On 08/12/2025 22.32, Zhuoying Cai wrote:
DIAG 320 subcode 1 provides information needed to determine
the amount of storage to store one or more certificates from the
certificate store.
Upon successful completion, this subcode returns information of the current
cert store, such as the number of certificates stored and allowed in the cert
store, amount of space may need to be allocate to store a certificate,
etc for verification-certificate blocks (VCBs).
The subcode value is denoted by setting the left-most bit
of an 8-byte field.
The verification-certificate-storage-size block (VCSSB) contains
the output data when the operation completes successfully. A VCSSB
length of 4 indicates that no certificate are available in the cert
store.
Signed-off-by: Zhuoying Cai <[email protected]>
Reviewed-by: Farhan Ali <[email protected]>
---
docs/specs/s390x-secure-ipl.rst | 12 +++++++
include/hw/s390x/ipl/diag320.h | 22 ++++++++++++
target/s390x/diag.c | 59 ++++++++++++++++++++++++++++++++-
3 files changed, 92 insertions(+), 1 deletion(-)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index c2e8f7aba5..d3ece8a82d 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -26,3 +26,15 @@ Subcode 0 - query installed subcodes
Returns a 256-bit installed subcodes mask (ISM) stored in the installed
subcodes block (ISB). This mask indicates which subcodes are currently
installed and available for use.
+
+Subcode 1 - query verification certificate storage information
+ Provides the information required to determine the amount of memory needed
+ to store one or more verification-certificates (VCs) from the certificate
+ store (CS).
+
+ Upon successful completion, this subcode returns various storage size
values
+ for verification-certificate blocks (VCBs).
+
+ The output is returned in the verification-certificate-storage-size block
+ (VCSSB). A VCSSB length of 4 indicates that no certificates are available
+ in the CS.
...
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index a347be7633..0e1897e03d 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -197,11 +197,50 @@ out:
}
}
+static int handle_diag320_query_vcsi(S390CPU *cpu, uint64_t addr, uint64_t r1,
+ uintptr_t ra, S390IPLCertificateStore
*qcs)
+{
+ g_autofree VCStorageSizeBlock *vcssb = NULL;
+
+ vcssb = g_new0(VCStorageSizeBlock, 1);
+ if (s390_cpu_virt_mem_read(cpu, addr, r1, vcssb, sizeof(*vcssb))) {
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ return -1;
+ }
+
+ if (be32_to_cpu(vcssb->length) < VCSSB_MIN_LEN) {
+ return DIAG_320_RC_INVAL_VCSSB_LEN;
+ }
Do we maybe also need to check for an upper limit for vcssb->length ? (see
below...)
+ if (!qcs->count) {
+ vcssb->length = cpu_to_be32(VCSSB_NO_VC);
+ } else {
+ vcssb->version = 0;
+ vcssb->total_vc_ct = cpu_to_be16(qcs->count);
+ vcssb->max_vc_ct = cpu_to_be16(MAX_CERTIFICATES);
+ vcssb->max_single_vcb_len = cpu_to_be32(VCB_HEADER_LEN +
VCE_HEADER_LEN +
+ qcs->max_cert_size);
+ vcssb->total_vcb_len = cpu_to_be32(VCB_HEADER_LEN + qcs->count *
VCE_HEADER_LEN +
+ qcs->total_bytes);
+ }
+
+ if (s390_cpu_virt_mem_write(cpu, addr, r1, vcssb,
be32_to_cpu(vcssb->length))) {
So this uses vcssb as source, but the length is controlled by a value that
is provided by the guest? ... this sounds dangerous, I think we should
definitely limit vcssb->length to be <= sizeof(*vcssb) !
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ return -1;
+ }
+ return DIAG_320_RC_OK;
+}
Thomas
