€•p>Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ-/translations/zh_CN/arch/s390/vfio-ap-locking”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ-/translations/zh_TW/arch/s390/vfio-ap-locking”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ-/translations/it_IT/arch/s390/vfio-ap-locking”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ-/translations/ja_JP/arch/s390/vfio-ap-locking”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ-/translations/ko_KR/arch/s390/vfio-ap-locking”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ-/translations/sp_SP/arch/s390/vfio-ap-locking”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒG/var/lib/git/docbuild/linux/Documentation/arch/s390/vfio-ap-locking.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒVFIO AP Locks Overview”h]”hŒVFIO AP Locks Overview”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ paragraph”“”)”}”(hŒáThis document describes the locks that are pertinent to the secure operation of the vfio_ap device driver. Throughout this document, the following variables will be used to denote instances of the structures herein described:”h]”hŒáThis document describes the locks that are pertinent to the secure operation of the vfio_ap device driver. Throughout this document, the following variables will be used to denote instances of the structures herein described:”…””}”(hhËhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhŒ literal_block”“”)”}”(hŒVstruct ap_matrix_dev *matrix_dev; struct ap_matrix_mdev *matrix_mdev; struct kvm *kvm;”h]”hŒVstruct ap_matrix_dev *matrix_dev; struct ap_matrix_mdev *matrix_mdev; struct kvm *kvm;”…””}”hhÛsbah}”(h]”h ]”h"]”h$]”h&]”h±h²Œforce”‰Œlanguage”Œc”Œhighlight_args”}”uh1hÙhŸh³h K hh¶hžhubhµ)”}”(hhh]”(hº)”}”(hŒ?The Matrix Devices Lock (drivers/s390/crypto/vfio_ap_private.h)”h]”hŒ?The Matrix Devices Lock (drivers/s390/crypto/vfio_ap_private.h)”…””}”(hhñhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hhîhžhhŸh³h KubhÚ)”}”(hŒmstruct ap_matrix_dev { ... struct list_head mdev_list; struct mutex mdevs_lock; ... }”h]”hŒmstruct ap_matrix_dev { ... struct list_head mdev_list; struct mutex mdevs_lock; ... }”…””}”hhÿsbah}”(h]”h ]”h"]”h$]”h&]”h±h²hé‰hêhëhì}”uh1hÙhŸh³h KhhîhžhubhÊ)”}”(hX¯The Matrix Devices Lock (matrix_dev->mdevs_lock) is implemented as a global mutex contained within the single object of struct ap_matrix_dev. This lock controls access to all fields contained within each matrix_mdev (matrix_dev->mdev_list). This lock must be held while reading from, writing to or using the data from a field contained within a matrix_mdev instance representing one of the vfio_ap device driver's mediated devices.”h]”hX±The Matrix Devices Lock (matrix_dev->mdevs_lock) is implemented as a global mutex contained within the single object of struct ap_matrix_dev. This lock controls access to all fields contained within each matrix_mdev (matrix_dev->mdev_list). This lock must be held while reading from, writing to or using the data from a field contained within a matrix_mdev instance representing one of the vfio_ap device driver’s mediated devices.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khhîhžhubeh}”(h]”Œ=the-matrix-devices-lock-drivers-s390-crypto-vfio-ap-private-h”ah ]”h"]”Œ?the matrix devices lock (drivers/s390/crypto/vfio_ap_private.h)”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒ'The KVM Lock (include/linux/kvm_host.h)”h]”hŒ'The KVM Lock (include/linux/kvm_host.h)”…””}”(hj'hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj$hžhhŸh³h K$ubhÚ)”}”(hŒ;struct kvm { ... struct mutex lock; ... }”h]”hŒ;struct kvm { ... struct mutex lock; ... }”…””}”hj5sbah}”(h]”h ]”h"]”h$]”h&]”h±h²hé‰hêhëhì}”uh1hÙhŸh³h K&hj$hžhubhÊ)”}”(hŒíThe KVM Lock (kvm->lock) controls access to the state data for a KVM guest. This lock must be held by the vfio_ap device driver while one or more AP adapters, domains or control domains are being plugged into or unplugged from the guest.”h]”hŒíThe KVM Lock (kvm->lock) controls access to the state data for a KVM guest. This lock must be held by the vfio_ap device driver while one or more AP adapters, domains or control domains are being plugged into or unplugged from the guest.”…””}”(hjDhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K.hj$hžhubhÊ)”}”(hŒªThe KVM pointer is stored in the in the matrix_mdev instance (matrix_mdev->kvm = kvm) containing the state of the mediated device that has been attached to the KVM guest.”h]”hŒªThe KVM pointer is stored in the in the matrix_mdev instance (matrix_mdev->kvm = kvm) containing the state of the mediated device that has been attached to the KVM guest.”…””}”(hjRhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K2hj$hžhubeh}”(h]”Œ%the-kvm-lock-include-linux-kvm-host-h”ah ]”h"]”Œ'the kvm lock (include/linux/kvm_host.h)”ah$]”h&]”uh1h´hh¶hžhhŸh³h K$ubhµ)”}”(hhh]”(hº)”}”(hŒ7The Guests Lock (drivers/s390/crypto/vfio_ap_private.h)”h]”hŒ7The Guests Lock (drivers/s390/crypto/vfio_ap_private.h)”…””}”(hjkhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjhhžhhŸh³h K7ubhÚ)”}”(hŒnstruct ap_matrix_dev { ... struct list_head mdev_list; struct mutex guests_lock; ... }”h]”hŒnstruct ap_matrix_dev { ... struct list_head mdev_list; struct mutex guests_lock; ... }”…””}”hjysbah}”(h]”h ]”h"]”h$]”h&]”h±h²hé‰hêhëhì}”uh1hÙhŸh³h K9hjhhžhubhÊ)”}”(hŒûThe Guests Lock (matrix_dev->guests_lock) controls access to the matrix_mdev instances (matrix_dev->mdev_list) that represent mediated devices that hold the state for the mediated devices that have been attached to a KVM guest. This lock must be held:”h]”hŒûThe Guests Lock (matrix_dev->guests_lock) controls access to the matrix_mdev instances (matrix_dev->mdev_list) that represent mediated devices that hold the state for the mediated devices that have been attached to a KVM guest. This lock must be held:”…””}”(hjˆhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KBhjhhžhubhŒenumerated_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒŸTo control access to the KVM pointer (matrix_mdev->kvm) while the vfio_ap device driver is using it to plug/unplug AP devices passed through to the KVM guest. ”h]”hÊ)”}”(hŒžTo control access to the KVM pointer (matrix_mdev->kvm) while the vfio_ap device driver is using it to plug/unplug AP devices passed through to the KVM guest.”h]”hŒžTo control access to the KVM pointer (matrix_mdev->kvm) while the vfio_ap device driver is using it to plug/unplug AP devices passed through to the KVM guest.”…””}”(hj¡hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KGhjubah}”(h]”h ]”h"]”h$]”h&]”uh1j›hj˜hžhhŸh³h Nubjœ)”}”(hXÛTo add matrix_mdev instances to or remove them from matrix_dev->mdev_list. This is necessary to ensure the proper locking order when the list is perused to find an ap_matrix_mdev instance for the purpose of plugging/unplugging AP devices passed through to a KVM guest. For example, when a queue device is removed from the vfio_ap device driver, if the adapter is passed through to a KVM guest, it will have to be unplugged. In order to figure out whether the adapter is passed through, the matrix_mdev object to which the queue is assigned will have to be found. The KVM pointer (matrix_mdev->kvm) can then be used to determine if the mediated device is passed through (matrix_mdev->kvm != NULL) and if so, to unplug the adapter. ”h]”(hÊ)”}”(hX To add matrix_mdev instances to or remove them from matrix_dev->mdev_list. This is necessary to ensure the proper locking order when the list is perused to find an ap_matrix_mdev instance for the purpose of plugging/unplugging AP devices passed through to a KVM guest.”h]”hX To add matrix_mdev instances to or remove them from matrix_dev->mdev_list. This is necessary to ensure the proper locking order when the list is perused to find an ap_matrix_mdev instance for the purpose of plugging/unplugging AP devices passed through to a KVM guest.”…””}”(hj¹hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KKhjµubhÊ)”}”(hXÌFor example, when a queue device is removed from the vfio_ap device driver, if the adapter is passed through to a KVM guest, it will have to be unplugged. In order to figure out whether the adapter is passed through, the matrix_mdev object to which the queue is assigned will have to be found. The KVM pointer (matrix_mdev->kvm) can then be used to determine if the mediated device is passed through (matrix_mdev->kvm != NULL) and if so, to unplug the adapter.”h]”hXÌFor example, when a queue device is removed from the vfio_ap device driver, if the adapter is passed through to a KVM guest, it will have to be unplugged. In order to figure out whether the adapter is passed through, the matrix_mdev object to which the queue is assigned will have to be found. The KVM pointer (matrix_mdev->kvm) can then be used to determine if the mediated device is passed through (matrix_mdev->kvm != NULL) and if so, to unplug the adapter.”…””}”(hjÇhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KPhjµubeh}”(h]”h ]”h"]”h$]”h&]”uh1j›hj˜hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œenumtype”Œarabic”Œprefix”hŒsuffix”Œ.”uh1j–hjhhžhhŸh³h KGubhÊ)”}”(hXaIt is not necessary to take the Guests Lock to access the KVM pointer if the pointer is not used to plug/unplug devices passed through to the KVM guest; however, in this case, the Matrix Devices Lock (matrix_dev->mdevs_lock) must be held in order to access the KVM pointer since it is set and cleared under the protection of the Matrix Devices Lock. A case in point is the function that handles interception of the PQAP(AQIC) instruction sub-function. This handler needs to access the KVM pointer only for the purposes of setting or clearing IRQ resources, so only the matrix_dev->mdevs_lock needs to be held.”h]”hXaIt is not necessary to take the Guests Lock to access the KVM pointer if the pointer is not used to plug/unplug devices passed through to the KVM guest; however, in this case, the Matrix Devices Lock (matrix_dev->mdevs_lock) must be held in order to access the KVM pointer since it is set and cleared under the protection of the Matrix Devices Lock. A case in point is the function that handles interception of the PQAP(AQIC) instruction sub-function. This handler needs to access the KVM pointer only for the purposes of setting or clearing IRQ resources, so only the matrix_dev->mdevs_lock needs to be held.”…””}”(hjæhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KXhjhhžhubeh}”(h]”Œ5the-guests-lock-drivers-s390-crypto-vfio-ap-private-h”ah ]”h"]”Œ7the guests lock (drivers/s390/crypto/vfio_ap_private.h)”ah$]”h&]”uh1h´hh¶hžhhŸh³h K7ubhµ)”}”(hhh]”(hº)”}”(hŒ5The PQAP Hook Lock (arch/s390/include/asm/kvm_host.h)”h]”hŒ5The PQAP Hook Lock (arch/s390/include/asm/kvm_host.h)”…””}”(hjÿhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjühžhhŸh³h KbubhÚ)”}”(hŒ¬typedef int (*crypto_hook)(struct kvm_vcpu *vcpu); struct kvm_s390_crypto { ... struct rw_semaphore pqap_hook_rwsem; crypto_hook *pqap_hook; ... };”h]”hŒ¬typedef int (*crypto_hook)(struct kvm_vcpu *vcpu); struct kvm_s390_crypto { ... struct rw_semaphore pqap_hook_rwsem; crypto_hook *pqap_hook; ... };”…””}”hj sbah}”(h]”h ]”h"]”h$]”h&]”h±h²hé‰hêhëhì}”uh1hÙhŸh³h KdhjühžhubhÊ)”}”(hXOThe PQAP Hook Lock is a r/w semaphore that controls access to the function pointer of the handler ``(*kvm->arch.crypto.pqap_hook)`` to invoke when the PQAP(AQIC) instruction sub-function is intercepted by the host. The lock must be held in write mode when pqap_hook value is set, and in read mode when the pqap_hook function is called.”h]”(hŒbThe PQAP Hook Lock is a r/w semaphore that controls access to the function pointer of the handler ”…””}”(hjhžhhŸNh NubhŒliteral”“”)”}”(hŒ!``(*kvm->arch.crypto.pqap_hook)``”h]”hŒ(*kvm->arch.crypto.pqap_hook)”…””}”(hj&hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j$hjubhŒÌ to invoke when the PQAP(AQIC) instruction sub-function is intercepted by the host. The lock must be held in write mode when pqap_hook value is set, and in read mode when the pqap_hook function is called.”…””}”(hjhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kohjühžhubeh}”(h]”Œ3the-pqap-hook-lock-arch-s390-include-asm-kvm-host-h”ah ]”h"]”Œ5the pqap hook lock (arch/s390/include/asm/kvm_host.h)”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kbubeh}”(h]”Œvfio-ap-locks-overview”ah ]”h"]”Œvfio ap locks overview”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jqŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jKjHj!jjejbjùjöjCj@uŒ nametypes”}”(jK‰j!‰je‰jù‰jC‰uh}”(jHh¶jhîjbj$jöjhj@jüuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.