Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure control domains

From: Tony Krowiak
Date: Mon Sep 10 2018 - 09:27:23 EST


On 08/27/2018 09:51 AM, Cornelia Huck wrote:
On Mon, 27 Aug 2018 09:47:58 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:

On 08/27/2018 04:33 AM, Cornelia Huck wrote:
On Thu, 23 Aug 2018 10:16:59 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:
On 08/23/2018 06:25 AM, Cornelia Huck wrote:
On Wed, 22 Aug 2018 15:16:19 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:
One of the things I suggested in a private conversation with Christian
earlier
today was to provide an additional rw sysfs attribute - a boolean - that
indicates
whether all usage domains should also be control domains. The default
could be
true. This would allow one to configure guests with usage-only domains
as well
as satisfy the convention.
Would this additional attribute then control "add usage domains to the
list of control domains automatically", or "don't allow to add a usage
domain if it has not already been added as a control domain"?
It was just a proposal that wasn't really discussed at all, but this
attribute would add usage domains to the list of control domains
automatically if set to one. That would be the default behavior which
would be turned off by manually setting it to zero.
If we want to do something like that, having it add the usage domains
automatically sounds like the more workable alternative. What I like
about this is that we make it explicit that we change the masks beyond
what the admin explicitly configured, and provide a knob to turn off
that behaviour.
So, are you saying I should go ahead and implement this?
I'm just saying that it does not sound like a bad idea :)

If you agree that it's a good idea and if others also like it... I'd
certainly not mind you going ahead :)

This was discussed with out crypto team and hardware architects and it
was decided that configuring all usage domains as control domains also
is not the right thing to do, so only domains assigned as control
domains will be set in the ADM field of the the guest's CRYCB.