KVM: s390: reset crypto attributes for all vcpus

Introduces a new function to reset the crypto attributes for all vcpus whether they are running or not. Each vcpu in KVM will be removed from SIE prior to resetting the crypto attributes in its SIE state description. After all vcpus have had their crypto attributes reset the vcpus will be restored to SIE. This function is incorporated into the kvm_s390_vm_set_crypto(kvm) function to fix a reported issue whereby the crypto key wrapping attributes could potentially get out of synch for running vcpus. Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reported-by: Halil Pasic <pasic@linux.vnet.ibm.com> Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
author: Tony Krowiak <akrowiak@linux.vnet.ibm.com> 2018-04-22 11:37:03 -0400
committer: Christian Borntraeger <borntraeger@de.ibm.com> 2018-05-17 03:02:10 -0400
commit: 20c922f04b17aa51a75e514eca8fcbfa337a002d (patch)
tree: 8e5a5fe79974e39726be205edc1681f61f9db407
parent: 55531b7431db789766ac952391e95c170db48581 (diff)
2 files changed, 25 insertions, 5 deletions
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 007db8faafa5..d9799946722e 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -791,11 +791,21 @@ static int kvm_s390_set_mem_control(struct kvm *kvm, struct kvm_device_attr *att
 static void kvm_s390_vcpu_crypto_setup(struct kvm_vcpu *vcpu);
-static int kvm_s390_vm_set_crypto(struct kvm *kvm, struct kvm_device_attr *attr)
+void kvm_s390_vcpu_crypto_reset_all(struct kvm *kvm)
 {
        struct kvm_vcpu *vcpu;
        int i;
+        kvm_s390_vcpu_block_all(kvm);
+        kvm_for_each_vcpu(i, vcpu, kvm)
+                kvm_s390_vcpu_crypto_setup(vcpu);
+        kvm_s390_vcpu_unblock_all(kvm);
+}
+static int kvm_s390_vm_set_crypto(struct kvm *kvm, struct kvm_device_attr *attr)
+{
        if (!test_kvm_facility(kvm, 76))
                return -EINVAL;
@@ -832,10 +842,7 @@ static int kvm_s390_vm_set_crypto(struct kvm *kvm, struct kvm_device_attr *attr)
                return -ENXIO;
        }
-        kvm_for_each_vcpu(i, vcpu, kvm) {
+        kvm_s390_vcpu_crypto_reset_all(kvm);
-                kvm_s390_vcpu_crypto_setup(vcpu);
-                exit_sie(vcpu);
-        }
        mutex_unlock(&kvm->lock);
        return 0;
 }
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 1b5621f4fe5b..981e3ba97461 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -410,4 +410,17 @@ static inline int kvm_s390_use_sca_entries(void)
 }
 void kvm_s390_reinject_machine_check(struct kvm_vcpu *vcpu,
                                     struct mcck_volatile_info *mcck_info);
+/**
+ * kvm_s390_vcpu_crypto_reset_all
+ *
+ * Reset the crypto attributes for each vcpu. This can be done while the vcpus
+ * are running as each vcpu will be removed from SIE before resetting the crypt
+ * attributes and restored to SIE afterward.
+ *
+ * Note: The kvm->lock must be held while calling this function
+ *
+ * @kvm: the KVM guest
+ */
+void kvm_s390_vcpu_crypto_reset_all(struct kvm *kvm);
 #endif
author	Tony Krowiak <akrowiak@linux.vnet.ibm.com>	2018-04-22 11:37:03 -0400
committer	Christian Borntraeger <borntraeger@de.ibm.com>	2018-05-17 03:02:10 -0400
commit	20c922f04b17aa51a75e514eca8fcbfa337a002d (patch)
tree	8e5a5fe79974e39726be205edc1681f61f9db407
parent	55531b7431db789766ac952391e95c170db48581 (diff)