Received: by 10.223.164.221 with SMTP id h29csp1050766wrb; Fri, 13 Oct 2017 10:45:40 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCmpzhGlbg6VUQDrya/ALfUtXn7MeXjajmhBudu2sNlmtPU2rVTwjsZddfxbduEAfLZR511 X-Received: by 10.98.204.150 with SMTP id j22mr2061720pfk.3.1507916739939; Fri, 13 Oct 2017 10:45:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507916739; cv=none; d=google.com; s=arc-20160816; b=tEp7EhVITNEtyvf37N+eAHUrIcVn9novOoPlOOWhHUy1CZVyAPsWss/0xAyryXjyF/ vnK+tHFSPeKUu4fSc/HaUk9SSj5cxOC5eq6jjlZu890oQZ49CYpV2jhAae/upR5ppCKK cDd7Erw4Mp09m6S+olIY3l+GmejvUodr3t0aZfiwnSLTkfLsE1xeIu9XoHIzTGwrsShD wNYSKXVW2GxUcsGarsczzFWjgV+HBVjKMd2S12WWxEpnzvirVI2wHw6Ttk9FkA3Hau5d 8mn1XNkhxBcIHpZCCyuMTkYHtGLGArGYFAOz/yJ148vWb3CNirl/4mI2KwFcJrsUUjz+ cGSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from:arc-authentication-results; bh=iQzSRNPilqk+NyLs3GX+8VN+ZZhpz+S3/YX9f51dF3Q=; b=IGVengJyzqBWdtoAJQ5U0+/6kWQCU2pEAUAVjtLE14duCWNdhr9kUv73JiV8jPOPzE ExRYpfMMvV5/OxvFn/Vta1PZQgV0k5bAk2/TjTWoc7a2z1k4MRuijTkOOggQNwZ6uj57 /DwWkekugvBPtdCyK+QE5HZuHEQrAxOfVzigmvWJyfwEl/8U/W9kXcDkzjBGbofxCZmg vG3ipp8rFvWaNDnZ68yaMH9mi1N0mCobnY+zEEM0l2sNG6lkkzrC2PkgGqwEWZhB5HMI Q6JUNr7Bida5YGq4b1YNEfz0jWibrauhhEzckorThzRiJD1OoLKmLV83fNdmvXT/e5ap xVPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n10si890257plk.585.2017.10.13.10.45.25; Fri, 13 Oct 2017 10:45:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753084AbdJMRkD (ORCPT + 99 others); Fri, 13 Oct 2017 13:40:03 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:57536 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752919AbdJMRj6 (ORCPT ); Fri, 13 Oct 2017 13:39:58 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v9DHcuVV119803 for ; Fri, 13 Oct 2017 13:39:58 -0400 Received: from e18.ny.us.ibm.com (e18.ny.us.ibm.com [129.33.205.208]) by mx0a-001b2d01.pphosted.com with ESMTP id 2djym7x03a-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Fri, 13 Oct 2017 13:39:58 -0400 Received: from localhost by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 13 Oct 2017 13:39:56 -0400 Received: from b01cxnp23034.gho.pok.ibm.com (9.57.198.29) by e18.ny.us.ibm.com (146.89.104.205) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 13 Oct 2017 13:39:53 -0400 Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v9DHdqSY39190610; Fri, 13 Oct 2017 17:39:52 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 815B22804A; Fri, 13 Oct 2017 13:39:45 -0400 (EDT) Received: from localhost.localdomain (unknown [9.85.201.79]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTPS id 926D428048; Fri, 13 Oct 2017 13:39:44 -0400 (EDT) From: Tony Krowiak To: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, qemu-s390x@nongnu.org, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, Tony Krowiak Subject: [RFC 02/19] KVM: s390: refactor crypto initialization Date: Fri, 13 Oct 2017 13:38:47 -0400 X-Mailer: git-send-email 1.7.1 In-Reply-To: <1507916344-3896-1-git-send-email-akrowiak@linux.vnet.ibm.com> References: <1507916344-3896-1-git-send-email-akrowiak@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17101317-0044-0000-0000-0000039F90B1 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007892; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000236; SDB=6.00930643; UDB=6.00468501; IPR=6.00710909; BA=6.00005636; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00017529; XFM=3.00000015; UTC=2017-10-13 17:39:55 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17101317-0045-0000-0000-000007CE940F Message-Id: <1507916344-3896-3-git-send-email-akrowiak@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-10-13_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710130244 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch introduces the following changes to crypto initialization. * For key management operations support, the crypto control block (CRYCB) referenced by the KVM guest's SIE state description is formatted only if the Message-Security-Assist (MSA) extension 3 facility is installed (STFLE.76 is set). Virtualization of AP facilities, however; requires that a CRYCB of the appropriate format be made available to SIE regardless of the value of STFLE.76. * The Execution Controls A (ECA) field bit 28 in the SIE block needs to be set to enable interpretive execution mode of adjunct processor (AP) instructions. Signed-off-by: Tony Krowiak --- arch/s390/include/asm/kvm_host.h | 1 + arch/s390/kvm/kvm-s390.c | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h index 50a6b25..5683f18 100644 --- a/arch/s390/include/asm/kvm_host.h +++ b/arch/s390/include/asm/kvm_host.h @@ -188,6 +188,7 @@ struct kvm_s390_sie_block { #define ECA_MVPGI 0x01000000 #define ECA_VX 0x00020000 #define ECA_PROTEXCI 0x00002000 +#define ECA_AP 0x00000008 #define ECA_SII 0x00000001 __u32 eca; /* 0x004c */ #define ICPT_INST 0x04 diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 40d0a1a..e57fc9b 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -1819,7 +1819,9 @@ static void kvm_s390_set_crycb_format(struct kvm *kvm) { kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb; - if (kvm_s390_apxa_installed()) + if (!test_kvm_facility(kvm, 76)) + kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT2); /* format 0 */ + else if (kvm_s390_apxa_installed()) kvm->arch.crypto.crycbd |= CRYCB_FORMAT2; else kvm->arch.crypto.crycbd |= CRYCB_FORMAT1; @@ -1836,12 +1838,12 @@ static u64 kvm_s390_get_initial_cpuid(void) static void kvm_s390_crypto_init(struct kvm *kvm) { - if (!test_kvm_facility(kvm, 76)) - return; - kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb; kvm_s390_set_crycb_format(kvm); + if (!test_kvm_facility(kvm, 76)) + return; + /* Enable AES/DEA protected key functions by default */ kvm->arch.crypto.aes_kw = 1; kvm->arch.crypto.dea_kw = 1; @@ -2366,8 +2368,15 @@ void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu) vcpu->arch.enabled_gmap = vcpu->arch.gmap; } +static void kvm_s390_vcpu_set_crypto_exec_mode(struct kvm_vcpu *vcpu) +{ + vcpu->arch.sie_block->eca |= ECA_AP; +} + static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) { + kvm_s390_vcpu_set_crypto_exec_mode(vcpu); + if (!test_kvm_facility(vcpu->kvm, 76)) return; -- 1.7.1 From 1584003374336424590@xxx Tue Nov 14 01:35:35 +0000 2017 X-GM-THRID: 1584003374336424590 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread