[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] flask: label-pci: Allow specifying optional irq label

  • To: Jason Andryuk <jandryuk@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 13 Mar 2023 14:48:55 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678733338; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=9OzqtH04IDQlWHm6oCpRrRkrahOK71fHIjql3+xCS/E=; b=YbcQcfKP8UlYPmEO6ws2sY1KM7lFnDM2Al1tj912sFY9CzXgefUaTBLzFFx93UHY/csjmTWXQNdAB1h5wBnWDrT4Mc3cSD7JW2S3SbYzdVC7KLeTUCLwzExVc1aFsPnrCLnm/8OvBK6gX2U5kvB3jzSzLY8ufXzLTLVY4SBmgto=
  • Arc-seal: i=1; a=rsa-sha256; t=1678733338; cv=none; d=zohomail.com; s=zohoarc; b=DdiEuoqwCumTuyHQZYvdZ2/4CItAiqNWx2pxX1jyoQ9vL1X5T4qz8etf6nCSUBWXOKSws3yStKFT9E30LaJL16rNOVQcA1ab7qiqewXPObEZSwGSCBc1tcnnENFy/ybVmPmTRyJs62F30qjkJpJ2WpudKWdDvC0uG4KY4z7SbE0=
  • Cc: Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Mon, 13 Mar 2023 18:49:30 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 3/13/23 13:50, Jason Andryuk wrote:

IRQs can be shared between devices, so using the same label as the PCI
device can create conflicts where the IRQ is labeled with one of the
device labels preventing assignment of the second device to the second
domain.  Add the ability to specify an irq label distinct from the PCI
device, so a shared irq label can be specified.  The policy would then
be written such that the two domains can each use the shared IRQ type in
addition to their labeled PCI device.  That way we can still label most
of the PCI device resources and assign devices in the face of shared
IRQs.

Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx>
Reviewed-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
---
v2:
Describe usage in docs/misc/xsm-flask.txt
---
  docs/misc/xsm-flask.txt       | 16 ++++++++++++++++
  tools/flask/utils/label-pci.c | 13 ++++++++++---
  2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index 2419c5cf29..ba89ebbfd8 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -205,6 +205,22 @@ parameter, which can also be changed using xl setenforce). 
 When using the
  default types for domains (domU_t), the example policy shipped with Xen should
  allow the same operations on or between domains as when not using FLASK.
+By default, flask-label-pci labels the device, I/O ports, memory and IRQ with 
+the provided label.  These are all unique per-device, except for IRQs which
+can be shared between devices.  This leads to assignment problems since vmA_t
+can't access the IRQ devB_t.  To work around this issue, flask-label-pci
+takes an optional 3rd argument to label the IRQ:
+
+    flask-label-pci 0000:03:02.0 system_u:object_r:nic_dev_t \
+        system_u:object_r:shared_irq_t
+
+The IRQ labeling only applies to the PIRQ - MSI/MSI-X interrupts are labeled
+with the main device label.
+
+The policy needs to define the shared_irq_t with:
+    type shared_irq_t, resource_type;
+
+And the policy needs to be updated to allow domains appropriate access.
MLS/MCS policy 
  --------------
diff --git a/tools/flask/utils/label-pci.c b/tools/flask/utils/label-pci.c
index 9ddb713cf4..897b772804 100644
--- a/tools/flask/utils/label-pci.c
+++ b/tools/flask/utils/label-pci.c
@@ -28,7 +28,7 @@
static void usage (int argCnt, char *argv[]) 
  {
-       fprintf(stderr, "Usage: %s SBDF label\n", argv[0]);
+       fprintf(stderr, "Usage: %s SBDF label <irq_label>\n", argv[0]);
        exit(1);
  }
@@ -39,12 +39,19 @@ int main (int argCnt, char *argv[]) 
        int seg, bus, dev, fn;
        uint32_t sbdf;
        uint64_t start, end, flags;
+       char *pirq_label;
        char buf[1024];
        FILE *f;
- if (argCnt != 3) 
+       if (argCnt < 3 || argCnt > 4)


style nit: space inside parens


                usage(argCnt, argv);
+ if (argCnt == 4) { 
+           pirq_label = argv[3];
+       } else {
+           pirq_label = argv[2];
+       }
+
style nit: space inside parens and curly brackets could be dropped or should be moved to their own lines. 


        xch = xc_interface_open(0,0,0);
        if ( !xch )
        {
@@ -107,7 +114,7 @@ int main (int argCnt, char *argv[])
        if (fscanf(f, "%" SCNu64, &start) != 1)
                start = 0;
        if (start) {
-               ret = xc_flask_add_pirq(xch, start, argv[2]);
+               ret = xc_flask_add_pirq(xch, start, pirq_label);
                if (ret) {
                        fprintf(stderr, "xc_flask_add_pirq %"PRIu64" failed: 
%d\n",
                                        start, ret);


Style nits aside, LGTM.

Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.