Re: [PATCH v9 07/22] KVM: s390: refactor crypto initialization

From: David Hildenbrand
Date: Mon Aug 20 2018 - 16:42:10 EST


>>
>>> + if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_AP))
>>> + vcpu->arch.sie_block->eca |= ECA_APIE;
>>>
>>> - vcpu->arch.sie_block->crycbd = vcpu->kvm->arch.crypto.crycbd;
>>> + /* If MSAX3 is installed on the guest, set up protected key support */
>>> + if (test_kvm_facility(vcpu->kvm, 76)) {
>>> + if (vcpu->kvm->arch.crypto.aes_kw)
>>> + vcpu->arch.sie_block->ecb3 |= ECB3_AES;
>>> + if (vcpu->kvm->arch.crypto.dea_kw)
>>> + vcpu->arch.sie_block->ecb3 |= ECB3_DEA;
>>> + }
>> As the feature can never change, and aes_kw/dea_kw are only set to 1 in
>> case we have test_kvm_facility(vcpu->kvm, 76), this change is not needed.
>>
>> I think this function can be pretty much left alone. Just add the
>> KVM_S390_VM_CPU_FEAT_AP handling.
>
> I disagree, what about the case where the KVM_S390_VM_CPU_FEAT_AP is
> configured for the guest but the MSAX3 facility (76) is not?

Then aes_kw/dea_kw can never be set.

kvm_s390_vm_set_crypto() and kvm_s390_crypto_init() correctly test for
facility 76.

Or am I missing a case?

>
>>
>>> }
>>>
>>> void kvm_s390_vcpu_unsetup_cmma(struct kvm_vcpu *vcpu)
>>>
>>
>


--

Thanks,

David / dhildenb