| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jun 2018 14:19:53 +0200
From: Pierre Morel <pmorel@...ux.ibm.com>
To: Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: freude@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com, borntraeger@...ibm.com,
cohuck@...hat.com, kwankhede@...dia.com,
bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
pasic@...ux.vnet.ibm.com, berrange@...hat.com,
fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com
Subject: Re: [PATCH v5 11/13] KVM: s390: implement mediated device open
callback
On 30/05/2018 16:33, Tony Krowiak wrote:
> On 05/24/2018 05:08 AM, Pierre Morel wrote:
>> On 23/05/2018 16:45, Tony Krowiak wrote:
>>> On 05/16/2018 04:03 AM, Pierre Morel wrote:
>>>> On 07/05/2018 17:11, Tony Krowiak wrote:
>>>>> Implements the open callback on the mediated matrix device.
>>>>> The function registers a group notifier to receive notification
>>>>> of the VFIO_GROUP_NOTIFY_SET_KVM event. When notified,
>>>>> the vfio_ap device driver will get access to the guest's
>>>>> kvm structure. With access to this structure the driver will:
>>>>>
>>>>> 1. Ensure that only one mediated device is opened for the guest
>>
>> You should explain why.
>>
>>>>>
>>>>> 2. Configure access to the AP devices for the guest.
>>>>>
>> ...snip...
>>>>> +void kvm_ap_refcount_inc(struct kvm *kvm)
>>>>> +{
>>>>> + atomic_inc(&kvm->arch.crypto.aprefs);
>>>>> +}
>>>>> +EXPORT_SYMBOL(kvm_ap_refcount_inc);
>>>>> +
>>>>> +void kvm_ap_refcount_dec(struct kvm *kvm)
>>>>> +{
>>>>> + atomic_dec(&kvm->arch.crypto.aprefs);
>>>>> +}
>>>>> +EXPORT_SYMBOL(kvm_ap_refcount_dec);
>>>>
>>>> Why are these functions inside kvm-ap ?
>>>> Will anyone use this outer of vfio-ap ?
>>>
>>> As I've stated before, I made the choice to contain all interfaces that
>>> access KVM in kvm-ap because I don't think it is appropriate for the
>>> device
>>> driver to have to have "knowledge" of the inner workings of KVM. Why
>>> does
>>> it matter whether any entity outside of the vfio_ap device driver calls
>>> these functions? I could ask a similar question if the interfaces were
>>> contained in vfio-ap; what if another device driver needs access to
>>> these
>>> interfaces?
>>
>> This is very driver specific and only used during initialization.
>> It is not a common property of the cryptographic interface.
>>
>> I really think you should handle this inside the driver.
>
> We are going to have to agree to disagree on this one. Is it not possible
> that future drivers - e.g., when full virtualization is implemented -
> will
> require access to KVM?
I do not think that an access to KVM is required for full virtualization.
--
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany
Powered by blists - more mailing lists