Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure control domains

[Pierre Morel]

On 22/08/2018 17:11, Christian Borntraeger wrote:
> On 08/22/2018 01:03 PM, Pierre Morel wrote:
> > > That's interesting.
> > >
> > > > IMHO this quote is quite a half-full half-empty cup one:
> > > > * it mandates the set of usage domains is a subset of the set
> > > > of the control domains, but
> > > > * it speaks of independent controls, namely about the 'usage domain index'
> > > > and the 'control domain index list' and makes the enforcement of the rule
> > > > a job of the administrator (instead of codifying it in the controls).
> > > I'm wondering if a configuration with a usage domain that is not also a
> > > control domain is rejected outright? Anybody tried that? :)
> >
> > Yes, and no it is not.
> > We can use a queue (usage domain) to a AP card for SHA-512 or RSA without
> > having to define the queue as a control domain.
>
> Huh? My HMC allows to add a domain as
> - control only domain
> - control and usage domain.
>
> But I am not able to configure a usage-only domain for my LPAR. That seems to match
> the current code, no?

Yes, it may not be configurable by the HMC but if we start a guest with 
no control domain it is not a problem to access the hardware through the 
usage domain.

I tested this a long time ago, but tested again today to be sure on my LPAR.

AFAIU adding a control only domain and a control and usage domain
allows say:
control and usage domain 1
control only domain 2

Allow to send a message to domain 2 using queue 1

Allow also to send a domain modifying message to domain 1 using queue 1

control domain are domain which are controlled
It seems that the HMC enforce the LPARs to have access to their usage 
domain (AFAIU from Harald)


--
Pierre Morel
Linux/KVM/QEMU in BÃblingen - Germany