Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp206715imm; Wed, 22 Aug 2018 02:44:40 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaRuNzdTuaWvG116EOnPAEQhmvcNdBgpBs8su7djr/NVVHNHKITT7/aRR9aAk0V560Q+mKE X-Received: by 2002:a62:768d:: with SMTP id r135-v6mr4651315pfc.224.1534931080573; Wed, 22 Aug 2018 02:44:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534931080; cv=none; d=google.com; s=arc-20160816; b=EAkWozBNyi//vLPynPWkuE5zahy+5/peDWMiKMxnaJVDo4j23Jl0rswFhHJ16Zk5dH C1Fu5Kdom42wNdeuL0W127+aQxupFbn2LuHQzbBY7laiJDjcA0BfuB5B0qFE+KKtqpZK B75CmeUZULtYhagJt1G/8nkEEG96X4LOzmW9CPPZvu8oW+rbF5MmXH5uxS/w076Vz639 DEKy0J7lOQoVT96u9FvhuueYrG6H/lQy0QzeP3mmb6aWVpghTdbIPT1u54JvFXBCNmsL oJEV+gvT261lWn8X9lTRreIgrzZI3pDyS0IGTqEvEkyQfnTVGkPmFNt/ATS2Yak28/5r 0ZIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=FsYwiu7Bi1NYNzFs23C+J+0kK4b89iGqDHaYoBcnDso=; b=IIavK/bDz6fVUbd9KW7nXgMhAlENeTEAasyS0q0Vx23Gfv6zo+SCXwZgyTC80YaKXi UCFsRq8FedgHV/paUe1PxMlP9jFlWkHklEjsvp6nrGpHxRJ2JNhtod9e85VF7aY+yD5p X+gvu2205kGCKMxE3fymXXcXiziF1uySV9UVhytS+delZGs+Sd12F3g2oeCffIr83KCw J0bCl9ovEyitRAV1Vqsfe3Imyllgevk1mUTkiRdVKbt9z3qghzyf4wMCFzf8hEgaxUAI kxoRsQIgMsLC15TXWc9mDmi8rpK4AFrHQqITdWMzg9YLQkrKKbtzQGM0huFhNKIA387I gwCg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n72-v6si1434295pfk.14.2018.08.22.02.44.25; Wed, 22 Aug 2018 02:44:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728708AbeHVNHG convert rfc822-to-8bit (ORCPT + 99 others); Wed, 22 Aug 2018 09:07:06 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:48820 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728246AbeHVNHG (ORCPT ); Wed, 22 Aug 2018 09:07:06 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6E9C387916; Wed, 22 Aug 2018 09:42:57 +0000 (UTC) Received: from gondolin (dhcp-192-222.str.redhat.com [10.33.192.222]) by smtp.corp.redhat.com (Postfix) with ESMTP id BD18210EE6CB; Wed, 22 Aug 2018 09:42:52 +0000 (UTC) Date: Wed, 22 Aug 2018 11:42:50 +0200 From: Cornelia Huck To: Halil Pasic Cc: Tony Krowiak , Tony Krowiak , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, freude@de.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, borntraeger@de.ibm.com, kwankhede@nvidia.com, bjsdjshi@linux.vnet.ibm.com, pbonzini@redhat.com, alex.williamson@redhat.com, pmorel@linux.vnet.ibm.com, alifm@linux.vnet.ibm.com, mjrosato@linux.vnet.ibm.com, jjherne@linux.vnet.ibm.com, thuth@redhat.com, pasic@linux.vnet.ibm.com, berrange@redhat.com, fiuczy@linux.vnet.ibm.com, buendgen@de.ibm.com, frankja@linux.ibm.com Subject: Re: [PATCH v9 12/22] s390: vfio-ap: sysfs interfaces to configure control domains Message-ID: <20180822114250.59a250aa.cohuck@redhat.com> In-Reply-To: References: <1534196899-16987-1-git-send-email-akrowiak@linux.vnet.ibm.com> <1534196899-16987-13-git-send-email-akrowiak@linux.vnet.ibm.com> <20180820162317.08bd7d23.cohuck@redhat.com> <660de00a-c403-28c1-4df4-82a973ab3ad5@linux.ibm.com> <20180821172548.57a6c758.cohuck@redhat.com> <82a391ee-85b1-cdc7-0f9b-d37fd8ba8e47@linux.ibm.com> Organization: Red Hat GmbH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 22 Aug 2018 09:42:57 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 22 Aug 2018 09:42:57 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'cohuck@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 22 Aug 2018 01:18:20 +0200 Halil Pasic wrote: > On 08/21/2018 07:07 PM, Tony Krowiak wrote: > > This convention has been enforced by the kernel since v1. This is also > > enforced by both the LPAR as well as in z/VM. The following is from the > > PR/SM Planning Guide: > > > > Control Domain > > A logical partition's control domains are those cryptographic domains for which remote secure > > administration functions can be established and administered from this logical partition. This > > logical partition’s control domains must include its usage domains. For each index selected in the > > usage domain index list, you must select the same index in the control domain index list > > That's interesting. > > IMHO this quote is quite a half-full half-empty cup one: > * it mandates the set of usage domains is a subset of the set > of the control domains, but > * it speaks of independent controls, namely about the 'usage domain index' > and the 'control domain index list' and makes the enforcement of the rule > a job of the administrator (instead of codifying it in the controls). I'm wondering if a configuration with a usage domain that is not also a control domain is rejected outright? Anybody tried that? :) > > > > > Consequently, I'm going to opt for ensuring this is clearly documented. Based on the fact you've > > requested clarification of many points described in this section of the doc, I > > think I'll try putting my meager skills as a wordsmith to work to hopefully clarify things. > > I'll run it by you when I complete that task to see if I've succeeded:) > > I don't think just a doc update will do. Let me explain why. > > What describe as "... note that the AQM and ADM masks configured for the > mediated matrix device will be logically OR'd together to create the ADM > stored in the CRYCB referenced from the guest's SIE state description." > is a gotcha at best. The member of struct ap_matrix and the member of the > respective apcb in the crycb are both called 'adm', but ap_matrix.adm is > not an ADM as we know it from the architecture, but rather ~ AQM & ADM. > > I feel pretty strongly about this one. If we want to keep the enforcement > in the kernel, I guess, the assign_domain should set the bit corresponding > bit not only in ap_matrix.aqm but also in ap_matrix.adm. When the > ap_matrix is committed into the crycb no further manipulating the masks > should take place. Would you be fine if the control domain interface stated that it is used to configure _additional_ control domains and the usage domain interface stated that it is used to define usage and implicitly also control domains? (And make the usage domain interface also set the equivalent bit in the control domain mask.) > > I don't feel strongly about whether to enforce this convention about AQM > and ADM in the kernel or not. Frankly, I don't know what is behind the > rule. Since I can't tell if any problems are to be expected if this > convention is violated, I would feel more comfortable if the rule was > accommodated higher in the management stack. I guess it depends: - If this is a case of: "Don't configure control domains that are not also usage domains. You are likely to go through {code,firmware,hardware} paths that are generally not used.", configure it in the kernel. - If this rather is "Everybody is doing that, it's a general convention.", configure it higher up in the stack (libvirt?)