| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171116174741.18e3f40b.cohuck@redhat.com>
Date: Thu, 16 Nov 2017 17:47:41 +0100
From: Cornelia Huck <cohuck@...hat.com>
To: Tony Krowiak <akrowiak@...ux.vnet.ibm.com>
Cc: Pierre Morel <pmorel@...ux.vnet.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com, borntraeger@...ibm.com,
kwankhede@...dia.com, bjsdjshi@...ux.vnet.ibm.com,
pbonzini@...hat.com, alex.williamson@...hat.com,
alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
qemu-s390x@...gnu.org, jjherne@...ux.vnet.ibm.com,
thuth@...hat.com, pasic@...ux.vnet.ibm.com
Subject: Re: [RFC 05/19] s390/zcrypt: base implementation of AP matrix
device driver
On Thu, 16 Nov 2017 09:25:27 -0500
Tony Krowiak <akrowiak@...ux.vnet.ibm.com> wrote:
> On 11/16/2017 07:35 AM, Cornelia Huck wrote:
> > On Thu, 16 Nov 2017 13:02:26 +0100
> > Pierre Morel <pmorel@...ux.vnet.ibm.com> wrote:
> >
> >> On 14/11/2017 17:37, Tony Krowiak wrote:
> >>> On 11/14/2017 07:40 AM, Cornelia Huck wrote:
> >>>> On Fri, 13 Oct 2017 13:38:50 -0400
> >>>> Tony Krowiak <akrowiak@...ux.vnet.ibm.com> wrote:
> >>>>> diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
> >>>>> index 48af970..411c19a 100644
> >>>>> --- a/arch/s390/Kconfig
> >>>>> +++ b/arch/s390/Kconfig
> >>>>> @@ -722,6 +722,19 @@ config VFIO_CCW
> >>>>> To compile this driver as a module, choose M here: the
> >>>>> module will be called vfio_ccw.
> >>>>> +config VFIO_AP_MATRIX
> >>>>> + def_tristate m
> >>>>> + prompt "Support for Adjunct Processor Matrix device interface"
> >>>>> + depends on ZCRYPT
> >>>>> + select VFIO
> >>>>> + select MDEV
> >>>>> + select VFIO_MDEV
> >>>>> + select VFIO_MDEV_DEVICE
> >>>>> + select IOMMU_API
> >>>> I think the more common pattern is to depend on the VFIO configs
> >>>> instead of selecting them.
> >>> It's ironic because I originally changed from using 'depends on' and
> >>> changed it based on review comments made
> >>> on our internal mailing list. I'll go with 'depends on'.
> >> Is doing like the others a sufficient good reason?
> >> What if the first who did this did not really think about it?
> >>
> >> When an administrator configure the kernel what does he think?
> >>
> >> - I want to have AP through AP_VFIO in my guests
> >> and he get implicitly VFIO
> >> or
> >> - I want to have VFIO
> >> and he has to explicitly add AP_VFIO too
> >>
> >> It seems to me that the first is much more user friendly.
> >>
> >> Please tell me if I missed something. dependencies? collateral damages?
> >> my logic is wrong?
> > Using select for anything that's not a simple infrastructure dependency
> > may lead into trouble (we've had issues in the past where options tried
> > to enable other options but missed dependencies).
> >
> > If a user wants to use vfio-ap, I think it is reasonable to expect them
> > to figure out that they need both ap and vfio for that.
> >
> > [And config help has gotten much better than it was years ago; it's not
> > that hard to figure out what is actually needed.]
> Is it sufficient to specify 'depends on ZCRYPT && VFIO_MDEV_DEVICE'
> since 'VFIO_MDEV_DEVICE depends on VFIO && VFIO_MDEV' and 'VFIO_MDEV
> depends on VFIO' and 'VFIO depends on IOMMU_API'?
Perhaps ZCRYPT && VFIO_MDEV && VFIO_MDEV_DEVICE, to make it a bit more
obvious?
[Also, is IOMMU_API only needed to satisfy dependencies?]
Powered by blists - more mailing lists