Re: [PATCH 1/7] s390: zcrypt: driver callback to indicate resource in use

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/15/19 2:59 PM, Halil Pasic wrote:

On Mon, 15 Apr 2019 12:51:23 -0400
Tony Krowiak <akrowiak@xxxxxxxxxxxxx> wrote:


Having said that, I understand your concern about a driver hogging
resources. I think I can provide a solution that serves both the
purpose of preventing problems associated with accidental removal
of AP resources as well as allowing root to remove them
forcefully. I'll work on that for v2.


Can you tell us some more about this solution? Should we stop reviewing
v1 because v2 is going to be different anyway?


Patch 1 and 2 will be removed. There will not be a major design change
between these patches and v2. In order to avoid a long explanation of
my proposed changes, I'd prefer to state that the patch set will establish and enforce the following rules: 

    1. An APQN can be assigned to an mdev device iff it is NOT
       reserved for use by a zcrypt driver and is not assigned to
       another mdev device.

    2. Once an APQN is assigned to an mdev device, it will remain
       assigned until it is explicitly unassigned.

    3. A queue's APQN can be set in the guest's CRYCB iff the APQN is
       assigned to the mdev device used by the guest; however, if the
       queue is also in the host configuration (i.e., online), it MUST
       also be bound to the vfio_ap device driver.

    4. When a queue is bound to the vfio_ap driver and its APQN
       is assigned to an mdev device in use by a guest, the guest will
       be given access to the queue.

    5. When a queue is unbound from the vfio_ap driver and its APQN
       is assigned to an mdev device in use by the guest, access to
       the card containing the queue will be removed from the guest.
       Keep in mind that we can not deny access to a specific queue
       due to the architecture (i.e., clearing a bit in the AQM
       removes access to the queue for all adapters)

    6. When an adapter is assigned to an mdev device that is in use
       by a guest, the guest will be given access to the adapter.

    7. When an adapter is unassigned from an mdev device that is in use
       by a guest, access to the adapter will removed from the guest.

    8. When a domain is assigned to an mdev device that is in use
       by a guest, the guest will be given access to the domain.

    9. When a domain is unassigned from an mdev device that is in use
       by a guest, access to the domain will removed from the guest.



Regards,
Halil
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux