On Tue, 17 Apr 2018 14:08:59 -0400 Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> wrote: > On 04/17/2018 11:21 AM, Cornelia Huck wrote: > > On Tue, 17 Apr 2018 10:26:57 -0400 > > Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> wrote: > > > >> On 04/17/2018 06:10 AM, Cornelia Huck wrote: > >>> On Tue, 17 Apr 2018 09:49:58 +0200 > >>> "Harald Freudenberger" <FREUDE@xxxxxxxxxx> wrote: > >>> > >>>> Didn't we say that when APXA is not available there is no Crypto support > >>>> for KVM ? > >>> [Going by the code, as I don't have access to the architecture] > >>> > >>> Current status seems to be: > >>> - setup crycb if facility 76 is available (that's MSAX3, I guess?) > >> The crycb is set up regardless of whether STFLE.76 (MSAX3) is > >> installed or not. > > Hm, the current code does a quick exit if bit 76 is not set, doesn't > > it? > > I guess that depends upon what you mean by current code. If you are talking > about the code as it is distributed today - i.e., before my patch series - > then you are correct. This patch changes that; it initializes the > kvm->arch.crypto.crycbd to point to the CRYCB, then clears the format bits > (kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT_MASK)) which is the same as > setting the CRYCB format to format 0. It is only after this that the > check is done to determine whether STFLE.76 is set. Ah yes, with "current" I referred to current upstream. > > > > >>> - use format 2 if APXA is available, else use format 1 > >> Use format 0 if MSAX3 is not available > >> Use format 1 if MSAX3 is available but APXA is not > >> Use format 2 if MSAX3 and APXA is available > >> > >>> From Tony's patch description, the goal seems to be: > >>> - setup crycb even if MSAX3 is not available > >> Yes, that is true > >> > >>> So my understanding is that we use APXA only to decide on the format of > >>> the crycb, but provide it in any case? > >> Yes, that is true > > With the format selection you outlined above, I guess. Makes sense from > > my point of view (just looking at the source code). > It also implements what is stated in the architecture doc. OK, great. > > > >>> (Not providing a crycb if APXA is not available would be loss of > >>> functionality, I guess? Deciding not to provide vfio-ap if APXA is not > >>> available is a different game, of course.) > >> This would require a change to enabling the CPU model feature for > >> AP. > > But would it actually make sense to tie vfio-ap to APXA? This needs to > > be answered by folks with access to the architecture :) > > I don't see any reason to do that from an architectural perspective. > One can access AP devices whether APXA is installed or not, it just limits > the range of devices that can be addressed So I guess we should not introduce a tie-in then (unless it radically simplifies the code...)