From: Pierre Morel <pmorel@xxxxxxxxxxxxx>
When we clear the Crypto Control Block (CRYCB) used by a guest
level 2, the vSIE shadow CRYCB for guest level 3 must be updated
before the guest uses it.
We achieve this by using the KVM_REQ_VSIE_RESTART synchronous
request for each vCPU belonging to the guest to force the reload
of the shadow CRYCB before rerunning the guest level 3.
Signed-off-by: Pierre Morel <pmorel@xxxxxxxxxxxxx>
---
arch/s390/kvm/kvm-s390.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 0d03249..9203f0b 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1921,6 +1921,9 @@ static void kvm_s390_set_crycb_format(struct kvm *kvm)
void kvm_arch_crypto_clear_masks(struct kvm *kvm)
{
+ int i;
+ struct kvm_vcpu *vcpu;
+
mutex_lock(&kvm->lock);
kvm_s390_vcpu_block_all(kvm);
@@ -1929,6 +1932,10 @@ void kvm_arch_crypto_clear_masks(struct kvm *kvm)
memset(&kvm->arch.crypto.crycb->apcb1, 0,
sizeof(kvm->arch.crypto.crycb->apcb1));
+ /* recreate the shadow crycb for each vcpu */
+ kvm_for_each_vcpu(i, vcpu, kvm)
+ kvm_s390_sync_request(KVM_REQ_VSIE_RESTART, vcpu);
+
kvm_s390_vcpu_unblock_all(kvm);
mutex_unlock(&kvm->lock);
}
--
1.7.1
