| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jun 2018 17:25:48 +0200
From: Cornelia Huck <cohuck@...hat.com>
To: Halil Pasic <pasic@...ux.ibm.com>
Cc: pmorel@...ux.ibm.com, Dong Jia Shi <bjsdjshi@...ux.ibm.com>,
linux-s390@...r.kernel.org, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, qemu-s390x@...gnu.org,
qemu-devel@...gnu.org
Subject: Re: [PATCH RFC 2/2] vfio-ccw: support for halt/clear subchannel
On Tue, 12 Jun 2018 16:08:42 +0200
Halil Pasic <pasic@...ux.ibm.com> wrote:
> On 06/12/2018 03:56 PM, Pierre Morel wrote:
> >> So, what are you proposing? Being more specific and stating that the
> >> scsw is not necessarily a real scsw, but merely a vehicle for sending a
> >> command? Or keeping it as it is now for ssch, and adding a second
> >> interface for hsch/csch (and maybe rsch, msch, ...)?
> >>
> >
> >
> > I said no radical surgery, but after thinking more about it...
> > I am not sure.
> >
> > Let's explain this:
> >
> > I see 2 ways to proceed but my favorite is definitively to introduce versioning.
> >
> >
> > Way 1)
> >
> > This was the way I first thought about.
> > We keep the existing IO Regionand structures, and are more
> > specific by stating that the io_region is a command region during write
> > entry and a status region during interrupt handling:
> > This allow us to use the 3 bits of the FCTL field of the SCSW to pass
> > commands to the kernel and stay backward compatible.
> > The FCTL field has 3 bits => we can have 8 commands.
> >
> > PRO: small change
> >
> > CONTRA: This is still confusing, we do not really solve this
> > unclarity problem since QEMU view / documentation and
> > Linux view / documentation differ or we update QEMU.
> > Moreover this does not allow for long term extensions
> > and/or re-design.
> >
> >
>
> I'm not really in favor of way 1. Conie's point with RSCH is a good one.
> And IMHO it speaks for a new interface for commands. Squeezing the RSCH
> command into the SCSW does not seem to be a good idea. Considering your
> proposal with the 3 bits, we could do something like: if in FCTL the
> start and the clear and the halt bits are set then we postulate that is
> request for a resume. But that would be quite confusing, and we would end
> up re-defining the semantic of the scsw_area -- in respect to what is
> documented Documentation/s390/vfio-ccw.txt, and also what is intuitive
> based on the uapi header.
Agreed. Making scsw_area something like an scsw but still different is
bound to be confusing, even if documented, and I'm not sure it covers
all our bases anyway. Just using the halt/clear bits might have been
feasible, but as that does not cover rsch, we need something different
anyway.
>
> >
> > Way 2)
> >
> > We use the device VFIO versioning using the capability chain to advertise
> > a new interface.
> >
> > This the preferred way, it is sane, allows for the userland backward
> > compatibility and allows to have a new command interface, extensible
> > for future use.
> >
> > In this case we can extend the interface to be any kind we want
> > in a next version, pwrite with new io_region, mmap on new
> > IO regions, status region...
> >
> > PRO: Extensible and also goes in the VFIO INFO extension direction
> > proposed by Alex
> >
>
>
> Sounds much better. I imagine the coexistence of old and new like this.
> Both the old and the new QEMU would supply the the SCSW area with the old
> documented semantics -- the SCSW of the virtual subchannel. But with the
> new version an explicit command would be supplied via the command region
> (also for SSCH). Maybe the SCSW can still end up being useful for
> something in the kernel module too (maybe there are some optimization
> that can be done based on the QEMU SCSW).
We need to keep the old interface anyway. But yes, I think capabilities
are the way to go.
>
>
> > CONTRA: I see none outer more work to do (but is it a problem?)
> >
> >
> The problem I see is that designing a good interface usually hard.
I fear that this is always the case :)
> I could help with review, but I don't have the resources to commit
> to more than that.
I'm looking into the halt/clear thing anyway. But review is appreciated.
>
> > ====================
> >
> > Extra argumentation for versioning support
> >
> >
> > Suppose a future implementation with 4 mapped regions like
> > the following:
> >
> > - A Status region (RO updated as result of command and IRQ)
scsw/pmcw/anything else? Would also accommodate the path handling
stuff, I think.
> >
> > - A command region (WO where the user send its commands)
> > userland write here to trigger IO (quite as currently)
> >
> > - A CCW program region (RW where the CCW chain is handled)
> > most handling done from userspace, last translations in kernel,
> > double buffering...
I'm not sure about that. But in any case, we can add this later on. We
need to keep the orb as it is now, and that should already cover our
current use cases.
> >
> > - A performance / measurement / statistics region (RO)
> > This is updated asynchronously by hardware and/or driver
For channel measurements, for example? Makes sense. (I recall that
there's also a measurement infrastructure triggered via CHSC, but I
don't have the documentation.)
> >
> > This is purely theoretical and we do not need to do all at once
> > but if we want to extend the implementation without problems
> > and continue backward compatibility the versioning and capability
> > handling is a must.
>
> I'm not sure about this.
We can think about this later, the capabilities infrastructure enables
us to do so.
Powered by blists - more mailing lists