Skip to content

Commit d6f6959

Browse files
Pierre Morelborntraeger
Pierre Morel
authored and
borntraeger
committed
KVM: s390: vsie: Do the CRYCB validation first
We need to handle the validity checks for the crycb, no matter what the settings for the keywrappings are. So lets move the keywrapping checks after we have done the validy checks. Signed-off-by: Pierre Morel <pmorel@linux.ibm.com> Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com> Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20180925231641.4954-17-akrowiak@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
1 parent 6cc571b commit d6f6959

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

arch/s390/kvm/vsie.c

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -161,17 +161,18 @@ static int shadow_crycb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
161161
/* format-1 is supported with message-security-assist extension 3 */
162162
if (!test_kvm_facility(vcpu->kvm, 76))
163163
return 0;
164-
/* we may only allow it if enabled for guest 2 */
165-
ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 &
166-
(ECB3_AES | ECB3_DEA);
167-
if (!ecb3_flags)
168-
return 0;
169164

170165
if ((crycb_addr & PAGE_MASK) != ((crycb_addr + 128) & PAGE_MASK))
171166
return set_validity_icpt(scb_s, 0x003CU);
172167
else if (!crycb_addr)
173168
return set_validity_icpt(scb_s, 0x0039U);
174169

170+
/* we may only allow it if enabled for guest 2 */
171+
ecb3_flags = scb_o->ecb3 & vcpu->arch.sie_block->ecb3 &
172+
(ECB3_AES | ECB3_DEA);
173+
if (!ecb3_flags)
174+
return 0;
175+
175176
/* copy only the wrapping keys */
176177
if (read_guest_real(vcpu, crycb_addr + 72,
177178
vsie_page->crycb.dea_wrapping_key_mask, 56))

0 commit comments

Comments
 (0)