Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3972665ybi; Tue, 18 Jun 2019 09:28:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqwzU+HtlEfT6gqTU4SJO9tk2kg/vKbMdwtco3TY4Q/1zLrwDdWr9Ey/aZwFIcpA/WyuVlVG X-Received: by 2002:a63:1617:: with SMTP id w23mr3389542pgl.183.1560875308526; Tue, 18 Jun 2019 09:28:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560875308; cv=none; d=google.com; s=arc-20160816; b=OHxznzgoy77FEutm36wGJFdCQWzcWC2wuF4UNLVk2aunvLdalKkTXHTQhrdmG4vUNI 91ko5MhLLXqljyxtzjHto5k5kTtnNDrWmRINk5KvLPZ8N2CdQ9j5psUCl/sZn03YCxVv Zgpzl749irOBdeUVLNGKsy9RjAvv/1omkh2JXFv7ONZPg3fsfCgC1sCIOQOGl0e/e4Bg TobXADZax0V6rnvBdYmN+lew1WXOrXuIHszulfhLS46a5AGb/X9dWg6uMwhpWeNQGitH nhB7UUyGYmMLtPbVPwwdRjVGXHZNvs8Gh6zG9Li/S2iVvwfBSpJAKQeuuoeVXX7BfTzJ px6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=lFDAZZhJyrdKWXRnF1RXb84qya+oJNt4IeJP41FZQeg=; b=fVdvXWy6K1vngEdPIQP3M71UzbPZmIsuM3o4eyAPR13w3tAxONnfr/Frf/LAmZDY6y WKfPCKGQInxm0Ye0K6ePp13oLimVYa7ZRgG/6nSCVuyeAJJaeDVNrNjoeJ/VRtDsj1V2 OoaM4gzljikgbEpBd0hBTx4iXLHTJApKr63Oh0UuX2bAK3Cva9m7oreopL2c7sNxtuOa MCikYsgGV//2/S/gUbY2bOdLDQywPA0Liqov0Fwg3UlXmtJ/pvKbPxweXX0A5dKgz6S9 gRIQLZlqbdd2Jx3Ws0Pu6fxqGhKluzlpqaeH3q9Akih/yD0om5Hz7S0of35lPmW39xoy 873A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m63si2740634pjb.8.2019.06.18.09.28.13; Tue, 18 Jun 2019 09:28:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729970AbfFRQ0X (ORCPT + 99 others); Tue, 18 Jun 2019 12:26:23 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47312 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729308AbfFRQ0W (ORCPT ); Tue, 18 Jun 2019 12:26:22 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4B79F8552E; Tue, 18 Jun 2019 16:26:12 +0000 (UTC) Received: from gondolin (dhcp-192-192.str.redhat.com [10.33.192.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0860D600C8; Tue, 18 Jun 2019 16:26:00 +0000 (UTC) Date: Tue, 18 Jun 2019 18:25:58 +0200 From: Cornelia Huck To: Tony Krowiak Cc: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, freude@linux.ibm.com, borntraeger@de.ibm.com, frankja@linux.ibm.com, david@redhat.com, mjrosato@linux.ibm.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, pmorel@linux.ibm.com, pasic@linux.ibm.com, alex.williamson@redhat.com, kwankhede@nvidia.com Subject: Re: [PATCH v4 3/7] s390: zcrypt: driver callback to indicate resource in use Message-ID: <20190618182558.7d7e025a.cohuck@redhat.com> In-Reply-To: <1560454780-20359-4-git-send-email-akrowiak@linux.ibm.com> References: <1560454780-20359-1-git-send-email-akrowiak@linux.ibm.com> <1560454780-20359-4-git-send-email-akrowiak@linux.ibm.com> Organization: Red Hat GmbH MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 18 Jun 2019 16:26:22 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 13 Jun 2019 15:39:36 -0400 Tony Krowiak wrote: > Introduces a new driver callback to prevent a root user from unbinding > an AP queue from its device driver if the queue is in use. This prevents > a root user from inadvertently taking a queue away from a guest and > giving it to the host, or vice versa. The callback will be invoked > whenever a change to the AP bus's apmask or aqmask sysfs interfaces may > result in one or more AP queues being removed from its driver. If the > callback responds in the affirmative for any driver queried, the change > to the apmask or aqmask will be rejected with a device in use error. > > For this patch, only non-default drivers will be queried. Currently, > there is only one non-default driver, the vfio_ap device driver. The > vfio_ap device driver manages AP queues passed through to one or more > guests and we don't want to unexpectedly take AP resources away from > guests which are most likely independently administered. > > Signed-off-by: Tony Krowiak > --- > drivers/s390/crypto/ap_bus.c | 138 +++++++++++++++++++++++++++++++++++++++++-- > drivers/s390/crypto/ap_bus.h | 3 + > 2 files changed, 135 insertions(+), 6 deletions(-) Hm... I recall objecting to this patch before, fearing that it makes it possible for a bad actor to hog resources that can't be removed by root, even forcefully. (I have not had time to look at the intervening versions, so I might be missing something.) Is there a way for root to forcefully override this?