From: Cornelia Huck <cornelia.huck@de.ibm.com>
To: qemu-devel@nongnu.org
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>,
borntraeger@de.ibm.com, jfrei@linux.vnet.ibm.com, agraf@suse.de,
David Hildenbrand <dahi@linux.vnet.ibm.com>
Subject: [Qemu-devel] [PATCH 8/9] s390x: reset crypto only on clear reset and QEMU reset
Date: Wed, 14 Oct 2015 13:51:46 +0200 [thread overview]
Message-ID: <1444823507-7267-9-git-send-email-cornelia.huck@de.ibm.com> (raw)
In-Reply-To: <1444823507-7267-1-git-send-email-cornelia.huck@de.ibm.com>
From: David Hildenbrand <dahi@linux.vnet.ibm.com>
Initializing VM crypto in initial cpu reset has multiple problems
1. We call the exact same function #VCPU times, although one time is enough
2. On SIGP initial cpu reset, we exchange the wrapping key while
other VCPUs are running. Bad!
3. It is simply wrong. According to the Pop, a reset happens only during a
clear reset.
So, we have to reset the keys
- on modified clear reset
- on load clear (QEMU reset - via machine reset)
- on qemu start (via machine reset)
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
hw/s390x/s390-virtio.c | 1 +
target-s390x/cpu.h | 11 +++++++++++
target-s390x/kvm.c | 4 +---
target-s390x/misc_helper.c | 1 +
4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
index 7b8f15b..9a7b7c2 100644
--- a/hw/s390x/s390-virtio.c
+++ b/hw/s390x/s390-virtio.c
@@ -320,6 +320,7 @@ void s390_machine_reset(void)
S390CPU *ipl_cpu = S390_CPU(qemu_get_cpu(0));
qemu_devices_reset();
+ s390_crypto_reset();
/* all cpus are stopped - configure and start the ipl cpu only */
s390_ipl_prepare_cpu(ipl_cpu);
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 07ae16c..ca98e5a 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -1166,6 +1166,7 @@ void kvm_s390_reset_vcpu(S390CPU *cpu);
int kvm_s390_set_mem_limit(KVMState *s, uint64_t new_limit, uint64_t *hw_limit);
void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu);
int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu);
+void kvm_s390_crypto_reset(void);
#else
static inline void kvm_s390_io_interrupt(uint16_t subchannel_id,
uint16_t subchannel_nr,
@@ -1215,6 +1216,9 @@ static inline int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu)
{
return 0;
}
+static inline void kvm_s390_crypto_reset(void)
+{
+}
#endif
static inline int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit)
@@ -1261,6 +1265,13 @@ static inline int s390_assign_subch_ioeventfd(EventNotifier *notifier,
return kvm_s390_assign_subch_ioeventfd(notifier, sch_id, vq, assign);
}
+static inline void s390_crypto_reset(void)
+{
+ if (kvm_enabled()) {
+ kvm_s390_crypto_reset();
+ }
+}
+
#ifdef CONFIG_KVM
static inline bool vregs_needed(void *opaque)
{
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index d8cfd38..5cab944 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -249,7 +249,7 @@ static void kvm_s390_init_dea_kw(void)
}
}
-static void kvm_s390_init_crypto(void)
+void kvm_s390_crypto_reset(void)
{
kvm_s390_init_aes_kw();
kvm_s390_init_dea_kw();
@@ -301,8 +301,6 @@ void kvm_s390_reset_vcpu(S390CPU *cpu)
if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL)) {
error_report("Initial CPU reset failed on CPU %i", cs->cpu_index);
}
-
- kvm_s390_init_crypto();
}
static int can_sync_regs(CPUState *cs, int regs)
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index ddf2498..a692c44 100644
--- a/target-s390x/misc_helper.c
+++ b/target-s390x/misc_helper.c
@@ -129,6 +129,7 @@ static int modified_clear_reset(S390CPU *cpu)
}
cmma_reset(cpu);
subsystem_reset();
+ s390_crypto_reset();
scc->load_normal(CPU(cpu));
cpu_synchronize_all_post_reset();
resume_all_vcpus();
--
2.6.1
next prev parent reply other threads:[~2015-10-14 11:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-14 11:51 [Qemu-devel] [PATCH 0/9] Next set of s390x patches Cornelia Huck
2015-10-14 11:51 ` [Qemu-devel] [PATCH 1/9] util/qemu-config: fix missing machine command line options Cornelia Huck
2015-10-14 11:51 ` [Qemu-devel] [PATCH 2/9] s390x/virtio-ccw: fix 2.4 virtio compat Cornelia Huck
2015-10-14 11:51 ` [Qemu-devel] [PATCH 3/9] s390x/kvm: Fix vector validity bit in device machine checks Cornelia Huck
2015-10-14 11:51 ` [Qemu-devel] [PATCH 4/9] s390x: flagify mcic values Cornelia Huck
2015-10-14 11:51 ` [Qemu-devel] [PATCH 5/9] s390x: unify device reset during subsystem_reset() Cornelia Huck
2015-10-14 11:51 ` [Qemu-devel] [PATCH 6/9] s390x/ipl: we always have an ipl device Cornelia Huck
2015-10-14 11:51 ` [Qemu-devel] [PATCH 7/9] s390x: machine reset function with new ipl cpu handling Cornelia Huck
2015-10-14 11:51 ` Cornelia Huck [this message]
2015-10-14 11:51 ` [Qemu-devel] [PATCH 9/9] s390x/cmma: clean up cmma reset Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1444823507-7267-9-git-send-email-cornelia.huck@de.ibm.com \
--to=cornelia.huck@de.ibm.com \
--cc=agraf@suse.de \
--cc=borntraeger@de.ibm.com \
--cc=dahi@linux.vnet.ibm.com \
--cc=jfrei@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).