[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg

  • To: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>
  • From: Scott Davis <scott.davis@xxxxxxxxxx>
  • Date: Wed, 28 Jul 2021 22:11:32 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=starlab.io; dmarc=pass action=none header.from=starlab.io; dkim=pass header.d=starlab.io; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1Zp97fQxtpXmm1Md5DiyBzfqlKL2SI3KCCaXp+W27yo=; b=hunNXkKBSddzqd6UilPdmShlQAX8ItG81ynke75Ku2HcGo4XTKgHqOSFr7+bR2rWfqhjmgHajQkgXLkF/Pba/5KVsxaaIl7RnFX6nC20H+ya/b/9MkUIAu9JJAJQQl2hz8YwjXsg0RdCqT7g5cqBIHynSOjyKwTwnX/rXLU7Y3ES0qlFdom8MkFo0Y8M7snISKG7byhTwHqg+27OzI4qjnrstRbd+qo47j03RQYSKuqgQizOIhMbZrKAsxXui1CUlUTv+sYZiFGS3TxPRjzK0hQzRtvyIGuOPxVpA1TDcIhrW5bFpmTl3Az7xqX7WDI0iSOMfCq3DF8Kbb0uf7V3rA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mpn8QtDm2wo+nbQFndknbjExaWw2kAtCA4uFhGpXKGzMFbBc4QDf/SNGZgnk9X1qIRusyv/BfjyyS+OhjthNFnOuBqXJQaUJRbmLytPIFlub1oc/UOLdExg0aCAqekZWQyYe0edwCG+Ju5JULwTPTk6MIzkXpt5ffyVpm8GhVmcij7BRP73/f0aT8oBYt+4+97k7i+vuhFDORbSln+JYCQqMK8Kxmt8U8+gjimeO3h1WGf/aY5QPugRxYHMdi4mHFBW+Du6LOj9+nwpmS9SCx5QRaGv9DOpi0UQelRInsnveE4YpjfPSvG+AdPGD81VdCCfqmSlCQ6qSZ/r5QH4FZQ==
  • Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=starlab.io;
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Nick Rosbrook <rosbrookn@xxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, "Daniel P . Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 28 Jul 2021 22:12:04 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHXf33g/3arqaNk2kWsKuTBRdut1atVP0WAgAGE9YCAABRyAIABfdUAgABifoA=
  • Thread-topic: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
Thanks for the review, everyone.

On 7/26/21, 9:08 AM, Jason Andryuk wrote:
> >      libxl_domain_create_info_init(&dm_config->c_info);
> > +    libxl_domain_build_info_init(&dm_config->b_info);
> > +    libxl_domain_build_info_init_type(&dm_config->b_info, 
> > LIBXL_DOMAIN_TYPE_PV);
> > +
> 
> Is there a particular need for moving these lines here?

Without the move, these inits would have stomped on the b_info.exec_ssid* 
values set below. However...

> >      dm_config->c_info.ssidref = guest_config->b_info.device_model_ssidref;
> >      dm_config->c_info.ssid_label = NULL;
> > +    dm_config->b_info.exec_ssidref =
> > +        guest_config->b_info.device_model_exec_ssidref;
> > +    dm_config->b_info.exec_ssid_label = NULL;
> 
> At first glance, it seems only these additions are strictly necessary.
> But if only domcreate_complete is doing the relabel, then they are
> unused?

I believe you are correct. I also thought at first that setting these 
fields would be sufficient for the relabel, only to realize later that 
domcreate_complete does not get called for the stubdomain itself (and 
wouldn't be the correct place to relabel it even if it were). I will 
retest to confirm that these changes to libxl_dm.c are unnecessary and 
drop them in v2.

On 7/27/21, 9:30 AM, Ian Jackson wrote:
> Andrew Cooper writes:
> > >          ret = libxl_flask_context_to_sid(ctx, s, strlen(s),
> > >                                           
> > > &d_config->b_info.device_model_ssidref);
> > > +        if (ret) {
> > > +            if (errno == ENOSYS) {
> > > +                LOGD(WARN, domid,
> > > +                     "XSM Disabled: 
> > > device_model_stubdomain_init_seclabel not supported");
> > > +                ret = 0;
> >
> > Surely this wants to be a hard error?
> >
> > Not specifying a label is one thing, but specifying a label and having
> > it not take effect because code was compiled out of the hypervisor
> > sounds like a security hole.
> >
> > I see this is a pattern copied from elsewhere, but it seems very short
> > signed.
> 
> I wonder if this is to try to make it possible to boot a system whose
> config specifies XSM labels but with XSM disabled.
> 
> Marek, or someone, can you advise ?
> 
> My initial thoughts are to agree with Andrew that ignoring this error
> seems to me to be a bad plan, but maybe there is a good reason.
> 
> If we do want to improve this, maybe we need to update all the
> corresponding call sites.

My guess is that this pattern exists for cases where flask has been 
disabled at runtime via command line option or hypercall. However, I 
agree that lookup failure should be a hard error in these cases.
flask=permissive exists for temporarily disabling enforcement in 
development situations. As long as permissive mode is not broken by the 
change, I will plan to convert each of these warnings to hard errors in 
v2 unless someone feels otherwise.

On 7/28/21, 8:19 AM, Anthony PERARD wrote:
> On Tue, Jul 27, 2021 at 02:32:22PM +0100, Ian Jackson wrote:
> > Marek Marczykowski-Górecki writes:
> > > On Mon, Jul 26, 2021 at 09:07:03AM -0400, Jason Andryuk wrote:
> > > > Sort of relatedly, is stubdom unpaused before the guest gets
> > > > relabeled?  Quickly looking, I think stubdom is unpaused.  I would
> > > > think you want them both relabeled before either is unpaused.  If the
> > > > stubdom starts with the exec_label, but it sees the guest with the
> > > > init_label, it may get an unexpected denial?  On the other hand,
> > > > delayed unpausing of stubdom would slow down booting.
> > >
> > > Some parts of the stubdomain setup are done after it's unpaused (but
> > > before the guest is unpaused). Especially, PCI devices are hot-plugged
> > > only when QEMU is already running (not sure why).
> >
> > I think the PCI hotplug involves interaction with QEMU, and providing
> > only hotplug simplifies the code in libxl.  Anthony, do I have that
> > righgt ?
> 
> I think interaction with QEMU is needed to find out the new address of
> the PCI device in cases none were asked for. And have a single
> implementation in libxl is certainly better.
> But even if QEMU is running, I think we can still call it cold-plugged,
> when it's done before emulation is supposed to have started.

Yes, I chose to relabel the stubdomain at the same time as the guest (and 
after unpause of the stubdomain itself) specifically so that PCI device 
passthrough to the guest can be completed prior to relabeling. This does 
require dm_dom_t's build label to be the source and target of more 
privileges than if the relabeling occurred pre-launch, but none of those 
are privileges that the combined build/run dm_dom_t label doesn't (or 
wouldn't) have already. The end goal in my mind is to be able to drop as 
many of those privileges as possible before the guest itself runs, and 
there are certainly some required to setup PCI device passthrough that 
may not be needed after, depending on the use case.

I will add a discussion of this decision to the v2 commit message.

On 7/27/21, 9:50 AM, Jason Andryuk wrote:
> On Tue, Jul 27, 2021 at 9:32 AM Ian Jackson <iwj@xxxxxxxxxxxxxx> wrote:
> > Naively, it seems to me that the security risks are limited because
> > until the guest is unpaused it doesn't have the ability to do
> > anything, so cannot yet mount an attack on qemu.  So I'm expecting
> > that qemu is still trustworthy until the guest is unpaused.
> 
> I was looking at it from the other direction - protecting and guest
> and stubdom from dom0.  The nice thing you can do is prevent dom0 from
> mapping the guest's memory after the relabeling.
> 
> The relabeling placement in this patch may be okay.  The stubdom
> itself is a dom0-supplied kernel & ramdisk.  So a window of time where
> it's running before being relabeled isn't that big of a deal.  i.e.
> instead of dom0 modifying the stubdom in that window, it could just
> supply modified kernel and ramdisk initially.
> 
> Relabeling guest & stubdom prior to unpausing the guest ensures they
> both have their desired labels before the guest is unpaused.  Like you
> said, that seems to be the important part - both domains have their
> desired label before the guest starts running.  It's when the guest
> starts running that it may have sensitive contents in its memory.

My thinking, as well.

Good day,

-Scott Davis

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.