Lines Matching +full:iommu +full:- +full:secure +full:- +full:id
13 The AP adapter cards are exposed via the AP bus. The motivation for vfio-ap
45 sub-directory::
57 domain can be configured with a secure private key used for clear key
65 usage domain; for example, to set the secure private key for the control
76 significant bit, correspond to domains 0-255.
82 comprised of an AP adapter ID (APID) and an AP queue index (APQI). The
111 * NQAP: to enqueue an AP command-request message to a queue
112 * DQAP: to dequeue an AP command-reply message from a queue
132 an APID from 0-255. If a bit is set, the corresponding adapter is valid for
137 corresponds to an AP queue index (APQI) from 0-255. If a bit is set, the
142 changed by an AP command-request message sent to a usage domain from the
144 0-255. If a bit is set, the corresponding domain can be modified by an AP
145 command-request message sent to a usage domain.
148 an APQN to identify the AP queue to which an AP command-request message is to be
149 sent (NQAP and PQAP instructions), or from which a command-reply message is to
156 The APQNs can provide secure key functionality - i.e., a private key is stored
157 on the adapter card for each of its domains - so each APQN must be assigned to
161 ------------------------------
170 ------------------------------
179 --------------------------------
192 3. VFIO AP mediated pass-through device
195 -------------------------
198 1. Provides the interfaces to secure APQNs for exclusive use of KVM guests.
209 ---------------------------------------------
213 +------------------+
215 +--------------------> cex4queue driver |
217 | +------------------+
220 | +------------------+ +----------------+
222 | +----------------> Device core +----------> matrix device |
224 | | +--------^---------+ +----------------+
226 | | +-------------------+
227 | | +-----------------------------------+ |
230 +--------+---+-v---+ +--------+-------+-+
232 | ap_bus +--------------------- > vfio_ap driver |
234 +--------^---------+ +--^--^------------+
236 apmask | +-----------------------------+ | 11 mdev create
238 +--------+-----+---+ +----------------+-+ +----------------+
240 | admin | | VFIO device core |---------> matrix |
242 +------+-+---------+ +--------^---------+ +--------^-------+
244 | | 9 create vfio_ap-passthrough | |
245 | +------------------------------+ |
246 +-------------------------------------------------------------+
252 2. The vfio-ap driver during its initialization will register a single 'matrix'
276 ------------------------------------------
284 * Add a vfio_ap mediated device to and remove it from an IOMMU group
286 The following high-level block diagram shows the main components and interfaces
289 +-------------+
291 | +---------+ | mdev_register_driver() +--------------+
292 | | Mdev | +<-----------------------+ |
294 | | driver | +----------------------->+ |<-> VFIO user
295 | +---------+ | probe()/remove() +--------------+ APIs
300 | +---------+ | mdev_register_parent() +--------------+
301 | |Physical | +<-----------------------+ |
302 | | device | | | vfio_ap.ko |<-> matrix
303 | |interface| +----------------------->+ | device
304 | +---------+ | callback +--------------+
305 +-------------+
315 The VFIO mediated device framework supports creation of user-defined
320 'mdev_supported_types' sub-directory of the device being registered. Along
327 /sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough
329 Only the read-only attributes required by the VFIO mdev framework will
349 This attribute group identifies the user-defined sysfs attributes of the
356 Write-only attributes for assigning/unassigning an AP adapter to/from the
360 Write-only attributes for assigning/unassigning an AP usage domain to/from
365 A read-only file for displaying the APQNs derived from the Cartesian
369 A read-only file for displaying the APQNs derived from the Cartesian
376 Write-only attributes for assigning/unassigning an AP control domain
378 the ID of the domain to be assigned/unassigned is echoed into the
381 A read-only file for displaying the control domain numbers assigned to the
407 VFIO iommu group for the matrix mdev device to the MDEV bus. Access to the
421 ----------------------------------
435 is not bound to the device driver facilitating its pass-through. Consequently,
455 -----------------------------
482 /usr/bin/qemu-system-s390x ... -cpu z13,ap=on,apqci=on,apft=on,apqi=on
487 /usr/bin/qemu-system-s390x ... -cpu host,ap=off,apqci=off,apft=off,apqi=off
491 register for type 10 and newer AP devices - i.e., the cex4card and cex4queue
492 device drivers - need the APFT facility to ascertain the facilities installed on
505 ------
509 05 CEX5C CCA-Coproc
510 05.0004 CEX5C CCA-Coproc
511 05.00ab CEX5C CCA-Coproc
518 ------
522 05 CEX5C CCA-Coproc
523 05.0047 CEX5C CCA-Coproc
524 05.00ff CEX5C CCA-Coproc
528 ------
541 * iommu
559 -> Device Drivers
560 -> IOMMU Hardware Support
561 select S390 AP IOMMU Support
562 -> VFIO Non-Privileged userspace driver framework
563 -> Mediated device driver frramework
564 -> VFIO driver for Mediated devices
565 -> I/O subsystem
566 -> VFIO support for AP devices
568 2. Secure the AP queues to be used by the three guests so that the host can not
569 access them. To secure them, there are two sysfs files that specify
573 non-default device driver. The location of the sysfs files containing the
579 The 'apmask' is a 256-bit mask that identifies a set of AP adapter IDs
581 0-255. If a bit is set, the APID belongs to the subset of APQNs marked as
584 The 'aqmask' is a 256-bit mask that identifies a set of AP queue indexes
586 0-255. If a bit is set, the APQI belongs to the subset of APQNs marked as
592 All other APQNs are available to the non-default device drivers such as the
615 * All other APQNs are available for use by the non-default device drivers.
629 * An absolute hex string starting with 0x - like "0x12345678" - sets
644 number string must be prepended with a ('+') or minus ('-') to indicate
645 the corresponding bit is to be switched on ('+') or off ('-'). Some
648 - "+0" switches bit 0 on
649 - "-13" switches bit 13 off
650 - "+0x41" switches bit 65 on
651 - "-0xff" switches bit 255 off
655 +0,-6,+0x47,-0xf0
679 default drivers pool: adapter 0-15, domain 1
680 alternate drivers pool: adapter 16-255, domains 0, 2-255
689 … Userspace may not re-assign queue 05.0054 already assigned to 62177883-f1bb-47f0-914d-32a22e3a8804
690 … Userspace may not re-assign queue 04.0054 already assigned to cef03c3c-903d-4ecc-9a83-40694cb8aee4
693 ----------------------------------
694 To secure the AP queues 05.0004, 05.0047, 05.00ab, 05.00ff, 06.0004, 06.0047,
699 echo -5,-6 > /sys/bus/ap/apmask
701 echo -4,-0x47,-0xab,-0xff > /sys/bus/ap/aqmask
734 The administrator, therefore, must take care to secure only AP queues that
749 --- [mdev_supported_types]
750 ------ [vfio_ap-passthrough] (passthrough vfio_ap mediated device type)
751 --------- create
752 --------- [devices]
771 --- [mdev_supported_types]
772 ------ [vfio_ap-passthrough]
773 --------- [devices]
774 ------------ [$uuid1]
775 --------------- assign_adapter
776 --------------- assign_control_domain
777 --------------- assign_domain
778 --------------- matrix
779 --------------- unassign_adapter
780 --------------- unassign_control_domain
781 --------------- unassign_domain
783 ------------ [$uuid2]
784 --------------- assign_adapter
785 --------------- assign_control_domain
786 --------------- assign_domain
787 --------------- matrix
788 --------------- unassign_adapter
789 ----------------unassign_control_domain
790 ----------------unassign_domain
792 ------------ [$uuid3]
793 --------------- assign_adapter
794 --------------- assign_control_domain
795 --------------- assign_domain
796 --------------- matrix
797 --------------- unassign_adapter
798 ----------------unassign_control_domain
799 ----------------unassign_domain
854 - Must only be available to the vfio_ap device driver as specified in the
859 - Must NOT be assigned to another vfio_ap mediated device. If even one APQN
863 - Must NOT be assigned while the sysfs /sys/bus/ap/apmask and
880 - Must only be available to the vfio_ap device driver as specified in the
885 - Must NOT be assigned to another vfio_ap mediated device. If even one APQN
889 - Must NOT be assigned while the sysfs /sys/bus/ap/apmask and
902 /usr/bin/qemu-system-s390x ... -cpu host,ap=on,apqci=on,apft=on,apqi=on \
903 -device vfio-ap,sysfsdev=/sys/devices/vfio_ap/matrix/$uuid1 ...
907 /usr/bin/qemu-system-s390x ... -cpu host,ap=on,apqci=on,apft=on,apqi=on \
908 -device vfio-ap,sysfsdev=/sys/devices/vfio_ap/matrix/$uuid2 ...
912 /usr/bin/qemu-system-s390x ... -cpu host,ap=on,apqci=on,apft=on,apqi=on \
913 -device vfio-ap,sysfsdev=/sys/devices/vfio_ap/matrix/$uuid3 ...
920 --- [mdev_supported_types]
921 ------ [vfio_ap-passthrough]
922 --------- [devices]
923 ------------ [$uuid1]
924 --------------- remove
962 Over-provisioning of AP queues for a KVM guest:
964 Over-provisioning is defined herein as the assignment of adapters or domains to
967 available, it will be automatically hot-plugged into the KVM guest using
984 virsh detach-device <guestname> <path-to-device-xml>
986 For example, to hot unplug mdev 62177883-f1bb-47f0-914d-32a22e3a8804 from
987 the guest named 'my-guest':
989 virsh detach-device my-guest ~/config/my-guest-hostdev.xml
991 The contents of my-guest-hostdev.xml:
993 .. code-block:: xml
995 <hostdev mode='subsystem' type='mdev' managed='no' model='vfio-ap'>
997 <address uuid='62177883-f1bb-47f0-914d-32a22e3a8804'/>
1002 virsh qemu-monitor-command <guest-name> --hmp "device-del <device-id>"
1005 qemu command line with 'id=hostdev0' from the guest named 'my-guest':
1007 .. code-block:: sh
1009 virsh qemu-monitor-command my-guest --hmp "device_del hostdev0"
1014 (QEMU) device-del id=<device-id>
1017 on the qemu command line with 'id=hostdev0' when the guest was started:
1019 (QEMU) device-del id=hostdev0
1028 virsh attach-device <guestname> <path-to-device-xml>
1030 For example, to hot plug mdev 62177883-f1bb-47f0-914d-32a22e3a8804 into
1031 the guest named 'my-guest':
1033 virsh attach-device my-guest ~/config/my-guest-hostdev.xml
1035 The contents of my-guest-hostdev.xml:
1037 .. code-block:: xml
1039 <hostdev mode='subsystem' type='mdev' managed='no' model='vfio-ap'>
1041 <address uuid='62177883-f1bb-47f0-914d-32a22e3a8804'/>
1046 virsh qemu-monitor-command <guest-name> --hmp \
1047 "device_add vfio-ap,sysfsdev=<path-to-mdev>,id=<device-id>"
1050 62177883-f1bb-47f0-914d-32a22e3a8804 into the guest named 'my-guest' with
1051 device-id hostdev0:
1053 virsh qemu-monitor-command my-guest --hmp \
1054 "device_add vfio-ap,\
1055 sysfsdev=/sys/devices/vfio_ap/matrix/62177883-f1bb-47f0-914d-32a22e3a8804,\
1056 id=hostdev0"
1061 (qemu) device_add "vfio-ap,sysfsdev=<path-to-mdev>,id=<device-id>"
1064 62177883-f1bb-47f0-914d-32a22e3a8804 into the guest with the device-id
1067 (QEMU) device-add "vfio-ap,\
1068 sysfsdev=/sys/devices/vfio_ap/matrix/62177883-f1bb-47f0-914d-32a22e3a8804,\
1069 id=hostdev0"