From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D7F79C3ABC9 for ; Thu, 8 May 2025 22:51:44 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uDA5J-000421-Mj; Thu, 08 May 2025 18:51:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uDA5F-00040z-Ll; Thu, 08 May 2025 18:51:17 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uDA5D-0006RR-OC; Thu, 08 May 2025 18:51:17 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 548KqED6007933; Thu, 8 May 2025 22:51:13 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=T1njN+1h0Dt+G73Cj jUulqlzoVE0BClxke4GWnRhMPg=; b=Ncu17KG1o7wYc4T7Q+im1wzviWDpptgUM WKOySZU0MdqyoEwyWVQBFj//Xxv3+spcQ21W3X5XIuoC+7nH7WGp3+3D7HjiIY7P tH4KEJbIvYrUuo5IRmojmSYE6eE6XD1E0z2XprZ5iwvtHYlpvFzQFMMKEyq57OUd TW52OUoep9dpSz3z292Ip6/oM+eEHCX36UohPURz/mUftG0uo9Z079FzpCXxcvxt 2khfcFMvM9gOhEiPnqgqY9/LGqRa75wsM8n0Q7kAsa00vRdi9qhr+qYbdCE196hC P4Ssh+e6Isrd+vYYW/GDxw2OENHsa2fC+R68YzVPh48TIpga4egxw== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 46ghg2drg0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 08 May 2025 22:51:13 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 548KWBrt001313; Thu, 8 May 2025 22:51:12 GMT Received: from smtprelay01.wdc07v.mail.ibm.com ([172.16.1.68]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 46dwftr930-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 08 May 2025 22:51:12 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay01.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 548MpAfw24838620 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 8 May 2025 22:51:10 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B5B3758065; Thu, 8 May 2025 22:51:10 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 455DA58063; Thu, 8 May 2025 22:51:09 +0000 (GMT) Received: from fedora-workstation.ibmuc.com (unknown [9.61.11.238]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 8 May 2025 22:51:09 +0000 (GMT) From: Zhuoying Cai To: thuth@redhat.com, richard.henderson@linaro.org, david@redhat.com, pbonzini@redhat.com Cc: walling@linux.ibm.com, jjherne@linux.ibm.com, jrossi@linux.ibm.com, fiuczy@linux.ibm.com, pasic@linux.ibm.com, borntraeger@linux.ibm.com, farman@linux.ibm.com, iii@linux.ibm.com, qemu-s390x@nongnu.org, qemu-devel@nongnu.org, zycai@linux.ibm.com Subject: [PATCH v2 03/25] s390x: Guest support for Certificate Store Facility (CS) Date: Thu, 8 May 2025 18:50:19 -0400 Message-ID: <20250508225042.313672-4-zycai@linux.ibm.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250508225042.313672-1-zycai@linux.ibm.com> References: <20250508225042.313672-1-zycai@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: zWMZ9uOvjKsN0R9d0q95Sw64TsLl2x17 X-Authority-Analysis: v=2.4 cv=VJLdn8PX c=1 sm=1 tr=0 ts=681d3561 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=dt9VzEwgFbYA:10 a=VnNF1IyMAAAA:8 a=N6PdpXqogauZlk4tBwoA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNTA4MDIwNSBTYWx0ZWRfX9ps4T0CeEuPv Zt+7O3Tusw1BhKtN79LTiZeaM+lYXmNYSKxDFUVB8FDN/ygGQTOjRIaJSKDUuUI+QomQvuoFk21 yUgiJ5Zk42c5TPCo3X5Le/C1Mfd5261i4+AjJsv7TwjlyaiJJZGjXjzUmTnlbYMkbp4s4GkNoAS aa9qqu45jx5O23IY0xcT+wOalK/HR8bzGkBBXVMzDX0UuHVX7USR8jscJop0TRzw5bhLnLVDLj/ SIsPxXEh5e+TYSvFN//beD4Lkaed8cDzZFGDX0awIFcO6yhdtYi6dh7oyeF1q1MYOb6JxNXMWT9 Te/0U0jH7j2xSxoj5ArF1X8dU8g51cnQjVhPwU5CN3L/b8m0TaY8/HZAEOZd18IvaCs0MkHZ1YI BbCC/cDZ6JUN4PQG4p7UxKIcsG7iC0vXAaFVXBlJta8bWI+evaEqv24PctJ1Wyqxj/mXLIw9 X-Proofpoint-ORIG-GUID: zWMZ9uOvjKsN0R9d0q95Sw64TsLl2x17 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-05-08_07,2025-05-08_04,2025-02-21_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 suspectscore=0 mlxlogscore=999 malwarescore=0 lowpriorityscore=0 spamscore=0 adultscore=0 priorityscore=1501 clxscore=1015 bulkscore=0 impostorscore=0 mlxscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2504070000 definitions=main-2505080205 Received-SPF: pass client-ip=148.163.158.5; envelope-from=zycai@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org DIAG 320 is supported when the certificate-store (CS) facility is installed. Availability of CS facility is determined by byte 134 bit 5 of the SCLP Read Info block. Byte 134's facilities cannot be represented without the availability of the extended-length-SCCB, so add it as a check for consistency. Note: secure IPL is not available for Secure Execution (SE) guests, as their images are already integrity protected, and an additional protection of the kernel by secure IPL is not necessary. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/s390x/cpu_features_def.h.inc | 1 + target/s390x/cpu_models.c | 2 ++ target/s390x/gen-features.c | 1 + target/s390x/kvm/kvm.c | 2 ++ 5 files changed, 7 insertions(+) diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c index 4b5be6798e..99089ab3f5 100644 --- a/target/s390x/cpu_features.c +++ b/target/s390x/cpu_features.c @@ -147,6 +147,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type, break; case S390_FEAT_TYPE_SCLP_FAC134: clear_be_bit(s390_feat_def(S390_FEAT_DIAG_318)->bit, data); + clear_be_bit(s390_feat_def(S390_FEAT_DIAG_320)->bit, data); break; default: return; diff --git a/target/s390x/cpu_features_def.h.inc b/target/s390x/cpu_features_def.h.inc index e23e603a79..65d38f546d 100644 --- a/target/s390x/cpu_features_def.h.inc +++ b/target/s390x/cpu_features_def.h.inc @@ -138,6 +138,7 @@ DEF_FEAT(SIE_IBS, "ibs", SCLP_CONF_CHAR_EXT, 10, "SIE: Interlock-and-broadcast-s /* Features exposed via SCLP SCCB Facilities byte 134 (bit numbers relative to byte-134) */ DEF_FEAT(DIAG_318, "diag318", SCLP_FAC134, 0, "Control program name and version codes") +DEF_FEAT(DIAG_320, "diag320", SCLP_FAC134, 5, "Provide Certificate Store functions") /* Features exposed via SCLP CPU info. */ DEF_FEAT(SIE_F2, "sief2", SCLP_CPU, 4, "SIE: interception format 2 (Virtual SIE)") diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index 8951f1b36f..ab38fc9882 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -248,6 +248,7 @@ bool s390_has_feat(S390Feat feat) if (s390_is_pv()) { switch (feat) { case S390_FEAT_DIAG_318: + case S390_FEAT_DIAG_320: case S390_FEAT_HPMA2: case S390_FEAT_SIE_F2: case S390_FEAT_SIE_SKEY: @@ -505,6 +506,7 @@ static void check_consistency(const S390CPUModel *model) { S390_FEAT_PTFF_STOUE, S390_FEAT_MULTIPLE_EPOCH }, { S390_FEAT_AP_QUEUE_INTERRUPT_CONTROL, S390_FEAT_AP }, { S390_FEAT_DIAG_318, S390_FEAT_EXTENDED_LENGTH_SCCB }, + { S390_FEAT_DIAG_320, S390_FEAT_EXTENDED_LENGTH_SCCB }, { S390_FEAT_NNPA, S390_FEAT_VECTOR }, { S390_FEAT_RDP, S390_FEAT_LOCAL_TLB_CLEARING }, { S390_FEAT_UV_FEAT_AP, S390_FEAT_AP }, diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 41840677ce..3d9fbe62ea 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -720,6 +720,7 @@ static uint16_t full_GEN16_GA1[] = { S390_FEAT_PAIE, S390_FEAT_UV_FEAT_AP, S390_FEAT_UV_FEAT_AP_INTR, + S390_FEAT_DIAG_320, }; static uint16_t full_GEN17_GA1[] = { diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c index b9f1422197..6bad1713d2 100644 --- a/target/s390x/kvm/kvm.c +++ b/target/s390x/kvm/kvm.c @@ -2487,6 +2487,8 @@ bool kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp) set_bit(S390_FEAT_DIAG_318, model->features); } + set_bit(S390_FEAT_DIAG_320, model->features); + /* Test for Ultravisor features that influence secure guest behavior */ query_uv_feat_guest(model->features); -- 2.49.0