lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <6ece398b-49eb-c048-64c7-85acf3801103@linux.vnet.ibm.com>
Date:   Mon, 7 May 2018 10:02:50 -0400
From:   Tony Krowiak <akrowiak@...ux.vnet.ibm.com>
To:     David Hildenbrand <david@...hat.com>, linux-s390@...r.kernel.org,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc:     freude@...ibm.com, schwidefsky@...ibm.com,
        heiko.carstens@...ibm.com, borntraeger@...ibm.com,
        cohuck@...hat.com, kwankhede@...dia.com,
        bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
        alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
        alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
        jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
        pasic@...ux.vnet.ibm.com, berrange@...hat.com,
        fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com
Subject: Re: [PATCH v4 01/15] s390: zcrypt: externalize AP instructions
 available function

On 05/04/2018 03:19 AM, David Hildenbrand wrote:
> On 15.04.2018 23:22, Tony Krowiak wrote:
>> If the AP instructions are not available on the linux host, then
>> AP devices can not be interpreted by the SIE. The AP bus has a
> This statement is wrong. The instructions can be interpreted by SIE e.g.
> if there are no devices assigned to a guest. This is e.g. the case for
> !CONFIG_ZCRYPT.

While the statement is admittedly poorly worded, it is not wrong.
Without going into architectural details, If the AP instructions
are not available, they will not be interpreted for guest
level 1 - i.e., the linux host. If AP instructions are not interpreted
for guest level 1, then they will not be interpreted for guest
level 2 regardless of whether ECA_APIE is set for guest level 2 or
not. I don't see how CONFIG_ZCRYPT has anything to do with this.


>
> Also, doesn't this directly imply that the other execution control
> should also not be used ("intercept AP instuctions"). This would be bad.
> Just because !CONFIG_ZCRYPT does not imply that you can't emulate AP
> devices for a guest.

Setting CONFIG_ZCRYPT=n simply means that the AP bus will not be built
and therefore the AP bus interfaces will not be available to KVM.
As far as ECA_APIE goes, there are only two choices: Set the bit to
enable SIE interpretation of AP instructions; Clear the bit to use
interception. We are only supporting SIE interpretation of AP
instructions at this time, so we need a sure-fire way to determine
if the AP instructions are installed, which is the point of this patch.
Since there are no intercept handlers at this time, when the AP bus
module on the guest is initialized, the init function will fail and
the bus will not come up. There are protections built into userspace
(QEMU in this case) to ensure that a guest is not started if the CPU
model feature for AP instructions is not turned on for the guest. The
CPU model feature will be enabled by the KVM only if the AP instructions
are installed on the linux host. Again, that is reason for this
patch.

>
> Why isn't it sufficient to glue CONFIG_ZCRYPT to vfio-ap? This would
> make more sense in my opinion. You have no "host devices" that you can
> "pass through". But you can still emulate devices or emulate an empty bus.

As I commented above, we are supporting only pass through AP devices
at this time.

>
>> function it uses to determine if the AP instructions are
>> available. This patch provides a new function that wraps the
>> AP bus's function to externalize it for use by KVM.
>>
>> Signed-off-by: Tony Krowiak <akrowiak@...ux.vnet.ibm.com>
>> Reviewed-by: Pierre Morel <pmorel@...ux.vnet.ibm.com>
>> Reviewed-by: Harald Freudenberger <freude@...ux.vnet.ibm.com>
>> ---
>>   arch/s390/include/asm/ap.h     |    7 +++++++
>>   arch/s390/include/asm/kvm-ap.h |   23 +++++++++++++++++++++++
>>   arch/s390/kvm/Makefile         |    2 +-
>>   arch/s390/kvm/kvm-ap.c         |   21 +++++++++++++++++++++
>>   drivers/s390/crypto/ap_bus.c   |    6 ++++++
>>   5 files changed, 58 insertions(+), 1 deletions(-)
>>   create mode 100644 arch/s390/include/asm/kvm-ap.h
>>   create mode 100644 arch/s390/kvm/kvm-ap.c
>>
>> diff --git a/arch/s390/include/asm/ap.h b/arch/s390/include/asm/ap.h
>> index c1bedb4..7773bfd 100644
>> --- a/arch/s390/include/asm/ap.h
>> +++ b/arch/s390/include/asm/ap.h
>> @@ -120,4 +120,11 @@ struct ap_queue_status ap_queue_irq_ctrl(ap_qid_t qid,
>>   					 struct ap_qirq_ctrl qirqctrl,
>>   					 void *ind);
>>   
>> +/**
>> + * ap_instructions_installed() - Tests whether AP instructions are installed
>> + *
>> + * Returns 1 if the AP instructions are installed, otherwise; returns 0
>> + */
>> +int ap_instructions_installed(void);
>> +
>>   #endif /* _ASM_S390_AP_H_ */
>> diff --git a/arch/s390/include/asm/kvm-ap.h b/arch/s390/include/asm/kvm-ap.h
>> new file mode 100644
>> index 0000000..84412a9
>> --- /dev/null
>> +++ b/arch/s390/include/asm/kvm-ap.h
>> @@ -0,0 +1,23 @@
>> +// SPDX-License-Identifier: GPL-2.0+
>> +/*
>> + * Adjunct Processor (AP) configuration management for KVM guests
>> + *
>> + * Copyright IBM Corp. 2018
>> + *
>> + * Author(s): Tony Krowiak <akrowia@...ux.vnet.ibm.com>
>> + */
>> +
>> +#ifndef _ASM_KVM_AP
>> +#define _ASM_KVM_AP
>> +
>> +/**
>> + * kvm_ap_instructions_installed()
>> + *
>> + * Tests whether AP instructions are installed on the linux host
>> + *
>> + * Returns 1 if the AP instructions are installed on the host, otherwise;
>> + * returns 0
>> + */
>> +int kvm_ap_instructions_installed(void);
>> +
>> +#endif /* _ASM_KVM_AP */
>> diff --git a/arch/s390/kvm/Makefile b/arch/s390/kvm/Makefile
>> index 05ee90a..1876bfe 100644
>> --- a/arch/s390/kvm/Makefile
>> +++ b/arch/s390/kvm/Makefile
>> @@ -9,6 +9,6 @@ common-objs = $(KVM)/kvm_main.o $(KVM)/eventfd.o  $(KVM)/async_pf.o $(KVM)/irqch
>>   ccflags-y := -Ivirt/kvm -Iarch/s390/kvm
>>   
>>   kvm-objs := $(common-objs) kvm-s390.o intercept.o interrupt.o priv.o sigp.o
>> -kvm-objs += diag.o gaccess.o guestdbg.o vsie.o
>> +kvm-objs += diag.o gaccess.o guestdbg.o vsie.o kvm-ap.o
>>   
>>   obj-$(CONFIG_KVM) += kvm.o
>> diff --git a/arch/s390/kvm/kvm-ap.c b/arch/s390/kvm/kvm-ap.c
>> new file mode 100644
>> index 0000000..1267588
>> --- /dev/null
>> +++ b/arch/s390/kvm/kvm-ap.c
>> @@ -0,0 +1,21 @@
>> +// SPDX-License-Identifier: GPL-2.0+
>> +/*
>> + * Adjunct Processor (AP) configuration management for KVM guests
>> + *
>> + * Copyright IBM Corp. 2018
>> + *
>> + * Author(s): Tony Krowiak <akrowia@...ux.vnet.ibm.com>
>> + */
>> +#include <linux/kernel.h>
>> +#include <asm/kvm-ap.h>
>> +#include <asm/ap.h>
>> +
>> +int kvm_ap_instructions_installed(void)
>> +{
>> +#ifdef CONFIG_ZCRYPT
>> +	return ap_instructions_installed();
>> +#else
>> +	return 0;
>> +#endif
>> +}
>> +EXPORT_SYMBOL(kvm_ap_instructions_installed);
>> diff --git a/drivers/s390/crypto/ap_bus.c b/drivers/s390/crypto/ap_bus.c
>> index 35a0c2b..9d108b6 100644
>> --- a/drivers/s390/crypto/ap_bus.c
>> +++ b/drivers/s390/crypto/ap_bus.c
>> @@ -210,6 +210,12 @@ int ap_query_configuration(struct ap_config_info *info)
>>   }
>>   EXPORT_SYMBOL(ap_query_configuration);
>>   
>> +int ap_instructions_installed(void)
>> +{
>> +	return (ap_instructions_available() == 0);
>> +}
>> +EXPORT_SYMBOL(ap_instructions_installed);
>> +
>>   /**
>>    * ap_init_configuration(): Allocate and query configuration array.
>>    */
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ