Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1830833imm; Thu, 23 Aug 2018 09:26:03 -0700 (PDT) X-Google-Smtp-Source: AA+uWPzdj8IvpcS5OlF9v3GRcFwDb8pVsVuJLnysiMbuW/ytYidk7kTgb168pQ0x1OjnUCp7krG5 X-Received: by 2002:a63:f111:: with SMTP id f17-v6mr55054585pgi.87.1535041563433; Thu, 23 Aug 2018 09:26:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535041563; cv=none; d=google.com; s=arc-20160816; b=p4cNUVnNZjcdG4MHYCkHZy0pJ8bSHd+cpR/CV/NFfegRtcFFCkrqtV6R7H0pPkKB5u 926Y/vfuP55FoPUUN+o3+GjKZnXbL1OVKMG5HppcgukpgrtGhSEI+w97/uTr/WGQ1nJC gRtiLlPtktM1pX06V4305tsORerYTi9d6fW+dKi9ZwojDFm0R/BVSJzLxjARh1CQsETa 0vswfixPEVlrHMW5dn+h54QiRF7r5XZR6KcKp6UK16sgKLsNOXdG6jLvrEgtHvdQd4SZ t35W7l5TBX+AH9rnX6mGTkltdcYfw2DrdjKes9YtJT5EchkRGmDUPsChfsA7I22yrc+z KCUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:in-reply-to:mime-version :user-agent:date:autocrypt:openpgp:from:references:cc:to:subject :arc-authentication-results; bh=XjhBq02nrUjKgIM/eVC4E88qpn3JYIq8556mK3gm7Is=; b=qMCjKAU1uRGoleBxgNmO0oXuZiJTbKosPYkAgSLzRk2fCO5hpVKQQyotbbozbuwjqZ 5w03pagD2836kZrX95dnoBNGUNHSeQolVKe6WKFjromm/gIjViTQgD5cdTdF0gbWmyXq qVk/pr4+/DXiXFmKrvbPbUysVbtl7niA4Zmajr+MmDzOV+QZ7+V8Pw4gLPPn/BPJULqR HN9Srfg+l7sTCqGJW8WVEaxyIpUYeg6+JLb+Td3gG4rRL/FRzaH5GeRzxqFRuXexPaqU z+UkAliAlSzGBZkNzqhlff21kCduve1W6DRA5o7C5jHBHAZElwLSY6425/tM3nYO5BFm SiYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d127-v6si5102301pfa.189.2018.08.23.09.25.48; Thu, 23 Aug 2018 09:26:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731728AbeHWRN2 (ORCPT + 99 others); Thu, 23 Aug 2018 13:13:28 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:58926 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731562AbeHWRN1 (ORCPT ); Thu, 23 Aug 2018 13:13:27 -0400 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7NDYi0n136794 for ; Thu, 23 Aug 2018 09:43:41 -0400 Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100]) by mx0a-001b2d01.pphosted.com with ESMTP id 2m1wdbt2fe-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 23 Aug 2018 09:43:41 -0400 Received: from localhost by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 23 Aug 2018 14:43:39 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 23 Aug 2018 14:43:35 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w7NDhX7143253908 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 23 Aug 2018 13:43:33 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DC66411C054; Thu, 23 Aug 2018 16:43:32 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 90BB711C050; Thu, 23 Aug 2018 16:43:32 +0100 (BST) Received: from [9.152.224.110] (unknown [9.152.224.110]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 23 Aug 2018 16:43:32 +0100 (BST) Subject: Re: [PATCH v3 2/3] KVM: s390: vsie: Do the CRYCB validation first To: Pierre Morel , david@redhat.com Cc: linux-kernel@vger.kernel.org, cohuck@redhat.com, linux-s390@vger.kernel.org, kvm@vger.kernel.org, akrowiak@linux.ibm.com, borntraeger@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com References: <1535019956-23539-1-git-send-email-pmorel@linux.ibm.com> <1535019956-23539-3-git-send-email-pmorel@linux.ibm.com> From: Janosch Frank Openpgp: preference=signencrypt Autocrypt: addr=frankja@linux.ibm.com; prefer-encrypt=mutual; keydata= xsFNBFfqIWIBEAC9u1ku3alDY4YilAfKidqWZ46kCnu7WPXkdcgH3ww/9CcgIDoeSr90SnaU T9gQRO92ESh2OO0ff3RMfmQpPG7hivVKu9G8z4Fsblxqi3sSHBNpZu3wYE81UQTlG2EJpccX DXlBUGmMI44Ra3+NoeYbsTn0vU2ke69NgOz9MxE87ZpsvQaDfl7XgxTqo+6DJMRpiCJiSgWs SXa73uTdHWgmauAbUkaExe+Mb0txAHPweh6zDrLmiMHO2aZLRCPiY6aaP4m6DtjAaZcBQRcG kliWjsiPs1i8UPJp00/oZW2sDvHntDcp34JXDEdxpRXlsBFOVaWs/9hkI+91M78+fgVxNyQD bc1KH7wiwoND/OSgeJqvI1kN/bz+qdwlQaoAEfSkOkfu7yC1yyx/VpQSdL1ozczGF/4ABZ+G FteQmDEjdg1C5vHAdmoh+yHqsNSDVgwi7Vr03r3D9ESUA8bLbQtBVc772rZpEEeuyKZhMi/f SF5aEk16cjp2EiXW5DJSGGKEut2FQQEWeya0A4/MItCplho1nUBGhtCoj5EpCdl7Z6mc4amO 00m6TKFc03cU5Vo/ta3TwIZgmsnpWulgzlZYpxyezc3oJiOjTyQHo9QgChPOBXNe2mKs8pVY TtVksdg6V9UtuFz+FS9B/yuJO+3hMXcg+SOWvCs0HTNP8e4l8wARAQABzSVKYW5vc2NoIEZy YW5rIDxmcmFua2phQGxpbnV4LmlibS5jb20+wsF9BBMBCAAnBQJay0EFAhsjBQkSzAMABQsJ CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEBcO/8Q8ZEV5BHEP/jaHXSQQQjBkACPIiejAqKZn GtRCnvYCvNDq801cvy20bEjKDYBVqWa958gTaynYdeDIoodyij+Vo/07O7J8Hua0ygJBJcEL IsQ4mikMO4AexFxulkk94Zcddukrhx8PHFCJqTEeNggYthI/Is+f+ypfkYq7A8MUFf+1K7Cz xJ+1e3eEM+3ZwOpI/qmGTnOpraxzu7nOhp+sezmvUPyiQ5YKz0nHUGQmrKS0Unoiz2Ooemmv WmFALdBa8Mep56PNKiucSckX49u5r7+4UHngJ569rOxevoUPZRgwpCgB4HWAsuNgpNrd3UJ5 DIwQpwD4tJP0r/Pfz61MiE9ViCsNFMAGEZ6Sth4rHAnZrVtBmWcvqRTlP80PLjUeDZ3GtzsP CgspTxG5RRC2o1wpJeUfwiGRFgZ/x+j7cLjlfVGr3s3o8m0Ig2R17PMQh0r9RZ09MyZAqIvA A5MLX8Bs7znzlePwan7piToOGSOP5r7V7kejA+UGJLGmZHC5F9n7y8Pot1D99y/TiZW+wToy ESvPLCyTbMzzVxYxtKhoQXhazDeuoj+j9n8eaXVv2QXxWjDK4rjZj3gQw+yoxMt/pMMIVF7o PMdcaxXz3kSjwuknG9cmKmbVpl8nSVrtaewG2+A9lmv77XAYoZB7qynJH5dZXNpZJKZZLz8g 1pWzSrI44X9QzsFNBFfqIWIBEACxMNRjr5jNnVCWusQTFMrn/IqlQ2pTRszzeHPJ3KYPE+m9 z+WvNWJeaFXKnfza0HWvIZb5eMJ5DXZ/h6yMNcU2waCZA3HU4Qu0waGGzPdjNNhdv+qETp+5 PHSwrqVt/cRDBGy9sv/MsDfo1bZkr5uBA73He/eeiLykxmYXgIYaXm/iBocclLDmMkHR4YS1 IFk1Z27o2tz4nZ135jR22Leqf8MJluV8r+PGGY1NRAneXR9utS6oJnoWUJotBBIEP5ix/8Pt HrxvisS9VEu0kxa+mexJWnwHxFDTM9IsGgWMH0J5bm9W9fodoZCnZAh090mcUC7N3GVDJNgP 620oBeBrd4gGUSLte0gy68hNujFDcbQ1w084lo5KETKx6Pd3UGjx+XgLyOpcV6yt5gn06bNk 0PLJiBDWlI0+pT7R3mvP3CNwi3gbygViJ3gqNNNhiER78v+RQEylLgOHANnfJFsa2llKzUVO a74WcCA08SbNvGSywTriVAgrC1nyqC6wv8s2IsVvVJsI5dEXxlA05llbTgFXfrysPQnR04hm hwa7OmtvPzh67VbKUR1tJxiaRZuVeBhjNInNsx+0fWSX6cNr3Yp9GAEtKEfcUWnjttHgSQ2B B7J+WOIlmlhIhDFKBQrXT/sYxIu055o7YGxgO+cqJVrC5n2HoaCeTAVA6r1xKQARAQABwsFl BBgBAgAPBQJX6iFiAhsMBQkSzAMAAAoJEBcO/8Q8ZEV5R+oQAJgaEDxy1cpGmGva0s0Oxvia s5b4+otopF5pnlElTZcqWY1bx3vh2c5NZjCCubY1tb8548x6IprwAYtpmx3XlOXb12Jki/HT qHgeSscyleLbneNO+s8LfhJKY15smPqVKG6leCbtIpliZ0TI2Zif+gYvDZRruHYgHwi9bQzH +wEVDrgess/1dDq3Pt+W7NRhFoKKq7ZQOYkyHE1qdck/cGvq4/XCL9np7+3CBEql+QOtuR2o AdES5cnZwKm7peagQBEaFqgni26de11pW294pJRG0U36mSqxEoyqe97vKUYzsdy1hPPbOPfy 7img6Ifh6WL1b4FIIn9TFbooQ1WRSQvbOzxL+E2x+vmEPfNxpzAuuS+ASLJ6Zv9QCOUAvzBn Lfg7BvkfUhALMIZnAoyYmxutcWL4XYYAvMG13l8hFYpoQcF4WEnUoP0UuNwXmR4QZvOuiE8u CyL9U2LEYbrPVTIsEtUVmDlCyD1Kq+6LE3aU+n06soITGp9a3/WNLpXUbUYfzRvYJ3p6jssI Pe50r3yPfdgbWIWzeWuLimNVTlbIZAi1Y0VIdCDbDQpXl2DDTB9zZw2yz0kRKxasMCAEsvlA CT0NLoyQplUjM1ir5e6QTwy9+v3niCCesupe7owsFfrg/YZsE9jCy8vWgdPjSnRJkwQqV2Fw lFM6NIuMAY1Y Date: Thu, 23 Aug 2018 15:43:32 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: <1535019956-23539-3-git-send-email-pmorel@linux.ibm.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Y7urgM8jCGYuoA4ImLbIEHKltjDkUoLPl" X-TM-AS-GCONF: 00 x-cbid: 18082313-0016-0000-0000-000001FABBBC X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18082313-0017-0000-0000-00003251173B Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-08-23_05:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808230145 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Y7urgM8jCGYuoA4ImLbIEHKltjDkUoLPl Content-Type: multipart/mixed; boundary="yY3l69sGsmkJTzTEWU05Jxg00LJ2Ht7AD"; protected-headers="v1" From: Janosch Frank To: Pierre Morel , david@redhat.com Cc: linux-kernel@vger.kernel.org, cohuck@redhat.com, linux-s390@vger.kernel.org, kvm@vger.kernel.org, akrowiak@linux.ibm.com, borntraeger@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com Message-ID: Subject: Re: [PATCH v3 2/3] KVM: s390: vsie: Do the CRYCB validation first References: <1535019956-23539-1-git-send-email-pmorel@linux.ibm.com> <1535019956-23539-3-git-send-email-pmorel@linux.ibm.com> In-Reply-To: <1535019956-23539-3-git-send-email-pmorel@linux.ibm.com> --yY3l69sGsmkJTzTEWU05Jxg00LJ2Ht7AD Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 8/23/18 12:25 PM, Pierre Morel wrote: > When entering the SIE the CRYCB validation better > be done independently of the instruction's > availability. >=20 > Signed-off-by: Pierre Morel > --- > arch/s390/kvm/vsie.c | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) >=20 > diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c > index 12b9707..38ea5da 100644 > --- a/arch/s390/kvm/vsie.c > +++ b/arch/s390/kvm/vsie.c > @@ -161,17 +161,18 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, st= ruct vsie_page *vsie_page) > /* format-1 is supported with message-security-assist extension 3 */ > if (!test_kvm_facility(vcpu->kvm, 76)) > return 0; > - /* we may only allow it if enabled for guest 2 */ > - ecb3_flags =3D scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & > - (ECB3_AES | ECB3_DEA); > - if (!ecb3_flags) > - return 0; > =20 > if ((crycb_addr & PAGE_MASK) !=3D ((crycb_addr + 128) & PAGE_MASK)) > return set_validity_icpt(scb_s, 0x003CU); > else if (!crycb_addr) > return set_validity_icpt(scb_s, 0x0039U); > =20 > + /* we may only allow it if enabled for guest 2 */ > + ecb3_flags =3D scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & > + (ECB3_AES | ECB3_DEA); > + if (!ecb3_flags) > + return 0; > + > /* copy only the wrapping keys */ > if (read_guest_real(vcpu, crycb_addr + 72, > vsie_page->crycb.dea_wrapping_key_mask, 56)) >=20 I seemed to have forgotten to add this while being preoccupied with the search for the validity discussion in #3. Reviewed-by: Janosch Frank --yY3l69sGsmkJTzTEWU05Jxg00LJ2Ht7AD-- --Y7urgM8jCGYuoA4ImLbIEHKltjDkUoLPl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJbfroEAAoJEBcO/8Q8ZEV5WY4P/2/r9hNxj08UlECO6NGc6OW7 I//MOuICB3CLts9ZKqDhBKw79WZgp0bJr6+wtFX6QsE6o0Psm1L/M3I0n/peynO/ 2Rhm7N3Xnw0MUcNbsJY3qlfvXIGrIgisrVUU0hUFASpJ98gMCer2OoWL8561/dGK ChtKX2xLaDtlX2XKMHW+JDD6BHyf+2Y5ZaZfl1cufIwDygBhNeR9OyyGoPR9zsqb xH8558nWv39cA7rDJcNLyykLtDa4XJara7LKQKq4Mw48IpnK/3c7p66Np/wh+LOU SIDsp682cP3LcNp2CichrLkkMGbp32hMsg4qaGfPTXDcYWNX5G6zjW4rNFYRV4sB EDbB+l2K1/N3l4EPAFjfX0WdFcVtIrL+ckur5WLfqlQzX0YVmhx+03u8H2mNr+Gg RuxNLBLBlpukk0WQ/5qq7oOsuWcqKMXhAASE8lJxEe71XXN3CGxnuNfLCT5G0opx 63Tg4PYp1IBchhBO1AI1Rk3Iqeogt6IdKBManYZvlLlbcHEKRtphH9BceFbm4sRd NY8unbwiZ6wK+YKmiMrwpJ+wRMrUwvIHnMMqvrOa69W+3ZVO6e0QeNUpevkr21mB mmmvn6nx/OdNZsVXL5Rr5Pb3g+GMA8tCvcj8l1dpHV2/LqRsVtSm6g5aIkGKOBqn CEG8XuTcklLYcRcwoGM/ =gck4 -----END PGP SIGNATURE----- --Y7urgM8jCGYuoA4ImLbIEHKltjDkUoLPl--