[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping


  • To: Jan Beulich <JBeulich@xxxxxxxx>
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Wed, 23 Aug 2017 11:56:14 -0400
  • Cc: christopher.w.clark@xxxxxxxxx, xen-devel@xxxxxxxxxxxxx
  • Delivery-date: Wed, 23 Aug 2017 15:56:26 +0000
  • Ironport-phdr: 9a23:zaZzaBEJ+jjPIi2qPCy8Q51GYnF86YWxBRYc798ds5kLTJ7ypMqwAkXT6L1XgUPTWs2DsrQf2rqQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDmwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6zTZ9MaQXdKUNhXWSJPH4iwa5IDA/QdMepdqYT2ulkAogakBQS0Ge3h1DFIiH/106M03esuHgPJ0xAvEd8VrHTZrs/4OLsOXe27zqTFyyjIYfNM2Tf67YjFah4vruuKXbJxb8XRzVQkGQ3bgV6NqILlJSma2f4Ds2OG6OdvSO2vhHM5pAF+uDig3NwhipXJh40JylDE8j91wIAuJdKiUkJ7btmkEIVJuiycKoB4QdsiTnl1tCs1xbAKo562cDUQxJg5yBPTdeaLf5WO7xn+TuieOy14i2hgeL+nghay9lWvxfPkW8mv1VZKsjJFkt7RtnARzxDT6taISv96/kq5xTaAzRrT6uBZIUAvj6bbN54gzaIwlpoUq0jDGDP5mF7qg6OMc0Uk++yo5/zmYrXguJCcK5d5hhzxP6khgMCyAfk0PhIQU2WU5+iwzqDv8VX8QLpQj/02lqfZsIrdJcQevqO2HgBV3Zs95BawFTepys8VnWUHLV1ZeBKHiJLlO1fVIP/iF/u/jFOskClzy/DcIrLhGonNLmTEkLr5ebhw9lBTyBc3zdBe+51UCqoMIOnuWk/qqtPUFAM2Mwuxw+z/EtVyypseWX6TAq+eKK7drV+I5vguI+mXeI8Vvy79K/g76P70l3M4l0URcrWt3ZQNcnC4He9rI0qcYXX2g9cBFX0GsRY5TOzvkFeCSyJcZ26uX6Ig4TE2EI2nApnFRoy0nbOOwjm7EYNSZm1dDlCMEGzod5mfW/sWZyOdPMlhniYDVbi7RI9ynS2p4S3zzfJNI/fQ+yYY/cbB/tVo4+zYlTkp6Cd5Sc+a1jfeYXtzmzYkTjk30aQ3jUE15U2K2KYw1/BXGdFc/fphThYxNZmayfdzTd/1RFSSLZ+yVF+6T4D+UnkKRdUrzopLOhwlFg==
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 08/22/2017 04:18 AM, Jan Beulich wrote:
On 18.08.17 at 23:55, <dgdegra@xxxxxxxxxxxxx> wrote:
On 08/18/2017 05:02 PM, christopher.w.clark@xxxxxxxxx wrote:
From: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>

Isolation of devices passed through to domains usually requires an
active IOMMU. The existing method of requiring an IOMMU is via a Xen
boot parameter ("iommu=force") which will abort boot if an IOMMU is not
available.

More graceful degradation of behaviour when an IOMMU is absent can be
achieved by enabling XSM to perform enforcement of IOMMU requirement.

This patch enables an enforceable XSM policy to specify that an IOMMU is
required for particular domains to access devices and how capable that
IOMMU must be. This allows a Xen system to boot whilst still
ensuring that an IOMMU is active before permitting device use.

Using a XSM policy ensures that the isolation properties remain enforced
even when the large, complex toolstack software changes.

For some hardware platforms interrupt remapping is a strict requirement
for secure isolation. Not all IOMMUs provide interrupt remapping.
The XSM policy can now optionally require interrupt remapping.

The device use hooks now check whether an IOMMU is:
   * Active and securely isolating:
      -- current criteria for this is that interrupt remapping is ok
   * Active but interrupt remapping is not available
   * Not active

This patch also updates the reference XSM policy to use the new
primitives, with policy entries that do not require an active IOMMU.

Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>

Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

To be honest, for this kind of a change I would have hoped for
a Reviewed-by (by you or someone else), not just an Acked-by.
Hence I'm hesitant to put the patch in right away.

Jan

I'll keep that in mind for the future.  I have looked at this patch
in depth, so you can change that to

Reviewed-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.