lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180827103316.4e7fbc10.cohuck@redhat.com>
Date:   Mon, 27 Aug 2018 10:33:16 +0200
From:   Cornelia Huck <cohuck@...hat.com>
To:     Tony Krowiak <akrowiak@...ux.ibm.com>
Cc:     Halil Pasic <pasic@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        pmorel@...ux.ibm.com, Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com,
        heiko.carstens@...ibm.com, kwankhede@...dia.com,
        bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
        alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
        alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
        jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
        pasic@...ux.vnet.ibm.com, berrange@...hat.com,
        fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com,
        frankja@...ux.ibm.com
Subject: Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure
 control domains

On Thu, 23 Aug 2018 10:16:59 -0400
Tony Krowiak <akrowiak@...ux.ibm.com> wrote:

> On 08/23/2018 06:25 AM, Cornelia Huck wrote:
> > On Wed, 22 Aug 2018 15:16:19 -0400
> > Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
> >  
> >> One of the things I suggested in a private conversation with Christian
> >> earlier
> >> today was to provide an additional rw sysfs attribute - a boolean - that
> >> indicates
> >> whether all usage domains should also be control domains. The default
> >> could be
> >> true. This would allow one to configure guests with usage-only domains
> >> as well
> >> as satisfy the convention.  
> > Would this additional attribute then control "add usage domains to the
> > list of control domains automatically", or "don't allow to add a usage
> > domain if it has not already been added as a control domain"?  
> 
> It was just a proposal that wasn't really discussed at all, but this
> attribute would add usage domains to the list of control domains
> automatically if set to one. That would be the default behavior which
> would be turned off by manually setting it to zero.

If we want to do something like that, having it add the usage domains
automatically sounds like the more workable alternative. What I like
about this is that we make it explicit that we change the masks beyond
what the admin explicitly configured, and provide a knob to turn off
that behaviour.

> 
> >
> > One thing I'm still unsure about is how libvirt comes into the picture
> > here. Will it consume the setting, or actively manipulate it?  
> 
> libvirt is not in the picture. The only thing libvirt does is identify
> which mediated matrix device (i.e., UUID) is to be used by the guest.
> 
> >
> > [In general, I'm not very clear about how libvirt will interact with the
> > whole infrastructure...]  
> 
> The libvirt domain XML will only specify the UUID of the matrix device
> to be used by the guest. Consequently, libvirt will insert the device
> statement for the vfio-ap device into the QEMU command line:
> 
> -device vfio-ap,syfsdev={path-to-mdev}
> 
> All configuration of the mediated device, including the proposed attribute
> above, is handled via sysfs attributes.

So, basically, libvirt will only consume what the admin has already
configured?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ