[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 1/2] xen/xsm: Introduce new boot parameter xsm

To: xen-devel@xxxxxxxxxxxxx
From: Xin Li <talons.lee@xxxxxxxxx>
Date: Sat, 29 Sep 2018 17:22:50 +0800
Cc: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Xin Li <xin.li@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ming Lu <ming.lu@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Sat, 29 Sep 2018 09:23:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Introduce new boot parameter xsm to choose which xsm module is enabled,
and set default to dummy.

Signed-off-by: Xin Li <xin.li@xxxxxxxxxx>

---
CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Tim Deegan <tim@xxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
CC: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Ming Lu <ming.lu@xxxxxxxxxx>

v4: 
1. change the default XSM boot parameter name from "default" to "dummy".
2. Kconfig, remove XSM_FLASK from EXPERT.
3. Kconfig, add new choice to select the default XSM module.

---
 docs/misc/xen-command-line.markdown | 13 ++++++++
 xen/common/Kconfig                  | 13 +++++++-
 xen/xsm/xsm_core.c                  | 46 ++++++++++++++++++++++++++++-
 3 files changed, 70 insertions(+), 2 deletions(-)

diff --git a/docs/misc/xen-command-line.markdown 
b/docs/misc/xen-command-line.markdown
index 1ffd586224..cf9924f53f 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -899,6 +899,19 @@ hardware domain is architecture dependent.
 Note that specifying zero as domU value means zero, while for dom0 it means
 to use the default.
 
+### xsm
+> `= dummy | flask`
+
+> Default: `dummy`
+
+Specify which XSM module should be enabled.  This option is only available if
+the hypervisor was compiled with XSM support.
+
+* `dummy`: this is the default choice.  Basic restriction for common deployment
+  (the dummy module) will be applied.  it's also used when XSM is compiled out.
+* `flask`: this is the policy based access control.  To choose this, the
+  separated option in kconfig must also be enabled.
+
 ### flask
 > `= permissive | enforcing | late | disabled`
 
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 1a6d6281c1..f802efb625 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -116,7 +116,7 @@ config XSM
 
 config XSM_FLASK
        def_bool y
-       prompt "FLux Advanced Security Kernel support" if EXPERT = "y"
+       prompt "FLux Advanced Security Kernel support"
        depends on XSM
        ---help---
          Enables FLASK (FLux Advanced Security Kernel) as the access control
@@ -154,6 +154,17 @@ config XSM_FLASK_POLICY
 
          If unsure, say Y.
 
+choice
+       prompt "Default XSM implementation"
+       depends on XSM
+       default XSM_FLASK_DEFAULT if XSM_FLASK
+       default XSM_DUMMY_DEFAULT
+       config XSM_DUMMY_DEFAULT
+               bool "Match non-XSM behavior"
+       config XSM_FLASK_DEFAULT
+               bool "FLux Advanced Security Kernel" if XSM_FLASK
+endchoice
+
 config LATE_HWDOM
        bool "Dedicated hardware domain"
        default n
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 9645e244c3..df284ec463 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -31,6 +31,37 @@
 
 struct xsm_operations *xsm_ops;
 
+enum xsm_bootparam {
+    XSM_BOOTPARAM_DUMMY,
+    XSM_BOOTPARAM_FLASK,
+};
+
+static enum xsm_bootparam __initdata xsm_bootparam =
+#ifdef CONFIG_XSM_FLASK_DEFAULT
+    XSM_BOOTPARAM_FLASK;
+#else
+    XSM_BOOTPARAM_DUMMY;
+#endif
+
+static int __init parse_xsm_param(const char *s)
+{
+    int rc = 0;
+
+    if ( !strcmp(s, "dummy") )
+        xsm_bootparam = XSM_BOOTPARAM_DUMMY;
+#ifdef CONFIG_XSM_FLASK
+    else if ( !strcmp(s, "flask") )
+        xsm_bootparam = XSM_BOOTPARAM_FLASK;
+#endif
+    else {
+        printk("XSM: can't parse boot parameter xsm=%s\n", s);
+        rc = -EINVAL;
+    }
+
+    return rc;
+}
+custom_param("xsm", parse_xsm_param);
+
 static inline int verify(struct xsm_operations *ops)
 {
     /* verify the security_operations structure exists */
@@ -57,7 +88,20 @@ static int __init xsm_core_init(const void *policy_buffer, 
size_t policy_size)
     }
 
     xsm_ops = &dummy_xsm_ops;
-    flask_init(policy_buffer, policy_size);
+
+    switch ( xsm_bootparam )
+    {
+    case XSM_BOOTPARAM_DUMMY:
+        break;
+
+    case XSM_BOOTPARAM_FLASK:
+        flask_init(policy_buffer, policy_size);
+        break;
+
+    default:
+        printk("XSM: Invalid value for xsm= boot parameter\n");
+        break;
+    }
 
     return 0;
 }
-- 
2.18.0


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH 2/2] xen/xsm: Add new SILO mode for XSM
  - From: Xin Li

Prev by Date: [Xen-devel] [libvirt test] 128160: regressions - FAIL
Next by Date: [Xen-devel] [PATCH 2/2] xen/xsm: Add new SILO mode for XSM
Previous by thread: Re: [Xen-devel] [PATCH 1/2] xen/xsm: Introduce new boot parameter xsm
Next by thread: [Xen-devel] [PATCH 2/2] xen/xsm: Add new SILO mode for XSM
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.