[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 3/3] xsm: properly handle error from XSM init


  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 31 May 2022 19:18:33 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FHHPmNQdu/8LaseeoLzbafUTfMJua3Vle91SravkGVY=; b=moIwngWll1MNwzNKc6yeeO0vdcs5G9mrATYtX2XjLwJmk5zzkqV5G/GIqnaTE3IUf41bXsuok0Pj+UyC0k+w8IEQ4a1YJO7Mq5GaTNy55WKJxuo4dRirYxFG4rNAar+LMUwkosVfJ+MginD1OQ6wBuivcIQdM9CvO2AhGEayUpFCOKzvOYTrIqfByonB5eA1WV1hzvyiRvPSow/j+iTuwVVXbr+/OQkCgZiunwu6Q55YayJin71x8y6wyoRx9U978bL5Bi7pZzh5+eI03u76jt0TjjQC0o/qdqkba7AORio2InskEeF8LUspnHowdDsjyqvG/DHKDNQuNXi/+d0SOg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QwfBOVIDi1ebPb5l6hTGDtMbwR1quoGh+1Dy661VKkEPvJW6JNEAs6BTz7WAOqPSeR9Ph6k1xAFdvTAz/TVoVNt8k0nfj05cEN31d2R6v2oi4JhDyAsHCDQktRrM4eCJC7QF9rtBXvGHTz/Gw8/8PQ2lBghR9pT3k2AUf6U7Ok3TWDmdQGSYDNi7N4FJbrQFv4muZH5v6FeHdh6d/dlRGknPEb/alFAXOE7buiuQGwoznjacscTms/lWnyKO+JjQxFWTYQKx6QlAqpSRhXq8EFNhRau4UxmVykFwO+XR7D8X6O5yNZA9rY3scW0vkEUYgz/DOfhsWhPxDjoIiQH/0w==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "scott.davis@xxxxxxxxxx" <scott.davis@xxxxxxxxxx>, "christopher.clark@xxxxxxxxxx" <christopher.clark@xxxxxxxxxx>, "jandryuk@xxxxxxxxx" <jandryuk@xxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Delivery-date: Tue, 31 May 2022 19:18:47 +0000
  • Ironport-data: A9a23:C5uJgKJLaIyDXvt3FE+Rh5UlxSXFcZb7ZxGr2PjKsXjdYENS0jdSx 2UYUWHVb63eMGenLtklYIq0pBsF75fSzYVgQAVlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vrav67xZVF/fngqoDUUYYoAQgsA149IMsdoUg7wbRh39Ux2YPR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 PVBhaSwZTY5ApbjnuEAEDxxDyY5D4QTrdcrIVDn2SCS52vvViO2hs5IVQQxN4Be/ftrC2ZT8 /BeMCoKch2Im+OxxvS8V/VogcMgasLsOevzuFk5lW2fUalgHM+FH/uiCdxwhV/cguhnG/rEa tVfQj1odBnaODVEO0sNCYJ4l+Ct7pX6W2IC9QzM/vFti4TV5C1wj7b8DdXvQfCDettRgQWah F+f3nusV3n2M/Tak1Jp6EmEivfUmCLnWKobDLCi6uNxm1qX23ASDxsNE1C8pJGRmkO4Ht5SN UEQ0i4vtrQpslymSMHnWB+1q2LCuQQTM/JuFOk95BCI27DjyQ+TDWgZTRZMcNUj8sQxQFQCy Vuhj97vQzt1v9W9Unma6qvSoTqsODM9NnMLfysNR00E5LHLq4EpjwnTSc5jHbTzhdn8AzLY2 CyDtiw3jfMSiqYj1ay98UrWnjGEqZ3ATwpz7QLSNkqv4xllfoeja8qt4ELC8PdbBI+DSx+Ku 31ss9OF8OkEAJWJlSqMaOYABrek47CCKjK0qVxyG5gs8Ry99njleppfiBl8Lkp0NscPeRfyf VTe/whW4fd7MHSmYKBtaqqtGs8qyu7mDt2jWffKBueiebB0fQ6DuTpoPEeW1mW1ykw0y/ljZ 9GcbNqmCmscBeJ/1j2qSuwB0LgtgCcj2WfUQpO9xBOiuVaDWEOopX4+GAPmRogEAGms+205L /432xO29ihi
  • Ironport-hdrordr: A9a23:W6K8vaOEQOX9nsBcT5j255DYdb4zR+YMi2TDiHoddfUFSKalfp 6V98jzjSWE8wr4WBkb6LO90DHpewKRyXcH2/hqAV7EZniohILIFvAu0WKG+VHd8kLFh4lgPM tbEpSWTeeAdWSS7vyKrjVQcexQpuVvmZrA7Yix854ud3ASV0gK1XYaNu/vKDwTeOAwP+tdKH Pz3Kp6jgvlXU5SQtWwB3EDUeSGjcbMjojabRkPAANiwBWSjBuzgYSKUySw71M7aXdi0L0i+W /Kn0jS/aO4qcy2zRfayiv684lWot380dFObfb8yfT9aw+cyDpAVr4RH4FqjwpF591HL2xa1u Ukli1QevibLUmhJ11d7yGdgzUImwxelkMKgWXo/UcL5/aJBQ7SQvAx+76wOHHimjUdlcA536 RR022DsZ1LSRvGgSTm/tDNEwpnj0yuvBMZ4KYuZlFkIP0jgYVq3MUiFYJuYeU9NTO/7JpiHP hlDcna6voTeVSGb2rBtm0qxNC3RHw8EhqPX0BH46WuonJrtWE8y1FdyN0Un38G+p54Q55Y5/ 7cOqAtkL1VVMcZYa90Ge9ES8qqDW7GRw7KLQupUB/aPbBCP2iIp4/84b0z6u3vcJsUzIEqkJ CES19cvX5aQTOYNSRP5uw+zvngehTMYd228LAu23FQgMyOeJP7dSueVVspj8ys5/0CH8yzYY fHBK5r
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYdRtxX+A3YwtAuUu8lGLDBtUPnK05XDiA
  • Thread-topic: [PATCH v4 3/3] xsm: properly handle error from XSM init

On 31/05/2022 19:20, Daniel P. Smith wrote:
> diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
> index 53a73010e0..ed67b50c9d 100644
> --- a/xen/arch/x86/setup.c
> +++ b/xen/arch/x86/setup.c
> @@ -1700,7 +1701,11 @@ void __init noreturn __start_xen(unsigned long mbi_p)
>      mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges",
>                                    RANGESETF_prettyprint_hex);
>  
> -    xsm_multiboot_init(module_map, mbi);
> +    if ( xsm_multiboot_init(module_map, mbi) )
> +        warning_add("WARNING: XSM failed to initialize.\n"
> +                    "This has implications on the security of the system,\n"
> +                    "as uncontrolled communications between trusted and\n"
> +                    "untrusted domains may occur.\n");

The problem with this approach is that it forces each architecture to
opencode the failure string, in a function which is very busy with other
things too.

Couldn't xsm_{multiboot,dt}_init() be void, and the warning_add() move
into them, like the SLIO warning for ARM already?

That would simplify both ARM and x86's __start_xen(), and be an
improvement for the RISC-V series just posted to xen-devel...

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.