[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly

When the hypervisor is booted with an XSM policy containing an error
(such as a mismatched permission value), this error is mostly ignored
during boot.  This causes FLASK to suspend security policy enforcement
until a policy is loaded, effectively allowing all access.

This patch adds a call to panic() if the policy load fails and a
security policy was specified.  If no security policy was specified, the
existing behavior remains to allow systems to load the security policy
during the boot process with "xl loadpolicy".  A distinct initialization
message has been added to distinguish this case from a successful policy
load in logs.

To clarify that the return value of XSM initcalls is ignored, this patch
also changes the return type of these functions to void.

Reported-by: Julien Grall <julien.grall@xxxxxxxxxx>
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
 xen/include/xsm/xsm.h |  2 +-
 xen/xsm/flask/hooks.c | 15 +++++++++------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4ce089f..0437735 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -42,7 +42,7 @@ typedef enum xsm_default xsm_default_t;
 extern char *policy_buffer;
 extern u32 policy_size;
-typedef int (*xsm_initcall_t)(void);
+typedef void (*xsm_initcall_t)(void);
 extern xsm_initcall_t __xsm_initcall_start[], __xsm_initcall_end[];
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index d48463f..ac5d58f 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1625,14 +1625,14 @@ static struct xsm_operations flask_ops = {
-static __init int flask_init(void)
+static __init void flask_init(void)
-    int ret = 0;
+    int ret;
     if ( !flask_enabled )
         printk("Flask:  Disabled at boot.\n");
-        return 0;
+        return;
     printk("Flask:  Initializing.\n");
@@ -1645,12 +1645,15 @@ static __init int flask_init(void)
     ret = security_load_policy(policy_buffer, policy_size);
-    if ( flask_enforcing )
+    if ( ret && policy_size )
+        panic("Flask: Unable to load XSM policy");
+    if ( ret )
+        printk("Flask:  Starting with no policy loaded.\n");
+    else if ( flask_enforcing )
         printk("Flask:  Starting in enforcing mode.\n");
         printk("Flask:  Starting in permissive mode.\n");
-    return ret;

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.