Re: [PATCH v2 4/7] KVM: s390: enable MSA9 keywrapping functions depending on cpu model

David Hildenbrand <david@xxxxxxxxxx> · Thu, 18 Apr 2019 09:54:27 +0200

On 17.04.19 20:29, Christian Borntraeger wrote:
> Instead of adding a new machine option to disable/enable the keywrapping
> options of pckmo (like for AES and DEA) we can now use the CPU model to
> decide.
> 
> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
> Reviewed-by: Collin Walling <walling@xxxxxxxxxxxxx>
> ---
> v1->v2: - enable vsie
> 	- also check if the host has the pckmo functions
>  arch/s390/include/asm/kvm_host.h | 1 +
>  arch/s390/kvm/kvm-s390.c         | 7 +++++++
>  arch/s390/kvm/vsie.c             | 5 ++++-
>  3 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
> index c47e22bba87fa..e224246ff93c6 100644
> --- a/arch/s390/include/asm/kvm_host.h
> +++ b/arch/s390/include/asm/kvm_host.h
> @@ -278,6 +278,7 @@ struct kvm_s390_sie_block {
>  #define ECD_HOSTREGMGMT	0x20000000
>  #define ECD_MEF		0x08000000
>  #define ECD_ETOKENF	0x02000000
> +#define ECD_ECC		0x00200000
>  	__u32	ecd;			/* 0x01c8 */
>  	__u8	reserved1cc[18];	/* 0x01cc */
>  	__u64	pp;			/* 0x01de */
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index 0dad61ccde3d6..9869d785677f1 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -2933,6 +2933,13 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
>  		VCPU_EVENT(vcpu, 3, "AIV gisa format-%u enabled for cpu %03u",
>  			   vcpu->arch.sie_block->gd & 0x3, vcpu->vcpu_id);
>  	}
> +	/*
> +	 * if any of 32,33,34,40,41 is active in host AND guest,
> +	 * we enable pckmo for ecc
> +	 */
> +	if ((vcpu->kvm->arch.model.subfuncs.pckmo[4] & kvm_s390_available_subfunc.pckmo[4] & 0xe0) ||
> +	    (vcpu->kvm->arch.model.subfuncs.pckmo[5] & kvm_s390_available_subfunc.pckmo[5] & 0xc0))

Maybe some helper like

bool kvm_has_pckmo_subfunc(kvm, nr)
{
	/* magic for one number */
}
...

if (kvm_has_pckmo_subfunc(kvm, 32) || kvm_has_pckmo_subfunc(kvm, 33))
...

then you can also get rid of the comment.

> +		vcpu->arch.sie_block->ecd |= ECD_ECC;
>  	vcpu->arch.sie_block->sdnxo = ((unsigned long) &vcpu->run->s.regs.sdnx)
>  					| SDNXC;
>  	vcpu->arch.sie_block->riccbd = (unsigned long) &vcpu->run->s.regs.riccb;
> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
> index d62fa148558b9..c6983d962abfd 100644
> --- a/arch/s390/kvm/vsie.c
> +++ b/arch/s390/kvm/vsie.c
> @@ -288,6 +288,7 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>  	const u32 crycb_addr = crycbd_o & 0x7ffffff8U;
>  	unsigned long *b1, *b2;
>  	u8 ecb3_flags;
> +	u32 ecd_flags;
>  	int apie_h;
>  	int key_msk = test_kvm_facility(vcpu->kvm, 76);
>  	int fmt_o = crycbd_o & CRYCB_FORMAT_MASK;
> @@ -320,7 +321,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>  	/* we may only allow it if enabled for guest 2 */
>  	ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 &
>  		     (ECB3_AES | ECB3_DEA);
> -	if (!ecb3_flags)
> +	ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd & ECD_ECC;
> +	if (!ecb3_flags && !ecd_flags)
>  		goto end;

Just so I get it right, there are no *new* wrapping keys? Which wrapping
keys are used then?

>  
>  	/* copy only the wrapping keys */
> @@ -329,6 +331,7 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>  		return set_validity_icpt(scb_s, 0x0035U);
>  
>  	scb_s->ecb3 |= ecb3_flags;
> +	scb_s->ecd |= ecd_flags;
>  
>  	/* xor both blocks in one run */
>  	b1 = (unsigned long *) vsie_page->crycb.dea_wrapping_key_mask;
> 

-- 

Thanks,

David / dhildenb