| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Apr 2018 13:26:02 +0200
From: Cornelia Huck <cohuck@...hat.com>
To: Tony Krowiak <akrowiak@...ux.vnet.ibm.com>
Cc: Pierre Morel <pmorel@...ux.vnet.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com, borntraeger@...ibm.com,
kwankhede@...dia.com, bjsdjshi@...ux.vnet.ibm.com,
pbonzini@...hat.com, alex.williamson@...hat.com,
alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
pasic@...ux.vnet.ibm.com, berrange@...hat.com,
fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com
Subject: Re: [PATCH v3 01/14] KVM: s390: refactor crypto initialization
On Thu, 29 Mar 2018 14:57:22 -0400
Tony Krowiak <akrowiak@...ux.vnet.ibm.com> wrote:
> On 03/26/2018 04:44 AM, Cornelia Huck wrote:
> > On Thu, 15 Mar 2018 15:55:39 +0100
> > Pierre Morel <pmorel@...ux.vnet.ibm.com> wrote:
> >
> >> On 15/03/2018 15:48, Tony Krowiak wrote:
> >>> On 03/15/2018 08:26 AM, Pierre Morel wrote:
> >>>> On 14/03/2018 19:25, Tony Krowiak wrote:
> >>>>> diff --git a/arch/s390/kvm/Kconfig b/arch/s390/kvm/Kconfig
> >>>>> index a3dbd45..4ca9077 100644
> >>>>> --- a/arch/s390/kvm/Kconfig
> >>>>> +++ b/arch/s390/kvm/Kconfig
> >>>>> @@ -33,6 +33,7 @@ config KVM
> >>>>> select HAVE_KVM_INVALID_WAKEUPS
> >>>>> select SRCU
> >>>>> select KVM_VFIO
> >>>>> + select ZCRYPT
> >>>> I do not think it is a good solution to *always* enable ZCRYPT
> >>>> when we have KVM.
> >>> If CONFIG_ZCRYPT is not selected, then the kvm_ap_apxa_installed()
> >>> function will not compile
> >>> because it calls a zcrypt interface. How would you suggest we make
> >>> sure zcrypt interfaces
> >>> used in KVM are built if CONFIG_ZCRYPT is not selected?
> >> if zcrypt is not configured, I suppose that the KVM code initializaing CRYCB
> >> has no use but the function will be called from KVM.
> >> So I would do something like:
> >>
> >> #ifdef ZCRYPT
> >> external definitions.
> >> #else
> >> stubs returning error -ENOZCRYPT (or whatever)
> >> #endif
> > The kvm code used some kind of detection for crycb before (IIRC it was
> > for the key-wrapping stuff). I assume that usage is independent of
> > zcrypt driver usage in the host?
> A function in kvm-s390.c was replaced with a call to the function in
> ap_bus.c that was externalized in patch 2/14. This was done to remove
> duplicate code. Since zcrypt is built into the kernel, I didn't think
> it would be a problem, but apparently because of the way zcrypt is
> configured, it is still possible to remove it from the kernel build.
Yes.
> >
> > So, I think that apxa detection function should be used to s390
> > architecture base code and not be conditional on anything.
> I am convinced that the original function from kvm_s390.c should be
> restored.
That would work as well, but removing the code duplication via moving
to s390 architecture code should not be that bad, either. Leaving the
decision to the respective maintainers.
Powered by blists - more mailing lists