[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 1/2] xsm: create idle domain privileged and demote after setup
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 26 Apr 2022 06:43:54 -0400
- Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650969887; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=hj+dEkNlqWhPGTS1YlWUm/Kq/vBPWzD4km56q01emc8=; b=BM3XT+M9a3hxMB4Bh0kBrBKyJ2A9bPQeUQQ+iMdzujGHCNr4g76Ogb7+VZ55fEnP6AgsdOvvJerDpENglM6CWy1RZOqhk8FQvuy29GToHZAiNxYhrkbGiki8LyERhQNXQWrHEo7Bv0dY1FVuJEi1VxXZ1O0X+PgqpUP2VdsPHkc=
- Arc-seal: i=1; a=rsa-sha256; t=1650969887; cv=none; d=zohomail.com; s=zohoarc; b=iUfO5XZhhaxFKUapN+vEdfaDWAfsfylK5KWGJjm3l3yF/PfNTrFVxs0DW05GTOJwbkhn50V0A1QezI5K2YdQ8xMD+91QLP4t0UIRn9nDKlcmB3/l4ec5rC/tW4Wa0spTy6kP50rXSi1FSz90KczW5XaMjxXKXKPnEU+WI0XXBTY=
- Cc: scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Tue, 26 Apr 2022 10:44:56 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 4/26/22 02:35, Jan Beulich wrote:
On 25.04.2022 19:22, Daniel P. Smith wrote:
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -621,6 +621,9 @@ static void noreturn init_done(void)
void *va;
unsigned long start, end;
+ if ( xsm_set_system_active() != 0 )
+ panic("xsm: unable to set hypervisor to SYSTEM_ACTIVE privilege\n");
Roger did request that the panic() either also report the error
code, or that the function be returning bool. You did neither,
and your earlier verbal reply also didn't really respond to this
part of Roger's comments.
Opps, my apologies. I meant to add his suggestion of adding the error to
the panic message.
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -186,6 +186,26 @@ static int cf_check flask_domain_alloc_security(struct
domain *d)
return 0;
}
+static int cf_check flask_set_system_active(void)
+{
+ struct domain *d = current->domain;
+
+ if ( d->domain_id != DOMID_IDLE )
+ {
+ printk("xsm_set_system_active should only be called by idle domain\n");
+ return -EPERM;
+ }
+
+ /*
+ * While is_privileged has no significant meaning under flask, set to false
+ * as there are times in hypervisor code privilege checks check this
+ * directly instead of going through XSM.
+ */
It feels as if there is "which" missing between "checks" and "check",
or something else (better fitting "as there are times"), without which
the sentence is a little hard to follow.
You are correct, will fix.
v/r
dps
|
