>> >>> + if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_AP)) >>> + vcpu->arch.sie_block->eca |= ECA_APIE; >>> >>> - vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd; >>> + /* If MSAX3 is installed on the guest, set up protected key support */ >>> + if (test_kvm_facility(vcpu->kvm, 76)) { >>> + if (vcpu->kvm->arch.crypto.aes_kw) >>> + vcpu->arch.sie_block->ecb3 |= ECB3_AES; >>> + if (vcpu->kvm->arch.crypto.dea_kw) >>> + vcpu->arch.sie_block->ecb3 |= ECB3_DEA; >>> + } >> As the feature can never change, and aes_kw/dea_kw are only set to 1 in >> case we have test_kvm_facility(vcpu->kvm, 76), this change is not needed. >> >> I think this function can be pretty much left alone. Just add the >> KVM_S390_VM_CPU_FEAT_AP handling. > > I disagree, what about the case where the KVM_S390_VM_CPU_FEAT_AP is > configured for the guest but the MSAX3 facility (76) is not? Then aes_kw/dea_kw can never be set. kvm_s390_vm_set_crypto() and kvm_s390_crypto_init() correctly test for facility 76. Or am I missing a case? > >> >>> } >>> >>> void kvm_s390_vcpu_unsetup_cmma(struct kvm_vcpu *vcpu) >>> >> > -- Thanks, David / dhildenb