Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5891026imm; Wed, 12 Sep 2018 12:45:26 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbTNeIZk9/O38yFnCRXYJaNooquLd2AbqQIvx84IZnAyTJy50vr1WKAwUnfW2NpbMKG0h89 X-Received: by 2002:a63:e914:: with SMTP id i20-v6mr3945540pgh.10.1536781526218; Wed, 12 Sep 2018 12:45:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536781526; cv=none; d=google.com; s=arc-20160816; b=mNPkeRbonz1gkk9jOXKEBH75OkhO3xDpd6b33mhlZeZjzTQJtIFbxMjK2GDazzLNVi /vyWHenIPnN+7jMl6onahnIVXrWw5n31zc5YwnZqjWZfj4az6dOoJSadFITdDnDu7GV7 4mgk2XPrKVY431TsDh5FHii/xexLyWknggnabEAuueju6gkCm2aGru2uvY5352Aq+UCV OhZcVuwzv0eYHAHeDdHbDEMw2TjGwEeYz84T7r7f/5q3WLt3nSIoyVoNaYgXEhuX1y+x oMoo3ibIIrYFrdnczl4FgW29PvA9GPY/+fYEizl/fKCgWfqgVhHrVZCnq6fscCDHFX+Z J4aQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from; bh=eA2xBu4E+UvhjcTLjXMT814CH4ndNqZPL3gzBeOyB7U=; b=gPbQ9SP27K6dbx5LwvICnfOPTRwTYiU10WYus6f3/u4Ac4GoRFiBJsQe1pKgTS2o17 PSZG5Jx2BbdLWT8p4/Bi5jMqsSWatNnGtdok6o2fl4TP1ZS+Zpf08x24ag7Uq+XEe2rf CmTSP0uf4kYgf1YuJdOouVgkF6o/mNQpcpsiRl4nyucMuw3M86s8wMFn3Nd+FNZqIeiV 6hVrkG2Ew3ReKhFIEUzorGbTWJAcp8aHvyogNvG1UgA97RzSEq3WTYQpnq1r8vOloBQY HwNIUX8imu6F0ZcU2qzbxSNTDwX8r/LCQFqJPco/GfhFMF65dl/+usP+/6okjI119zu0 6Igw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10-v6si1707122pgs.40.2018.09.12.12.45.11; Wed, 12 Sep 2018 12:45:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728541AbeIMAuj (ORCPT + 99 others); Wed, 12 Sep 2018 20:50:39 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:49372 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726434AbeIMAui (ORCPT ); Wed, 12 Sep 2018 20:50:38 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w8CJY3MC100777 for ; Wed, 12 Sep 2018 15:44:35 -0400 Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) by mx0a-001b2d01.pphosted.com with ESMTP id 2mf84hasvr-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 12 Sep 2018 15:44:35 -0400 Received: from localhost by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 12 Sep 2018 13:44:34 -0600 Received: from b03cxnp08026.gho.boulder.ibm.com (9.17.130.18) by e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 12 Sep 2018 13:44:31 -0600 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w8CJiSVW37486684 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 12 Sep 2018 12:44:28 -0700 Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B10A66A04F; Wed, 12 Sep 2018 13:44:28 -0600 (MDT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D28616A04D; Wed, 12 Sep 2018 13:44:25 -0600 (MDT) Received: from localhost.localdomain (unknown [9.80.213.181]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTPS; Wed, 12 Sep 2018 13:44:25 -0600 (MDT) From: Tony Krowiak To: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, cohuck@redhat.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com, akrowiak@linux.vnet.ibm.com, frankja@linux.ibm.com, Pierre Morel , Tony Krowiak Subject: [PATCH v10 16/26] KVM: s390: vsie: Do the CRYCB validation first Date: Wed, 12 Sep 2018 15:43:06 -0400 X-Mailer: git-send-email 1.7.1 In-Reply-To: <1536781396-13601-1-git-send-email-akrowiak@linux.vnet.ibm.com> References: <1536781396-13601-1-git-send-email-akrowiak@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18091219-0020-0000-0000-00000E640D6A X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00009709; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000266; SDB=6.01087371; UDB=6.00561489; IPR=6.00867383; MB=3.00023256; MTD=3.00000008; XFM=3.00000015; UTC=2018-09-12 19:44:34 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18091219-0021-0000-0000-000063013562 Message-Id: <1536781396-13601-17-git-send-email-akrowiak@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-09-12_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809120195 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pierre Morel We need to handle the validity checks for the crycb, no matter what the settings for the keywrappings are. So lets move the keywrapping checks after we have done the validy checks. Signed-off-by: Pierre Morel Signed-off-by: Tony Krowiak Reviewed-by: Janosch Frank Reviewed-by: David Hildenbrand --- arch/s390/kvm/vsie.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 12b9707..38ea5da 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -161,17 +161,18 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) /* format-1 is supported with message-security-assist extension 3 */ if (!test_kvm_facility(vcpu->kvm, 76)) return 0; - /* we may only allow it if enabled for guest 2 */ - ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & - (ECB3_AES | ECB3_DEA); - if (!ecb3_flags) - return 0; if ((crycb_addr & PAGE_MASK) != ((crycb_addr + 128) & PAGE_MASK)) return set_validity_icpt(scb_s, 0x003CU); else if (!crycb_addr) return set_validity_icpt(scb_s, 0x0039U); + /* we may only allow it if enabled for guest 2 */ + ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 & + (ECB3_AES | ECB3_DEA); + if (!ecb3_flags) + return 0; + /* copy only the wrapping keys */ if (read_guest_real(vcpu, crycb_addr + 72, vsie_page->crycb.dea_wrapping_key_mask, 56)) -- 1.7.1