Xen project Mailing List

Re: [Xen-devel] [PATCH v2] xsm: add device tree labeling support

To: Julien Grall <julien.grall@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>

From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Date: Fri, 13 Mar 2015 10:39:46 -0400

Delivery-date: Fri, 13 Mar 2015 14:40:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 03/13/2015 06:05 AM, Julien Grall wrote:

Hi Jan,

On 13/03/2015 09:23, Jan Beulich wrote:

On 12.03.15 at 21:42, <dgdegra@xxxxxxxxxxxxx> wrote:

@@ -1999,11 +2055,23 @@ int policydb_read(struct policydb *p, void *fp)
                          "Old xen policy does not support iomemcon");
                      goto bad;
                  }
-                rc = next_entry(buf, fp, sizeof(u32) *2);
-                if ( rc < 0 )
-                    goto bad;
-                c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
-                c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
+                if ( p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE )
+                {
+                    u64 b64[2];
+                    rc = next_entry(b64, fp, sizeof(u64) *2);
+                    if ( rc < 0 )
+                        goto bad;
+                    c->u.iomem.low_iomem = le64_to_cpu(b64[0]);
+                    c->u.iomem.high_iomem = le64_to_cpu(b64[1]);
+                }
+                else
+                {
+                    rc = next_entry(buf, fp, sizeof(u32) *2);
+                    if ( rc < 0 )
+                        goto bad;
+                    c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
+                    c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
+                }


I might be completely wrong (knowing next to nothing about XSM),
but how is the permissible I/O mem range tied to DT (as expressed
by POLICYDB_VERSION_XEN_DEVICETREE)? All systems with
valid page frame number possibly being wider than 32 bits would
need this extension, i.e. namely also x86.


I guess the name POLICYDB_VERSION_XEN_DEVICETREE was arbitrarily chose.

The policy version 30 adds support for both device tree and 64 bits iomem.

Yes, the name was chosen to indicate the more significant of the two changes in policy version 30; the original (POLICYDB_VERSION_AARCH) was even more misleading although it did describe both changes.

Although, I'm wondering if we should deny policy < 30 on newer Xen because a 
truncation on the MMIO pfns may occurs and give access to the wrong pfn.

The policy build does trigger an error if a MFN larger than 32 bits is used in a static device policy statement, so this should already be covered. Denying policy lower than version 30 would break the XSM-enabled build on all distributions that do not include the newest checkpolicy binary, so I don't really want to do that without a good reason. -- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.