lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 21 Aug 2018 16:58:03 +0200
From:   David Hildenbrand <>
To:     Janosch Frank <>,
        Pierre Morel <>
Subject: Re: [PATCH] KVM: s390: vsie: BUG correction by shadow_crycb

On 21.08.2018 16:43, Janosch Frank wrote:
> On 21.08.2018 16:19, Pierre Morel wrote:
>> Copy the key mask to the right offset inside the shadow CRYCB
>> Signed-off-by: Pierre Morel <>
>> ---
>>  arch/s390/kvm/vsie.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
>> index 63844b9..a2b28cd 100644
>> --- a/arch/s390/kvm/vsie.c
>> +++ b/arch/s390/kvm/vsie.c
>> @@ -173,7 +173,8 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>>  		return set_validity_icpt(scb_s, 0x0039U);
>>  	/* copy only the wrapping keys */
>> -	if (read_guest_real(vcpu, crycb_addr + 72, &vsie_page->crycb, 56))
>> +	if (read_guest_real(vcpu, crycb_addr + 72,
>> +			    vsie_page->crycb.dea_wrapping_key_mask, 56))
>>  		return set_validity_icpt(scb_s, 0x0035U);
>>  	scb_s->ecb3 |= ecb3_flags;
> Are we able to use offsetof and sizeof here? I'd rather have a few more
> characters than magic offsets.
> What about CC stable?

Thought about both things, too.

1. offsetof and sizeof will most likely make sense (although will most
likely make this very ugly due to the long names involved)

2. I am not sure about wrapping keys. We never had migration problems,
so I assume this does not break migration (maybe it will break once we
fix it on one side :) ). As we xor with the g2 keys, we will never match
the g2 keys. HW will xor with our keys either way, so it cannot match
our keys.

But two g3 guests will now have the same wrapping keys, I assume that's bad?

I guess we'll have to wait for Christian, I remember he was one of the
people that understood what wrapping keys are actually good for (and the
real key used in HW can simply, silently change, e.g. when migrating to
another system - due to the xoring).

Not having understood/looked into the details, I guess this should be
stable material.

> Reviewed-by: Janosch Frank <>



David / dhildenb

Powered by blists - more mailing lists