| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <470d8af7-b9f6-0ab7-9bfa-351fbeaa079c@linux.vnet.ibm.com>
Date: Sun, 22 Apr 2018 10:52:55 -0400
From: Tony Krowiak <akrowiak@...ux.vnet.ibm.com>
To: Cornelia Huck <cohuck@...hat.com>
Cc: Harald Freudenberger <FREUDE@...ibm.com>,
Pierre Morel <pmorel@...ux.vnet.ibm.com>,
alex.williamson@...hat.com, alifm@...ux.vnet.ibm.com,
berrange@...hat.com, bjsdjshi@...ux.vnet.ibm.com,
borntrae@...ux.ibm.com, fiuczy@...ux.vnet.ibm.com,
heicars2@...ux.vnet.ibm.com, jjherne@...ux.vnet.ibm.com,
kvm@...r.kernel.org, kwankhede@...dia.com,
linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org,
mjrosato@...ux.vnet.ibm.com, mschwid2@...ux.vnet.ibm.com,
pasic@...ux.vnet.ibm.com, pbonzini@...hat.com,
Reinhard Buendgen <BUENDGEN@...ibm.com>, thuth@...hat.com
Subject: Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization
On 04/18/2018 03:49 AM, Cornelia Huck wrote:
> On Tue, 17 Apr 2018 14:08:59 -0400
> Tony Krowiak <akrowiak@...ux.vnet.ibm.com> wrote:
>
>> On 04/17/2018 11:21 AM, Cornelia Huck wrote:
>>> On Tue, 17 Apr 2018 10:26:57 -0400
>>> Tony Krowiak <akrowiak@...ux.vnet.ibm.com> wrote:
>>>
>>>> On 04/17/2018 06:10 AM, Cornelia Huck wrote:
>>>>> On Tue, 17 Apr 2018 09:49:58 +0200
>>>>> "Harald Freudenberger" <FREUDE@...ibm.com> wrote:
>>>>>
>>>>>> Didn't we say that when APXA is not available there is no Crypto support
>>>>>> for KVM ?
>>>>> [Going by the code, as I don't have access to the architecture]
>>>>>
>>>>> Current status seems to be:
>>>>> - setup crycb if facility 76 is available (that's MSAX3, I guess?)
>>>> The crycb is set up regardless of whether STFLE.76 (MSAX3) is
>>>> installed or not.
>>> Hm, the current code does a quick exit if bit 76 is not set, doesn't
>>> it?
>> I guess that depends upon what you mean by current code. If you are talking
>> about the code as it is distributed today - i.e., before my patch series -
>> then you are correct. This patch changes that; it initializes the
>> kvm->arch.crypto.crycbd to point to the CRYCB, then clears the format bits
>> (kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT_MASK)) which is the same as
>> setting the CRYCB format to format 0. It is only after this that the
>> check is done to determine whether STFLE.76 is set.
> Ah yes, with "current" I referred to current upstream.
>
>>>
>>>>> - use format 2 if APXA is available, else use format 1
>>>> Use format 0 if MSAX3 is not available
>>>> Use format 1 if MSAX3 is available but APXA is not
>>>> Use format 2 if MSAX3 and APXA is available
>>>>
>>>>> From Tony's patch description, the goal seems to be:
>>>>> - setup crycb even if MSAX3 is not available
>>>> Yes, that is true
>>>>
>>>>> So my understanding is that we use APXA only to decide on the format of
>>>>> the crycb, but provide it in any case?
>>>> Yes, that is true
>>> With the format selection you outlined above, I guess. Makes sense from
>>> my point of view (just looking at the source code).
>> It also implements what is stated in the architecture doc.
> OK, great.
>
>>>
>>>>> (Not providing a crycb if APXA is not available would be loss of
>>>>> functionality, I guess? Deciding not to provide vfio-ap if APXA is not
>>>>> available is a different game, of course.)
>>>> This would require a change to enabling the CPU model feature for
>>>> AP.
>>> But would it actually make sense to tie vfio-ap to APXA? This needs to
>>> be answered by folks with access to the architecture :)
>> I don't see any reason to do that from an architectural perspective.
>> One can access AP devices whether APXA is installed or not, it just limits
>> the range of devices that can be addressed
> So I guess we should not introduce a tie-in then (unless it radically
> simplifies the code...)
I'm not clear about what you mean by introducing a tie-in. Can you
clarify that?
>
Powered by blists - more mailing lists