On 8/23/18 12:25 PM, Pierre Morel wrote: > When entering the SIE the CRYCB validation better > be done independently of the instruction's > availability. > > Signed-off-by: Pierre Morel <pmorel@xxxxxxxxxxxxx> > --- > arch/s390/kvm/vsie.c | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > > diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c > index 12b9707..38ea5da 100644 > --- a/arch/s390/kvm/vsie.c > +++ b/arch/s390/kvm/vsie.c > @@ -161,17 +161,18 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) > /* format-1 is supported with message-security-assist extension 3 */ > if (!test_kvm_facility(vcpu->kvm, 76)) > return 0; > - /* we may only allow it if enabled for guest 2 */ > - ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & > - (ECB3_AES | ECB3_DEA); > - if (!ecb3_flags) > - return 0; > > if ((crycb_addr & PAGE_MASK) != ((crycb_addr + 128) & PAGE_MASK)) > return set_validity_icpt(scb_s, 0x003CU); > else if (!crycb_addr) > return set_validity_icpt(scb_s, 0x0039U); > > + /* we may only allow it if enabled for guest 2 */ > + ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & > + (ECB3_AES | ECB3_DEA); > + if (!ecb3_flags) > + return 0; > + > /* copy only the wrapping keys */ > if (read_guest_real(vcpu, crycb_addr + 72, > vsie_page->crycb.dea_wrapping_key_mask, 56)) > I seemed to have forgotten to add this while being preoccupied with the search for the validity discussion in #3. Reviewed-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
Attachment:
signature.asc
Description: OpenPGP digital signature
