Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization

From: Tony Krowiak
Date: Tue Apr 17 2018 - 14:09:16 EST

Next message: Michal Hocko: "Re: [PATCH AUTOSEL for 4.14 015/161] printk: Add console owner and waiter logic to load balance console writes"
Previous message: Hook, Gary: "Re: [PATCH v3 1/2] iommu - Enable debugfs exposure of the IOMMU"
In reply to: Cornelia Huck: "Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization"
Next in thread: Cornelia Huck: "Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/17/2018 11:21 AM, Cornelia Huck wrote:

On Tue, 17 Apr 2018 10:26:57 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> wrote:

On 04/17/2018 06:10 AM, Cornelia Huck wrote:

On Tue, 17 Apr 2018 09:49:58 +0200
"Harald Freudenberger" <FREUDE@xxxxxxxxxx> wrote:

Didn't we say that when APXA is not available there is no Crypto support
for KVM ?

[Going by the code, as I don't have access to the architecture]

Current status seems to be:
- setup crycb if facility 76 is available (that's MSAX3, I guess?)

The crycb is set up regardless of whether STFLE.76 (MSAX3) is
installed or not.

Hm, the current code does a quick exit if bit 76 is not set, doesn't
it?

I guess that depends upon what you mean by current code. If you are talking
about the code as it is distributed today - i.e., before my patch series -
then you are correct. This patch changes that; it initializes the
kvm->arch.crypto.crycbd to point to the CRYCB, then clears the format bits
(kvm->arch.crypto.crycbd &= ~(CRYCB_FORMAT_MASK)) which is the same as
setting the CRYCB format to format 0. It is only after this that the
check is done to determine whether STFLE.76 is set.

- use format 2 if APXA is available, else use format 1

Use format 0 if MSAX3 is not available
Use format 1 if MSAX3 is available but APXA is not
Use format 2 if MSAX3 and APXA is available

From Tony's patch description, the goal seems to be:
- setup crycb even if MSAX3 is not available

Yes, that is true

So my understanding is that we use APXA only to decide on the format of
the crycb, but provide it in any case?

Yes, that is true

With the format selection you outlined above, I guess. Makes sense from
my point of view (just looking at the source code).

It also implements what is stated in the architecture doc.

(Not providing a crycb if APXA is not available would be loss of
functionality, I guess? Deciding not to provide vfio-ap if APXA is not
available is a different game, of course.)

This would require a change to enabling the CPU model feature for
AP.

But would it actually make sense to tie vfio-ap to APXA? This needs to
be answered by folks with access to the architecture :)

I don't see any reason to do that from an architectural perspective.
One can access AP devices whether APXA is installed or not, it just limits
the range of devices that can be addressed

[Personally, I think we should go with the version that uses the least
restrictions without introducing over-complex code. What constitutes
"over-complex code" is of course in the eye of the beholder...]

I agree.

Next message: Michal Hocko: "Re: [PATCH AUTOSEL for 4.14 015/161] printk: Add console owner and waiter logic to load balance console writes"
Previous message: Hook, Gary: "Re: [PATCH v3 1/2] iommu - Enable debugfs exposure of the IOMMU"
In reply to: Cornelia Huck: "Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization"
Next in thread: Cornelia Huck: "Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]