lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Apr 2018 18:56:46 +0200
From:   Cornelia Huck <cohuck@...hat.com>
To:     Tony Krowiak <akrowiak@...ux.vnet.ibm.com>
Cc:     Pierre Morel <pmorel@...ux.vnet.ibm.com>, freude@...ibm.com,
        buendgen@...ibm.com, linux-s390@...r.kernel.org,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        schwidefsky@...ibm.com, heiko.carstens@...ibm.com,
        borntraeger@...ibm.com, kwankhede@...dia.com,
        bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
        alex.williamson@...hat.com, alifm@...ux.vnet.ibm.com,
        mjrosato@...ux.vnet.ibm.com, jjherne@...ux.vnet.ibm.com,
        thuth@...hat.com, pasic@...ux.vnet.ibm.com, berrange@...hat.com,
        fiuczy@...ux.vnet.ibm.com
Subject: Re: [PATCH v4 01/15] s390: zcrypt: externalize AP instructions
 available function

On Tue, 17 Apr 2018 09:31:00 -0400
Tony Krowiak <akrowiak@...ux.vnet.ibm.com> wrote:

> My preference would be one of the following:
> 
> 1. All of the interfaces defined in arch/s390/include/asm/ap.h
>     are implemented in a file that is built whether ZCRYPT is
>     built or not.
> 
> 2. The drivers/s390/crypto/ap_asm.h file containing the functions
>     that execute the AP instructions are made available outside of
>     the AP bus, for example; arch/s390/include/asm
> 
> I requested this from the maintainer but was told we don't want to
> have any crypto adapter support when the host AP functionality is
> disabled (CONFIG_ZCRYPT=n). This makes sense, however; I think it is
> a bit confusing to have a header file (arch/s390/include/asm/ap.h)
> with interfaces that are conditionally built.
> 
> This is why I chose the ifdeffery (as you call it) approach. The
> only other solution I can conjure is to duplicate the asm code for
> the AP instructions needed in KVM and bypass using the AP bus
> interfaces.

I think at the root of this is an unfortunate mixup in the
architecture: The format of the crycb changes depending on some ap
feature being installed. Providing the crycb does not have anything to
do with ap device usage in the host, but we need to issue an ap
instruction to get this right. [Correct me if I'm wrong; but that's
what I get without being able to consult the actual architecture.]

So, exporting *all* of the interfaces is probably not needed anyway. I
think it boils down to either "export the interfaces where a mixup
happened, and keep the rest to zcrypt only", or "duplicate the
instructions for kvm usage".

I hope we can find a solution here, as this seems to be one of the main
discussion points :/ (FWIW, I think the basic driver interface is sane.)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ