s390x: reset crypto only on clear reset and QEMU reset

Initializing VM crypto in initial cpu reset has multiple problems 1. We call the exact same function #VCPU times, although one time is enough 2. On SIGP initial cpu reset, we exchange the wrapping key while other VCPUs are running. Bad! 3. It is simply wrong. According to the Pop, a reset happens only during a clear reset. So, we have to reset the keys - on modified clear reset - on load clear (QEMU reset - via machine reset) - on qemu start (via machine reset) Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
qemu · Oct 21, 2015 · 4ab7292 · 4ab7292
1 parent db3b256
commit 4ab7292
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
@@ -320,6 +320,7 @@ void s390_machine_reset(void)
     S390CPU *ipl_cpu = S390_CPU(qemu_get_cpu(0));
 
     qemu_devices_reset();
+    s390_crypto_reset();
 
     /* all cpus are stopped - configure and start the ipl cpu only */
     s390_ipl_prepare_cpu(ipl_cpu);

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
@@ -1166,6 +1166,7 @@ void kvm_s390_reset_vcpu(S390CPU *cpu);
 int kvm_s390_set_mem_limit(KVMState *s, uint64_t new_limit, uint64_t *hw_limit);
 void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu);
 int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu);
+void kvm_s390_crypto_reset(void);
 #else
 static inline void kvm_s390_io_interrupt(uint16_t subchannel_id,
                                         uint16_t subchannel_nr,
@@ -1215,6 +1216,9 @@ static inline int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu)
 {
     return 0;
 }
+static inline void kvm_s390_crypto_reset(void)
+{
+}
 #endif
 
 static inline int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit)
@@ -1261,6 +1265,13 @@ static inline int s390_assign_subch_ioeventfd(EventNotifier *notifier,
     return kvm_s390_assign_subch_ioeventfd(notifier, sch_id, vq, assign);
 }
 
+static inline void s390_crypto_reset(void)
+{
+    if (kvm_enabled()) {
+        kvm_s390_crypto_reset();
+    }
+}
+
 #ifdef CONFIG_KVM
 static inline bool vregs_needed(void *opaque)
 {

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
@@ -249,7 +249,7 @@ static void kvm_s390_init_dea_kw(void)
     }
 }
 
-static void kvm_s390_init_crypto(void)
+void kvm_s390_crypto_reset(void)
 {
     kvm_s390_init_aes_kw();
     kvm_s390_init_dea_kw();
@@ -301,8 +301,6 @@ void kvm_s390_reset_vcpu(S390CPU *cpu)
     if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL)) {
         error_report("Initial CPU reset failed on CPU %i", cs->cpu_index);
     }
-
-    kvm_s390_init_crypto();
 }
 
 static int can_sync_regs(CPUState *cs, int regs)

diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
@@ -129,6 +129,7 @@ static int modified_clear_reset(S390CPU *cpu)
     }
     cmma_reset(cpu);
     subsystem_reset();
+    s390_crypto_reset();
     scc->load_normal(CPU(cpu));
     cpu_synchronize_all_post_reset();
     resume_all_vcpus();