| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Aug 2018 17:39:11 +0200
From: Halil Pasic <pasic@...ux.ibm.com>
To: Cornelia Huck <cohuck@...hat.com>,
Tony Krowiak <akrowiak@...ux.ibm.com>
Cc: Christian Borntraeger <borntraeger@...ibm.com>,
pmorel@...ux.ibm.com, Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com, kwankhede@...dia.com,
bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
pasic@...ux.vnet.ibm.com, berrange@...hat.com,
fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com,
frankja@...ux.ibm.com
Subject: Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure
control domains
On 08/27/2018 03:51 PM, Cornelia Huck wrote:
> On Mon, 27 Aug 2018 09:47:58 -0400
> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>
>> On 08/27/2018 04:33 AM, Cornelia Huck wrote:
>>> On Thu, 23 Aug 2018 10:16:59 -0400
>>> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>>>
>>>> On 08/23/2018 06:25 AM, Cornelia Huck wrote:
>>>>> On Wed, 22 Aug 2018 15:16:19 -0400
>>>>> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>>>>>
>>>>>> One of the things I suggested in a private conversation with Christian
>>>>>> earlier
>>>>>> today was to provide an additional rw sysfs attribute - a boolean - that
>>>>>> indicates
>>>>>> whether all usage domains should also be control domains. The default
>>>>>> could be
>>>>>> true. This would allow one to configure guests with usage-only domains
>>>>>> as well
>>>>>> as satisfy the convention.
>>>>> Would this additional attribute then control "add usage domains to the
>>>>> list of control domains automatically", or "don't allow to add a usage
>>>>> domain if it has not already been added as a control domain"?
>>>> It was just a proposal that wasn't really discussed at all, but this
>>>> attribute would add usage domains to the list of control domains
>>>> automatically if set to one. That would be the default behavior which
>>>> would be turned off by manually setting it to zero.
>>> If we want to do something like that, having it add the usage domains
>>> automatically sounds like the more workable alternative. What I like
>>> about this is that we make it explicit that we change the masks beyond
>>> what the admin explicitly configured, and provide a knob to turn off
>>> that behaviour.
>>
>> So, are you saying I should go ahead and implement this?
>
> I'm just saying that it does not sound like a bad idea :)
>
> If you agree that it's a good idea and if others also like it... I'd
> certainly not mind you going ahead :)
>
I can live with it. What I don't like about it is that it adds
more context dependent semantics. The same sequence of actions
results in a different result (depending on the mode of operation).
Regards,
Halil
Powered by blists - more mailing lists