[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 2/3] xsm: consolidate loading the policy buffer

  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 7 Jun 2022 15:58:19 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eN69vorWK8qAaqyxGuU7P7QSV6TX9WVFh6JvHOKCMuA=; b=MtktUecg/RMfQB+XQ3UnWdug9I3eHDwB/PhhIGArP57vwxRPvbigEFwjo30Tzi4TQ+3aR+e010uCYOx0DzFm29qBnoEK/QDafe/w3rldholgLaJIdgfTdl7dVXnrbx61xh8Mmzku6w902yEapSHyIcsppR2zCKya998+nIJneHEcHhLLdGwrwnDgltVNKZs6Gn3NzfUvs/7/+u0Smbc0IHpawp4ybfJUjcAkirhR1bsoJY1/D4KjrhRF3fsbxH2mbQQaPUhnqJ2lJdLZdQ23+rj05JiPEFZ5ONhHWXEUspJbPC4IxXHGE9zogbEjFTrYubgD5gfM9Kq8AHIvoBbfOw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZIGNQJjpDAiRHVJ01EMeFEq4JXCf+/NYx/zxsIfeew2qgKsJIbpNxXoskBOZEi+6th4Eend/5iLqebsXmjQ+kv7M8CX6lIjde4XwyRpanvEY8FwI+1mArbi08OQ220qxkBCYsmVCQmqj346QIBUgPRM4DsZQG0HdKy85z+IGh/PrMzFQFEPzv+dsXWtHqM61kG25gD4yFbkWBtB4vODjWAkgwXP0zPyQbO+h+ZmJ7hvG2cnpd1kikvXXmUFGV/x5sGffgNJrke2vkY6IEboA/RvWWP49rxm9ap1vRQ4ECOJ/P0TRhv9RsSfTVw8/kMqwLCIoSJEC7L9XLVS+lvTKng==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 07 Jun 2022 13:58:28 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 07.06.2022 15:47, Daniel P. Smith wrote:
> 
> On 6/2/22 05:47, Jan Beulich wrote:
>> On 31.05.2022 20:20, Daniel P. Smith wrote:
>>> Previously, initializing the policy buffer was split between two functions,
>>> xsm_{multiboot,dt}_policy_init() and xsm_core_init(). The latter for loading
>>> the policy from boot modules and the former for falling back to built-in
>>> policy.
>>>
>>> This patch moves all policy buffer initialization logic under the
>>> xsm_{multiboot,dt}_policy_init() functions. It then ensures that an error
>>> message is printed for every error condition that may occur in the 
>>> functions.
>>> With all policy buffer init contained and only called when the policy buffer
>>> must be populated, the respective xsm_{mb,dt}_init() functions will panic 
>>> for
>>> all errors except ENOENT. An ENOENT signifies that a policy file could not 
>>> be
>>> located. Since it is not possible to know if late loading of the policy 
>>> file is
>>> intended, a warning is reported and XSM initialization is continued.
>>
>> Is it really not possible to know? flask_init() panics in the one case
>> where a policy is strictly required. And I'm not convinced it is
>> appropriate to issue both an error and a warning in most (all?) of the
>> other cases (and it should be at most one of the two anyway imo).
> 
> With how XSM currently works, I do not see how without creating a
> layering violation, as you had mentioned before. It is possible for
> flask_init() to know because the flask= parameter belongs to the flask
> policy module and can be directly checked.
> 
> I think we view this differently. A call to
> xsm_{multiboot,dt}_policy_init() is asking for a policy file to be
> loaded. If it is not able to do so is an error. This error is reported
> back to xsm_{multiboot,dt}_init() which is responsible for initializing
> the XSM framework. If it encounters an error for which inhibits it from
> initializing XSM would be an error whereas an error it encounters that
> does not block initialization should warn the user as such. While it is
> true that the only error for the xsm_multiboot_policy_init() currently
> is a failure to locate a policy file, ENOENT, I don't see how that
> changes the understanding.

Well, I think that to avoid the layering violation the decision whether
an error is severe enough to warrant a warning (or is even fatal) needs
to be left to the specific model (i.e. Flask in this case).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.