| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <65cb82b5-85ce-1831-5b2a-719d2cf27be8@linux.ibm.com>
Date: Mon, 27 Aug 2018 09:47:58 -0400
From: Tony Krowiak <akrowiak@...ux.ibm.com>
To: Cornelia Huck <cohuck@...hat.com>
Cc: Halil Pasic <pasic@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
pmorel@...ux.ibm.com, Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com, kwankhede@...dia.com,
bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
pasic@...ux.vnet.ibm.com, berrange@...hat.com,
fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com,
frankja@...ux.ibm.com
Subject: Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure
control domains
On 08/27/2018 04:33 AM, Cornelia Huck wrote:
> On Thu, 23 Aug 2018 10:16:59 -0400
> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>
>> On 08/23/2018 06:25 AM, Cornelia Huck wrote:
>>> On Wed, 22 Aug 2018 15:16:19 -0400
>>> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>>>
>>>> One of the things I suggested in a private conversation with Christian
>>>> earlier
>>>> today was to provide an additional rw sysfs attribute - a boolean - that
>>>> indicates
>>>> whether all usage domains should also be control domains. The default
>>>> could be
>>>> true. This would allow one to configure guests with usage-only domains
>>>> as well
>>>> as satisfy the convention.
>>> Would this additional attribute then control "add usage domains to the
>>> list of control domains automatically", or "don't allow to add a usage
>>> domain if it has not already been added as a control domain"?
>> It was just a proposal that wasn't really discussed at all, but this
>> attribute would add usage domains to the list of control domains
>> automatically if set to one. That would be the default behavior which
>> would be turned off by manually setting it to zero.
> If we want to do something like that, having it add the usage domains
> automatically sounds like the more workable alternative. What I like
> about this is that we make it explicit that we change the masks beyond
> what the admin explicitly configured, and provide a knob to turn off
> that behaviour.
So, are you saying I should go ahead and implement this?
>
>>> One thing I'm still unsure about is how libvirt comes into the picture
>>> here. Will it consume the setting, or actively manipulate it?
>> libvirt is not in the picture. The only thing libvirt does is identify
>> which mediated matrix device (i.e., UUID) is to be used by the guest.
>>
>>> [In general, I'm not very clear about how libvirt will interact with the
>>> whole infrastructure...]
>> The libvirt domain XML will only specify the UUID of the matrix device
>> to be used by the guest. Consequently, libvirt will insert the device
>> statement for the vfio-ap device into the QEMU command line:
>>
>> -device vfio-ap,syfsdev={path-to-mdev}
>>
>> All configuration of the mediated device, including the proposed attribute
>> above, is handled via sysfs attributes.
> So, basically, libvirt will only consume what the admin has already
> configured?
Yes.
>
Powered by blists - more mailing lists