From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752819AbeDQPVt (ORCPT ); Tue, 17 Apr 2018 11:21:49 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60438 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751204AbeDQPVr (ORCPT ); Tue, 17 Apr 2018 11:21:47 -0400 Date: Tue, 17 Apr 2018 17:21:39 +0200 From: Cornelia Huck To: Tony Krowiak Cc: Harald Freudenberger , Pierre Morel , alex.williamson@redhat.com, alifm@linux.vnet.ibm.com, berrange@redhat.com, bjsdjshi@linux.vnet.ibm.com, borntrae@linux.ibm.com, fiuczy@linux.vnet.ibm.com, heicars2@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, kvm@vger.kernel.org, kwankhede@nvidia.com, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, mjrosato@linux.vnet.ibm.com, mschwid2@linux.vnet.ibm.com, pasic@linux.vnet.ibm.com, pbonzini@redhat.com, Reinhard Buendgen , thuth@redhat.com Subject: Re: [PATCH v4 03/15] KVM: s390: refactor crypto initialization Message-ID: <20180417172139.0a2b148b.cohuck@redhat.com> In-Reply-To: <2ac8b862-e2dc-843e-a0b8-906fa32b42f4@linux.vnet.ibm.com> References: <1523827345-11600-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1523827345-11600-4-git-send-email-akrowiak@linux.vnet.ibm.com> <4fb50a31-1893-5cfb-0f35-fb2501c2afa8@linux.vnet.ibm.com> <20180417121044.5c8f2182.cohuck@redhat.com> <2ac8b862-e2dc-843e-a0b8-906fa32b42f4@linux.vnet.ibm.com> Organization: Red Hat GmbH MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 17 Apr 2018 10:26:57 -0400 Tony Krowiak wrote: > On 04/17/2018 06:10 AM, Cornelia Huck wrote: > > On Tue, 17 Apr 2018 09:49:58 +0200 > > "Harald Freudenberger" wrote: > > > >> Didn't we say that when APXA is not available there is no Crypto support > >> for KVM ? > > [Going by the code, as I don't have access to the architecture] > > > > Current status seems to be: > > - setup crycb if facility 76 is available (that's MSAX3, I guess?) > > The crycb is set up regardless of whether STFLE.76 (MSAX3) is > installed or not. Hm, the current code does a quick exit if bit 76 is not set, doesn't it? > > > - use format 2 if APXA is available, else use format 1 > > Use format 0 if MSAX3 is not available > Use format 1 if MSAX3 is available but APXA is not > Use format 2 if MSAX3 and APXA is available > > > > > From Tony's patch description, the goal seems to be: > > - setup crycb even if MSAX3 is not available > > Yes, that is true > > > > > So my understanding is that we use APXA only to decide on the format of > > the crycb, but provide it in any case? > > Yes, that is true With the format selection you outlined above, I guess. Makes sense from my point of view (just looking at the source code). > > > > > (Not providing a crycb if APXA is not available would be loss of > > functionality, I guess? Deciding not to provide vfio-ap if APXA is not > > available is a different game, of course.) > > This would require a change to enabling the CPU model feature for > AP. But would it actually make sense to tie vfio-ap to APXA? This needs to be answered by folks with access to the architecture :) [Personally, I think we should go with the version that uses the least restrictions without introducing over-complex code. What constitutes "over-complex code" is of course in the eye of the beholder...]