lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <8b4ba1f9-7ac5-a49a-01a7-d1dc975ae03a@linux.ibm.com>
Date:   Mon, 10 Sep 2018 09:27:09 -0400
From:   Tony Krowiak <akrowiak@...ux.ibm.com>
To:     Cornelia Huck <cohuck@...hat.com>
Cc:     Halil Pasic <pasic@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        pmorel@...ux.ibm.com, Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com,
        heiko.carstens@...ibm.com, kwankhede@...dia.com,
        bjsdjshi@...ux.vnet.ibm.com, pbonzini@...hat.com,
        alex.williamson@...hat.com, pmorel@...ux.vnet.ibm.com,
        alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
        jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
        pasic@...ux.vnet.ibm.com, berrange@...hat.com,
        fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com,
        frankja@...ux.ibm.com
Subject: Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure
 control domains

On 08/27/2018 09:51 AM, Cornelia Huck wrote:
> On Mon, 27 Aug 2018 09:47:58 -0400
> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>
>> On 08/27/2018 04:33 AM, Cornelia Huck wrote:
>>> On Thu, 23 Aug 2018 10:16:59 -0400
>>> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>>>   
>>>> On 08/23/2018 06:25 AM, Cornelia Huck wrote:
>>>>> On Wed, 22 Aug 2018 15:16:19 -0400
>>>>> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>>>>>      
>>>>>> One of the things I suggested in a private conversation with Christian
>>>>>> earlier
>>>>>> today was to provide an additional rw sysfs attribute - a boolean - that
>>>>>> indicates
>>>>>> whether all usage domains should also be control domains. The default
>>>>>> could be
>>>>>> true. This would allow one to configure guests with usage-only domains
>>>>>> as well
>>>>>> as satisfy the convention.
>>>>> Would this additional attribute then control "add usage domains to the
>>>>> list of control domains automatically", or "don't allow to add a usage
>>>>> domain if it has not already been added as a control domain"?
>>>> It was just a proposal that wasn't really discussed at all, but this
>>>> attribute would add usage domains to the list of control domains
>>>> automatically if set to one. That would be the default behavior which
>>>> would be turned off by manually setting it to zero.
>>> If we want to do something like that, having it add the usage domains
>>> automatically sounds like the more workable alternative. What I like
>>> about this is that we make it explicit that we change the masks beyond
>>> what the admin explicitly configured, and provide a knob to turn off
>>> that behaviour.
>> So, are you saying I should go ahead and implement this?
> I'm just saying that it does not sound like a bad idea :)
>
> If you agree that it's a good idea and if others also like it... I'd
> certainly not mind you going ahead :)

This was discussed with out crypto team and hardware architects and it
was decided that configuring all usage domains as control domains also
is not the right thing to do, so only domains assigned as control
domains will be set in the ADM field of the the guest's CRYCB.

>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ