Re: [PATCH v3 01/14] KVM: s390: refactor crypto initialization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 29 Mar 2018 14:57:22 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> wrote:

> On 03/26/2018 04:44 AM, Cornelia Huck wrote:
> > On Thu, 15 Mar 2018 15:55:39 +0100
> > Pierre Morel <pmorel@xxxxxxxxxxxxxxxxxx> wrote:
> >  
> >> On 15/03/2018 15:48, Tony Krowiak wrote:  
> >>> On 03/15/2018 08:26 AM, Pierre Morel wrote:  
> >>>> On 14/03/2018 19:25, Tony Krowiak wrote:  
> >>>>> diff --git a/arch/s390/kvm/Kconfig b/arch/s390/kvm/Kconfig
> >>>>> index a3dbd45..4ca9077 100644
> >>>>> --- a/arch/s390/kvm/Kconfig
> >>>>> +++ b/arch/s390/kvm/Kconfig
> >>>>> @@ -33,6 +33,7 @@ config KVM
> >>>>>        select HAVE_KVM_INVALID_WAKEUPS
> >>>>>        select SRCU
> >>>>>        select KVM_VFIO
> >>>>> +    select ZCRYPT  
> >>>> I do not think it is a good solution to *always* enable ZCRYPT
> >>>> when we have KVM.  
> >>> If CONFIG_ZCRYPT is not selected, then the kvm_ap_apxa_installed()
> >>> function will not compile
> >>> because it calls a zcrypt interface. How would you suggest we make
> >>> sure zcrypt interfaces
> >>> used in KVM are built if CONFIG_ZCRYPT is not selected?  
> >> if zcrypt is not configured, I suppose that the KVM code initializaing CRYCB
> >> has no use but the function will be called from KVM.
> >> So I would do something like:
> >>
> >> #ifdef ZCRYPT
> >> external definitions.
> >> #else
> >> stubs returning error -ENOZCRYPT (or whatever)
> >> #endif  
> > The kvm code used some kind of detection for crycb before (IIRC it was
> > for the key-wrapping stuff). I assume that usage is independent of
> > zcrypt driver usage in the host?  
> A function in kvm-s390.c was replaced with a call to the function in
> ap_bus.c that was externalized in patch 2/14. This was done to remove
> duplicate code. Since zcrypt is built into the kernel, I didn't think
> it would be a problem, but apparently because of the way zcrypt is
> configured, it is still possible to remove it from the kernel build.

Yes.

> >
> > So, I think that apxa detection function should be used to s390
> > architecture base code and not be conditional on anything.  
> I am convinced that the original function from kvm_s390.c should be
> restored.

That would work as well, but removing the code duplication via moving
to s390 architecture code should not be that bad, either. Leaving the
decision to the respective maintainers.
--
To unsubscribe from this list: send the line "unsubscribe linux-s390" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux