Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1718607imm; Wed, 16 May 2018 01:53:55 -0700 (PDT) X-Google-Smtp-Source: AB8JxZq6cI8hGaXh1aQVMVwuxtHeQ8BYAc3s3mATLO/k8kNj8OyJwi/JUzH5UOiQJt1yX3xk3ifr X-Received: by 2002:a17:902:2006:: with SMTP id n6-v6mr18511740pla.125.1526460835736; Wed, 16 May 2018 01:53:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526460835; cv=none; d=google.com; s=arc-20160816; b=d7HRPUSQhqntfwUVu/zzGS9eitFMKBY17gdKyOhyYEf9nMSkMRuSXnAuGwvPldFMMT 8b/gRn/fwMAIqeeXl4b1cGtxet7sJO05qkghLX3bu0zhERDldIv6LCdEZHGKPqkqQMNj qTnGFVvYD9GUeMjkfeMMGrj3yu6faJL4nRIVFMSq8unSAohNPnzwkpOH53Xlajzec1+b 9XUqJHeaPAVHG61gx58bFYgjBndYQNoJg9H/W+iREvQt5yjpAtYmiHXqY1e8YSBEkU4r XRUetrT4xVD9x9fMxqbpC84uP7LcDhwR/mIRbePYXBiGAMp7LnavBtfJUmITcuNVq6ix yjjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject:reply-to:arc-authentication-results; bh=+VsKX/CixIoDzt1AhFaLHJ8C8SIbPghq3GuJQH9G/KU=; b=hPVq82Y/jezIIzHJ9VBRHwkKvNqUDEYkkJWwGoKZe2DZ4ohSV9Wef5c5c7uQBC8ZNx uwMQpy8TM/Mp/URjeA2CmvYXsA4ykxSOKSzQwAe55E/HDscA0bYJxH3PfyFVBfCkCnU8 KH3NODctr8qsYt13R7/FfpMiLE/cWgcW7BzoU6q2wbhtNN4MRW3otjBTWqXcoOVutalZ Yk9GFCvjmswNdR7azrVZPq2jR+CUdIAho92vi/2xqzt7E7zOwQmIzea2fJg3zH/WcocI QZkGeo0jK2VYt61r5eOdDyj40J20j4ibmxPiYDXyCb+SZl+TZo+Zrnt2FDqiAVvnLhGH qWdw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f64-v6si1986393plf.496.2018.05.16.01.53.41; Wed, 16 May 2018 01:53:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752516AbeEPIwJ (ORCPT + 99 others); Wed, 16 May 2018 04:52:09 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:60982 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752382AbeEPIwG (ORCPT ); Wed, 16 May 2018 04:52:06 -0400 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4G8nB9P061692 for ; Wed, 16 May 2018 04:52:06 -0400 Received: from e06smtp13.uk.ibm.com (e06smtp13.uk.ibm.com [195.75.94.109]) by mx0a-001b2d01.pphosted.com with ESMTP id 2j0fvdd2bx-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 May 2018 04:52:06 -0400 Received: from localhost by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 16 May 2018 09:52:03 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp13.uk.ibm.com (192.168.101.143) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 16 May 2018 09:51:59 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4G8pv7J5898714; Wed, 16 May 2018 08:51:57 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AE7FC11C054; Wed, 16 May 2018 09:43:13 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 09FA911C052; Wed, 16 May 2018 09:43:13 +0100 (BST) Received: from [9.152.224.33] (unknown [9.152.224.33]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 May 2018 09:43:12 +0100 (BST) Reply-To: pmorel@linux.ibm.com Subject: Re: [PATCH v5 02/13] KVM: s390: refactor crypto initialization To: Tony Krowiak , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com References: <1525705912-12815-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1525705912-12815-3-git-send-email-akrowiak@linux.vnet.ibm.com> From: Pierre Morel Date: Wed, 16 May 2018 10:51:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <1525705912-12815-3-git-send-email-akrowiak@linux.vnet.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 18051608-0012-0000-0000-000005D71510 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18051608-0013-0000-0000-00001954380D Message-Id: <67656726-4d9b-44e1-1e2b-ab11de83f513@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-16_04:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805160090 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/05/2018 17:11, Tony Krowiak wrote: > This patch refactors the code that initializes the crypto > configuration for a guest. The crypto configuration is contained in > a crypto control block (CRYCB) which is a satellite control block to > our main hardware virtualization control block. The CRYCB is > attached to the main virtualization control block via a CRYCB > designation (CRYCBD) designation field containing the address of > the CRYCB as well as its format. > > Prior to the introduction of AP device virtualization, there was > no need to provide access to or specify the format of the CRYCB for > a guest unless the MSA extension 3 (MSAX3) facility was installed > on the host system. With the introduction of AP device virtualization, > the CRYCB and its format must be made accessible to the guest > regardless of the presence of the MSAX3 facility as long as the > AP instructions are installed on the host. > > Signed-off-by: Tony Krowiak > --- > arch/s390/include/asm/kvm_host.h | 1 + > arch/s390/kvm/kvm-s390.c | 64 ++++++++++++++++++++++++++----------- > 2 files changed, 46 insertions(+), 19 deletions(-) > > diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h > index 81cdb6b..5393c4d 100644 > --- a/arch/s390/include/asm/kvm_host.h > +++ b/arch/s390/include/asm/kvm_host.h > @@ -255,6 +255,7 @@ struct kvm_s390_sie_block { > __u8 reservede4[4]; /* 0x00e4 */ > __u64 tecmc; /* 0x00e8 */ > __u8 reservedf0[12]; /* 0x00f0 */ > +#define CRYCB_FORMAT_MASK 0x00000003 > #define CRYCB_FORMAT1 0x00000001 > #define CRYCB_FORMAT2 0x00000003 > __u32 crycbd; /* 0x00fc */ > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c > index 1f50de7..99779a6 100644 > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -1875,14 +1875,35 @@ long kvm_arch_vm_ioctl(struct file *filp, > return r; > } > > -static void kvm_s390_set_crycb_format(struct kvm *kvm) > +/* > + * The format of the crypto control block (CRYCB) is specified in the 3 low > + * order bits of the CRYCB designation (CRYCBD) field as follows: > + * Format 0: Neither the message security assist extension 3 (MSAX3) nor the > + * AP extended addressing (APXA) facility are installed. > + * Format 1: The APXA facility is not installed but the MSAX3 facility is. > + * Format 2: Both the APXA and MSAX3 facilities are installed > + */ > +static void kvm_s390_format_crycb(struct kvm *kvm) > { > - kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb; > + /* Clear the CRYCB format bits - i.e., set format 0 by default */ > + kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT_MASK); > + > + /* Check whether MSAX3 is installed */ > + if (!test_kvm_facility(kvm, 76)) > + return; > > if (kvm_ap_apxa_installed()) > kvm->arch.crypto.crycbd |= CRYCB_FORMAT2; > else > kvm->arch.crypto.crycbd |= CRYCB_FORMAT1; > + > + /* Enable AES/DEA protected key functions by default */ > + kvm->arch.crypto.aes_kw = 1; > + kvm->arch.crypto.dea_kw = 1; > + get_random_bytes(kvm->arch.crypto.crycb->aes_wrapping_key_mask, > + sizeof(kvm->arch.crypto.crycb->aes_wrapping_key_mask)); > + get_random_bytes(kvm->arch.crypto.crycb->dea_wrapping_key_mask, > + sizeof(kvm->arch.crypto.crycb->dea_wrapping_key_mask)); > } > > static u64 kvm_s390_get_initial_cpuid(void) > @@ -1896,19 +1917,17 @@ static u64 kvm_s390_get_initial_cpuid(void) > > static void kvm_s390_crypto_init(struct kvm *kvm) > { > - if (!test_kvm_facility(kvm, 76)) > + /* > + * If neither the AP instructions nor the message security assist > + * extension 3 (MSAX3) are installed, there is no need to initialize a > + * crypto control block (CRYCB) for the guest. > + */ > + if (!kvm_ap_instructions_available() && !test_kvm_facility(kvm, 76)) > return; > > kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb; > - kvm_s390_set_crycb_format(kvm); For my point of view the all patch can be reduced to putting this call (kvm_s390_set_crycb_format(kvm);) before testing for facility 76. (and setting the format correctly in kvm_s390_set_crycb_format(kvm)) > - > - /* Enable AES/DEA protected key functions by default */ > - kvm->arch.crypto.aes_kw = 1; > - kvm->arch.crypto.dea_kw = 1; > - get_random_bytes(kvm->arch.crypto.crycb->aes_wrapping_key_mask, > - sizeof(kvm->arch.crypto.crycb->aes_wrapping_key_mask)); > - get_random_bytes(kvm->arch.crypto.crycb->dea_wrapping_key_mask, > - sizeof(kvm->arch.crypto.crycb->dea_wrapping_key_mask)); > + kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb; > + kvm_s390_format_crycb(kvm); > } > > static void sca_dispose(struct kvm *kvm) > @@ -2430,17 +2449,24 @@ void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu) > > static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) > { > - if (!test_kvm_facility(vcpu->kvm, 76)) > + /* > + * If a crypto control block designation (CRYCBD) has not been > + * initialized > + */ > + if (vcpu->kvm->arch.crypto.crycbd == 0) > return; > > - vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA); > + vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd; > > - if (vcpu->kvm->arch.crypto.aes_kw) > - vcpu->arch.sie_block->ecb3 |= ECB3_AES; > - if (vcpu->kvm->arch.crypto.dea_kw) > - vcpu->arch.sie_block->ecb3 |= ECB3_DEA; > + /* If MSAX3 is installed, set up protected key support */ > + if (test_kvm_facility(vcpu->kvm, 76)) { > + vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA); > > - vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd; > + if (vcpu->kvm->arch.crypto.aes_kw) > + vcpu->arch.sie_block->ecb3 |= ECB3_AES; > + if (vcpu->kvm->arch.crypto.dea_kw) > + vcpu->arch.sie_block->ecb3 |= ECB3_DEA; > + } > } > > void kvm_s390_vcpu_unsetup_cmma(struct kvm_vcpu *vcpu) -- Pierre Morel Linux/KVM/QEMU in Böblingen - Germany