Xen project Mailing List

Re: [Xen-devel] [PATCH 1/2] xen/xsm: Introduce new boot parameter xsm

To: Xin Li <talons.lee@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

From: "Xin Li (Talons)" <xin.li@xxxxxxxxxx>

Date: Tue, 3 Jul 2018 06:10:18 +0000

Accept-language: en-US

Cc: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, "Tim \(Xen.org\)" <tim@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Ming Lu <ming.lu@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Tue, 03 Jul 2018 06:10:59 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHUEmztQU81DItj3EynGXTTVbT9yKR9A6Hg

Thread-topic: [PATCH 1/2] xen/xsm: Introduce new boot parameter xsm

> -----Original Message----- > From: Xin Li [mailto:talons.lee@xxxxxxxxx] > Sent: Tuesday, July 3, 2018 9:26 AM > To: xen-devel@xxxxxxxxxxxxx > Cc: Xin Li (Talons) <xin.li@xxxxxxxxxx>; Daniel De Graaf > <dgdegra@xxxxxxxxxxxxx>; George Dunlap <George.Dunlap@xxxxxxxxxx>; Jan > Beulich <JBeulich@xxxxxxxx>; Konrad Rzeszutek Wilk > <konrad.wilk@xxxxxxxxxx>; Stefano Stabellini <sstabellini@xxxxxxxxxx>; Tim > (Xen.org) <tim@xxxxxxx>; Wei Liu <wei.liu2@xxxxxxxxxx>; Sergey Dyasli > <sergey.dyasli@xxxxxxxxxx>; Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; > Ming Lu <ming.lu@xxxxxxxxxx> > Subject: [PATCH 1/2] xen/xsm: Introduce new boot parameter xsm > > Introduce new boot parameter xsm to choose which xsm module is enabled, > and set default to dummy. > > Signed-off-by: Xin Li <xin.li@xxxxxxxxxx> > > --- > CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx> > CC: Jan Beulich <JBeulich@xxxxxxxx> > CC: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> > CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > CC: Tim Deegan <tim@xxxxxxx> > CC: Wei Liu <wei.liu2@xxxxxxxxxx> > CC: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx> > CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > CC: Ming Lu <ming.lu@xxxxxxxxxx> > > v2 > To further discuss: > 1) is "dummy" a good command line option? > other choices: basic", "trivial", or "simple" > > --- > docs/misc/xen-command-line.markdown | 13 ++++++++++ > xen/xsm/xsm_core.c | 39 ++++++++++++++++++++++++++++- > 2 files changed, 51 insertions(+), 1 deletion(-) > > diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen- > command-line.markdown > index 075e5ea159..7ca34aa273 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -865,6 +865,19 @@ hardware domain is architecture dependent. > Note that specifying zero as domU value means zero, while for dom0 it means > to use the default. > > +### xsm > +> `= dummy | flask` > + > +> Default: `dummy` > + > +Specify which XSM module should be enabled. This option is only > +available if the hypervisor was compiled with XSM support. > + > +* `dummy`: this is the default choice. No special restriction will be > applied. > + it's also used when XSM is compiled out. > +* `flask`: this is the policy based access control. To choose this, > +the > + separated option in kconfig must also be enabled. > + > ### flask > > `= permissive | enforcing | late | disabled` > > diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index > cddcf7aa51..d4668edad7 100644 > --- a/xen/xsm/xsm_core.c > +++ b/xen/xsm/xsm_core.c > @@ -31,6 +31,30 @@ > > struct xsm_operations *xsm_ops; > > +enum xsm_bootparam { > + XSM_BOOTPARAM_DUMMY, > + XSM_BOOTPARAM_FLASK, > +}; > + > +static enum xsm_bootparam __initdata xsm_bootparam = XSM_BOOTPARAM_DUMMY; New line here. >+static int __init parse_xsm_param(const char *s) > { > + int rc = 0; > + > + if ( !strcmp(s, "dummy") ) > + xsm_bootparam = XSM_BOOTPARAM_DUMMY; #ifdef > CONFIG_XSM_FLASK > + else if ( !strcmp(s, "flask") ) > + xsm_bootparam = XSM_BOOTPARAM_FLASK; #endif > + else > + rc = -EINVAL; > + > + return rc; > +} No new line here. > +custom_param("xsm", parse_xsm_param); > + > static inline int verify(struct xsm_operations *ops) { > /* verify the security_operations structure exists */ @@ -57,7 +81,20 @@ > static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) > } > > xsm_ops = &dummy_xsm_ops; > - flask_init(policy_buffer, policy_size); > + > + switch ( xsm_bootparam ) > + { > + case XSM_BOOTPARAM_DUMMY: > + break; > + > + case XSM_BOOTPARAM_FLASK: > + flask_init(policy_buffer, policy_size); > + break; > + > + default: > + printk("XSM: Invalid value for xsm= boot parameter.\n"); > + break; > + } > > return 0; > } > -- > 2.18.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.