lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Apr 2018 17:21:39 +0200
From:   Cornelia Huck <cohuck@...hat.com>
To:     Tony Krowiak <akrowiak@...ux.vnet.ibm.com>
Cc:     Harald Freudenberger <FREUDE@...ibm.com>,
        Pierre Morel <pmorel@...ux.vnet.ibm.com>,
        alex.williamson@...hat.com, alifm@...ux.vnet.ibm.com,
        berrange@...hat.com, bjsdjshi@...ux.vnet.ibm.com,
        borntrae@...ux.ibm.com, fiuczy@...ux.vnet.ibm.com,
        heicars2@...ux.vnet.ibm.com, jjherne@...ux.vnet.ibm.com,
        kvm@...r.kernel.org, kwankhede@...dia.com,
        linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org,
        mjrosato@...ux.vnet.ibm.com, mschwid2@...ux.vnet.ibm.com,
        pasic@...ux.vnet.ibm.com, pbonzini@...hat.com,
        Reinhard Buendgen <BUENDGEN@...ibm.com>, thuth@...hat.com
Subject: Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization

On Tue, 17 Apr 2018 10:26:57 -0400
Tony Krowiak <akrowiak@...ux.vnet.ibm.com> wrote:

> On 04/17/2018 06:10 AM, Cornelia Huck wrote:
> > On Tue, 17 Apr 2018 09:49:58 +0200
> > "Harald Freudenberger" <FREUDE@...ibm.com> wrote:
> >  
> >> Didn't we say that when APXA is not available there is no Crypto support
> >> for KVM ?  
> > [Going by the code, as I don't have access to the architecture]
> >
> > Current status seems to be:
> > - setup crycb if facility 76 is available (that's MSAX3, I guess?)  
> 
> The crycb is set up regardless of whether STFLE.76 (MSAX3) is
> installed or not.

Hm, the current code does a quick exit if bit 76 is not set, doesn't
it?

> 
> > - use format 2 if APXA is available, else use format 1  
> 
> Use format 0 if MSAX3 is not available
> Use format 1 if MSAX3 is available but APXA is not
> Use format 2 if MSAX3 and APXA is available
> 
> >
> >  From Tony's patch description, the goal seems to be:
> > - setup crycb even if MSAX3 is not available  
> 
> Yes, that is true
> 
> >
> > So my understanding is that we use APXA only to decide on the format of
> > the crycb, but provide it in any case?  
> 
> Yes, that is true

With the format selection you outlined above, I guess. Makes sense from
my point of view (just looking at the source code).

> 
> >
> > (Not providing a crycb if APXA is not available would be loss of
> > functionality, I guess? Deciding not to provide vfio-ap if APXA is not
> > available is a different game, of course.)  
> 
> This would require a change to enabling the CPU model feature for
> AP.

But would it actually make sense to tie vfio-ap to APXA? This needs to
be answered by folks with access to the architecture :)

[Personally, I think we should go with the version that uses the least
restrictions without introducing over-complex code. What constitutes
"over-complex code" is of course in the eye of the beholder...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ