Xen project Mailing List

Re: [PATCH v3 3/3] xsm: properly handle error from XSM init

From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Tue, 7 Jun 2022 08:14:22 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654604165; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=EkEJdzTn5wsupDMSIaSNG6LmQ+ASAiYE6Uzwve0WIJE=; b=jWr599UIyhQbZ8Q8Q8Bt9FmrxG4SrN1RAZvgkDiiEolmp0pW+uHFYkCKqlVjnu4Uvox66ch1GJnhPKGR37hJcHlCQLXxuYdC67MtZGhoEhZymVKLYhaIM2HbyvcO2MsHHTdCFHuXaOiuKPELf9Bx4yynOV5SLsfkcyL6kuLec0w=

Arc-seal: i=1; a=rsa-sha256; t=1654604165; cv=none; d=zohomail.com; s=zohoarc; b=ggJv8rlHPL9u04m2KPPkaH+voFIJIw6qfNNHk5w0n8a9cg5m6z040O1FrxStQ27jH0ozJSFJ5ANG8XMVkFRhwDMxjbdIBWn+G1Rkh8mDXz/e+MlLVuEAO8sSNDfy9uCgdh6pvOvqkHOPkKpigHFnFOGcgcdQMsmDKKvhp7vI8+Q=

Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Tue, 07 Jun 2022 12:16:16 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 6/1/22 02:14, Jan Beulich wrote: > On 31.05.2022 17:08, Daniel P. Smith wrote: >> @@ -1690,7 +1691,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) >> >> open_softirq(NEW_TLBFLUSH_CLOCK_PERIOD_SOFTIRQ, >> new_tlbflush_clock_period); >> >> - if ( opt_watchdog ) >> + if ( opt_watchdog ) >> nmi_watchdog = NMI_LOCAL_APIC; >> >> find_smp_config(); > > Please omit formatting changes to entirely unrelated pieces of code. Ack. this was in simliar vein of the other patches where I cleaned nearby trailing space. >> @@ -1700,7 +1701,11 @@ void __init noreturn __start_xen(unsigned long mbi_p) >> mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges", >> RANGESETF_prettyprint_hex); >> >> - xsm_multiboot_init(module_map, mbi); >> + if ( xsm_multiboot_init(module_map, mbi) ) >> + warning_add("WARNING: XSM failed to initialize.\n" >> + "This has implications on the security of the system,\n" >> + "as uncontrolled communications between trusted and\n" >> + "untrusted domains may occur.\n"); > > Uncontrolled communication isn't the only thing that could occur, aiui. > So at the very least "e.g." or some such would want adding imo. Agreed, this was a reuse of the existing message and honestly I would like to believe this was the original author's attempt at brevity versus writing a detailed message of every implication to the security of the system. > Now that return values are checked, I think that in addition to what > you already do the two function declarations may want decorating with > __must_check. Understood but likely not necessary based on Andy's review suggestion to move these functions to void. v/r, dps

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.