From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Tejun Heo <tj@kernel.org>, Vipin Sharma <vipinsh@google.com>
Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com,
jon.grimm@amd.com, eric.vantassell@amd.com, pbonzini@redhat.com,
seanjc@google.com, lizefan@huawei.com, hannes@cmpxchg.org,
frankja@linux.ibm.com, corbet@lwn.net, joro@8bytes.org,
vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, gingell@google.com, rientjes@google.com,
dionnaglaze@google.com, kvm@vger.kernel.org, x86@kernel.org,
cgroups@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [Patch v3 0/2] cgroup: KVM: New Encryption IDs cgroup controller
Date: Thu, 10 Dec 2020 15:54:01 +0100 [thread overview]
Message-ID: <4f7b9c3f-200e-6127-1d94-91dd9c917921@de.ibm.com> (raw)
In-Reply-To: <X9E6eZaIFDhzrqWO@mtj.duckdns.org>
On 09.12.20 21:58, Tejun Heo wrote:
> Hello,
>
> Rough take after skimming:
>
> * I don't have an overall objection. In terms of behavior, the only thing
> which stood out was input rejection depending on the current usage. The
> preferred way of handling that is rejecting future allocations rather than
> failing configuration as that makes it impossible e.g. to lower limit and
> drain existing usages from outside the container.
>
> * However, the boilerplate to usefulness ratio doesn't look too good and I
> wonder whether what we should do is adding a generic "misc" controller
> which can host this sort of static hierarchical counting. I'll think more
> on it.
We first dicussed to have
encryption_ids.stat
encryption_ids.max
encryption_ids.current
and we added the sev in later, so that we can also have tdx, seid, sgx or whatever.
Maybe also 2 or more things at the same time.
Right now this code has
encryption_ids.sev.stat
encryption_ids.sev.max
encryption_ids.sev.current
And it would be trivial to extend it to have
encryption_ids.seid.stat
encryption_ids.seid.max
encryption_ids.seid.current
on s390 instead (for our secure guests).
So in the end this is almost already a misc controller, the only thing that we
need to change is the capability to also define things other than encryption.*.*
And of course we would need to avoid adding lots of random garbage to such a thing.
But if you feel ok with the burden to keep things kind of organized a misc
controller would certainly work for the encryption ID usecase as well.
So I would be fine with the thing as is or a misc controlĺer.
Christian
WARNING: multiple messages have this Message-ID (diff)
From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Tejun Heo <tj@kernel.org>, Vipin Sharma <vipinsh@google.com>
Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com,
jon.grimm@amd.com, eric.vantassell@amd.com, pbonzini@redhat.com,
seanjc@google.com, lizefan@huawei.com, hannes@cmpxchg.org,
frankja@linux.ibm.com, corbet@lwn.net, joro@8bytes.org,
vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, gingell@google.com, rientjes@google.com,
dionnaglaze@google.com, kvm@vger.kernel.org, x86@kernel.org,
cgroups@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [Patch v3 0/2] cgroup: KVM: New Encryption IDs cgroup controller
Date: Thu, 10 Dec 2020 15:54:01 +0100 [thread overview]
Message-ID: <4f7b9c3f-200e-6127-1d94-91dd9c917921@de.ibm.com> (raw)
In-Reply-To: <X9E6eZaIFDhzrqWO@mtj.duckdns.org>
On 09.12.20 21:58, Tejun Heo wrote:
> Hello,
>
> Rough take after skimming:
>
> * I don't have an overall objection. In terms of behavior, the only thing
> which stood out was input rejection depending on the current usage. The
> preferred way of handling that is rejecting future allocations rather than
> failing configuration as that makes it impossible e.g. to lower limit and
> drain existing usages from outside the container.
>
> * However, the boilerplate to usefulness ratio doesn't look too good and I
> wonder whether what we should do is adding a generic "misc" controller
> which can host this sort of static hierarchical counting. I'll think more
> on it.
We first dicussed to have
encryption_ids.stat
encryption_ids.max
encryption_ids.current
and we added the sev in later, so that we can also have tdx, seid, sgx or whatever.
Maybe also 2 or more things at the same time.
Right now this code has
encryption_ids.sev.stat
encryption_ids.sev.max
encryption_ids.sev.current
And it would be trivial to extend it to have
encryption_ids.seid.stat
encryption_ids.seid.max
encryption_ids.seid.current
on s390 instead (for our secure guests).
So in the end this is almost already a misc controller, the only thing that we
need to change is the capability to also define things other than encryption.*.*
And of course we would need to avoid adding lots of random garbage to such a thing.
But if you feel ok with the burden to keep things kind of organized a misc
controller would certainly work for the encryption ID usecase as well.
So I would be fine with the thing as is or a misc controlĺer.
Christian
next prev parent reply other threads:[~2020-12-10 14:56 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-09 20:54 [Patch v3 0/2] cgroup: KVM: New Encryption IDs cgroup controller Vipin Sharma
2020-12-09 20:54 ` [Patch v3 1/2] cgroup: svm: Add Encryption ID controller Vipin Sharma
2020-12-09 20:54 ` [Patch v3 2/2] cgroup: svm: Encryption IDs cgroup documentation Vipin Sharma
2020-12-09 20:58 ` [Patch v3 0/2] cgroup: KVM: New Encryption IDs cgroup controller Tejun Heo
2020-12-09 20:58 ` Tejun Heo
2020-12-10 14:54 ` Christian Borntraeger [this message]
2020-12-10 14:54 ` Christian Borntraeger
2020-12-10 23:44 ` David Rientjes
2020-12-16 15:27 ` Tejun Heo
2020-12-16 20:02 ` Vipin Sharma
2020-12-16 20:02 ` Vipin Sharma
2021-01-05 15:36 ` Tejun Heo
2021-01-06 18:45 ` Vipin Sharma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4f7b9c3f-200e-6127-1d94-91dd9c917921@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=cgroups@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=dionnaglaze@google.com \
--cc=eric.vantassell@amd.com \
--cc=frankja@linux.ibm.com \
--cc=gingell@google.com \
--cc=hannes@cmpxchg.org \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=jon.grimm@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tj@kernel.org \
--cc=vipinsh@google.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.