From nobody Sat Nov 15 07:42:57 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1755553686; cv=none; d=zohomail.com; s=zohoarc; b=IanbxvYQtgDvR9Gypryf+mU2pbWd844B0uxmunWlQR8qqbPW+TTMrKbysWzmQOvSDYr56t1qXTBH/2v63yabyFQkuBXFv3NN6f3bb+YSkh2vTKJU70YdPyfH8ruJc9+ltqGVkrRv8/9KPHwRx9WaiF9frLBIcwIb5Yi0qjIc0yY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1755553686; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=zb5TX4Xl/DXStBzQlpP7Rn8L+sSaY72SPmrBoOhE2yk=; b=fHrM8C8kAoDeeA9R8d3J+p1YTVYYkEEVALIl9tZY2zb8udWWNLb6etocLcXTYBmL2NftB6MjpzBRavaYxQVH6cc0Tk0zdLCoB1JON0v6yFzwM1nVG5xYY+6agPvqTlp4X0utOErlGrmNwrQkf44KQ9kT93W2q4DDXccCaeUJJoc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1755553686184120.60466234114801; Mon, 18 Aug 2025 14:48:06 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uo7eT-0001w8-SH; Mon, 18 Aug 2025 17:44:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uo7dj-0001dH-6Z; Mon, 18 Aug 2025 17:43:39 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uo7dh-0003kb-4w; Mon, 18 Aug 2025 17:43:38 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 57IIgvnk009345; Mon, 18 Aug 2025 21:43:35 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 48jhn3u87p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Aug 2025 21:43:35 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 57IJLfpI003190; Mon, 18 Aug 2025 21:43:34 GMT Received: from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 48k6hm7cvg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Aug 2025 21:43:34 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 57ILhXT020382434 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 18 Aug 2025 21:43:33 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9CD2F58058; Mon, 18 Aug 2025 21:43:33 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5BE8258057; Mon, 18 Aug 2025 21:43:32 +0000 (GMT) Received: from fedora-workstation.ibmuc.com (unknown [9.61.98.172]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Mon, 18 Aug 2025 21:43:32 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=zb5TX4Xl/DXStBzQl pP7Rn8L+sSaY72SPmrBoOhE2yk=; b=AR8HTLLnMlwYKRw0q+euHyyjIzFSjGCzp Z5Xa7UHd8P5hC3jhS9akz7U4EosRfTvQTKWnZ9qrwvlSlTCCiBCHyzM7KvmcYj4O m2oZjQGWh/itW1FEvy/jWJkOGiqYx9fVgBex4efVBas+Rc/VhM9wQtlrFSNuN3Yb 5OHIadFSQMpFLcUnX1fBW9f+r2STKUwiZgdIbvcfb3UQpsbKgkq/UIfnRNADwBOt I5WsFJw8ZmgCBKzueAiOibIlCzyOY34RjV5vCC45lb8Tke6ijOUWoKVPYOtjI+ws duXp4gYFIa6+usIpUPbBjYvi+n8nZxgiWWqd+S5drX6aZh+sdnnkQ== From: Zhuoying Cai To: thuth@redhat.com, berrange@redhat.com, richard.henderson@linaro.org, david@redhat.com, jrossi@linux.ibm.com, qemu-s390x@nongnu.org, qemu-devel@nongnu.org Cc: walling@linux.ibm.com, jjherne@linux.ibm.com, pasic@linux.ibm.com, borntraeger@linux.ibm.com, farman@linux.ibm.com, mjrosato@linux.ibm.com, iii@linux.ibm.com, eblake@redhat.com, armbru@redhat.com, alifm@linux.ibm.com, zycai@linux.ibm.com Subject: [PATCH v5 07/29] s390x/diag: Implement DIAG 320 subcode 1 Date: Mon, 18 Aug 2025 17:43:00 -0400 Message-ID: <20250818214323.529501-8-zycai@linux.ibm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250818214323.529501-1-zycai@linux.ibm.com> References: <20250818214323.529501-1-zycai@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: W9WRZw4DS2mM6HUYjuCpWPlhl5VUBLxw X-Authority-Analysis: v=2.4 cv=L6wdQ/T8 c=1 sm=1 tr=0 ts=68a39e87 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=2OwXVqhp2XgA:10 a=VnNF1IyMAAAA:8 a=vmAlfMB145uIY6ZofiUA:9 X-Proofpoint-GUID: W9WRZw4DS2mM6HUYjuCpWPlhl5VUBLxw X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwODE2MDAyNyBTYWx0ZWRfXyX2uiPjSVrgX 9r7lvQh6AkMrPnRFavKpNeZvfFTzBf1PS/rJyP4tODMnNH6MN0wA/doLGn0nxvQ630wgtUNX+eC q6CBARK0RUXgamU+KVM4TRiUsnF+Hbaq0ekHX/MCjiiAmc3run6cj3SgK9gK5X42CWLQTM+RB0f Xw74yD+U+UpNCk0KHtnbZpSglNcsxrrFwbFYW0SzyiKuRaferWIzIHzUL1tZhM4HaA5rNrCwyfO Iwl/rg2x+U4TvjDKb0u4lTSf1B+lffz+uOYl5ZYvVdaaKkV44sZqEOgShWPDSuec0eCjmbq4Sb2 HuTtim4kB7QA+cTiuJJKYmCFCz15Dx3aBKPwohLfjcMmox9MCAzKB9I1cvNrbWrqNiHkwHRPbCy GL4IEhT4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-08-18_06,2025-08-14_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 clxscore=1015 phishscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2507300000 definitions=main-2508160027 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=zycai@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1755553688570116600 Content-Type: text/plain; charset="utf-8" DIAG 320 subcode 1 provides information needed to determine the amount of storage to store one or more certificates from the certificate store. Upon successful completion, this subcode returns information of the current cert store, such as the number of certificates stored and allowed in the ce= rt store, amount of space may need to be allocate to store a certificate, etc for verification-certificate blocks (VCBs). The subcode value is denoted by setting the left-most bit of an 8-byte field. The verification-certificate-storage-size block (VCSSB) contains the output data when the operation completes successfully. A VCSSB length of 4 indicates that no certificate are available in the cert store. Signed-off-by: Zhuoying Cai --- docs/specs/s390x-secure-ipl.rst | 10 ++++++ include/hw/s390x/ipl/diag320.h | 22 +++++++++++++ target/s390x/diag.c | 56 ++++++++++++++++++++++++++++++++- 3 files changed, 87 insertions(+), 1 deletion(-) diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.= rst index 70e9a66fe0..ddc15f0322 100644 --- a/docs/specs/s390x-secure-ipl.rst +++ b/docs/specs/s390x-secure-ipl.rst @@ -23,3 +23,13 @@ Subcode 0 - query installed subcodes Returns a 256-bit installed subcodes mask (ISM) stored in the installed subcodes block (ISB). This mask indicates which sucodes are currently installed and available for use. + +Subcode 1 - query verification certificate storage information + Provides the information required to determine the amount of memory ne= eded to + store one or more verification-certificates (VCs) from the certificate= store (CS). + + Upon successful completion, this subcode returns various storage size = values for + verification-certificate blocks (VCBs). + + The output is returned in the verification-certificate-storage-size bl= ock (VCSSB). + A VCSSB length of 4 indicates that no certificates are available in th= e CS. diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h index aa04b699c6..6e4779c699 100644 --- a/include/hw/s390x/ipl/diag320.h +++ b/include/hw/s390x/ipl/diag320.h @@ -11,10 +11,32 @@ #define S390X_DIAG320_H =20 #define DIAG_320_SUBC_QUERY_ISM 0 +#define DIAG_320_SUBC_QUERY_VCSI 1 =20 #define DIAG_320_RC_OK 0x0001 #define DIAG_320_RC_NOT_SUPPORTED 0x0102 +#define DIAG_320_RC_INVAL_VCSSB_LEN 0x0202 =20 #define DIAG_320_ISM_QUERY_SUBCODES 0x80000000 +#define DIAG_320_ISM_QUERY_VCSI 0x40000000 + +#define VCSSB_NO_VC 4 +#define VCSSB_MIN_LEN 128 +#define VCE_HEADER_LEN 128 +#define VCB_HEADER_LEN 64 + +struct VCStorageSizeBlock { + uint32_t length; + uint8_t reserved0[3]; + uint8_t version; + uint32_t reserved1[6]; + uint16_t total_vc_ct; + uint16_t max_vc_ct; + uint32_t reserved3[11]; + uint32_t max_single_vcb_len; + uint32_t total_vcb_len; + uint32_t reserved4[10]; +}; +typedef struct VCStorageSizeBlock VCStorageSizeBlock; =20 #endif diff --git a/target/s390x/diag.c b/target/s390x/diag.c index e67ee57f01..b42cf8fe98 100644 --- a/target/s390x/diag.c +++ b/target/s390x/diag.c @@ -191,11 +191,47 @@ out: } } =20 +static int handle_diag320_query_vcsi(S390CPU *cpu, uint64_t addr, uint64_t= r1, + uintptr_t ra, S390IPLCertificateStore= *qcs) +{ + g_autofree VCStorageSizeBlock *vcssb =3D NULL; + + vcssb =3D g_new0(VCStorageSizeBlock, 1); + if (s390_cpu_virt_mem_read(cpu, addr, r1, vcssb, sizeof(*vcssb))) { + s390_cpu_virt_mem_handle_exc(cpu, ra); + return -1; + } + + if (be32_to_cpu(vcssb->length) < VCSSB_MIN_LEN) { + return DIAG_320_RC_INVAL_VCSSB_LEN; + } + + if (!qcs->count) { + vcssb->length =3D cpu_to_be32(VCSSB_NO_VC); + } else { + vcssb->version =3D 0; + vcssb->total_vc_ct =3D cpu_to_be16(qcs->count); + vcssb->max_vc_ct =3D cpu_to_be16(MAX_CERTIFICATES); + vcssb->max_single_vcb_len =3D cpu_to_be32(VCB_HEADER_LEN + VCE_HEA= DER_LEN + + qcs->max_cert_size); + vcssb->total_vcb_len =3D cpu_to_be32(VCB_HEADER_LEN + qcs->count *= VCE_HEADER_LEN + + qcs->total_bytes); + } + + if (s390_cpu_virt_mem_write(cpu, addr, r1, vcssb, be32_to_cpu(vcssb->l= ength))) { + s390_cpu_virt_mem_handle_exc(cpu, ra); + return -1; + } + return DIAG_320_RC_OK; +} + void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr= _t ra) { S390CPU *cpu =3D env_archcpu(env); + S390IPLCertificateStore *qcs =3D s390_ipl_get_certificate_store(); uint64_t subcode =3D env->regs[r3]; uint64_t addr =3D env->regs[r1]; + int rc; =20 if (env->psw.mask & PSW_MASK_PSTATE) { s390_program_interrupt(env, PGM_PRIVILEGED, ra); @@ -219,7 +255,8 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, u= int64_t r3, uintptr_t ra) * but the current set of subcodes can fit within a single word * for now. */ - uint32_t ism_word0 =3D cpu_to_be32(DIAG_320_ISM_QUERY_SUBCODES); + uint32_t ism_word0 =3D cpu_to_be32(DIAG_320_ISM_QUERY_SUBCODES | + DIAG_320_ISM_QUERY_VCSI); =20 if (s390_cpu_virt_mem_write(cpu, addr, r1, &ism_word0, sizeof(ism_= word0))) { s390_cpu_virt_mem_handle_exc(cpu, ra); @@ -228,6 +265,23 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, = uint64_t r3, uintptr_t ra) =20 env->regs[r1 + 1] =3D DIAG_320_RC_OK; break; + case DIAG_320_SUBC_QUERY_VCSI: + if (!diag_parm_addr_valid(addr, sizeof(VCStorageSizeBlock), true))= { + s390_program_interrupt(env, PGM_ADDRESSING, ra); + return; + } + + if (addr & 0x7) { + s390_program_interrupt(env, PGM_ADDRESSING, ra); + return; + } + + rc =3D handle_diag320_query_vcsi(cpu, addr, r1, ra, qcs); + if (rc =3D=3D -1) { + return; + } + env->regs[r1 + 1] =3D rc; + break; default: env->regs[r1 + 1] =3D DIAG_320_RC_NOT_SUPPORTED; break; --=20 2.50.1