| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 May 2018 18:01:49 +0200
From: Pierre Morel <pmorel@...ux.vnet.ibm.com>
To: Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: freude@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com, borntraeger@...ibm.com,
cohuck@...hat.com, kwankhede@...dia.com,
bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
alex.williamson@...hat.com, alifm@...ux.vnet.ibm.com,
mjrosato@...ux.vnet.ibm.com, jjherne@...ux.vnet.ibm.com,
thuth@...hat.com, pasic@...ux.vnet.ibm.com, berrange@...hat.com,
fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com
Subject: Re: [PATCH v4 08/15] KVM: s390: interfaces to (de)configure guest's
AP matrix
On 03/05/2018 16:41, Tony Krowiak wrote:
> On 05/02/2018 10:57 AM, Pierre Morel wrote:
>> On 25/04/2018 18:21, Tony Krowiak wrote:
>>> On 04/23/2018 09:46 AM, Pierre Morel wrote:
>>>> On 15/04/2018 23:22, Tony Krowiak wrote:
>>>>> Provides interfaces to assign AP adapters, usage domains
>>>>> and control domains to a KVM guest.
...
> The kvm_ap_configure_matrix(kvm, matrix) interface configures the APM,
> AQM and ADM in the
> guest's CRYCB which implies AP instructions are being interpreted.
> There is nothing in SIE
> precluding the sharing of AP queues between guests using SIE to
> interpret AP instructions,
> it is my opinion - along with several others - that this is not
> advisable given the
> results are not predictable, not to mention the security concerns. If
> the protocol to access
> queues changes, then we create a different interface. The other option
> is to include a flag
> on the kvm_ap_configure_matrix(kvm, matrix) interface to indicate
> whether sharing is
> allowed. I don't like this, because we have no way of knowing if the
> caller has taken the
> proper care to ensure the VM sharing the queue should be allowed
> access. Besides, when
> queue sharing is implemented, it is my opinion that we will intercept
> the AP instructions
> and the matrix will not be configured in the CRYCB. I stick by my
> response above.
I mean, validating the queue sharing is a mater of the VFIO driver.
This code is not needed if the VFIO driver is not used.
But it is not very important.
>
>>
>>>>> +static int kvm_ap_matrix_apm_create(struct kvm_ap_matrix *ap_matrix,
>>>>> + struct ap_config_info *config)
>>>>> +{
>>>>> + int apm_max = (config && config->apxa) ? config->Na + 1 : 16;
>>>>
>>>> At this moment you already know the format of the crycb.
>>>
>>> How?
>>
>> you calculated this in kvm_ap_build_crycbd() which is called from
>> kvm_s390_crypto_init()
>> itself called from kvm_arch_init_vm().
>> It is when starting the VM.
>
> This structure is used by the vfio_ap driver to store the mediated
> matrix device's matrix
> configuration as well as to configure the CRYCB. The mediated device's
> matrix is
> configured before the guest is started ... it is the means for
> configuring the guest's
> matrix after all. The bottom line is, this function will be called
> long before the
> kvm_ap_build_crycbd() function is called.
you are right, I was thinking about open, should have take more attention.
Sorry.
Pierre
--
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany
Powered by blists - more mailing lists