Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/18/2018 03:49 AM, Cornelia Huck wrote:
On Tue, 17 Apr 2018 14:08:59 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> wrote:

On 04/17/2018 11:21 AM, Cornelia Huck wrote:
On Tue, 17 Apr 2018 10:26:57 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> wrote:
On 04/17/2018 06:10 AM, Cornelia Huck wrote:
On Tue, 17 Apr 2018 09:49:58 +0200
"Harald Freudenberger" <FREUDE@xxxxxxxxxx> wrote:
Didn't we say that when APXA is not available there is no Crypto support
for KVM ?
[Going by the code, as I don't have access to the architecture]

Current status seems to be:
- setup crycb if facility 76 is available (that's MSAX3, I guess?)
The crycb is set up regardless of whether STFLE.76 (MSAX3) is
installed or not.
Hm, the current code does a quick exit if bit 76 is not set, doesn't
it?
I guess that depends upon what you mean by current code. If you are talking
about the code as it is distributed today - i.e., before my patch series -
then you are correct. This patch changes that; it initializes the
kvm->arch.crypto.crycbd to point to the CRYCB, then clears the format bits
(kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT_MASK)) which is the same as
setting the CRYCB format to format 0. It is only after this that the
check is done to determine whether STFLE.76 is set.
Ah yes, with "current" I referred to current upstream.

- use format 2 if APXA is available, else use format 1
Use format 0 if MSAX3 is not available
Use format 1 if MSAX3 is available but APXA is not
Use format 2 if MSAX3 and APXA is available
   From Tony's patch description, the goal seems to be:
- setup crycb even if MSAX3 is not available
Yes, that is true
So my understanding is that we use APXA only to decide on the format of
the crycb, but provide it in any case?
Yes, that is true
With the format selection you outlined above, I guess. Makes sense from
my point of view (just looking at the source code).
It also implements what is stated in the architecture doc.
OK, great.

(Not providing a crycb if APXA is not available would be loss of
functionality, I guess? Deciding not to provide vfio-ap if APXA is not
available is a different game, of course.)
This would require a change to enabling the CPU model feature for
AP.
But would it actually make sense to tie vfio-ap to APXA? This needs to
be answered by folks with access to the architecture :)
I don't see any reason to do that from an architectural perspective.
One can access AP devices whether APXA is installed or not, it just limits
the range of devices that can be addressed
So I guess we should not introduce a tie-in then (unless it radically
simplifies the code...)

I'm not clear about what you mean by introducing a tie-in. Can you clarify that?



--
To unsubscribe from this list: send the line "unsubscribe linux-s390" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux