[GIT PULL 12/14] KVM: s390: add msa11 to cpu model

public inbox for linux-s390@vger.kernel.org
 help / color / mirror / Atom feed

From: Janosch Frank <frankja@linux.ibm.com>
To: pbonzini@redhat.com
Cc: kvm@vger.kernel.org, frankja@linux.ibm.com, david@redhat.com,
	borntraeger@linux.ibm.com, cohuck@redhat.com,
	linux-s390@vger.kernel.org, imbrenda@linux.ibm.com,
	hca@linux.ibm.com, Hendrik Brueckner <brueckner@linux.ibm.com>
Subject: [GIT PULL 12/14] KVM: s390: add msa11 to cpu model
Date: Tue, 12 Nov 2024 17:23:26 +0100	[thread overview]
Message-ID: <20241112162536.144980-13-frankja@linux.ibm.com> (raw)
In-Reply-To: <20241112162536.144980-1-frankja@linux.ibm.com>

From: Hendrik Brueckner <brueckner@linux.ibm.com>

Message-security-assist 11 introduces pckmo subfunctions to encrypt
hmac keys.

Signed-off-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Link: https://lore.kernel.org/r/20241107152319.77816-3-brueckner@linux.ibm.com
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Message-ID: <20241107152319.77816-3-brueckner@linux.ibm.com>
---
 arch/s390/include/asm/kvm_host.h |  1 +
 arch/s390/kvm/kvm-s390.c         | 13 +++++++++++--
 arch/s390/kvm/vsie.c             |  3 ++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index 8e77afbed58e..851cfe5042f3 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -356,6 +356,7 @@ struct kvm_s390_sie_block {
 #define ECD_MEF		0x08000000
 #define ECD_ETOKENF	0x02000000
 #define ECD_ECC		0x00200000
+#define ECD_HMAC	0x00004000
 	__u32	ecd;			/* 0x01c8 */
 	__u8	reserved1cc[18];	/* 0x01cc */
 	__u64	pp;			/* 0x01de */
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 74f385b5efbd..20b1317ef95d 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -3796,6 +3796,13 @@ static bool kvm_has_pckmo_ecc(struct kvm *kvm)
 
 }
 
+static bool kvm_has_pckmo_hmac(struct kvm *kvm)
+{
+	/* At least one HMAC subfunction must be present */
+	return kvm_has_pckmo_subfunc(kvm, 118) ||
+	       kvm_has_pckmo_subfunc(kvm, 122);
+}
+
 static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu)
 {
 	/*
@@ -3808,7 +3815,7 @@ static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu)
 	vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd;
 	vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA);
 	vcpu->arch.sie_block->eca &= ~ECA_APIE;
-	vcpu->arch.sie_block->ecd &= ~ECD_ECC;
+	vcpu->arch.sie_block->ecd &= ~(ECD_ECC | ECD_HMAC);
 
 	if (vcpu->kvm->arch.crypto.apie)
 		vcpu->arch.sie_block->eca |= ECA_APIE;
@@ -3816,9 +3823,11 @@ static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu)
 	/* Set up protected key support */
 	if (vcpu->kvm->arch.crypto.aes_kw) {
 		vcpu->arch.sie_block->ecb3 |= ECB3_AES;
-		/* ecc is also wrapped with AES key */
+		/* ecc/hmac is also wrapped with AES key */
 		if (kvm_has_pckmo_ecc(vcpu->kvm))
 			vcpu->arch.sie_block->ecd |= ECD_ECC;
+		if (kvm_has_pckmo_hmac(vcpu->kvm))
+			vcpu->arch.sie_block->ecd |= ECD_HMAC;
 	}
 
 	if (vcpu->kvm->arch.crypto.dea_kw)
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index 89cafea4c41f..9ce0902f309b 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -335,7 +335,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 	/* we may only allow it if enabled for guest 2 */
 	ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 &
 		     (ECB3_AES | ECB3_DEA);
-	ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd & ECD_ECC;
+	ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd &
+		     (ECD_ECC | ECD_HMAC);
 	if (!ecb3_flags && !ecd_flags)
 		goto end;
 
-- 
2.47.0

next prev parent reply	other threads:[~2024-11-12 16:26 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-12 16:23 [GIT PULL 00/14] KVM: s390: pull requests for 6.13 Janosch Frank
2024-11-12 16:23 ` [GIT PULL 01/14] KVM: s390: selftests: Add regression tests for SORTL and DFLTCC CPU subfunctions Janosch Frank
2024-11-12 16:23 ` [GIT PULL 02/14] KVM: s390: selftests: Add regression tests for PRNO, KDSA and KMA crypto subfunctions Janosch Frank
2024-11-12 16:23 ` [GIT PULL 03/14] KVM: s390: selftests: Add regression tests for KMCTR, KMF, KMO and PCC " Janosch Frank
2024-11-12 16:23 ` [GIT PULL 04/14] KVM: s390: selftests: Add regression tests for KMAC, KMC, KM, KIMD and KLMD " Janosch Frank
2024-11-12 16:23 ` [GIT PULL 05/14] KVM: s390: selftests: Add regression tests for PLO subfunctions Janosch Frank
2024-11-12 16:23 ` [GIT PULL 06/14] KVM: s390: selftests: Add uc_map_unmap VM test case Janosch Frank
2024-11-12 16:23 ` [GIT PULL 07/14] KVM: s390: selftests: Add uc_skey " Janosch Frank
2024-11-12 16:23 ` [GIT PULL 08/14] KVM: s390: selftests: Verify reject memory region operations for ucontrol VMs Janosch Frank
2024-11-12 16:23 ` [GIT PULL 09/14] KVM: s390: selftests: Fix whitespace confusion in ucontrol test Janosch Frank
2024-11-12 16:23 ` [GIT PULL 10/14] KVM: s390: selftests: correct IP.b length in uc_handle_sieic debug output Janosch Frank
2024-11-12 16:23 ` [GIT PULL 11/14] KVM: s390: add concurrent-function facility to cpu model Janosch Frank
2024-11-12 16:23 ` Janosch Frank [this message]
2024-11-12 16:23 ` [GIT PULL 13/14] KVM: s390: add gen17 facilities to CPU model Janosch Frank
2024-11-12 16:23 ` [GIT PULL 14/14] KVM: s390: selftests: Add regression tests for PFCR subfunctions Janosch Frank
2024-11-12 18:19 ` [GIT PULL 00/14] KVM: s390: pull requests for 6.13 Paolo Bonzini

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8e77afbed58 dfblob:851cfe5042f dfblob:74f385b5efb
dfblob:20b1317ef95 dfblob:89cafea4c41 dfblob:9ce0902f309 )
 OR (
bs:"[GIT PULL 12/14] KVM: s390: add msa11 to cpu model" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241112162536.144980-13-frankja@linux.ibm.com \
    --to=frankja@linux.ibm.com \
    --cc=borntraeger@linux.ibm.com \
    --cc=brueckner@linux.ibm.com \
    --cc=cohuck@redhat.com \
    --cc=david@redhat.com \
    --cc=hca@linux.ibm.com \
    --cc=imbrenda@linux.ibm.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox