[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v8 0/2] Adds starting the idle domain privileged

  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Henry Wang <Henry.Wang@xxxxxxx>
  • Date: Fri, 17 Jun 2022 03:27:28 +0000
  • Accept-language: zh-CN, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cFevtssOANJP6LvxXC7jOz2yGPru9RJwznpKXFf3yRY=; b=iWvYLGJZZgkDLlvWRv+uT4nYuUGsOCn+0l5THYTWq0LceERvj9dfVlTHB64jXfDO/IPyIBpLaRaoLdhMDGu0glXel37HKUF1AW5ci0sEBsdxb011lpXCRyIb8ejn4X6+6mD+ukIP63tyu6QIpBYtwMjDZIjVTXmkEM2K8GHOOojvmjq9F734Mdh63rx6kJYMtsqAladsP5IgEBCSLBWnCa8s4q9UoJKRwDyRoI5YtS2HapgJDCMvJR06OfFp7sl/oza0J9lBP5+cvmZyWYMw8MdeeFbtzL4NFsNycAvffGjgwo3PlKbPj+kR8XtNsF9EjRijEmTUEFc6CkTUxB4q3Q==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cFevtssOANJP6LvxXC7jOz2yGPru9RJwznpKXFf3yRY=; b=Gom5gqESgHR0m2WstdyKhm9QajSZfDRiCplDos7dreVWGkn/sr1lF7rWWJPHHlZVHyKDiZ1jRt7VzJ7/+xzHf22vX2ykuYqkIcdjA8V91FgmZMvwTZGiU2DhII5m8r3azfFyVe0zGqWVZaunJzcJc3r3AR2JZd/SlyzgLXCD3yyBIWsSe5xmo/gptCKBT5AO0CcQDVY0odnH/DRhxmf4tpYQu8OQ+imf0pEM5E8Ja6ahzftRRqCNY7TJCKhKbCEuaRXVZYz5azgi7xn4fno0X0CnE4O8DHpvF/1Gfn0zrLgijAyrIh3j3s+87StxROVKrXy5bDc1kflxO20AhoNaZg==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=Tsa1Neqb8w84xP0+ZQ6/EIH1TggbSRC8YlSHoSW9PoI1ef7iyyyYJCjegldRBmWyGEMuvmYhXKlRmceZVEs0o8scdA61hzNzpeQplr/Bc6amqJmT59hHhFI+iZ90+Pmp6KQ+vi1lhIVPxFh7F0b9/km5mdC6Lz1vfBHo5XDNeh7TPxkdJu+AMfYSv9AkYX6WBzu9kCzcUgOBpLuOMsmys13fY+7EpjRonKMlio6BsImlZ8C6wv8wmTZHaf1pTLcHJLUR5NY0UGLHzFY57QVl7ow99KxZZWK6sPybmLh0xdH06aSkf4k6nwEIK4ZhL950pTRb8aT3gyJ6q47jgxlzNA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cJi7X6UAdxNuzh61YDNPRV6ag5QxQGzLul6pYB7V3POrfjHjpZCYT6wNAPHQY/REm+qWYopGH0CYB+MeiNRap2wt1WJBssk2zuvglTKBt0v/z5RmTknSBoAtQrw7A0OPitIZMOFhyRp6lhPoSaMNLZZtHLxu0i4ckaI16t7NroASla/JP89LfoHp5rK3qtyVDcRAtCLBJy60mTneUq+R6EiDO/m2snlIGdJPdktb6miXJwhaCdtGgYGeUrepx2umwwD0Kjb839/njgO+x/ed/5TEWzB9dnsfSCJYNDyEKlihlhOLMRfLutGSYlj5ex+ZODk62tDFqFnFmzjAYA85pQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "scott.davis@xxxxxxxxxx" <scott.davis@xxxxxxxxxx>, "christopher.clark@xxxxxxxxxx" <christopher.clark@xxxxxxxxxx>, "jandryuk@xxxxxxxxx" <jandryuk@xxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Delivery-date: Fri, 17 Jun 2022 03:27:49 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHYdP8PDf+BmAUrf0GccQQ+1OW0J61S/+BQ
  • Thread-topic: [PATCH v8 0/2] Adds starting the idle domain privileged
Hi,

It seems that this series is stale for a while with author's action needed for
Patch#1 [1] (and probably also need ack from flask maintainer for [2]). So this 
email
is a gentle reminder about this series. Thanks!

[1] 
https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-2-dpsmith@xxxxxxxxxxxxxxxxxxxx/
[2] 
https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-3-dpsmith@xxxxxxxxxxxxxxxxxxxx/

Kind regards,
Henry

> -----Original Message-----
> From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of
> Daniel P. Smith
> Subject: [PATCH v8 0/2] Adds starting the idle domain privileged
> 
> This series makes it so that the idle domain is started privileged under the
> default policy, which the SILO policy inherits, and under the flask policy. It
> then introduces a new one-way XSM hook, xsm_transition_running, that is
> hooked
> by an XSM policy to transition the idle domain to its running privilege level.
> 
> Changes in v8:
> - adjusted panic messages in arm and x86 setup.c to be less than 80cols
> - fixed comment line that went over 80col
> - added line in patch #1 commit message to clarify the need is for domain
>   creation
> 
> Changes in v7:
> - adjusted error message in default and flask xsm_set_system_active hooks
> - merged panic messages in arm and x86 setup.c to a single line
> 
> Changes in v6:
> - readded the setting of is_privileged in flask_set_system_active()
> - clarified comment on is_privileged in flask_set_system_active()
> - added ASSERT on is_privileged and self_sid in flask_set_system_active()
> - fixed err code returned on Arm for xsm_set_system_active() panic
> message
> 
> Changes in v5:
> - dropped setting is_privileged in flask_set_system_active()
> - added err code returned by xsm_set_system_active() to panic message
> 
> Changes in v4:
> - reworded patch 1 commit messaged
> - fixed whitespace to coding style
> - fixed comment to coding style
> 
> Changes in v3:
> - renamed *_transition_running() to *_set_system_active()
> - changed the XSM hook set_system_active() from void to int return
> - added ASSERT check for the expected privilege level each XSM policy
> expected
> - replaced a check against is_privileged in each arch with checking the
> return
>   value from the call to xsm_set_system_active()
> 
> Changes in v2:
> - renamed flask_domain_runtime_security() to flask_transition_running()
> - added the missed assignment of self_sid
> 
> Daniel P. Smith (2):
>   xsm: create idle domain privileged and demote after setup
>   flask: implement xsm_set_system_active
> 
>  tools/flask/policy/modules/xen.if      |  6 +++++
>  tools/flask/policy/modules/xen.te      |  1 +
>  tools/flask/policy/policy/initial_sids |  1 +
>  xen/arch/arm/setup.c                   |  3 +++
>  xen/arch/x86/setup.c                   |  4 ++++
>  xen/common/sched/core.c                |  7 +++++-
>  xen/include/xsm/dummy.h                | 17 ++++++++++++++
>  xen/include/xsm/xsm.h                  |  6 +++++
>  xen/xsm/dummy.c                        |  1 +
>  xen/xsm/flask/hooks.c                  | 32 +++++++++++++++++++++++++-
>  xen/xsm/flask/policy/initial_sids      |  1 +
>  11 files changed, 77 insertions(+), 2 deletions(-)
> 
> --
> 2.20.1
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.