On Thu, 15 Mar 2018 15:55:39 +0100 Pierre Morel <pmorel@xxxxxxxxxxxxxxxxxx> wrote: > On 15/03/2018 15:48, Tony Krowiak wrote: > > On 03/15/2018 08:26 AM, Pierre Morel wrote: > >> On 14/03/2018 19:25, Tony Krowiak wrote: > >>> diff --git a/arch/s390/kvm/Kconfig b/arch/s390/kvm/Kconfig > >>> index a3dbd45..4ca9077 100644 > >>> --- a/arch/s390/kvm/Kconfig > >>> +++ b/arch/s390/kvm/Kconfig > >>> @@ -33,6 +33,7 @@ config KVM > >>> select HAVE_KVM_INVALID_WAKEUPS > >>> select SRCU > >>> select KVM_VFIO > >>> + select ZCRYPT > >> > >> I do not think it is a good solution to *always* enable ZCRYPT > >> when we have KVM. > > If CONFIG_ZCRYPT is not selected, then the kvm_ap_apxa_installed() > > function will not compile > > because it calls a zcrypt interface. How would you suggest we make > > sure zcrypt interfaces > > used in KVM are built if CONFIG_ZCRYPT is not selected? > > if zcrypt is not configured, I suppose that the KVM code initializaing CRYCB > has no use but the function will be called from KVM. > So I would do something like: > > #ifdef ZCRYPT > external definitions. > #else > stubs returning error -ENOZCRYPT (or whatever) > #endif The kvm code used some kind of detection for crycb before (IIRC it was for the key-wrapping stuff). I assume that usage is independent of zcrypt driver usage in the host? So, I think that apxa detection function should be used to s390 architecture base code and not be conditional on anything.