Skip to content

Commit 03ebe6d

Browse files
author
Mete Durlu
committed
KVM: s390: add msa11 to cpu model
JIRA: https://issues.redhat.com/browse/RHEL-50767 Build-Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=66043500 commit 2c2cc82 Author: Hendrik Brueckner <brueckner@linux.ibm.com> Date: Thu Nov 7 16:23:17 2024 +0100 KVM: s390: add msa11 to cpu model Message-security-assist 11 introduces pckmo subfunctions to encrypt hmac keys. Signed-off-by: Hendrik Brueckner <brueckner@linux.ibm.com> Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com> Link: https://lore.kernel.org/r/20241107152319.77816-3-brueckner@linux.ibm.com Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Message-ID: <20241107152319.77816-3-brueckner@linux.ibm.com> Signed-off-by: Mete Durlu <mdurlu@redhat.com>
1 parent e4a0307 commit 03ebe6d

File tree

3 files changed

+14
-3
lines changed

3 files changed

+14
-3
lines changed

arch/s390/include/asm/kvm_host.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -356,6 +356,7 @@ struct kvm_s390_sie_block {
356356
#define ECD_MEF 0x08000000
357357
#define ECD_ETOKENF 0x02000000
358358
#define ECD_ECC 0x00200000
359+
#define ECD_HMAC 0x00004000
359360
__u32 ecd; /* 0x01c8 */
360361
__u8 reserved1cc[18]; /* 0x01cc */
361362
__u64 pp; /* 0x01de */

arch/s390/kvm/kvm-s390.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3799,6 +3799,13 @@ static bool kvm_has_pckmo_ecc(struct kvm *kvm)
37993799

38003800
}
38013801

3802+
static bool kvm_has_pckmo_hmac(struct kvm *kvm)
3803+
{
3804+
/* At least one HMAC subfunction must be present */
3805+
return kvm_has_pckmo_subfunc(kvm, 118) ||
3806+
kvm_has_pckmo_subfunc(kvm, 122);
3807+
}
3808+
38023809
static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu)
38033810
{
38043811
/*
@@ -3811,17 +3818,19 @@ static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu)
38113818
vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd;
38123819
vcpu->arch.sie_block->ecb3 &= ~(ECB3_AES | ECB3_DEA);
38133820
vcpu->arch.sie_block->eca &= ~ECA_APIE;
3814-
vcpu->arch.sie_block->ecd &= ~ECD_ECC;
3821+
vcpu->arch.sie_block->ecd &= ~(ECD_ECC | ECD_HMAC);
38153822

38163823
if (vcpu->kvm->arch.crypto.apie)
38173824
vcpu->arch.sie_block->eca |= ECA_APIE;
38183825

38193826
/* Set up protected key support */
38203827
if (vcpu->kvm->arch.crypto.aes_kw) {
38213828
vcpu->arch.sie_block->ecb3 |= ECB3_AES;
3822-
/* ecc is also wrapped with AES key */
3829+
/* ecc/hmac is also wrapped with AES key */
38233830
if (kvm_has_pckmo_ecc(vcpu->kvm))
38243831
vcpu->arch.sie_block->ecd |= ECD_ECC;
3832+
if (kvm_has_pckmo_hmac(vcpu->kvm))
3833+
vcpu->arch.sie_block->ecd |= ECD_HMAC;
38253834
}
38263835

38273836
if (vcpu->kvm->arch.crypto.dea_kw)

arch/s390/kvm/vsie.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -335,7 +335,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
335335
/* we may only allow it if enabled for guest 2 */
336336
ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 &
337337
(ECB3_AES | ECB3_DEA);
338-
ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd & ECD_ECC;
338+
ecd_flags = scb_o->ecd & vcpu->arch.sie_block->ecd &
339+
(ECD_ECC | ECD_HMAC);
339340
if (!ecb3_flags && !ecd_flags)
340341
goto end;
341342

0 commit comments

Comments
 (0)