Re: [PATCH v3 01/14] KVM: s390: refactor crypto initialization
From: Cornelia Huck
Date: Mon Mar 26 2018 - 04:45:18 EST
On Thu, 15 Mar 2018 15:55:39 +0100
Pierre Morel <pmorel@xxxxxxxxxxxxxxxxxx> wrote:
> On 15/03/2018 15:48, Tony Krowiak wrote:
> > On 03/15/2018 08:26 AM, Pierre Morel wrote:
> >> On 14/03/2018 19:25, Tony Krowiak wrote:
> >>> diff --git a/arch/s390/kvm/Kconfig b/arch/s390/kvm/Kconfig
> >>> index a3dbd45..4ca9077 100644
> >>> --- a/arch/s390/kvm/Kconfig
> >>> +++ b/arch/s390/kvm/Kconfig
> >>> @@ -33,6 +33,7 @@ config KVM
> >>> ÂÂÂÂÂ select HAVE_KVM_INVALID_WAKEUPS
> >>> ÂÂÂÂÂ select SRCU
> >>> ÂÂÂÂÂ select KVM_VFIO
> >>> +ÂÂÂ select ZCRYPT
> >>
> >> I do not think it is a good solution to *always* enable ZCRYPT
> >> when we have KVM.
> > If CONFIG_ZCRYPT is not selected, then the kvm_ap_apxa_installed()
> > function will not compile
> > because it calls a zcrypt interface. How would you suggest we make
> > sure zcrypt interfaces
> > used in KVM are built if CONFIG_ZCRYPT is not selected?
>
> if zcrypt is not configured, I suppose that the KVM code initializaing CRYCB
> has no use but the function will be called from KVM.
> So I would do something like:
>
> #ifdef ZCRYPT
> external definitions.
> #else
> stubs returning error -ENOZCRYPT (or whatever)
> #endif
The kvm code used some kind of detection for crycb before (IIRC it was
for the key-wrapping stuff). I assume that usage is independent of
zcrypt driver usage in the host?
So, I think that apxa detection function should be used to s390
architecture base code and not be conditional on anything.