[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/6] xsm: enabling xsm to always be included

  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 18 Jun 2021 12:53:47 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/PhQsZuKUsAcWxEPaVSWy0dBjr4KgKkVrqO+WXylHhQ=; b=Zmj9ORv0h+WOJiG4+cbSuBnUQ/lYz5ugWQR+B2YxjFGnGAKTnAeyLqI41F4zRAh9dHHSi1lpd5XXibms16GTvmt3t0jE7AJOXR7h15JC34TW6+rxWnlk5C7Zxj7UJfpARofnje3yNken8rvr7OgRkERrzkMjnpIngoxkazfog3u36elYEy9vXCKgMdxCSuP68QLPPqDwwTmBFELFr4qwSkhtuB93IhxGQBeq8hdX7C5qlXstQ3SrLBoRxRiyM5/rMqcEAknVy+Gw3jfhm23IChadU3XlH75n8h4dak4BjU89m/RYRWyEUq427GGdr942N2nOuZJFB8Cr5y2F4Za5NQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=abu0kwg3UMTF0deug6nVxTOvsZzJaU6clh5fltpHGYf7kO7f7WxV5a8OoycgRrkkyiRWwe/0+WmEPLF/fvs1R7NTV8uzDrio3DA24FSV/ohfpdqG6pYC7L9S46lVfECquZBtn2R0rUUq1DiMokrBKwcGCbN+I+loVgz2Dk9KmBtdDngZ5oMb4P+Iqu1/qsNGIcryIsB1RBju1H2HY4Pu1NnLvJfiEbBo/pnlFZQO7F8veoHJB83uib6qR26lODJR1FWnl3i2mapekW+hQjvREbZCksb1iAr18+bvBwgfXyjFyVKRWt5Zdt8kQsLD3F7s4ICrDEKlmAigWOrCmyf1UA==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, "George Dunlap" <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, "Petre Pircalabu" <ppircalabu@xxxxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, <persaur@xxxxxxxxx>, <christopher.w.clark@xxxxxxxxx>, <adam.schwalm@xxxxxxxxxx>, <scott.davis@xxxxxxxxxx>
  • Delivery-date: Fri, 18 Jun 2021 11:54:06 +0000
  • Ironport-hdrordr: A9a23:BeP1JK5wuVjk2rs0qgPXwVOBI+orL9Y04lQ7vn2ZFiY6TiXIra +TdaoguSMc6AxwZJkh8erwXJVoMkmsi6KdhrNhQotKPTOWxFdASbsC0WKM+UyaJ8STzJ866U 4kSdkCNDSSNykJsS+Z2njBLz9I+rDum8rE9ISurQYYcegpUdAG0+4QMHfpLqQcfng+OXNWLu v42iMKnUvbRZxBBf7LdkXtEtKz5uEi0/ndEFY7Li9izDPLoSKj6bb8HRTd9hACUwlXybNn1W TeiQT26oiqrvn+k3bnpizuxqUTvOGk5spIBcSKhMRQAjLwijywbIAkf7GZpjg6rMym9V5vut jRpBULOdh19hrqDyGIiCqo/zOl/Ccl6nfkx1Pdq2Dku9bFSDUzDNcErZ5FczPCgnBQ+O1U4e Zu5Sa0ppBXBRTPkGDW/N7TTSxnkUKyvD4LjfMTtXpCSoETAYUh6LD3xHklVqvoIRiKsbzOSI JVfZnhDbdtABGnhknizy5SKIfGZAVpIv/uKXJyz/B80FBt7TxEJgUjtZYidtppzuN3d3B+3Z WzDk1frsACciYnV9MLOA4/e7r/NoXse2OCDIvAGyWoKEk4U0i94aIft49Fld1CPqZ4kacPpA ==
  • Ironport-sdr: 7R8d5lzPhwnbscsORUUMIlLwzUpjHBZxqTm8U2sH6XAjzh6q+hTTUeURg0CQIVPaO+QGkjDEc0 nxd1XUlYM2C9G1VDfjJ1Pw2EgD56aTVgnPotWylCJSnv+2hbycwR8O+DzkdCMO0ijWsU76W3BT IEECIuKakQPaHOll5nzpLspMPyXCq7jxfJyVmAE/jxUMNiktRRoLjo1Nh5xBr3Gh0J4FoQx9Ri 8ajzkoj76EhC3fvlm8eribNUP6a9o/c0F2Gk2TkmBUCN/CYdOcxLA2QuSrTXIag+w35aPpnjvm ku8=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 18/06/2021 00:39, Daniel P. Smith wrote:
> The only difference between !CONFIG_XSM and CONFIG_XSM with !CONFIG_XSM_SILO 
> and !CONFIG_XSM_FLASK
> is whether the XSM hooks in dummy.h are called as static inline functions or 
> as function
> pointers to static functions. As such this commit,
>  * eliminates CONFIG_XSM
>  * introduces CONFIG_XSM_EVTCHN_LABELING as replacement for enabling event 
> channel labels
>  * makes CONFIG_XSM_SILO AND CONFIG_XSM_FLASK default to no
>
> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
> ---
>  xen/common/Kconfig            |  55 ++++-----
>  xen/include/xen/sched.h       |   2 +-
>  xen/include/xsm/xsm-core.h    |  26 ----
>  xen/include/xsm/xsm.h         |   8 --
>  xen/xsm/Makefile              |   4 +-
>  xen/xsm/dummy.c               |   4 +-
>  xen/{include => }/xsm/dummy.h | 220 ++++++++++++++++------------------
>  xen/xsm/silo.c                |  17 +--
>  xen/xsm/xsm_core.c            |   4 -
>  9 files changed, 142 insertions(+), 198 deletions(-)
>  rename xen/{include => }/xsm/dummy.h (63%)
>
> diff --git a/xen/common/Kconfig b/xen/common/Kconfig
> index 0ddd18e11a..203ad7ea23 100644
> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -197,22 +197,33 @@ config XENOPROF
>  
>         If unsure, say Y.
>  
> -config XSM
> -     bool "Xen Security Modules support"
> -     default ARM
> -     ---help---
> -       Enables the security framework known as Xen Security Modules which
> -       allows administrators fine-grained control over a Xen domain and
> -       its capabilities by defining permissible interactions between domains,
> -       the hypervisor itself, and related resources such as memory and
> -       devices.
> +menu "Xen Security Modules"
>  
> -       If unsure, say N.
> +choice
> +     prompt "Default XSM module"
> +     default XSM_SILO_DEFAULT if XSM_SILO && ARM
> +     default XSM_FLASK_DEFAULT if XSM_FLASK
> +     default XSM_SILO_DEFAULT if XSM_SILO
> +     default XSM_DUMMY_DEFAULT
> +     config XSM_DUMMY_DEFAULT
> +             bool "Match non-XSM behavior"

There is no non-XSM behaviour any more.

Is it time to rename Dummy to "traditional dom0-all-powerful" or
something suitable?

> +     config XSM_FLASK_DEFAULT
> +             bool "FLux Advanced Security Kernel" if XSM_FLASK
> +     config XSM_SILO_DEFAULT
> +             bool "SILO" if XSM_SILO
> +endchoice
> +
> +config XSM_EVTCHN_LABELING
> +     bool "Enables security labeling of event channels"
> +     default n
> +     ---help---
> +      This enables an XSM module to label and enforce access control over
> +      event channels.

Please use help rather than ---help--- for new options (its changed in
upstream Kconfig).  The indentation of the help message wants to be one
tab, then two spaces.  (Yes, sadly...)

>  config XSM_FLASK
> -     def_bool y
> +     def_bool n
>       prompt "FLux Advanced Security Kernel support"
> -     depends on XSM
> +     select XSM_EVTCHN_LABELING
>       ---help---
>         Enables FLASK (FLux Advanced Security Kernel) as the access control
>         mechanism used by the XSM framework.  This provides a mandatory access
> @@ -250,9 +261,8 @@ config XSM_FLASK_POLICY
>         If unsure, say Y.
>  
>  config XSM_SILO
> -     def_bool y
> +     def_bool n

I'm not sure we want to alter the FLASK/SILO defaults.  SILO in
particular is mandatory on ARM, and without it, you're in a security
unsupported configuration.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.