subject:"\[PATCH 4\/7\] KVM\: s390\/CPACF\: Choose crypto control block format"

Re: [PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

2015-02-04 Thread Christian Borntraeger

Am 04.02.2015 um 14:48 schrieb Paolo Bonzini:
> 
> 
> On 04/02/2015 14:05, Christian Borntraeger wrote:

 Could this also be part of the "things" that KVM can choose to enable,
 even though it's not a facility?
>> Can you re-ask that question? Not sure what you want to know. 
>>
>> This is mostly a fixup for z13, which wants to have a bigger control block. 
>> but
>> this block is not guest visible.
> 
> Okay, this is what I was asking.  If the block is not guest visible
> that's fine.
> 
> What happens if the guest executes PQAP(QCI)?

It will get an illegal opcode because we dont provide the PQAP instruction 
to the guest. (We  have to provide it, if we want to virtualize the off-cpu
crypto cards - right now we only provide the on-cpu crypto instructions)



--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

2015-02-04 Thread Paolo Bonzini



On 04/02/2015 14:05, Christian Borntraeger wrote:
>> > 
>> > Could this also be part of the "things" that KVM can choose to enable,
>> > even though it's not a facility?
> Can you re-ask that question? Not sure what you want to know. 
> 
> This is mostly a fixup for z13, which wants to have a bigger control block. 
> but
> this block is not guest visible.

Okay, this is what I was asking.  If the block is not guest visible
that's fine.

What happens if the guest executes PQAP(QCI)?

Paolo

> Talking about key wrapping, this is actually masked via a facility bit (for 
> MSA-3
> and MSA-4), therefore we have the test_vfacility thing in that function.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

2015-02-04 Thread Christian Borntraeger

Am 04.02.2015 um 14:00 schrieb Paolo Bonzini:
> 
> 
> On 04/02/2015 10:44, Christian Borntraeger wrote:
>> +static void kvm_s390_set_crycb_format(struct kvm *kvm)
>> +{
>> +kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb;
>> +
>> +if (kvm_s390_apxa_installed())
>> +kvm->arch.crypto.crycbd |= CRYCB_FORMAT2;
>> +else
>> +kvm->arch.crypto.crycbd |= CRYCB_FORMAT1;
>> +}
>> +
>>  static int kvm_s390_crypto_init(struct kvm *kvm)
>>  {
>>  if (!test_vfacility(76))
>> @@ -663,8 +709,7 @@ static int kvm_s390_crypto_init(struct kvm *kvm)
>>  if (!kvm->arch.crypto.crycb)
>>  return -ENOMEM;
>>  
>> -kvm->arch.crypto.crycbd = (__u32) (unsigned long) 
>> kvm->arch.crypto.crycb |
>> -  CRYCB_FORMAT1;
>> +kvm_s390_set_crycb_format(kvm);
> 
> Could this also be part of the "things" that KVM can choose to enable,
> even though it's not a facility?

Can you re-ask that question? Not sure what you want to know. 

This is mostly a fixup for z13, which wants to have a bigger control block. but
this block is not guest visible.
Talking about key wrapping, this is actually masked via a facility bit (for 
MSA-3
and MSA-4), therefore we have the test_vfacility thing in that function.

Christian




--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

2015-02-04 Thread Paolo Bonzini



On 04/02/2015 10:44, Christian Borntraeger wrote:
> +static void kvm_s390_set_crycb_format(struct kvm *kvm)
> +{
> + kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb;
> +
> + if (kvm_s390_apxa_installed())
> + kvm->arch.crypto.crycbd |= CRYCB_FORMAT2;
> + else
> + kvm->arch.crypto.crycbd |= CRYCB_FORMAT1;
> +}
> +
>  static int kvm_s390_crypto_init(struct kvm *kvm)
>  {
>   if (!test_vfacility(76))
> @@ -663,8 +709,7 @@ static int kvm_s390_crypto_init(struct kvm *kvm)
>   if (!kvm->arch.crypto.crycb)
>   return -ENOMEM;
>  
> - kvm->arch.crypto.crycbd = (__u32) (unsigned long) 
> kvm->arch.crypto.crycb |
> -   CRYCB_FORMAT1;
> + kvm_s390_set_crycb_format(kvm);

Could this also be part of the "things" that KVM can choose to enable,
even though it's not a facility?

Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

2015-02-04 Thread Christian Borntraeger

From: Tony Krowiak 

We need to specify a different format for the crypto control block
depending on whether the APXA facility is installed or not. Let's test
for it by executing the PQAP(QCI) function and use either a format-1 or
a format-2 crypto control block accordingly.

Signed-off-by: Tony Krowiak 
Signed-off-by: Christian Borntraeger 
---
 arch/s390/include/asm/kvm_host.h |  2 ++
 arch/s390/kvm/kvm-s390.c | 49 ++--
 2 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index d1ecc7f..09b6c1f 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -163,6 +163,7 @@ struct kvm_s390_sie_block {
__u64   tecmc;  /* 0x00e8 */
__u8reservedf0[12]; /* 0x00f0 */
 #define CRYCB_FORMAT1 0x0001
+#define CRYCB_FORMAT2 0x0003
__u32   crycbd; /* 0x00fc */
__u64   gcr[16];/* 0x0100 */
__u64   gbea;   /* 0x0180 */
@@ -515,6 +516,7 @@ struct kvm_s390_crypto_cb {
__u8reserved00[72]; /* 0x */
__u8dea_wrapping_key_mask[24];  /* 0x0048 */
__u8aes_wrapping_key_mask[32];  /* 0x0060 */
+   __u8reserved80[128];/* 0x0080 */
 };
 
 struct kvm_arch{
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 57f5538..57ba533 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -653,6 +653,52 @@ long kvm_arch_vm_ioctl(struct file *filp,
return r;
 }
 
+static int kvm_s390_query_ap_config(u8 *config)
+{
+   u32 fcn_code = 0x0400UL;
+   u32 cc;
+
+   asm volatile(
+   "lgr 0,%1\n"
+   "lgr 2,%2\n"
+   ".long 0xb2af\n"/* PQAP(QCI) */
+   "ipm %0\n"
+   "srl %0,28\n"
+   : "=r" (cc)
+   : "r" (fcn_code), "r" (config)
+   : "cc", "0", "2", "memory"
+   );
+
+   return cc;
+}
+
+static int kvm_s390_apxa_installed(void)
+{
+   u8 config[128];
+   int cc;
+
+   if (test_facility(2) && test_facility(12)) {
+   cc = kvm_s390_query_ap_config(config);
+
+   if (cc)
+   pr_err("PQAP(QCI) failed with cc=%d", cc);
+   else
+   return config[0] & 0x40;
+   }
+
+   return 0;
+}
+
+static void kvm_s390_set_crycb_format(struct kvm *kvm)
+{
+   kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb;
+
+   if (kvm_s390_apxa_installed())
+   kvm->arch.crypto.crycbd |= CRYCB_FORMAT2;
+   else
+   kvm->arch.crypto.crycbd |= CRYCB_FORMAT1;
+}
+
 static int kvm_s390_crypto_init(struct kvm *kvm)
 {
if (!test_vfacility(76))
@@ -663,8 +709,7 @@ static int kvm_s390_crypto_init(struct kvm *kvm)
if (!kvm->arch.crypto.crycb)
return -ENOMEM;
 
-   kvm->arch.crypto.crycbd = (__u32) (unsigned long) 
kvm->arch.crypto.crycb |
- CRYCB_FORMAT1;
+   kvm_s390_set_crycb_format(kvm);
 
/* Disable AES/DEA protected key functions by default */
kvm->arch.crypto.aes_kw = 0;
-- 
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

Re: [PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

Re: [PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

Re: [PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

[PATCH 4/7] KVM: s390/CPACF: Choose crypto control block format

5 matches

Site Navigation

Mail list logo

Footer information