Wednesday, 2022-06-29

« Tuesday, 2022-06-28 Index Thursday, 2022-06-30 »
kata-irc-bot<bbolroc> Hi, I have a test machine for s390x. Could you tell me about which AP crypto device you are trying to enable? I will give it a try on my machine then. ;)05:35
kata-irc-bot<bbolroc> Could you check the following before I give it a try? 1. if `vfio_ap` is active on the host (if not, try `modprobe vfio_ap` ) 2. if an adapter and a domain is enabled for VFIO (i.e. released from the host) you could check `/sys/bus/ap/apmask` and `/sys/bus/ap/aqmask`) 3. if a mediated device (mdev) is created (check with `ls /dev/vfio` and you should have another directory other than the `vfio` directory e.g. `0`)  and an adapter and06:31
kata-irc-bota domain are assigned to the device. (try `cat  /sys/devices/vfio_ap/matrix/$MDEV_ID/matrix`) 4. If a kernel config fragment is set correctly (see https://github.com/kata-containers/kata-containers/blob/main/tools/packaging/kernel/configs/fragments/s390/vfio-ap.conf) 5. if the mdev is passed to the Kata container (e.g. `ctr run --rm -t --runtime "io.containerd.kata.v2" --device /dev/vfio/0 "$image" lszcrypt` )06:31
kata-irc-bot<pol> Ah, a fellow IBMer ;) So let's go quickly through the checklist: 1. yes `vfio_ap` is active 2. module 17 and domains 3 and 5 are enabled for VFIO 3. I have created one mediated device, thus I see /dev/vfio/0 ```root@prot1:/etc/kata-containers# cat /sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough/devices/dcec5343-6a92-4dda-891e-44cb35904a0d/matrix 11.0003``` 4. I have recompiled the kernel with the fragment you07:20
kata-irc-botindicated, same problem so far. 5. Here is what I get when I pass the device to the "original" kernel: ```root@prot1:/etc/kata-containers# ctr run --rm -t --runtime "io.containerd.kata.v2" --device /dev/vfio/0 "$image" lszcrypt ctr: failed to create shim: QMP command failed: Device 'vfio-2c0945cb56f9bbd50' not found: not found``` When I run with the newly compiled kernel I still see the qmp.sock problem.  Further background: When I test this07:20
kata-irc-botwith a regular KVM guest, it works. So the device setup should be good.07:20
kata-irc-bot<bbolroc> Could you show me the result from the following? ```$ cat /sys/bus/ap/apmask $ cat /sys/bus/ap/aqmask $ lszcrypt```07:31
kata-irc-bot<pol> Here it comes: ```root@prot1:/etc/kata-containers# cat /sys/bus/ap/apmask 0xffffbfffffffffffffffffffffffffffffffffffffffffffffffffffffffffff root@prot1:/etc/kata-containers# cat /sys/bus/ap/aqmask 0xafffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff root@prot1:/etc/kata-containers# lszcrypt CARD.DOMAIN TYPE  MODE        STATUS  REQUESTS ---------------------------------------------- 11          CEX7P EP11-Coproc online     07:33
kata-irc-bot   0 13          CEX7P EP11-Coproc online         0 13.0002     CEX7P EP11-Coproc online         0 13.0004     CEX7P EP11-Coproc online         0 13.0005     CEX7P EP11-Coproc online         0```07:33
kata-irc-bot<bbolroc> Hmm.. looks good, and even you said it is working with kvm guest :thinking_face:07:34
kata-irc-bot<pol> Here you can also see the assignment to VFIO is happening: ```root@prot1:/etc/kata-containers# lszcrypt -V CARD.DOMAIN TYPE  MODE        STATUS  REQUESTS  PENDING HWTYPE QDEPTH FUNCTIONS  DRIVER -------------------------------------------------------------------------------------------- 11          CEX7P EP11-Coproc online         0        0     13     08 -----XNF-  cex4card 11.0001     CEX7P EP11-Coproc -              -        0     13 07:35
kata-irc-bot   08 -----XNF-  vfio_ap 11.0002     CEX7P EP11-Coproc -              -        0     13     08 -----XNF-  vfio_ap 11.0003     CEX7P EP11-Coproc -              -        0     13     08 -----XNF-  vfio_ap 11.0004     CEX7P EP11-Coproc -              -        0     13     08 -----XNF-  vfio_ap 11.0005     CEX7P EP11-Coproc -              -        0     13     08 -----XNF-  vfio_ap 13          CEX7P EP11-Coproc online         0        0     13    07:35
kata-irc-bot08 -----XNF-  cex4card 13.0001     CEX7P EP11-Coproc -              -        0     13     08 -----XNF-  vfio_ap 13.0002     CEX7P EP11-Coproc online         0        0     13     08 -----XNF-  cex4queue 13.0003     CEX7P EP11-Coproc -              -        0     13     08 -----XNF-  vfio_ap 13.0004     CEX7P EP11-Coproc online         0        0     13     08 -----XNF-  cex4queue 13.0005     CEX7P EP11-Coproc online         0        0     13  07:35
kata-irc-bot  08 -----XNF-  cex4queue```07:36
kata-irc-bot<bbolroc> So it would be a problem on the kata side. I will give it a try today and get back to you with a result. How does it sound to you?07:36
kata-irc-bot<bbolroc> I haven't ever tried it yet. (I have started this role this month. ;) )07:38
kata-irc-bot<meng.mobile> Hi all, a quick question: is kata 2.0 support acrn hypervisor? anyone give a try? fun to play with?10:41
« Tuesday, 2022-06-28 Index Thursday, 2022-06-30 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!