Commit 2c2cc827 authored by Hendrik Brueckner's avatar Hendrik Brueckner Committed by Janosch Frank
Browse files

KVM: s390: add msa11 to cpu model 



Message-security-assist 11 introduces pckmo subfunctions to encrypt
hmac keys.

Signed-off-by: default avatarHendrik Brueckner <brueckner@linux.ibm.com>
Reviewed-by: default avatarJanosch Frank <frankja@linux.ibm.com>
Reviewed-by: default avatarChristian Borntraeger <borntraeger@linux.ibm.com>
Link: https://lore.kernel.org/r/20241107152319.77816-3-brueckner@linux.ibm.com


Signed-off-by: default avatarJanosch Frank <frankja@linux.ibm.com>
Message-ID: <20241107152319.77816-3-brueckner@linux.ibm.com>
parent 66ff6bf5

arch/s390/include/asm/kvm_host.h

+1 −0
Original line number Diff line number Diff line
@@ -356,6 +356,7 @@ struct kvm_s390_sie_block { 
#define ECD_MEF		0x08000000

#define ECD_ETOKENF	0x02000000

#define ECD_ECC		0x00200000

#define ECD_HMAC	0x00004000

	__u32	ecd;			/* 0x01c8 */

	__u8	reserved1cc[18];	/* 0x01cc */

	__u64	pp;			/* 0x01de */

arch/s390/kvm/kvm-s390.c

+11 −2
Original line number Diff line number Diff line
@@ -3796,6 +3796,13 @@ static bool kvm_has_pckmo_ecc(struct kvm *kvm) 


}



static bool kvm_has_pckmo_hmac(struct kvm *kvm)

{

	/* At least one HMAC subfunction must be present */

	return kvm_has_pckmo_subfunc(kvm, 118) ||

	       kvm_has_pckmo_subfunc(kvm, 122);

}



static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu)

{

	/*
@@ -3808,7 +3815,7 @@ static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) 
	vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd;

	vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA);

	vcpu->arch.sie_block->eca &= ~ECA_APIE;

	vcpu->arch.sie_block->ecd &= ~ECD_ECC;

	vcpu->arch.sie_block->ecd &= ~(ECD_ECC | ECD_HMAC);



	if (vcpu->kvm->arch.crypto.apie)

		vcpu->arch.sie_block->eca |= ECA_APIE;
@@ -3816,9 +3823,11 @@ static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) 
	/* Set up protected key support */

	if (vcpu->kvm->arch.crypto.aes_kw) {

		vcpu->arch.sie_block->ecb3 |= ECB3_AES;

		/* ecc is also wrapped with AES key */

		/* ecc/hmac is also wrapped with AES key */

		if (kvm_has_pckmo_ecc(vcpu->kvm))

			vcpu->arch.sie_block->ecd |= ECD_ECC;

		if (kvm_has_pckmo_hmac(vcpu->kvm))

			vcpu->arch.sie_block->ecd |= ECD_HMAC;

	}



	if (vcpu->kvm->arch.crypto.dea_kw)

arch/s390/kvm/vsie.c

+2 −1
Original line number Diff line number Diff line
@@ -335,7 +335,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) 
	/* we may only allow it if enabled for guest 2 */

	ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 &

		     (ECB3_AES | ECB3_DEA);

	ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd & ECD_ECC;

	ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd &

		     (ECD_ECC | ECD_HMAC);

	if (!ecb3_flags && !ecd_flags)

		goto end;