lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Aug 2018 09:47:58 -0400 From: Tony Krowiak <akrowiak@...ux.ibm.com> To: Cornelia Huck <cohuck@...hat.com> Cc: Halil Pasic <pasic@...ux.ibm.com>, Christian Borntraeger <borntraeger@...ibm.com>, pmorel@...ux.ibm.com, Tony Krowiak <akrowiak@...ux.vnet.ibm.com>, linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com, heiko.carstens@...ibm.com, kwankhede@...dia.com, bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com, alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com, alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com, jjherne@...ux.vnet.ibm.com, thuth@...hat.com, pasic@...ux.vnet.ibm.com, berrange@...hat.com, fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com, frankja@...ux.ibm.com Subject: Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure control domains On 08/27/2018 04:33 AM, Cornelia Huck wrote: > On Thu, 23 Aug 2018 10:16:59 -0400 > Tony Krowiak <akrowiak@...ux.ibm.com> wrote: > >> On 08/23/2018 06:25 AM, Cornelia Huck wrote: >>> On Wed, 22 Aug 2018 15:16:19 -0400 >>> Tony Krowiak <akrowiak@...ux.ibm.com> wrote: >>> >>>> One of the things I suggested in a private conversation with Christian >>>> earlier >>>> today was to provide an additional rw sysfs attribute - a boolean - that >>>> indicates >>>> whether all usage domains should also be control domains. The default >>>> could be >>>> true. This would allow one to configure guests with usage-only domains >>>> as well >>>> as satisfy the convention. >>> Would this additional attribute then control "add usage domains to the >>> list of control domains automatically", or "don't allow to add a usage >>> domain if it has not already been added as a control domain"? >> It was just a proposal that wasn't really discussed at all, but this >> attribute would add usage domains to the list of control domains >> automatically if set to one. That would be the default behavior which >> would be turned off by manually setting it to zero. > If we want to do something like that, having it add the usage domains > automatically sounds like the more workable alternative. What I like > about this is that we make it explicit that we change the masks beyond > what the admin explicitly configured, and provide a knob to turn off > that behaviour. So, are you saying I should go ahead and implement this? > >>> One thing I'm still unsure about is how libvirt comes into the picture >>> here. Will it consume the setting, or actively manipulate it? >> libvirt is not in the picture. The only thing libvirt does is identify >> which mediated matrix device (i.e., UUID) is to be used by the guest. >> >>> [In general, I'm not very clear about how libvirt will interact with the >>> whole infrastructure...] >> The libvirt domain XML will only specify the UUID of the matrix device >> to be used by the guest. Consequently, libvirt will insert the device >> statement for the vfio-ap device into the QEMU command line: >> >> -device vfio-ap,syfsdev={path-to-mdev} >> >> All configuration of the mediated device, including the proposed attribute >> above, is handled via sysfs attributes. > So, basically, libvirt will only consume what the admin has already > configured? Yes. >
Powered by blists - more mailing lists