From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54264)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cornelia.huck@de.ibm.com>) id 1ZoYP4-0005J7-33
	for qemu-devel@nongnu.org; Tue, 20 Oct 2015 11:00:46 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cornelia.huck@de.ibm.com>) id 1ZoYOx-0004eT-Bw
	for qemu-devel@nongnu.org; Tue, 20 Oct 2015 11:00:41 -0400
Received: from e06smtp07.uk.ibm.com ([195.75.94.103]:49693)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cornelia.huck@de.ibm.com>) id 1ZoYOx-0004dW-2V
	for qemu-devel@nongnu.org; Tue, 20 Oct 2015 11:00:35 -0400
Received: from localhost
	by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <cornelia.huck@de.ibm.com>;
	Tue, 20 Oct 2015 16:00:33 +0100
Received: from b06cxnps3074.portsmouth.uk.ibm.com
	(d06relay09.portsmouth.uk.ibm.com [9.149.109.194])
	by d06dlp03.portsmouth.uk.ibm.com (Postfix) with ESMTP id 7E2071B0805F
	for <qemu-devel@nongnu.org>; Tue, 20 Oct 2015 16:00:39 +0100 (BST)
Received: from d06av06.portsmouth.uk.ibm.com (d06av06.portsmouth.uk.ibm.com
	[9.149.37.217])
	by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id t9KF0VBj6422892
	for <qemu-devel@nongnu.org>; Tue, 20 Oct 2015 15:00:32 GMT
Received: from d06av06.portsmouth.uk.ibm.com (localhost [127.0.0.1])
	by d06av06.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with
	ESMTP id t9KF0VEY025462
	for <qemu-devel@nongnu.org>; Tue, 20 Oct 2015 09:00:31 -0600
From: Cornelia Huck <cornelia.huck@de.ibm.com>
Date: Tue, 20 Oct 2015 17:00:24 +0200
Message-Id: <1445353225-16775-9-git-send-email-cornelia.huck@de.ibm.com>
In-Reply-To: <1445353225-16775-1-git-send-email-cornelia.huck@de.ibm.com>
References: <1445353225-16775-1-git-send-email-cornelia.huck@de.ibm.com>
Subject: [Qemu-devel] [PULL 8/9] s390x: reset crypto only on clear reset and
	QEMU reset
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: peter.maydell@linaro.org
Cc: borntraeger@de.ibm.com, qemu-devel@nongnu.org, agraf@suse.de, David Hildenbrand <dahi@linux.vnet.ibm.com>, jfrei@linux.vnet.ibm.com, Cornelia Huck <cornelia.huck@de.ibm.com>

From: David Hildenbrand <dahi@linux.vnet.ibm.com>

Initializing VM crypto in initial cpu reset has multiple problems

1. We call the exact same function #VCPU times, although one time is enough
2. On SIGP initial cpu reset, we exchange the wrapping key while
   other VCPUs are running. Bad!
3. It is simply wrong. According to the Pop, a reset happens only during a
   clear reset.

So, we have to reset the keys
- on modified clear reset
- on load clear (QEMU reset - via machine reset)
- on qemu start (via machine reset)

Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
 hw/s390x/s390-virtio.c     |  1 +
 target-s390x/cpu.h         | 11 +++++++++++
 target-s390x/kvm.c         |  4 +---
 target-s390x/misc_helper.c |  1 +
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
index 7b8f15b..9a7b7c2 100644
--- a/hw/s390x/s390-virtio.c
+++ b/hw/s390x/s390-virtio.c
@@ -320,6 +320,7 @@ void s390_machine_reset(void)
     S390CPU *ipl_cpu = S390_CPU(qemu_get_cpu(0));
 
     qemu_devices_reset();
+    s390_crypto_reset();
 
     /* all cpus are stopped - configure and start the ipl cpu only */
     s390_ipl_prepare_cpu(ipl_cpu);
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 07ae16c..ca98e5a 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -1166,6 +1166,7 @@ void kvm_s390_reset_vcpu(S390CPU *cpu);
 int kvm_s390_set_mem_limit(KVMState *s, uint64_t new_limit, uint64_t *hw_limit);
 void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu);
 int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu);
+void kvm_s390_crypto_reset(void);
 #else
 static inline void kvm_s390_io_interrupt(uint16_t subchannel_id,
                                         uint16_t subchannel_nr,
@@ -1215,6 +1216,9 @@ static inline int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu)
 {
     return 0;
 }
+static inline void kvm_s390_crypto_reset(void)
+{
+}
 #endif
 
 static inline int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit)
@@ -1261,6 +1265,13 @@ static inline int s390_assign_subch_ioeventfd(EventNotifier *notifier,
     return kvm_s390_assign_subch_ioeventfd(notifier, sch_id, vq, assign);
 }
 
+static inline void s390_crypto_reset(void)
+{
+    if (kvm_enabled()) {
+        kvm_s390_crypto_reset();
+    }
+}
+
 #ifdef CONFIG_KVM
 static inline bool vregs_needed(void *opaque)
 {
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 6e488d4..84dffe9 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -249,7 +249,7 @@ static void kvm_s390_init_dea_kw(void)
     }
 }
 
-static void kvm_s390_init_crypto(void)
+void kvm_s390_crypto_reset(void)
 {
     kvm_s390_init_aes_kw();
     kvm_s390_init_dea_kw();
@@ -301,8 +301,6 @@ void kvm_s390_reset_vcpu(S390CPU *cpu)
     if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL)) {
         error_report("Initial CPU reset failed on CPU %i", cs->cpu_index);
     }
-
-    kvm_s390_init_crypto();
 }
 
 static int can_sync_regs(CPUState *cs, int regs)
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index ddf2498..a692c44 100644
--- a/target-s390x/misc_helper.c
+++ b/target-s390x/misc_helper.c
@@ -129,6 +129,7 @@ static int modified_clear_reset(S390CPU *cpu)
     }
     cmma_reset(cpu);
     subsystem_reset();
+    s390_crypto_reset();
     scc->load_normal(CPU(cpu));
     cpu_synchronize_all_post_reset();
     resume_all_vcpus();
-- 
2.6.2