[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v12 11/14] flask/policy: allow domU to use previously-mapped I/O-memory


thank you for your thorough explanation.

On Wed, Sep 03, 2014 at 10:45:18AM -0400, Daniel De Graaf wrote:
> On 09/03/2014 07:21 AM, Ian Campbell wrote:
> >On Sat, 2014-08-30 at 18:29 +0200, Arianna Avanzini wrote:
> >>From: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>
> >>
> >>This commit allows the domU to access previously-mapped I/O-memory
> >>even if XSM is enabled and FLASK is enforced.
> >
> >CCing Daniel (XSM maintainer).
> >
> >I think this is probably OK, but I'm no XSM expert.
> >
> >(If I were writing the ocmmit message I would have said something like
> >"Update the example XSM policy to allow...")
> The message Ian suggests is a bit clearer as to the effect of the patch.

Thanks to both of you; as I took the liberty of writing the commit message for
Andrii's patch I will certainly fix my mistakes according to your suggestions.

> Regarding the patch: at minimum, a domU should only need the permissions
> defined by "use_device(domU_t, iomem_t)" to access mapped memory.  However,
> it is preferred to label the IO memory being used instead of allowing access
> to the default/fallback iomem_t.
> The intention for handing pass-through devices with FLASK is to label the
> device (either using the tool flask-label-pci or manually in the policy;
> example lines for the latter are present and commented out).  The example
> policy defines the type nic_dev_t as a device that is usable by domU_t, and
> docs/misc/xsm-flask.txt has an example of flask-label-pci's use.
> If you are actually only passing IO memory and not a PCI device, labeling
> the IO memory range would be the preferred solution.  If you cannot label
> it statically, a tool similar to flask-label-pci for memory will be needed -
> something like "flask-label-resource <type> <start>-<end> <label>".  This
> may be more common on ARM than on x86; I am not familiar with pass-through
> on ARM, and the only non-PCI device on x86 that I have used pass-through on
> is the TPM, which has a well-defined IO memory range.

When using the iomem option to make an I/O-memory range available to a domU
the mapping to be performed is explicitly defined by domain configuration,
so labeling it should be possible, if I understood things correctly.

> -- 
> Daniel De Graaf
> National Security Agency

 * Arianna Avanzini
 * avanzini.arianna@xxxxxxxxx
 * 73628@xxxxxxxxxxxxxxxxxxx

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.