Received: by 10.192.165.148 with SMTP id m20csp3198014imm;
        Mon, 7 May 2018 08:14:19 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZo1xBTUtJkwX/yUhCKWax//00sfqOnBuFSmkn0T4bzojSrAny1yFvHdVmR1UHc+TUS4q2sh
X-Received: by 2002:a9d:4a3:: with SMTP id 32-v6mr5249835otm.151.1525706059208;
        Mon, 07 May 2018 08:14:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525706059; cv=none;
        d=google.com; s=arc-20160816;
        b=wXfhmddATZ1As7Dm0KVmypADb7AMDa9oJgjsHbJ87rrhFyL71dbzMkUWfSuyjzlYbV
         OsS5uzpqQKGzNBtRMw/tdg9HJ8YlF3SRRpvEMwuypl8iTI24AHhnNJxnqtGynYpT0Nco
         RtHcuxJpv18kfWAP2eboI+7uFC24PZIftT9I+5ttqV5QN/NvqIncyZDbM3gLvaPGjlhg
         Q1tW3yZv9lBHftFqc/7IZbHA/JYHH3+3t6thFIXW5XItyryuBUwv5XLf34GKOakNSteF
         ZjQCd7Qm/5Ovo5IDj+qHwDKxP89m/IL3m2aIEWxjd6kl11sD+RO08aEpvkxVPliVoVCS
         MKtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:references:in-reply-to:date
         :subject:cc:to:from:arc-authentication-results;
        bh=MDPBjJYo5mSpT/zOql33WE9cdYfE1UtLalE7oQzvxWg=;
        b=lXEX3GGy2C3YRpfe1J6WldLmAEpby52ThOOxUs50D7NofQPp5yTho+a7wJlv1MeTh9
         /lMfxojUx5OupbQUPfGAP8130DiH4w4kHoPuKztGlvyPK/nywfoARO9ke4ffIFWjEjqj
         gTcQH4L95r1PJ2fKBas1g1RCB4kolEJ1bPC5OpQzZXOrV2SJe0F7lVOPnYshuPQJalxI
         O/uScuqwvbi05JZz1oFj3AdaXHf1HYPgXTsbFzWaapep3sFugdVhvKHe85xnxBdK3izl
         p3wCTH4i8lnAA5roOK7HcZrv83I0ji2Xn90fx60VgSWcz6MV8KWbyHRCYcKpewBzp0Zw
         njfw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y125-v6si849140oig.434.2018.05.07.08.14.05;
        Mon, 07 May 2018 08:14:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752677AbeEGPNb (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Mon, 7 May 2018 11:13:31 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37514 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1752658AbeEGPN1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 7 May 2018 11:13:27 -0400
Received: from pps.filterd (m0098421.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w47F9YO2141806
        for <linux-kernel@vger.kernel.org>; Mon, 7 May 2018 11:13:26 -0400
Received: from e38.co.us.ibm.com (e38.co.us.ibm.com [32.97.110.159])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2htq5ce8kr-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Mon, 07 May 2018 11:13:26 -0400
Received: from localhost
        by e38.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <akrowiak@linux.vnet.ibm.com>;
        Mon, 7 May 2018 09:13:25 -0600
Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19)
        by e38.co.us.ibm.com (192.168.1.138) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Mon, 7 May 2018 09:13:21 -0600
Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237])
        by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w47FBwcf12058970;
        Mon, 7 May 2018 08:12:05 -0700
Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 42FCBC6047;
        Mon,  7 May 2018 09:12:05 -0600 (MDT)
Received: from localhost.localdomain (unknown [9.85.146.27])
        by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTPS id 0E0D1C6057;
        Mon,  7 May 2018 09:12:02 -0600 (MDT)
From:   Tony Krowiak <akrowiak@linux.vnet.ibm.com>
To:     linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org
Cc:     freude@de.ibm.com, schwidefsky@de.ibm.com,
        heiko.carstens@de.ibm.com, borntraeger@de.ibm.com,
        cohuck@redhat.com, kwankhede@nvidia.com,
        bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com,
        alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com,
        alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com,
        jjherne@linux.vnet.ibm.com, thuth@redhat.com,
        pasic@linux.vnet.ibm.com, berrange@redhat.com,
        fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com,
        akrowiak@linux.vnet.ibm.com
Subject: [PATCH v5 02/13] KVM: s390: refactor crypto initialization
Date:   Mon,  7 May 2018 11:11:41 -0400
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com>
References: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050715-0028-0000-0000-000009913F01
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008987; HX=3.00000241; KW=3.00000007;
 PH=3.00000004; SC=3.00000258; SDB=6.01028859; UDB=6.00525678; IPR=6.00807992;
 MB=3.00020972; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-07 15:13:24
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050715-0029-0000-0000-00003AB3EC2D
Message-Id: <1525705912-12815-3-git-send-email-akrowiak@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-07_06:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1805070154
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patch refactors the code that initializes the crypto
configuration for a guest. The crypto configuration is contained in
a crypto control block (CRYCB) which is a satellite control block to
our main hardware virtualization control block. The CRYCB is
attached to the main virtualization control block via a CRYCB
designation (CRYCBD) designation field containing the address of
the CRYCB as well as its format.

Prior to the introduction of AP device virtualization, there was
no need to provide access to or specify the format of the CRYCB for
a guest unless the MSA extension 3 (MSAX3) facility was installed
on the host system. With the introduction of AP device virtualization,
the CRYCB and its format must be made accessible to the guest
regardless of the presence of the MSAX3 facility as long as the
AP instructions are installed on the host.

Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
---
 arch/s390/include/asm/kvm_host.h |    1 +
 arch/s390/kvm/kvm-s390.c         |   64 ++++++++++++++++++++++++++-----------
 2 files changed, 46 insertions(+), 19 deletions(-)

diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index 81cdb6b..5393c4d 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -255,6 +255,7 @@ struct kvm_s390_sie_block {
 	__u8	reservede4[4];		/* 0x00e4 */
 	__u64	tecmc;			/* 0x00e8 */
 	__u8	reservedf0[12];		/* 0x00f0 */
+#define CRYCB_FORMAT_MASK 0x00000003
 #define CRYCB_FORMAT1 0x00000001
 #define CRYCB_FORMAT2 0x00000003
 	__u32	crycbd;			/* 0x00fc */
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 1f50de7..99779a6 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1875,14 +1875,35 @@ long kvm_arch_vm_ioctl(struct file *filp,
 	return r;
 }
 
-static void kvm_s390_set_crycb_format(struct kvm *kvm)
+/*
+ * The format of the crypto control block (CRYCB) is specified in the 3 low
+ * order bits of the CRYCB designation (CRYCBD) field as follows:
+ * Format 0: Neither the message security assist extension 3 (MSAX3) nor the
+ *			 AP extended addressing (APXA) facility are installed.
+ * Format 1: The APXA facility is not installed but the MSAX3 facility is.
+ * Format 2: Both the APXA and MSAX3 facilities are installed
+ */
+static void kvm_s390_format_crycb(struct kvm *kvm)
 {
-	kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb;
+	/* Clear the CRYCB format bits - i.e., set format 0 by default */
+	kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT_MASK);
+
+	/* Check whether MSAX3 is installed */
+	if (!test_kvm_facility(kvm, 76))
+		return;
 
 	if (kvm_ap_apxa_installed())
 		kvm->arch.crypto.crycbd |= CRYCB_FORMAT2;
 	else
 		kvm->arch.crypto.crycbd |= CRYCB_FORMAT1;
+
+	/* Enable AES/DEA protected key functions by default */
+	kvm->arch.crypto.aes_kw = 1;
+	kvm->arch.crypto.dea_kw = 1;
+	get_random_bytes(kvm->arch.crypto.crycb->aes_wrapping_key_mask,
+			 sizeof(kvm->arch.crypto.crycb->aes_wrapping_key_mask));
+	get_random_bytes(kvm->arch.crypto.crycb->dea_wrapping_key_mask,
+			 sizeof(kvm->arch.crypto.crycb->dea_wrapping_key_mask));
 }
 
 static u64 kvm_s390_get_initial_cpuid(void)
@@ -1896,19 +1917,17 @@ static u64 kvm_s390_get_initial_cpuid(void)
 
 static void kvm_s390_crypto_init(struct kvm *kvm)
 {
-	if (!test_kvm_facility(kvm, 76))
+	/*
+	 * If neither the AP instructions nor the message security assist
+	 * extension 3 (MSAX3) are installed, there is no need to initialize a
+	 * crypto control block (CRYCB) for the guest.
+	 */
+	if (!kvm_ap_instructions_available() && !test_kvm_facility(kvm, 76))
 		return;
 
 	kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb;
-	kvm_s390_set_crycb_format(kvm);
-
-	/* Enable AES/DEA protected key functions by default */
-	kvm->arch.crypto.aes_kw = 1;
-	kvm->arch.crypto.dea_kw = 1;
-	get_random_bytes(kvm->arch.crypto.crycb->aes_wrapping_key_mask,
-			 sizeof(kvm->arch.crypto.crycb->aes_wrapping_key_mask));
-	get_random_bytes(kvm->arch.crypto.crycb->dea_wrapping_key_mask,
-			 sizeof(kvm->arch.crypto.crycb->dea_wrapping_key_mask));
+	kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb;
+	kvm_s390_format_crycb(kvm);
 }
 
 static void sca_dispose(struct kvm *kvm)
@@ -2430,17 +2449,24 @@ void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu)
 
 static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu)
 {
-	if (!test_kvm_facility(vcpu->kvm, 76))
+	/*
+	 * If a crypto control block designation (CRYCBD) has not been
+	 * initialized
+	 */
+	if (vcpu->kvm->arch.crypto.crycbd == 0)
 		return;
 
-	vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA);
+	vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd;
 
-	if (vcpu->kvm->arch.crypto.aes_kw)
-		vcpu->arch.sie_block->ecb3 |= ECB3_AES;
-	if (vcpu->kvm->arch.crypto.dea_kw)
-		vcpu->arch.sie_block->ecb3 |= ECB3_DEA;
+	/* If MSAX3 is installed, set up protected key support */
+	if (test_kvm_facility(vcpu->kvm, 76)) {
+		vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA);
 
-	vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd;
+		if (vcpu->kvm->arch.crypto.aes_kw)
+			vcpu->arch.sie_block->ecb3 |= ECB3_AES;
+		if (vcpu->kvm->arch.crypto.dea_kw)
+			vcpu->arch.sie_block->ecb3 |= ECB3_DEA;
+	}
 }
 
 void kvm_s390_vcpu_unsetup_cmma(struct kvm_vcpu *vcpu)
-- 
1.7.1