Received: by 10.192.165.156 with SMTP id m28csp395956imm; Mon, 16 Apr 2018 01:58:18 -0700 (PDT) X-Google-Smtp-Source: AIpwx49UTn7mhriYR7K0pptI6h9AlIF1F9yi7Ywpusa9Uvwcf705bQiMGROL1BIsB3pEdyHlVNNQ X-Received: by 10.99.116.19 with SMTP id p19mr645977pgc.230.1523869098487; Mon, 16 Apr 2018 01:58:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523869098; cv=none; d=google.com; s=arc-20160816; b=cxDMKxP3czI+JLcA5OpA0qLlt3uv/0cphwnapqBL4m0zyl0OpmDTIk2sX4vKcBHSZp OW83RSdUjvnFlpoEcWadmyPa6SkrQ1ioTx0pYVQeOq0OgKKGZYmHJVHUFwIpugqQBSfR MTnlc82jqXVfABY8vChF0uHr53qcDb0B8gp76pQbBdhqPAY40R5cDp9IG3ZL/p/DQm9n AFIrRXaRLbtS6NF3AipomLsNzFDctbzCya/Cz95oY3jJr97D9xe0EKdEcYRFYgLu0FI3 D1vO09j7ky9O2PbdJJxwciUE8IN25vxpQFb8JPjGKFbEgiPTUj7AgoWFe47CUCvG2DRL 1fFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:arc-authentication-results; bh=y8FXN1s4gwOe5Dzig/G2CRuWPxQkzHXj7qg50eKzyks=; b=exXTvONqnrGdLo4a4Ykum/DbF5EAUDypE3msQmjXIr/CjEDsVFXuBaeq8gH7TygutR mVbq+oPJHWzk+mEtIuLyJ0qbdKoPC+5CU1nIvRw+4mVVg+7ZusnLvDONwWzRgzHoEBRq dIJKWyLRlODqvLo7UbmcnbRo3TKXOG/RWHcRynMe+Ck7aDeABxqMH7fx3Vq0K+v1Pl68 0euHi2HRrwW0MFc9CaudQiSKfRa1XB2UXLKI02opGHQ2NjutpBMJ0mZl9RuzVFAgVHj2 O6EEiUwH1uOVvf7jlssPNqsrYJ1rn1lhYXraJzlRYywhdyxuzjggKpNdOYblrrYA0XxJ E4hQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e1si9226858pgu.537.2018.04.16.01.58.04; Mon, 16 Apr 2018 01:58:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754160AbeDPI5C (ORCPT + 99 others); Mon, 16 Apr 2018 04:57:02 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:39546 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754101AbeDPI5A (ORCPT ); Mon, 16 Apr 2018 04:57:00 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w3G8sIl3125688 for ; Mon, 16 Apr 2018 04:56:59 -0400 Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110]) by mx0b-001b2d01.pphosted.com with ESMTP id 2hcpjjwkd9-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Mon, 16 Apr 2018 04:56:59 -0400 Received: from localhost by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 16 Apr 2018 09:56:57 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 16 Apr 2018 09:56:54 +0100 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w3G8ur3E1442054; Mon, 16 Apr 2018 08:56:53 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F17B54C046; Mon, 16 Apr 2018 09:49:25 +0100 (BST) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6CC494C052; Mon, 16 Apr 2018 09:49:25 +0100 (BST) Received: from [9.152.224.146] (unknown [9.152.224.146]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 16 Apr 2018 09:49:25 +0100 (BST) Subject: Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization To: Tony Krowiak , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1523827345-11600-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1523827345-11600-4-git-send-email-akrowiak@linux.vnet.ibm.com> From: Pierre Morel Date: Mon, 16 Apr 2018 10:56:52 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <1523827345-11600-4-git-send-email-akrowiak@linux.vnet.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18041608-0044-0000-0000-00000548AD6B X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18041608-0045-0000-0000-00002888B39D Message-Id: <4fb50a31-1893-5cfb-0f35-fb2501c2afa8@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-04-16_04:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1804160082 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15/04/2018 23:22, Tony Krowiak wrote: > This patch refactors the code that initializes the crypto > configuration for a guest. The crypto configuration is contained in > a crypto control block (CRYCB) which is a satellite control block to > our main hardware virtualization control block. The CRYCB is > attached to the main virtualization control block via a CRYCB > designation (CRYCBD) designation field containing the address of > the CRYCB as well as its format. > > Prior to the introduction of AP device virtualization, there was > no need to provide access to or specify the format of the CRYCB for > a guest unless the MSA extension 3 (MSAX3) facility was installed > on the host system. With the introduction of AP device virtualization, > the CRYCB and its format must be made accessible to the guest > regardless of the presence of the MSAX3 facility. > > The crypto initialization code is restructured as follows: > > * A new compilation unit is introduced to contain all interfaces > and data structures related to configuring a guest's CRYCB for > both the refactoring of crypto initialization as well as all > subsequent patches introducing AP virtualization support. > > * Currently, the asm code for querying the AP configuration is > duplicated in the AP bus as well as in KVM. Since the KVM > code was introduced, the AP bus has externalized the interface > for querying the AP configuration. The KVM interface will be > replaced with a call to the AP bus interface. Of course, this > will be moved to the new compilation unit mentioned above. > > * An interface to format the CRYCBD field will be provided via > the new compilation unit and called from the KVM vm > initialization. > > Signed-off-by: Tony Krowiak > --- > arch/s390/include/asm/kvm-ap.h | 15 +++++++++ > arch/s390/include/asm/kvm_host.h | 1 + > arch/s390/kvm/kvm-ap.c | 39 ++++++++++++++++++++++++ > arch/s390/kvm/kvm-s390.c | 60 ++++---------------------------------- > 4 files changed, 61 insertions(+), 54 deletions(-) > > diff --git a/arch/s390/include/asm/kvm-ap.h b/arch/s390/include/asm/kvm-ap.h > index 84412a9..736e93e 100644 > --- a/arch/s390/include/asm/kvm-ap.h > +++ b/arch/s390/include/asm/kvm-ap.h > @@ -10,6 +10,9 @@ > #ifndef _ASM_KVM_AP > #define _ASM_KVM_AP > > +#include > +#include > + > /** > * kvm_ap_instructions_installed() > * > @@ -20,4 +23,16 @@ > */ > int kvm_ap_instructions_installed(void); > > +/** > + * kvm_ap_build_crycbd > + * > + * The crypto control block designation (CRYCBD) is a 32-bit field that > + * designates both the host real address and format of the CRYCB. This function > + * builds the CRYCBD field for use by the KVM guest. > + * > + * @kvm: the KVM guest > + * @crycbd: reference to the CRYCBD > + */ > +void kvm_ap_build_crycbd(struct kvm *kvm); > + > #endif /* _ASM_KVM_AP */ > diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h > index 81cdb6b..c990a1d 100644 > --- a/arch/s390/include/asm/kvm_host.h > +++ b/arch/s390/include/asm/kvm_host.h > @@ -257,6 +257,7 @@ struct kvm_s390_sie_block { > __u8 reservedf0[12]; /* 0x00f0 */ > #define CRYCB_FORMAT1 0x00000001 > #define CRYCB_FORMAT2 0x00000003 > +#define CRYCB_FORMAT_MASK 0x00000003 > __u32 crycbd; /* 0x00fc */ > __u64 gcr[16]; /* 0x0100 */ > __u64 gbea; /* 0x0180 */ > diff --git a/arch/s390/kvm/kvm-ap.c b/arch/s390/kvm/kvm-ap.c > index 1267588..991bae4 100644 > --- a/arch/s390/kvm/kvm-ap.c > +++ b/arch/s390/kvm/kvm-ap.c > @@ -10,6 +10,8 @@ > #include > #include > > +#include "kvm-s390.h" > + > int kvm_ap_instructions_installed(void) > { > #ifdef CONFIG_ZCRYPT > @@ -19,3 +21,40 @@ int kvm_ap_instructions_installed(void) > #endif > } > EXPORT_SYMBOL(kvm_ap_instructions_installed); > + > +static inline int kvm_ap_query_config(struct ap_config_info *config) > +{ > + memset(config, 0, sizeof(*config)); > + > +#ifdef CONFIG_ZCRYPT I would prefer that you define the interface in an include file with stubs for the case ZCRYPT is not set. > + if (kvm_ap_instructions_installed()) > + return ap_query_configuration(config); > +#endif > + > + return -EOPNOTSUPP; > +} > + > +static int kvm_ap_apxa_installed(void) > +{ > + struct ap_config_info config; > + > + if (kvm_ap_query_config(&config) == 0) > + return (config.apxa == 1); > + > + return 0; > +} > + > +void kvm_ap_build_crycbd(struct kvm *kvm) > +{ > + kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb; > + kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT_MASK); > + > + /* check whether MSAX3 is installed */ It means we do not support AP virtualization without MSA3. It follows we do not support CRYCB_FORMAT0 It is different from what you explain in the comment. > + if (kvm_ap_instructions_installed() && test_kvm_facility(kvm, 76)) { > + if (kvm_ap_apxa_installed()) > + kvm->arch.crypto.crycbd |= CRYCB_FORMAT2; > + else > + kvm->arch.crypto.crycbd |= CRYCB_FORMAT1; > + } > +} > +EXPORT_SYMBOL(kvm_ap_build_crycbd); > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c > index d0c3518..b47ff11 100644 > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -40,6 +40,7 @@ > #include > #include > #include > +#include > #include "kvm-s390.h" > #include "gaccess.h" > > @@ -1881,55 +1882,6 @@ long kvm_arch_vm_ioctl(struct file *filp, > return r; > } > > -static int kvm_s390_query_ap_config(u8 *config) > -{ > - u32 fcn_code = 0x04000000UL; > - u32 cc = 0; > - > - memset(config, 0, 128); > - asm volatile( > - "lgr 0,%1\n" > - "lgr 2,%2\n" > - ".long 0xb2af0000\n" /* PQAP(QCI) */ > - "0: ipm %0\n" > - "srl %0,28\n" > - "1:\n" > - EX_TABLE(0b, 1b) > - : "+r" (cc) > - : "r" (fcn_code), "r" (config) > - : "cc", "0", "2", "memory" > - ); > - > - return cc; > -} > - > -static int kvm_s390_apxa_installed(void) > -{ > - u8 config[128]; > - int cc; > - > - if (test_facility(12)) { > - cc = kvm_s390_query_ap_config(config); > - > - if (cc) > - pr_err("PQAP(QCI) failed with cc=%d", cc); > - else > - return config[0] & 0x40; > - } > - > - return 0; > -} > - > -static void kvm_s390_set_crycb_format(struct kvm *kvm) > -{ > - kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb; > - > - if (kvm_s390_apxa_installed()) > - kvm->arch.crypto.crycbd |= CRYCB_FORMAT2; > - else > - kvm->arch.crypto.crycbd |= CRYCB_FORMAT1; > -} > - > static u64 kvm_s390_get_initial_cpuid(void) > { > struct cpuid cpuid; > @@ -1941,12 +1893,12 @@ static u64 kvm_s390_get_initial_cpuid(void) > > static void kvm_s390_crypto_init(struct kvm *kvm) > { > + kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb; > + kvm_ap_build_crycbd(kvm); > + > if (!test_kvm_facility(kvm, 76)) > return; > > - kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb; > - kvm_s390_set_crycb_format(kvm); > - > /* Enable AES/DEA protected key functions by default */ > kvm->arch.crypto.aes_kw = 1; > kvm->arch.crypto.dea_kw = 1; > @@ -2475,6 +2427,8 @@ void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu) > > static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) > { > + vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd; > + > if (!test_kvm_facility(vcpu->kvm, 76)) > return; > > @@ -2484,8 +2438,6 @@ static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) > vcpu->arch.sie_block->ecb3 |= ECB3_AES; > if (vcpu->kvm->arch.crypto.dea_kw) > vcpu->arch.sie_block->ecb3 |= ECB3_DEA; > - > - vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd; > } > > void kvm_s390_vcpu_unsetup_cmma(struct kvm_vcpu *vcpu) -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany