Received: by 10.223.185.116 with SMTP id b49csp6455537wrg; Wed, 28 Feb 2018 09:40:08 -0800 (PST) X-Google-Smtp-Source: AH8x227O1UyHe6xiJrOsz/ycaa3dKJ5uLCA7bKp4X3GzMMzlAtDkKFo2V/pcxZlSXj96PHeoUs6d X-Received: by 2002:a17:902:6b8a:: with SMTP id p10-v6mr18484317plk.432.1519839608522; Wed, 28 Feb 2018 09:40:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519839608; cv=none; d=google.com; s=arc-20160816; b=WaZ37p0xbGlcT4AiAedJozgT7ca4sMwy4F7caRrK80XfVdGBAzRVtz5+oD97YaXHKM ixF6HklA4Zljxd/xqTOQzUEHhyWpIbbY1uIQ/QgNyJbWb2OSMZHGVEBGD4r7uCKJ4kQ4 WjVY6lkNqRU2pxzqis3F6/zAaKFUf/BzAiMwgkZRNuKm9FJ9fvAstfPNyzaZ+rS5obuM 5j+7kC1Z8/CfWQjeQ6yxPuPcHkOjHBl1Hp31OUQYzFG5K5OwR1yF3pDOfFVbB8IahO/K RQXtuZkFbTy+JO/4FFBG7F5Xoq4PuxEg3GlUNIRGyL50rsMZLifFrwEGBdS+vbv48fCe KaRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=VKQzdnoWKYmkQ8kM6rdzti/dOwU21E3ORtQ1zUFmjIE=; b=GXh6pCbFtzUrpVWVDAOizdp7ilMFKCl3hye+5BPDajRPSkSZIaaMph5PJACvgVUKyd efjTepdO3quk3WrIJNCm0a9eLsEdrfVOIo7S4302g0ILb8Y31/QwKLkrGe8QwgvlsKTH Ak9WOI8jKcL+Vg+xEnXNytSniV/eRdHKDLEG6OFVz5Fi1xItHqNqlWWaUf7we7DmOZLQ PjndQaWHXrVKt17fSWzyFw6GBp52P84J56xAZ6fcxN6vhtxniO/BsHS44QOtWnnIRLE5 XK4u0j4IvTC/mIQm2PHUwXlt/XPpshQBC3MTj7r8FCkCDDvQieMMoBYGw5AvWuri40j0 SuKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v189si1223963pgb.706.2018.02.28.09.39.53; Wed, 28 Feb 2018 09:40:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933282AbeB1Rhw (ORCPT + 99 others); Wed, 28 Feb 2018 12:37:52 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:34166 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932448AbeB1Rht (ORCPT ); Wed, 28 Feb 2018 12:37:49 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 50C52402290A; Wed, 28 Feb 2018 17:37:48 +0000 (UTC) Received: from gondolin (ovpn-117-87.ams2.redhat.com [10.36.117.87]) by smtp.corp.redhat.com (Postfix) with ESMTP id A86A610B0F53; Wed, 28 Feb 2018 17:37:43 +0000 (UTC) Date: Wed, 28 Feb 2018 18:37:41 +0100 From: Cornelia Huck To: Tony Krowiak Cc: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com Subject: Re: [PATCH v2 01/15] KVM: s390: refactor crypto initialization Message-ID: <20180228183741.5276e3d3.cohuck@redhat.com> In-Reply-To: <1519741693-17440-2-git-send-email-akrowiak@linux.vnet.ibm.com> References: <1519741693-17440-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1519741693-17440-2-git-send-email-akrowiak@linux.vnet.ibm.com> Organization: Red Hat GmbH MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 28 Feb 2018 17:37:48 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 28 Feb 2018 17:37:48 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'cohuck@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 27 Feb 2018 09:27:59 -0500 Tony Krowiak wrote: > The crypto control block designation (CRYCBD) is a 32-bit > field in the KVM guest's SIE state description. The > contents of bits 1-28 of this field, with three zero bits > appended on the right, designate the host real 31-bit > address of a crypto control block (CRYCB). Bits 30-31 > specify the format of the CRYCB. In the current > implementation, the address of the CRYCB is stored in > the CRYCBD only if the Message-Security-Assist extension > 3 (MSA3) facility is installed. Virtualization of AP > facilities, however, requires that a CRYCB of the > appropriate format be made available to SIE regardless > of whether MSA3 is installed or not. > > This patch introduces a new compilation unit to provide > all interfaces related to configuration of AP facilities. > Let's start by moving the function for setting the CRYCB > format from arch/s390/kvm/kvm-s390 to this new AP > configuration interface. Hm, I would tweak this patch description a bit. First, you talk about what the crycbd is; then, what needs to be done for vfio-ap support; then you simply state that you move some interfaces to a new file. I'd like to see a connection between those parts :) [It sounds a bit like you'd just introduce a new file and move some functions, while you do have more changes in there.] > > Signed-off-by: Tony Krowiak > --- > MAINTAINERS | 10 ++++++ > arch/s390/include/asm/kvm-ap.h | 16 ++++++++++ > arch/s390/include/asm/kvm_host.h | 1 + > arch/s390/kvm/Makefile | 2 +- > arch/s390/kvm/kvm-ap.c | 47 ++++++++++++++++++++++++++++ > arch/s390/kvm/kvm-s390.c | 62 +++++--------------------------------- > 6 files changed, 83 insertions(+), 55 deletions(-) > create mode 100644 arch/s390/include/asm/kvm-ap.h > create mode 100644 arch/s390/kvm/kvm-ap.c > > diff --git a/MAINTAINERS b/MAINTAINERS > index 0ec5881..4acf7c2 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -11875,6 +11875,16 @@ W: http://www.ibm.com/developerworks/linux/linux390/ > S: Supported > F: drivers/s390/crypto/ > > +S390 VFIO AP DRIVER > +M: Tony Krowiak > +M: Christian BornTraeger Typo. > +M: Martin Schwidefsky > +L: linux-s390@vger.kernel.org > +W: http://www.ibm.com/developerworks/linux/linux390/ > +S: Supported > +F: arch/s390/include/asm/kvm/kvm-ap.h > +F: arch/s390/kvm/kvm-ap.c > + > S390 ZFCP DRIVER > M: Steffen Maier > M: Benjamin Block (...) > diff --git a/arch/s390/kvm/kvm-ap.c b/arch/s390/kvm/kvm-ap.c > new file mode 100644 > index 0000000..5305f4c > --- /dev/null > +++ b/arch/s390/kvm/kvm-ap.c > @@ -0,0 +1,47 @@ > +/* > + * Adjunct Processor (AP) configuration management for KVM guests > + * > + * Copyright IBM Corp. 2017 > + * > + * Author(s): Tony Krowiak > + */ > + > +#include > +#include > + > +#include "kvm-s390.h" > + > +static int kvm_ap_apxa_installed(void) > +{ > + int ret; > + struct ap_config_info config; > + > + ret = ap_query_configuration(&config); Doesn't that introduce a dependency on CONFIG_ZCRYPT? > + if (ret) > + return 0; > + > + return (config.apxa == 1); > +} > + > +/** > + * kvm_ap_set_crycb_format > + * > + * Set the CRYCB format in the CRYCBD for the KVM guest. Spell out "crypto control block" somewhere? > + * > + * @kvm: the KVM guest > + * @crycbd: the CRYCB descriptor > + */ > +void kvm_ap_set_crycb_format(struct kvm *kvm, __u32 *crycbd) > +{ > + *crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb; > + > + *crycbd &= ~(CRYCB_FORMAT_MASK); > + > + /* If the MSAX3 is installed */ /* check whether MSAX3 is installed */ ? > + if (test_kvm_facility(kvm, 76)) { > + if (kvm_ap_apxa_installed()) > + *crycbd |= CRYCB_FORMAT2; > + else > + *crycbd |= CRYCB_FORMAT1; > + } > +} > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c > index 5f5a4cb..de1e299 100644 > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -1913,12 +1866,13 @@ static u64 kvm_s390_get_initial_cpuid(void) > > static void kvm_s390_crypto_init(struct kvm *kvm) > { > + kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb; > + kvm->arch.crypto.crycbd = (__u32)(unsigned long) kvm->arch.crypto.crycb; > + kvm_ap_set_crycb_format(kvm, &kvm->arch.crypto.crycbd); Doesn't kvm_ap_set_crycb_format() already initialize its second parameter? Would it make sense to do kvm->arch.crypto.crycbd = kvm_ap_build_crycbd(kvm); or so instead? > + > if (!test_kvm_facility(kvm, 76)) > return; > > - kvm->arch.crypto.crycb = &kvm->arch.sie_page2->crycb; > - kvm_s390_set_crycb_format(kvm); > - > /* Enable AES/DEA protected key functions by default */ > kvm->arch.crypto.aes_kw = 1; > kvm->arch.crypto.dea_kw = 1;