[PATCH v2 4/4] KVM: s390: vsie: Implement ASTFLEIE facility 2
From: Christoph Schlameuss
Date: Thu Feb 26 2026 - 07:54:47 EST
From: Nina Schoetterl-Glausch <nsg@xxxxxxxxxxxxx>
Implement shadowing of format-2 facility list when running in VSIE.
ASTFLEIE2 is available since IBM z16.
To function G1 has to run this KVM code and G1 and G2 have to run QEMU
with ASTFLEIE2 support.
Signed-off-by: Nina Schoetterl-Glausch <nsg@xxxxxxxxxxxxx>
Co-developed-by: Christoph Schlameuss <schlameuss@xxxxxxxxxxxxx>
Signed-off-by: Christoph Schlameuss <schlameuss@xxxxxxxxxxxxx>
---
arch/s390/include/asm/kvm_host.h | 7 +++++++
arch/s390/kvm/kvm-s390.c | 2 ++
arch/s390/kvm/vsie.c | 34 ++++++++++++++++++++++++++++++----
3 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index 23d17700319a5ef2031eabcad34b6191d1ef9b21..89a797e436336b9671119d93b02f3b39b0ed45e6 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -506,6 +506,13 @@ struct kvm_s390_cpu_model {
struct kvm_s390_vm_cpu_uv_feat uv_feat_guest;
};
+#define S390_ARCH_FAC_FORMAT_2 2
+struct kvm_s390_f2_flcb {
+ u8 reserved0[7];
+ u8 length;
+ u64 facilities[S390_ARCH_FAC_LIST_SIZE_U64];
+};
+
typedef int (*crypto_hook)(struct kvm_vcpu *vcpu);
struct kvm_s390_crypto {
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 1a4abac697a40079c4dd6566581aaed321871a1f..ff9edc7d265b3b5babb265d47ea36464f684a040 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -460,6 +460,8 @@ static void __init kvm_s390_cpu_feat_init(void)
allow_cpu_feat(KVM_S390_VM_CPU_FEAT_IBS);
if (sclp.has_kss)
allow_cpu_feat(KVM_S390_VM_CPU_FEAT_KSS);
+ if (sclp.has_astfleie2)
+ allow_cpu_feat(KVM_S390_VM_CPU_FEAT_ASTFLEIE2);
/*
* KVM_S390_VM_CPU_FEAT_SKEY: Wrong shadow of PTE.I bits will make
* all skey handling functions read/set the skey from the PGSTE
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index 3a2c644ef4fc630e2a13475fc1600c8053520bcd..bae96ff4a7c7b6e8ea2906007ce6fc9a386e0038 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -65,9 +65,9 @@ struct vsie_page {
gpa_t scb_gpa; /* 0x0258 */
/* the shadow gmap in use by the vsie_page */
struct gmap_cache gmap_cache; /* 0x0260 */
- __u8 reserved[0x0700 - 0x0278]; /* 0x0278 */
- struct kvm_s390_crypto_cb crycb; /* 0x0700 */
- __u8 fac[S390_ARCH_FAC_LIST_SIZE_BYTE]; /* 0x0800 */
+ __u8 reserved[0x06f8 - 0x0278]; /* 0x0278 */
+ struct kvm_s390_crypto_cb crycb; /* 0x06f8 */
+ __u8 fac[8 + S390_ARCH_FAC_LIST_SIZE_BYTE];/* 0x0800 */
};
static_assert(sizeof(struct vsie_page) == PAGE_SIZE);
@@ -999,6 +999,28 @@ static int handle_stfle_0(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page,
return 0;
}
+static int handle_stfle_2(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page, u32 fac_list_origin)
+{
+ struct kvm_s390_f2_flcb *flcb_s = (struct kvm_s390_f2_flcb *)vsie_page->fac;
+ struct kvm_s390_sie_block *scb_s = &vsie_page->scb_s;
+ u64 len;
+
+ if (read_guest_real(vcpu, fac_list_origin, &len, sizeof(len)))
+ return set_validity_icpt(scb_s, 0x1090U);
+
+ /* discard reserved bits */
+ len = (len & U8_MAX);
+ flcb_s->length = len;
+ len += 1;
+
+ if (read_guest_real(vcpu, fac_list_origin + offsetof(struct kvm_s390_f2_flcb, facilities),
+ &flcb_s->facilities, len * sizeof(u64)))
+ return set_validity_icpt(scb_s, 0x1090U);
+
+ scb_s->fac = (u32)virt_to_phys(&vsie_page->fac) | S390_ARCH_FAC_FORMAT_2;
+ return 0;
+}
+
/*
* Try to shadow + enable the guest 2 provided facility list.
* Retry instruction execution if enabled for and provided by guest 2.
@@ -1013,6 +1035,8 @@ static int handle_stfle(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
int format_mask, format;
u32 origin;
+ /* assert no overflow with maximum len */
+ BUILD_BUG_ON(sizeof(vsie_page->fac) < ((S390_ARCH_FAC_LIST_SIZE_U64 + 1) * sizeof(u64)));
BUILD_BUG_ON(!IS_ALIGNED(offsetof(struct vsie_page, fac), 8));
if (fac && test_kvm_facility(vcpu->kvm, 7)) {
@@ -1028,9 +1052,11 @@ static int handle_stfle(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
case 0:
return handle_stfle_0(vcpu, vsie_page, origin);
case 1:
+ return set_validity_icpt(&vsie_page->scb_s, 0x1330U);
case 2:
+ return handle_stfle_2(vcpu, vsie_page, origin);
case 3:
- unreachable();
+ return set_validity_icpt(&vsie_page->scb_s, 0x1330U);
}
}
return 0;
--
2.53.0