Re: [PATCH] KVM: s390: vsie: Consolidate CRYCB validation

From: David Hildenbrand
Date: Wed Aug 22 2018 - 04:44:41 EST


On 22.08.2018 10:41, Pierre Morel wrote:
> On 22/08/2018 10:25, David Hildenbrand wrote:
>> On 22.08.2018 10:08, Pierre Morel wrote:
>>> Currently when shadowing the CRYCB on SIE entrance, the validation
>>> tests the following:
>>> - accept only FORMAT1 or FORMAT2
>>> - test if MSAext facility (76) is installed
>>> - accept the CRYCB if no keys are used
>>> - verifies that the CRYCB format1 is inside a page
>>> - verifies that the CRYCB origin is not 0
>>>
>>> This is not following the architecture.
>> I have to trust you on that :)
>>
>>> On SIE entrance, the CRYCB must be validated before accepting
>>> any of its entries.
>>>
>>> Let's do the validation in the right order and also verify
>>> correctly the FORMAT2 CRYCB.
>> With which facility was FORMAT2 introduced?
> With APXA.
> KVM initialization setup CRYCB format according to the presence
> of APXA for FORMAT2 or FORMAT1

As our guest does not see APXA, why should it be allowed to make use of
FORMAT2 here already?

In my opinion, the size check you are adding is in the current state not
correct.


--

Thanks,

David / dhildenb