1. Patchew
  2. linux
  3. [PATCH v6 00/28] KVM: s390: gmap rewrite, the real deal
  4. View patch

[PATCH v6 28/28] KVM: s390: Storage key manipulation IOCTL

Claudio Imbrenda posted 28 patches 1 month, 2 weeks ago
There is a newer version of this series
[PATCH v6 28/28] KVM: s390: Storage key manipulation IOCTL
Posted by Claudio Imbrenda 1 month, 2 weeks ago 
Add a new IOCTL to allow userspace to manipulate storage keys directly.

This will make it easier to write selftests related to storage keys.

Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
---
 arch/s390/kvm/kvm-s390.c | 57 ++++++++++++++++++++++++++++++++++++++++
 include/uapi/linux/kvm.h | 10 +++++++
 2 files changed, 67 insertions(+)

diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 47f2794af2fb..7f28b556b460 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -554,6 +554,37 @@ static void __kvm_s390_exit(void)
 	debug_unregister(kvm_s390_dbf_uv);
 }
 
+static int kvm_s390_keyop(struct kvm_s390_mmu_cache *mc, struct kvm *kvm, int op,
+			  unsigned long addr, union skey skey)
+{
+	union asce asce = kvm->arch.gmap->asce;
+	gfn_t gfn = gpa_to_gfn(addr);
+	int r;
+
+	guard(read_lock)(&kvm->mmu_lock);
+
+	switch (op) {
+	case KVM_S390_KEYOP_SSKE:
+		r = dat_cond_set_storage_key(mc, asce, gfn, skey, &skey, 0, 0, 0);
+		if (r >= 0)
+			return skey.skey;
+		break;
+	case KVM_S390_KEYOP_ISKE:
+		r = dat_get_storage_key(asce, gfn, &skey);
+		if (!r)
+			return skey.skey;
+		break;
+	case KVM_S390_KEYOP_RRBE:
+		r = dat_reset_reference_bit(asce, gfn);
+		if (r > 0)
+			return r << 1;
+		break;
+	default:
+		return -EINVAL;
+	}
+	return r;
+}
+
 /* Section: device related */
 long kvm_arch_dev_ioctl(struct file *filp,
 			unsigned int ioctl, unsigned long arg)
@@ -2931,6 +2962,32 @@ int kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg)
 			r = -EFAULT;
 		break;
 	}
+	case KVM_S390_KEYOP: {
+		struct kvm_s390_mmu_cache *mc;
+		struct kvm_s390_keyop kop;
+		union skey skey;
+
+		if (copy_from_user(&kop, argp, sizeof(kop))) {
+			r = -EFAULT;
+			break;
+		}
+		skey.skey = kop.key;
+
+		mc = kvm_s390_new_mmu_cache();
+		if (!mc)
+			return -ENOMEM;
+
+		r = kvm_s390_keyop(mc, kvm, kop.operation, kop.user_addr, skey);
+		kvm_s390_free_mmu_cache(mc);
+		if (r < 0)
+			break;
+
+		kop.key = r;
+		r = 0;
+		if (copy_to_user(argp, &kop, sizeof(kop)))
+			r = -EFAULT;
+		break;
+	}
 	case KVM_S390_ZPCI_OP: {
 		struct kvm_s390_zpci_op args;
 
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index dddb781b0507..845417e56778 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -1219,6 +1219,15 @@ struct kvm_vfio_spapr_tce {
 	__s32	tablefd;
 };
 
+#define KVM_S390_KEYOP_SSKE 0x01
+#define KVM_S390_KEYOP_ISKE 0x02
+#define KVM_S390_KEYOP_RRBE 0x03
+struct kvm_s390_keyop {
+	__u64 user_addr;
+	__u8  key;
+	__u8  operation;
+};
+
 /*
  * KVM_CREATE_VCPU receives as a parameter the vcpu slot, and returns
  * a vcpu fd.
@@ -1238,6 +1247,7 @@ struct kvm_vfio_spapr_tce {
 #define KVM_S390_UCAS_MAP        _IOW(KVMIO, 0x50, struct kvm_s390_ucas_mapping)
 #define KVM_S390_UCAS_UNMAP      _IOW(KVMIO, 0x51, struct kvm_s390_ucas_mapping)
 #define KVM_S390_VCPU_FAULT	 _IOW(KVMIO, 0x52, unsigned long)
+#define KVM_S390_KEYOP           _IOWR(KVMIO, 0x53, struct kvm_s390_keyop)
 
 /* Device model IOC */
 #define KVM_CREATE_IRQCHIP        _IO(KVMIO,   0x60)
-- 
2.52.0
Re: [PATCH v6 28/28] KVM: s390: Storage key manipulation IOCTL
Posted by Christoph Schlameuss 3 weeks, 4 days ago 
On Mon Dec 22, 2025 at 5:50 PM CET, Claudio Imbrenda wrote:
> Add a new IOCTL to allow userspace to manipulate storage keys directly.
>
> This will make it easier to write selftests related to storage keys.
>
> Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>

Please add some user documentation for the new IOCTL.

[...]

> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index dddb781b0507..845417e56778 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -1219,6 +1219,15 @@ struct kvm_vfio_spapr_tce {
>  	__s32	tablefd;
>  };
>  
> +#define KVM_S390_KEYOP_SSKE 0x01
> +#define KVM_S390_KEYOP_ISKE 0x02
> +#define KVM_S390_KEYOP_RRBE 0x03

Just a nitpik, but why this order? In the arch the order is ISKE, SSKE, RRBE.
Would it not be more logical to keep that order?

> +struct kvm_s390_keyop {
> +	__u64 user_addr;
> +	__u8  key;
> +	__u8  operation;
> +};
> +
>  /*
>   * KVM_CREATE_VCPU receives as a parameter the vcpu slot, and returns
>   * a vcpu fd.
> @@ -1238,6 +1247,7 @@ struct kvm_vfio_spapr_tce {
>  #define KVM_S390_UCAS_MAP        _IOW(KVMIO, 0x50, struct kvm_s390_ucas_mapping)
>  #define KVM_S390_UCAS_UNMAP      _IOW(KVMIO, 0x51, struct kvm_s390_ucas_mapping)
>  #define KVM_S390_VCPU_FAULT	 _IOW(KVMIO, 0x52, unsigned long)
> +#define KVM_S390_KEYOP           _IOWR(KVMIO, 0x53, struct kvm_s390_keyop)
>  
>  /* Device model IOC */
>  #define KVM_CREATE_IRQCHIP        _IO(KVMIO,   0x60)
Re: [PATCH v6 28/28] KVM: s390: Storage key manipulation IOCTL
Posted by Claudio Imbrenda 3 weeks, 4 days ago 
On Wed, 14 Jan 2026 10:33:22 +0100
"Christoph Schlameuss" <schlameuss@linux.ibm.com> wrote:

> On Mon Dec 22, 2025 at 5:50 PM CET, Claudio Imbrenda wrote:
> > Add a new IOCTL to allow userspace to manipulate storage keys directly.
> >
> > This will make it easier to write selftests related to storage keys.
> >
> > Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>  
> 
> Please add some user documentation for the new IOCTL.

already done, it will be in the next iteration.
and also a capability for the new ioctl

> 
> [...]
> 
> > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> > index dddb781b0507..845417e56778 100644
> > --- a/include/uapi/linux/kvm.h
> > +++ b/include/uapi/linux/kvm.h
> > @@ -1219,6 +1219,15 @@ struct kvm_vfio_spapr_tce {
> >  	__s32	tablefd;
> >  };
> >  
> > +#define KVM_S390_KEYOP_SSKE 0x01
> > +#define KVM_S390_KEYOP_ISKE 0x02
> > +#define KVM_S390_KEYOP_RRBE 0x03  
> 
> Just a nitpik, but why this order? In the arch the order is ISKE, SSKE, RRBE.
> Would it not be more logical to keep that order?

I don't know why I chose that order, I guess I can reorder it. It
doesn't really make a difference, but I guess consistency is good

> 
> > +struct kvm_s390_keyop {
> > +	__u64 user_addr;
> > +	__u8  key;
> > +	__u8  operation;
> > +};
> > +
> >  /*
> >   * KVM_CREATE_VCPU receives as a parameter the vcpu slot, and returns
> >   * a vcpu fd.
> > @@ -1238,6 +1247,7 @@ struct kvm_vfio_spapr_tce {
> >  #define KVM_S390_UCAS_MAP        _IOW(KVMIO, 0x50, struct kvm_s390_ucas_mapping)
> >  #define KVM_S390_UCAS_UNMAP      _IOW(KVMIO, 0x51, struct kvm_s390_ucas_mapping)
> >  #define KVM_S390_VCPU_FAULT	 _IOW(KVMIO, 0x52, unsigned long)
> > +#define KVM_S390_KEYOP           _IOWR(KVMIO, 0x53, struct kvm_s390_keyop)
> >  
> >  /* Device model IOC */
> >  #define KVM_CREATE_IRQCHIP        _IO(KVMIO,   0x60)  
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.