On 17.04.19 17:48, Christian Borntraeger wrote:
>
>
> On 17.04.19 17:38, David Hildenbrand wrote:
>> On 17.04.19 17:28, Christian Borntraeger wrote:
>>> Instead of adding a new machine option to disable/enable the keywrapping
>>> options of pckmo (like for AES and DEA) we can now use the CPU model to
>>> decide.
>>>
>>> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
>>> Reviewed-by: Collin Walling <walling@xxxxxxxxxxxxx>
>>> ---
>>> arch/s390/include/asm/kvm_host.h | 1 +
>>> arch/s390/kvm/kvm-s390.c | 4 ++++
>>> 2 files changed, 5 insertions(+)
>>>
>>> diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
>>> index c47e22bba87f..e224246ff93c 100644
>>> --- a/arch/s390/include/asm/kvm_host.h
>>> +++ b/arch/s390/include/asm/kvm_host.h
>>> @@ -278,6 +278,7 @@ struct kvm_s390_sie_block {
>>> #define ECD_HOSTREGMGMT 0x20000000
>>> #define ECD_MEF 0x08000000
>>> #define ECD_ETOKENF 0x02000000
>>> +#define ECD_ECC 0x00200000
>>> __u32 ecd; /* 0x01c8 */
>>> __u8 reserved1cc[18]; /* 0x01cc */
>>> __u64 pp; /* 0x01de */
>>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
>>> index 0dad61ccde3d..ff2444d935fd 100644
>>> --- a/arch/s390/kvm/kvm-s390.c
>>> +++ b/arch/s390/kvm/kvm-s390.c
>>> @@ -2933,6 +2933,10 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
>>> VCPU_EVENT(vcpu, 3, "AIV gisa format-%u enabled for cpu %03u",
>>> vcpu->arch.sie_block->gd & 0x3, vcpu->vcpu_id);
>>> }
>>> + /* if any of 32,33,34,40,41 is active, enable pckmo for ecc */
>>> + if ((vcpu->kvm->arch.model.subfuncs.pckmo[4] & 0xe0) ||
>>> + (vcpu->kvm->arch.model.subfuncs.pckmo[5] & 0xc0))
>>> + vcpu->arch.sie_block->ecd |= ECD_ECC;
>>
>> I see, that's why you sent the patch to remember this.
>>
>> vsie?
>
> i split this out because this is different from what we did with KVM_S390_VM_CRYPTO_ENABLE_AES_KW
> and friends. (we had no cpu model back then).
>
> But you are right. I will look into vsie, should be straightforward.
untested but something like this on top.
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index d62fa148558b..d0510d8c77e0 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -288,6 +288,7 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
const u32 crycb_addr = crycbd_o & 0x7ffffff8U;
unsigned long *b1, *b2;
u8 ecb3_flags;
+ u8 ecd_flags;
int apie_h;
int key_msk = test_kvm_facility(vcpu->kvm, 76);
int fmt_o = crycbd_o & CRYCB_FORMAT_MASK;
@@ -320,7 +321,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
/* we may only allow it if enabled for guest 2 */
ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 &
(ECB3_AES | ECB3_DEA);
- if (!ecb3_flags)
+ ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd & ECD_ECC;
+ if (!ecb3_flags && !ecbflags)
goto end;
/* copy only the wrapping keys */
@@ -329,6 +331,7 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
return set_validity_icpt(scb_s, 0x0035U);
scb_s->ecb3 |= ecb3_flags;
+ scb_s->ecd |= ecd_flags;
/* xor both blocks in one run */
b1 = (unsigned long *) vsie_page->crycb.dea_wrapping_key_mask;
