in Ubuntu: Incomplete Bug description: Description: Allow kvm to dedicate crypto adapters (and domains) as passthrough devices to a KVM guest such that the hypervisor cannot observe the communication of the guest with the device. This functionality will be contribute to following packages. --kernel, qemu and libvirt. Currently these functions are not finalized and therefore no git-commit are avalable, - kernel > 4.19 - libvirt > 4.6.0 - qemu > 3.0 We will provide these as soon as possible. This request is launched against Ubuntu 18.10 to fulllfil the feature integration process of Canonical. But the main intention is, to get this integrated into 18.04 LTS !! Thererfore, the backports will be required for both distros.! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1787405/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
