KVM: s390: add msa11 to cpu model · tjh.dev/kernel@2c2cc82

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

KVM: s390: add msa11 to cpu model

Message-security-assist 11 introduces pckmo subfunctions to encrypt
hmac keys.

Signed-off-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Link: https://lore.kernel.org/r/20241107152319.77816-3-brueckner@linux.ibm.com
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Message-ID: <20241107152319.77816-3-brueckner@linux.ibm.com>

authored by

Hendrik Brueckner and committed by

Janosch Frank 1 year ago 2c2cc827 66ff6bf5

+14 -3

3 changed files

expand all

arch

s390

include

asm

kvm_host.h

kvm

kvm-s390.c

vsie.c

arch/s390/include/asm/kvm_host.h

··· 356 356 #define ECD_MEF 0x08000000 357 357 #define ECD_ETOKENF 0x02000000 358 358 #define ECD_ECC 0x00200000 359 + #define ECD_HMAC 0x00004000 359 360 __u32 ecd; /* 0x01c8 */ 360 361 __u8 reserved1cc[18]; /* 0x01cc */ 361 362 __u64 pp; /* 0x01de */

+11 -2

arch/s390/kvm/kvm-s390.c

··· 3796 3796 3797 3797 } 3798 3798 3799 + static bool kvm_has_pckmo_hmac(struct kvm *kvm) 3800 + { 3801 + /* At least one HMAC subfunction must be present */ 3802 + return kvm_has_pckmo_subfunc(kvm, 118) || 3803 + kvm_has_pckmo_subfunc(kvm, 122); 3804 + } 3805 + 3799 3806 static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu) 3800 3807 { 3801 3808 /* ··· 3815 3808 vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd; 3816 3809 vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA); 3817 3810 vcpu->arch.sie_block->eca &= ~ECA_APIE; 3818 - vcpu->arch.sie_block->ecd &= ~ECD_ECC; 3811 + vcpu->arch.sie_block->ecd &= ~(ECD_ECC | ECD_HMAC); 3819 3812 3820 3813 if (vcpu->kvm->arch.crypto.apie) 3821 3814 vcpu->arch.sie_block->eca |= ECA_APIE; ··· 3823 3816 /* Set up protected key support */ 3824 3817 if (vcpu->kvm->arch.crypto.aes_kw) { 3825 3818 vcpu->arch.sie_block->ecb3 |= ECB3_AES; 3826 - /* ecc is also wrapped with AES key */ 3819 + /* ecc/hmac is also wrapped with AES key */ 3827 3820 if (kvm_has_pckmo_ecc(vcpu->kvm)) 3828 3821 vcpu->arch.sie_block->ecd |= ECD_ECC; 3822 + if (kvm_has_pckmo_hmac(vcpu->kvm)) 3823 + vcpu->arch.sie_block->ecd |= ECD_HMAC; 3829 3824 } 3830 3825 3831 3826 if (vcpu->kvm->arch.crypto.dea_kw)

+2 -1

arch/s390/kvm/vsie.c

··· 335 335 /* we may only allow it if enabled for guest 2 */ 336 336 ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & 337 337 (ECB3_AES | ECB3_DEA); 338 - ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd & ECD_ECC; 338 + ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd & 339 + (ECD_ECC | ECD_HMAC); 339 340 if (!ecb3_flags && !ecd_flags) 340 341 goto end; 341 342