s390x: CPACF: Handle key wrap machine options

#define TYPE_S390_CCW_MACHINE               "s390-ccw-machine"

#define S390_CCW_MACHINE(obj) \

    OBJECT_CHECK(S390CcwMachineState, (obj), TYPE_S390_CCW_MACHINE)

typedef struct S390CcwMachineState {

    /*< private >*/

    MachineState parent_obj;

    /*< public >*/

    bool aes_key_wrap;

    bool dea_key_wrap;

} S390CcwMachineState;

void io_subsystem_reset(void)

{

    DeviceState *css, *sclp, *flic;

    nc->nmi_monitor_handler = s390_nmi;

}

static inline bool machine_get_aes_key_wrap(Object *obj, Error **errp)

{

    S390CcwMachineState *ms = S390_CCW_MACHINE(obj);

    return ms->aes_key_wrap;

}

static inline void machine_set_aes_key_wrap(Object *obj, bool value,

                                            Error **errp)

{

    S390CcwMachineState *ms = S390_CCW_MACHINE(obj);

    ms->aes_key_wrap = value;

}

static inline bool machine_get_dea_key_wrap(Object *obj, Error **errp)

{

    S390CcwMachineState *ms = S390_CCW_MACHINE(obj);

    return ms->dea_key_wrap;

}

static inline void machine_set_dea_key_wrap(Object *obj, bool value,

                                            Error **errp)

{

    S390CcwMachineState *ms = S390_CCW_MACHINE(obj);

    ms->dea_key_wrap = value;

}

static inline void s390_machine_initfn(Object *obj)

{

    object_property_add_bool(obj, "aes-key-wrap",

                             machine_get_aes_key_wrap,

                             machine_set_aes_key_wrap, NULL);

    object_property_set_description(obj, "aes-key-wrap",

            "enable/disable AES key wrapping using the CPACF wrapping key",

            NULL);

    object_property_set_bool(obj, true, "aes-key-wrap", NULL);

    object_property_add_bool(obj, "dea-key-wrap",

                             machine_get_dea_key_wrap,

                             machine_set_dea_key_wrap, NULL);

    object_property_set_description(obj, "dea-key-wrap",

            "enable/disable DEA key wrapping using the CPACF wrapping key",

            NULL);

    object_property_set_bool(obj, true, "dea-key-wrap", NULL);

}

static const TypeInfo ccw_machine_info = {

    .name          = TYPE_S390_CCW_MACHINE,

    .parent        = TYPE_MACHINE,

    .instance_size = sizeof(S390CcwMachineState),

    .instance_init = s390_machine_initfn,

    .class_init    = ccw_machine_class_init,

    .interfaces = (InterfaceInfo[]) {

        { TYPE_NMI },

    "                kvm_shadow_mem=size of KVM shadow MMU\n"

    "                dump-guest-core=on|off include guest memory in a core dump (default=on)\n"

    "                mem-merge=on|off controls memory merge support (default: on)\n"

    "                iommu=on|off controls emulated Intel IOMMU (VT-d) support (default=off)\n",

    "                iommu=on|off controls emulated Intel IOMMU (VT-d) support (default=off)\n"

    "                aes-key-wrap=on|off controls support for AES key wrapping (default=on)\n"

    "                dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n",

    QEMU_ARCH_ALL)

STEXI

@item -machine [type=]@var{name}[,prop=@var{value}[,...]]

(enabled by default).

@item iommu=on|off

Enables or disables emulated Intel IOMMU (VT-d) support. The default is off.

@item aes-key-wrap=on|off

Enables or disables AES key wrapping support on s390-ccw hosts. This feature

controls whether AES wrapping keys will be created to allow

execution of AES cryptographic functions.  The default is on.

@item dea-key-wrap=on|off

Enables or disables DEA key wrapping support on s390-ccw hosts. This feature

controls whether DEA wrapping keys will be created to allow

execution of DEA cryptographic functions.  The default is on.

@end table

ETEXI

    trace_kvm_enable_cmma(rc);

}

static void kvm_s390_set_attr(uint64_t attr)

{

    struct kvm_device_attr attribute = {

        .group = KVM_S390_VM_CRYPTO,

        .attr  = attr,

    };

    int ret = kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, &attribute);

    if (ret) {

        error_report("Failed to set crypto device attribute %lu: %s",

                     attr, strerror(-ret));

    }

}

static void kvm_s390_init_aes_kw(void)

{

    uint64_t attr = KVM_S390_VM_CRYPTO_DISABLE_AES_KW;

    if (object_property_get_bool(OBJECT(qdev_get_machine()), "aes-key-wrap",

                                 NULL)) {

            attr = KVM_S390_VM_CRYPTO_ENABLE_AES_KW;

    }

    if (kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, attr)) {

            kvm_s390_set_attr(attr);

    }

}

static void kvm_s390_init_dea_kw(void)

{

    uint64_t attr = KVM_S390_VM_CRYPTO_DISABLE_DEA_KW;

    if (object_property_get_bool(OBJECT(qdev_get_machine()), "dea-key-wrap",

                                 NULL)) {

            attr = KVM_S390_VM_CRYPTO_ENABLE_DEA_KW;

    }

    if (kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, attr)) {

            kvm_s390_set_attr(attr);

    }

}

static void kvm_s390_init_crypto(void)

{

    kvm_s390_init_aes_kw();

    kvm_s390_init_dea_kw();

}

int kvm_arch_init(MachineState *ms, KVMState *s)

{

    cap_sync_regs = kvm_check_extension(s, KVM_CAP_SYNC_REGS);

    if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL)) {

        error_report("Initial CPU reset failed on CPU %i", cs->cpu_index);

    }

    kvm_s390_init_crypto();

}

static int can_sync_regs(CPUState *cs, int regs)