2008-07-10 13:01:34

by Jan Glauber

[permalink] [raw]
Subject: [PATCH] check for s390 crypto facility availablility

Hi Herbert,

here is a small patch for the s390 crypto detection.

[PATCH] respect STFL bit for s390 crypto

From: <[email protected]>

For all s390 in-kernel crypto algorithms we check at module
load time whether the CPACF facility bit is on. If the facility
is not enabled we bail out.

Signed-off-by: <[email protected]>

--- ./arch/s390/crypto/crypt_s390.h.stfle
+++ ./arch/s390/crypto/crypt_s390.h
@@ -294,6 +294,10 @@ static inline int crypt_s390_func_availa
unsigned char status[16];
int ret;

+ /* check if CPACF facility (bit 17) is available */
+ if (!(stfl() & 1ULL << (31 - 17)))
+ return 0;
+
switch (func & CRYPT_S390_OP_MASK) {
case CRYPT_S390_KM:
ret = crypt_s390_km(KM_QUERY, &status, NULL, NULL, 0);




2008-07-11 12:29:41

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH] check for s390 crypto facility availablility

On Thu, Jul 10, 2008 at 03:00:43PM +0000, Jan Glauber wrote:
>
> here is a small patch for the s390 crypto detection.
>
> [PATCH] respect STFL bit for s390 crypto
>
> From: <[email protected]>
>
> For all s390 in-kernel crypto algorithms we check at module
> load time whether the CPACF facility bit is on. If the facility
> is not enabled we bail out.
>
> Signed-off-by: <[email protected]>

Thanks Jan, the patch looks harmless enough.

> --- ./arch/s390/crypto/crypt_s390.h.stfle
> +++ ./arch/s390/crypto/crypt_s390.h
> @@ -294,6 +294,10 @@ static inline int crypt_s390_func_availa
> unsigned char status[16];
> int ret;
>
> + /* check if CPACF facility (bit 17) is available */
> + if (!(stfl() & 1ULL << (31 - 17)))
> + return 0;

However, the patch description doesn't exactly tell me what
happens without this check. I mean, does the machine go up
in flames if the check would have bailed :)

That leads to my next question, is this something that must
go into 2.6.26 or can it wait?

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2008-07-11 16:40:00

by Jan Glauber

[permalink] [raw]
Subject: Re: [PATCH] check for s390 crypto facility availablility

[PATCH] respect STFL bit for s390 crypto

From: <[email protected]>

Bevore issuing any s390 crypto operation check whether the
CPACF facility is enabled in the facility list. That way a
virtualization layer can prevent usage of the CPACF facility
regardless of the availability of the crypto instructions.

Signed-off-by: <[email protected]>

--- ./arch/s390/crypto/crypt_s390.h.stfle
+++ ./arch/s390/crypto/crypt_s390.h
@@ -294,6 +294,10 @@ static inline int crypt_s390_func_availa
unsigned char status[16];
int ret;

+ /* check if CPACF facility (bit 17) is available */
+ if (!(stfl() & 1ULL << (31 - 17)))
+ return 0;
+
switch (func & CRYPT_S390_OP_MASK) {
case CRYPT_S390_KM:
ret = crypt_s390_km(KM_QUERY, &status, NULL, NULL, 0);



2008-07-11 16:40:29

by Jan Glauber

[permalink] [raw]
Subject: Re: [PATCH] check for s390 crypto facility availablility

On Fri, 2008-07-11 at 20:29 +0800, Herbert Xu wrote:
> On Thu, Jul 10, 2008 at 03:00:43PM +0000, Jan Glauber wrote:
> >
> > here is a small patch for the s390 crypto detection.
> >
> > [PATCH] respect STFL bit for s390 crypto
> >
> > From: <[email protected]>
> >
> > For all s390 in-kernel crypto algorithms we check at module
> > load time whether the CPACF facility bit is on. If the facility
> > is not enabled we bail out.
> >
> > Signed-off-by: <[email protected]>
>
> Thanks Jan, the patch looks harmless enough.
>
> > --- ./arch/s390/crypto/crypt_s390.h.stfle
> > +++ ./arch/s390/crypto/crypt_s390.h
> > @@ -294,6 +294,10 @@ static inline int crypt_s390_func_availa
> > unsigned char status[16];
> > int ret;
> >
> > + /* check if CPACF facility (bit 17) is available */
> > + if (!(stfl() & 1ULL << (31 - 17)))
> > + return 0;
>
> However, the patch description doesn't exactly tell me what
> happens without this check. I mean, does the machine go up
> in flames if the check would have bailed :)

I see ;- Will resend it with a hopefully better description.

> That leads to my next question, is this something that must
> go into 2.6.26 or can it wait?

It can clearly wait for 2.6.27.

> Cheers,

thanks, Jan


2008-07-12 07:43:08

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH] check for s390 crypto facility availablility

On Fri, Jul 11, 2008 at 06:34:40PM +0000, Jan Glauber wrote:
> [PATCH] respect STFL bit for s390 crypto
>
> From: <[email protected]>
>
> Bevore issuing any s390 crypto operation check whether the
> CPACF facility is enabled in the facility list. That way a
> virtualization layer can prevent usage of the CPACF facility
> regardless of the availability of the crypto instructions.
>
> Signed-off-by: <[email protected]>

Applied to cryptodev-2.6. Thank you!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt