Received: by 10.192.165.156 with SMTP id m28csp108295imm;
        Tue, 17 Apr 2018 07:18:13 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49ppbsvmedt3eyTYUMbzkVPiDXk/SvNVkP/ZyopX0VI0YYB5vxCILL8tokEbYWdS6Lvcujv
X-Received: by 10.101.97.165 with SMTP id i5mr1924348pgv.449.1523974693173;
        Tue, 17 Apr 2018 07:18:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523974693; cv=none;
        d=google.com; s=arc-20160816;
        b=KNvdHDqmD5kkLWIJqbBXqpob+UJ/DIE//FiozNGIPnP/lG7Ch4GZWUO20H4aMRbBDu
         rlIsLnpiLtw2GuLJlBs9zZmSQXMAmu8f+SgXc8opLS47bpDEjNWers/f0Lp4ZMSR+H2K
         a0FphxiU+LAlFWbQPEASn4/OLrEGgyP4TBdioGMv3FQicJ8nhK2Gy6LuRPrzYpxhhAMo
         DDLr4hHHFWgPURzHWDUnNzBnZqckFzDXKfbzCAXc7SKkLR0MKPMTXNMBDudP1E7k1feU
         yWFQ1WJd3xkqlB726/rw3aEYYTlU5bPBZ05sBMyFn695Q06q8oQf05wcdWtAxCBUQbzV
         HuYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :from:references:cc:to:subject:arc-authentication-results;
        bh=J1Cor2W7v1ru9f+sIWHMf8B+SsiFKkqGpYso8ebpGlw=;
        b=RFA5l6lUoNG3aH2KCZcojtpuHqxf0VlE99hNBXBE602NlPpv1qqGvavGe8VsbZmfAW
         2PvC1R3OPTljKHrG/gep8h9tv/rFVcC4X18fj9FLT6hbf7FUPcg8KZZsSRX1Y9p6QbGw
         mLQydWcGfQsUq9DAIAw6EzsEAh2K90q8folD/hx/gna5imoZtFlZLvQ7rgD8yEyWsQ9b
         WIKsbgGcnKZ8dj37pbwA0m69mX4ereiyqovpjYWddk8YwPp7vDgMvpzbjQJXlaKK4iHH
         x0ncootbhEYU81sPEhR7DO/AMpmEosrIEo4KRPbiXTe0K8SKyN6MaTCgJxXdTJZ8+4Bz
         zuPw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a9si11251365pgw.592.2018.04.17.07.17.58;
        Tue, 17 Apr 2018 07:18:13 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752972AbeDQOQF (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Tue, 17 Apr 2018 10:16:05 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:60292 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1752915AbeDQOQB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Apr 2018 10:16:01 -0400
Received: from pps.filterd (m0098410.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w3HEFnTv058306
        for <linux-kernel@vger.kernel.org>; Tue, 17 Apr 2018 10:16:01 -0400
Received: from e18.ny.us.ibm.com (e18.ny.us.ibm.com [129.33.205.208])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2hdhtdtpwv-1
        (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Tue, 17 Apr 2018 10:16:00 -0400
Received: from localhost
        by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <akrowiak@linux.vnet.ibm.com>;
        Tue, 17 Apr 2018 10:15:59 -0400
Received: from b01cxnp22033.gho.pok.ibm.com (9.57.198.23)
        by e18.ny.us.ibm.com (146.89.104.205) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Tue, 17 Apr 2018 10:15:56 -0400
Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com [9.57.199.107])
        by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w3HEFtGR39321682;
        Tue, 17 Apr 2018 14:15:55 GMT
Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id A731612403D;
        Tue, 17 Apr 2018 11:17:57 -0400 (EDT)
Received: from oc8043147753.ibm.com (unknown [9.85.136.174])
        by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP id 5A41412404C;
        Tue, 17 Apr 2018 11:17:56 -0400 (EDT)
Subject: Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization
To:     Pierre Morel <pmorel@linux.vnet.ibm.com>,
        linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org
Cc:     freude@de.ibm.com, schwidefsky@de.ibm.com,
        heiko.carstens@de.ibm.com, borntraeger@de.ibm.com,
        cohuck@redhat.com, kwankhede@nvidia.com,
        bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com,
        alex.williamson@redhat.com, alifm@linux.vnet.ibm.com,
        mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com,
        thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com,
        fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com,
        akrowiak@linux.vnet.ibm.com
References: <1523827345-11600-1-git-send-email-akrowiak@linux.vnet.ibm.com>
 <1523827345-11600-4-git-send-email-akrowiak@linux.vnet.ibm.com>
 <4fb50a31-1893-5cfb-0f35-fb2501c2afa8@linux.vnet.ibm.com>
From:   Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Date:   Tue, 17 Apr 2018 10:15:53 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <4fb50a31-1893-5cfb-0f35-fb2501c2afa8@linux.vnet.ibm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-TM-AS-GCONF: 00
x-cbid: 18041714-0044-0000-0000-00000405DA28
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008870; HX=3.00000241; KW=3.00000007;
 PH=3.00000004; SC=3.00000257; SDB=6.01019243; UDB=6.00519962; IPR=6.00798484;
 MB=3.00020614; MTD=3.00000008; XFM=3.00000015; UTC=2018-04-17 14:15:59
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18041714-0045-0000-0000-00000837DE6A
Message-Id: <f9327dfe-a7c2-340d-12c7-6cf76a8c1b0d@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-04-17_07:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1804170128
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 04/16/2018 04:56 AM, Pierre Morel wrote:
> On 15/04/2018 23:22, Tony Krowiak wrote:
>> This patch refactors the code that initializes the crypto
>> configuration for a guest. The crypto configuration is contained in
>> a crypto control block (CRYCB) which is a satellite control block to
>> our main hardware virtualization control block. The CRYCB is
>> attached to the main virtualization control block via a CRYCB
>> designation (CRYCBD) designation field containing the address of
>> the CRYCB as well as its format.
>>
>> Prior to the introduction of AP device virtualization, there was
>> no need to provide access to or specify the format of the CRYCB for
>> a guest unless the MSA extension 3 (MSAX3) facility was installed
>> on the host system. With the introduction of AP device virtualization,
>> the CRYCB and its format must be made accessible to the guest
>> regardless of the presence of the MSAX3 facility.
>>
>> The crypto initialization code is restructured as follows:
>>
>> * A new compilation unit is introduced to contain all interfaces
>>    and data structures related to configuring a guest's CRYCB for
>>    both the refactoring of crypto initialization as well as all
>>    subsequent patches introducing AP virtualization support.
>>
>> * Currently, the asm code for querying the AP configuration is
>>    duplicated in the AP bus as well as in KVM. Since the KVM
>>    code was introduced, the AP bus has externalized the interface
>>    for querying the AP configuration. The KVM interface will be
>>    replaced with a call to the AP bus interface. Of course, this
>>    will be moved to the new compilation unit mentioned above.
>>
>> * An interface to format the CRYCBD field will be provided via
>>    the new compilation unit and called from the KVM vm
>>    initialization.
>>
>> Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
>> ---
>>   arch/s390/include/asm/kvm-ap.h   |   15 +++++++++
>>   arch/s390/include/asm/kvm_host.h |    1 +
>>   arch/s390/kvm/kvm-ap.c           |   39 ++++++++++++++++++++++++
>>   arch/s390/kvm/kvm-s390.c         |   60 
>> ++++----------------------------------
>>   4 files changed, 61 insertions(+), 54 deletions(-)
>>
>> diff --git a/arch/s390/include/asm/kvm-ap.h 
>> b/arch/s390/include/asm/kvm-ap.h
>> index 84412a9..736e93e 100644
>> --- a/arch/s390/include/asm/kvm-ap.h
>> +++ b/arch/s390/include/asm/kvm-ap.h
>> @@ -10,6 +10,9 @@
>>   #ifndef _ASM_KVM_AP
>>   #define _ASM_KVM_AP
>>
>> +#include <linux/types.h>
>> +#include <linux/kvm_host.h>
>> +
>>   /**
>>    * kvm_ap_instructions_installed()
>>    *
>> @@ -20,4 +23,16 @@
>>    */
>>   int kvm_ap_instructions_installed(void);
>>
>> +/**
>> + * kvm_ap_build_crycbd
>> + *
>> + * The crypto control block designation (CRYCBD) is a 32-bit field that
>> + * designates both the host real address and format of the CRYCB. 
>> This function
>> + * builds the CRYCBD field for use by the KVM guest.
>> + *
>> + * @kvm:    the KVM guest
>> + * @crycbd:    reference to the CRYCBD
>> + */
>> +void kvm_ap_build_crycbd(struct kvm *kvm);
>> +
>>   #endif /* _ASM_KVM_AP */
>> diff --git a/arch/s390/include/asm/kvm_host.h 
>> b/arch/s390/include/asm/kvm_host.h
>> index 81cdb6b..c990a1d 100644
>> --- a/arch/s390/include/asm/kvm_host.h
>> +++ b/arch/s390/include/asm/kvm_host.h
>> @@ -257,6 +257,7 @@ struct kvm_s390_sie_block {
>>       __u8    reservedf0[12];        /* 0x00f0 */
>>   #define CRYCB_FORMAT1 0x00000001
>>   #define CRYCB_FORMAT2 0x00000003
>> +#define CRYCB_FORMAT_MASK 0x00000003
>>       __u32    crycbd;            /* 0x00fc */
>>       __u64    gcr[16];        /* 0x0100 */
>>       __u64    gbea;            /* 0x0180 */
>> diff --git a/arch/s390/kvm/kvm-ap.c b/arch/s390/kvm/kvm-ap.c
>> index 1267588..991bae4 100644
>> --- a/arch/s390/kvm/kvm-ap.c
>> +++ b/arch/s390/kvm/kvm-ap.c
>> @@ -10,6 +10,8 @@
>>   #include <asm/kvm-ap.h>
>>   #include <asm/ap.h>
>>
>> +#include "kvm-s390.h"
>> +
>>   int kvm_ap_instructions_installed(void)
>>   {
>>   #ifdef CONFIG_ZCRYPT
>> @@ -19,3 +21,40 @@ int kvm_ap_instructions_installed(void)
>>   #endif
>>   }
>>   EXPORT_SYMBOL(kvm_ap_instructions_installed);
>> +
>> +static inline int kvm_ap_query_config(struct ap_config_info *config)
>> +{
>> +    memset(config, 0, sizeof(*config));
>> +
>> +#ifdef CONFIG_ZCRYPT
>
> I would prefer that you define the interface in an include file
> with stubs for the case ZCRYPT is not set.

This is a static function only called internally, but I suppose there is
no harm in defining it as an interface in kvm-ap.h ... it may come
in handy down the road.

>
>
>> +    if (kvm_ap_instructions_installed())
>> +        return ap_query_configuration(config);
>> +#endif
>> +
>> +    return -EOPNOTSUPP;
>> +}
>> +
>> +static int kvm_ap_apxa_installed(void)
>> +{
>> +    struct ap_config_info config;
>> +
>> +    if (kvm_ap_query_config(&config) == 0)
>> +        return (config.apxa == 1);
>> +
>> +    return 0;
>> +}
>> +
>> +void kvm_ap_build_crycbd(struct kvm *kvm)
>> +{
>> +    kvm->arch.crypto.crycbd = (__u32)(unsigned long) 
>> kvm->arch.crypto.crycb;
>> +    kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT_MASK);
>> +
>> +    /* check whether MSAX3 is installed */
>
> It means we do not support AP virtualization without MSA3.
> It follows we do not support CRYCB_FORMAT0

If MSAX3 is not installed, that means there is no key wrapping support,
hence CRYCB_FORMAT0. The CRYCB_FORMAT1 and CRYCB_FORMAT2 CRYCBs
both include wrapping key masks. I don't follow your logic here.

>
>
> It is different from what you explain in the comment.

How is it different? Above, we are setting the CRYCBD value regardless
of whether MSAX3 is installed or not. Previously, the CRYCBD value
was set only if MSAX3 is installed (see comments below)

>
>
>> +    if (kvm_ap_instructions_installed() && test_kvm_facility(kvm, 
>> 76)) {
>> +        if (kvm_ap_apxa_installed())
>> +            kvm->arch.crypto.crycbd |= CRYCB_FORMAT2;
>> +        else
>> +            kvm->arch.crypto.crycbd |= CRYCB_FORMAT1;
>> +    }
>> +}
>> +EXPORT_SYMBOL(kvm_ap_build_crycbd);
>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
>> index d0c3518..b47ff11 100644
>> --- a/arch/s390/kvm/kvm-s390.c
>> +++ b/arch/s390/kvm/kvm-s390.c
>> @@ -40,6 +40,7 @@
>>   #include <asm/sclp.h>
>>   #include <asm/cpacf.h>
>>   #include <asm/timex.h>
>> +#include <asm/kvm-ap.h>
>>   #include "kvm-s390.h"
>>   #include "gaccess.h"
>>
>> @@ -1881,55 +1882,6 @@ long kvm_arch_vm_ioctl(struct file *filp,
>>       return r;
>>   }
>>
>> -static int kvm_s390_query_ap_config(u8 *config)
>> -{
>> -    u32 fcn_code = 0x04000000UL;
>> -    u32 cc = 0;
>> -
>> -    memset(config, 0, 128);
>> -    asm volatile(
>> -        "lgr 0,%1\n"
>> -        "lgr 2,%2\n"
>> -        ".long 0xb2af0000\n"        /* PQAP(QCI) */
>> -        "0: ipm %0\n"
>> -        "srl %0,28\n"
>> -        "1:\n"
>> -        EX_TABLE(0b, 1b)
>> -        : "+r" (cc)
>> -        : "r" (fcn_code), "r" (config)
>> -        : "cc", "0", "2", "memory"
>> -    );
>> -
>> -    return cc;
>> -}
>> -
>> -static int kvm_s390_apxa_installed(void)
>> -{
>> -    u8 config[128];
>> -    int cc;
>> -
>> -    if (test_facility(12)) {
>> -        cc = kvm_s390_query_ap_config(config);
>> -
>> -        if (cc)
>> -            pr_err("PQAP(QCI) failed with cc=%d", cc);
>> -        else
>> -            return config[0] & 0x40;
>> -    }
>> -
>> -    return 0;
>> -}
>> -
>> -static void kvm_s390_set_crycb_format(struct kvm *kvm)
>> -{
>> -    kvm->arch.crypto.crycbd = (__u32)(unsigned long) 
>> kvm->arch.crypto.crycb;
>> -
>> -    if (kvm_s390_apxa_installed())
>> -        kvm->arch.crypto.crycbd |= CRYCB_FORMAT2;
>> -    else
>> -        kvm->arch.crypto.crycbd |= CRYCB_FORMAT1;
>> -}
>> -
>>   static u64 kvm_s390_get_initial_cpuid(void)
>>   {
>>       struct cpuid cpuid;
>> @@ -1941,12 +1893,12 @@ static u64 kvm_s390_get_initial_cpuid(void)
>>
>>   static void kvm_s390_crypto_init(struct kvm *kvm)
>>   {
>> +    kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb;
>> +    kvm_ap_build_crycbd(kvm);
>> +

Notice the call to kvm_ap_build_crycbd(kvm) above was added, so
the CRYCBD is being set regardless of the presence of MSAX3.

>>       if (!test_kvm_facility(kvm, 76))
>>           return;
>>
>> -    kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb;
>> -    kvm_s390_set_crycb_format(kvm);
Notice that this code that was removed to set the CRYCBD is called
only if MSAX3 is not installed - i.e., see the if statement
immediately preceding the two statements above.
>> -
>>       /* Enable AES/DEA protected key functions by default */
>>       kvm->arch.crypto.aes_kw = 1;
>>       kvm->arch.crypto.dea_kw = 1;
>> @@ -2475,6 +2427,8 @@ void kvm_arch_vcpu_postcreate(struct kvm_vcpu 
>> *vcpu)
>>
>>   static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu)
>>   {
>> +    vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd;
>> +
>>       if (!test_kvm_facility(vcpu->kvm, 76))
>>           return;
>>
>> @@ -2484,8 +2438,6 @@ static void kvm_s390_vcpu_crypto_setup(struct 
>> kvm_vcpu *vcpu)
>>           vcpu->arch.sie_block->ecb3 |= ECB3_AES;
>>       if (vcpu->kvm->arch.crypto.dea_kw)
>>           vcpu->arch.sie_block->ecb3 |= ECB3_DEA;
>> -
>> -    vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd;
>>   }
>>
>>   void kvm_s390_vcpu_unsetup_cmma(struct kvm_vcpu *vcpu)
>
>