| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Aug 2018 10:33:16 +0200
From: Cornelia Huck <cohuck@...hat.com>
To: Tony Krowiak <akrowiak@...ux.ibm.com>
Cc: Halil Pasic <pasic@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
pmorel@...ux.ibm.com, Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com, kwankhede@...dia.com,
bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
pasic@...ux.vnet.ibm.com, berrange@...hat.com,
fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com,
frankja@...ux.ibm.com
Subject: Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure
control domains
On Thu, 23 Aug 2018 10:16:59 -0400
Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
> On 08/23/2018 06:25 AM, Cornelia Huck wrote:
> > On Wed, 22 Aug 2018 15:16:19 -0400
> > Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
> >
> >> One of the things I suggested in a private conversation with Christian
> >> earlier
> >> today was to provide an additional rw sysfs attribute - a boolean - that
> >> indicates
> >> whether all usage domains should also be control domains. The default
> >> could be
> >> true. This would allow one to configure guests with usage-only domains
> >> as well
> >> as satisfy the convention.
> > Would this additional attribute then control "add usage domains to the
> > list of control domains automatically", or "don't allow to add a usage
> > domain if it has not already been added as a control domain"?
>
> It was just a proposal that wasn't really discussed at all, but this
> attribute would add usage domains to the list of control domains
> automatically if set to one. That would be the default behavior which
> would be turned off by manually setting it to zero.
If we want to do something like that, having it add the usage domains
automatically sounds like the more workable alternative. What I like
about this is that we make it explicit that we change the masks beyond
what the admin explicitly configured, and provide a knob to turn off
that behaviour.
>
> >
> > One thing I'm still unsure about is how libvirt comes into the picture
> > here. Will it consume the setting, or actively manipulate it?
>
> libvirt is not in the picture. The only thing libvirt does is identify
> which mediated matrix device (i.e., UUID) is to be used by the guest.
>
> >
> > [In general, I'm not very clear about how libvirt will interact with the
> > whole infrastructure...]
>
> The libvirt domain XML will only specify the UUID of the matrix device
> to be used by the guest. Consequently, libvirt will insert the device
> statement for the vfio-ap device into the QEMU command line:
>
> -device vfio-ap,syfsdev={path-to-mdev}
>
> All configuration of the mediated device, including the proposed attribute
> above, is handled via sysfs attributes.
So, basically, libvirt will only consume what the admin has already
configured?
Powered by blists - more mailing lists