Received: by 10.192.165.156 with SMTP id m28csp179675imm; Tue, 17 Apr 2018 08:23:35 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+suFNgiybwafyb0y4rorEh4LdnxA8EIa/n1bT+n2/ir10EebLAuUVFcz/LVvc42uagAJ+p X-Received: by 2002:a17:902:4225:: with SMTP id g34-v6mr2391466pld.297.1523978614987; Tue, 17 Apr 2018 08:23:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523978614; cv=none; d=google.com; s=arc-20160816; b=hwZMx5U/j9ZsGPt7Y9HUNlo1QMaMIQ6stWg6u1k6HyDPhDji+YqCDbLU8BPxoQr5Sx YfIlK+5EBDNKIDtZ0eMKsx7Aq4gDtPwRp+GCs5rkNuBCrBxtKaiphvtXYnq6FeARoVBC VKaBo03tJJr2kf5b+N31pshsYtVqCf2hIjeRaOATIL9wF/3B3YG3sGIWttvKPGgmbFSF 6Ipl3TuzorUM2+L35tumkpyaMjdPAHakNansVH0TV5vLdZaZg/C+EE62Kokaz2EP8sW8 izb8lmB8Dmop7+1NlRnxYqAKKWx0sf4Zahnjat7iCgdKSSz5HoORxWMvIK9L9JBuq0TT /G8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=t1cvqEjQSarAsJNS+u/8fdmGcXyyCjyPVacEqA9OALY=; b=PNY3rHaMfYqJUxzpQnMMPu90CiPASDva2J5V46QWQrOUUxqeEcZXHOAt3gthBGCv4x LOlc5EDSxbSQrhTswO5KoLnNZGk7926rWKAbXsA1o0wXgnWwT3JO1BKTZwMRevbjg3Cn KmHuVBG/QkgTjfaUsdECgcqsStK0WuyIsBSWrLfUDZR+Dozt1p8OXkXkkU+jp1/r/Tth bgBMCYuHoAXKjjKjYfJDQ+K7cSrT6V8H8VfUcQlqg/THx9qmHDj6uSSaK/a9oaBbmzE9 mI5aHZdV+Qp7wilHRjbMEgW9pK2F4T/i5GEnFjMNciEWx1jw/laqyZXxB+UKdVZojemQ BwzQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b1-v6si13874066pll.57.2018.04.17.08.23.21; Tue, 17 Apr 2018 08:23:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752792AbeDQPVt (ORCPT + 99 others); Tue, 17 Apr 2018 11:21:49 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60438 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751204AbeDQPVr (ORCPT ); Tue, 17 Apr 2018 11:21:47 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 129C9402314E; Tue, 17 Apr 2018 15:21:47 +0000 (UTC) Received: from gondolin (dhcp-192-222.str.redhat.com [10.33.192.222]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0CBBA111DD0E; Tue, 17 Apr 2018 15:21:41 +0000 (UTC) Date: Tue, 17 Apr 2018 17:21:39 +0200 From: Cornelia Huck To: Tony Krowiak Cc: Harald Freudenberger , Pierre Morel , alex.williamson@redhat.com, alifm@linux.vnet.ibm.com, berrange@redhat.com, bjsdjshi@linux.vnet.ibm.com, borntrae@linux.ibm.com, fiuczy@linux.vnet.ibm.com, heicars2@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, kvm@vger.kernel.org, kwankhede@nvidia.com, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, mjrosato@linux.vnet.ibm.com, mschwid2@linux.vnet.ibm.com, pasic@linux.vnet.ibm.com, pbonzini@redhat.com, Reinhard Buendgen , thuth@redhat.com Subject: Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization Message-ID: <20180417172139.0a2b148b.cohuck@redhat.com> In-Reply-To: <2ac8b862-e2dc-843e-a0b8-906fa32b42f4@linux.vnet.ibm.com> References: <1523827345-11600-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1523827345-11600-4-git-send-email-akrowiak@linux.vnet.ibm.com> <4fb50a31-1893-5cfb-0f35-fb2501c2afa8@linux.vnet.ibm.com> <20180417121044.5c8f2182.cohuck@redhat.com> <2ac8b862-e2dc-843e-a0b8-906fa32b42f4@linux.vnet.ibm.com> Organization: Red Hat GmbH MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Tue, 17 Apr 2018 15:21:47 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Tue, 17 Apr 2018 15:21:47 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'cohuck@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 17 Apr 2018 10:26:57 -0400 Tony Krowiak wrote: > On 04/17/2018 06:10 AM, Cornelia Huck wrote: > > On Tue, 17 Apr 2018 09:49:58 +0200 > > "Harald Freudenberger" wrote: > > > >> Didn't we say that when APXA is not available there is no Crypto support > >> for KVM ? > > [Going by the code, as I don't have access to the architecture] > > > > Current status seems to be: > > - setup crycb if facility 76 is available (that's MSAX3, I guess?) > > The crycb is set up regardless of whether STFLE.76 (MSAX3) is > installed or not. Hm, the current code does a quick exit if bit 76 is not set, doesn't it? > > > - use format 2 if APXA is available, else use format 1 > > Use format 0 if MSAX3 is not available > Use format 1 if MSAX3 is available but APXA is not > Use format 2 if MSAX3 and APXA is available > > > > > From Tony's patch description, the goal seems to be: > > - setup crycb even if MSAX3 is not available > > Yes, that is true > > > > > So my understanding is that we use APXA only to decide on the format of > > the crycb, but provide it in any case? > > Yes, that is true With the format selection you outlined above, I guess. Makes sense from my point of view (just looking at the source code). > > > > > (Not providing a crycb if APXA is not available would be loss of > > functionality, I guess? Deciding not to provide vfio-ap if APXA is not > > available is a different game, of course.) > > This would require a change to enabling the CPU model feature for > AP. But would it actually make sense to tie vfio-ap to APXA? This needs to be answered by folks with access to the architecture :) [Personally, I think we should go with the version that uses the least restrictions without introducing over-complex code. What constitutes "over-complex code" is of course in the eye of the beholder...]