| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <525163cf-d656-b146-05b6-2efbbd2f5a9d@linux.vnet.ibm.com>
Date: Thu, 7 Jun 2018 08:53:20 -0400
From: Tony Krowiak <akrowiak@...ux.vnet.ibm.com>
To: pmorel@...ux.ibm.com, linux-s390@...r.kernel.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: freude@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com, borntraeger@...ibm.com,
cohuck@...hat.com, kwankhede@...dia.com,
bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
pasic@...ux.vnet.ibm.com, berrange@...hat.com,
fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com
Subject: Re: [PATCH v5 10/13] s390: vfio-ap: sysfs interface to view matrix
mdev matrix
On 06/06/2018 11:10 AM, Pierre Morel wrote:
> On 06/06/2018 16:24, Tony Krowiak wrote:
>> On 06/05/2018 08:40 AM, Pierre Morel wrote:
>>> On 30/05/2018 16:28, Tony Krowiak wrote:
>>>> On 05/24/2018 05:10 AM, Pierre Morel wrote:
>>>>> On 23/05/2018 16:38, Tony Krowiak wrote:
>>>>>> On 05/16/2018 03:55 AM, Pierre Morel wrote:
>>>>>>> On 07/05/2018 17:11, Tony Krowiak wrote:
>>>>>>>> Provides a sysfs interface to view the AP matrix configured for
>>>>>>>> the
>>>>>>>> mediated matrix device.
>>>>>>>>
>>>>>>>> The relevant sysfs structures are:
>>>>>>>>
>>>>>>>> /sys/devices/vfio_ap
>>>>>>>> ... [matrix]
>>>>>>>> ...... [mdev_supported_types]
>>>>>>>> ......... [vfio_ap-passthrough]
>>>>>>>> ............ [devices]
>>>>>>>> ...............[$uuid]
>>>>>>>> .................. matrix
>>>>>>>>
>>>>>>>> To view the matrix configured for the mediated matrix device,
>>>>>>>> print the matrix file:
>>>>>>>
>>>>>>> This is the configured matrix, not the one used by the guest.
>>>>>>> Nothing in the patches protect against binding a queue and
>>>>>>> assigning
>>>>>>> a new AP when the guest runs.
>>>>>>> The card and queue will be showed by this entry.
>>>>>>
>>>>>> Of course, as stated above, this is the matrix configured for the
>>>>>> mediated matrix device. Are you suggesting here that the driver
>>>>>> should prevent assigning a new adapter or domain while a guest is
>>>>>> running? Couldn't this be a step in the process for hot (un)plugging
>>>>>> AP queues?
>>>>>
>>>>> No, I mean what is the point to show this?
>>>>> It is not what the guest sees.
>>>>> Has it any use case?
>>>>
>>>> The point is to display the matrix so one can view the AP queues that
>>>> have been assigned to the mediated matrix device. This is the only way
>>>> to view the matrix. Do you not find value in being able to see what
>>>> has been assigned to the mediated matrix device?
>>>
>>> Two things:
>>> 1) I think it is better to retrieve the individual masks
>>
>> I am not certain what you mean by this. Are you suggesting we display
>> the
>> actual mask? For example, the APM:
>>
>> 08000000000000001000000000000c0000000030000000000800000000000001
>>
>> If that is the case, I completely disagree as that would be worthless
>> from
>> a user perspective. Trying to figure out which APs are configured
>> would be
>> ridiculously complicated.
>
> - It is compatible with what the AP BUS shows
> - a cut and past is easy
> - you can use a userland script to translate to another format
>
>>
>> Or, are you suggesting something like this:
>>
>> 4,67,116,117,154,155,255
>
> - this is not compatible with what the AP BUS shows
> - as in the first case this is easy to parse
>
> Both propositions look better to me.
>
>>
>> Personally, I found viewing the queues to be much more valuable when
>> configuring the mediated device's matrix. I originally displayed the
>> individual adapter and domain attributes and found it cumbersome to
>> mentally configure what the matrix looked like. If you think of the
>> lszcrypt command, it outputs the adapters and queues which is the model
>> I used for this.
>
> what is the point of seeing what the matrix looks like ?
> It is interesting for the developer not for the administrator.
> What the administrator needs is:
> - To assign AP and to see what has been assigned
> - To assign domains and to see what has been assigned
>
>>
>>> 2) As I said above, what you show is not the effective mask used by
>>> the guest
>>
>> Why would a sysfs attribute for the mediated matrix device show the
>> effective
>> mask used by the guest?
>
> OK, bad word, "effective", replace with "really".
>
> We do not implement any kind of provisioning nor do we implement update
> of the CRYCB at any point after the first mediated device open.
I think this is a way we might be able to hot plug/unplug devices.
>
>
> Binding a queue and updating the mask can be done at any time (may be
> we should change this ?)
As I said above, I think we can utilize this as a means of hot
plugging/unplugging AP
adapters and domains. If the guest is running when an adapter or domain
is assigned,
we can update the guest's CRYCB at that time.
>
>
> What is the point of showing a matrix which will never be used by the
> guest?
That is simply not true. The matrix WILL be used by a guest the next time a
guest is configured with a vfio-ap device referencing the path to the
mediated matrix device - i.e., -device vfio-ap,sysfsdev=$PATH. The point
is to show the matrix assigned to the mediated matrix device. In my
mind, the
mediated matrix device is a separate object from the guest. Sure it is used
to configure a guest's matrix when the guest is started, but it could be
used
to configure the matrix for any guest; it has no direct connection to a
particular guest until a guest using the device is started. IMHO the sysfs
attributes for the mediated matrix device reflect only the attributes of
the device, not the attributes of a guest.
>
>
>
>
>>
>>>
>>>
>>>
>>>
>>>
>>
>
Powered by blists - more mailing lists