Xen project Mailing List

Re: [PATCH 3/6] xsm: enabling xsm to always be included

To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Fri, 18 Jun 2021 14:26:05 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B35jHuO4X4cfqMD3Cnwo8Bk7zpT7c8awP7FUbsVIVdk=; b=lrHqv3BopXitkhqvkdLKrzCaKpo2JC5vDBTk0St3NkV+hjVuAycrHWUdJOlV+Wnlh6ROxSrYZlJVH1PwBEyhmVwzErp65aOyeQGCNhdmEGCa7MCXA369TNEoR/EyAKp2NFTIcC8ntp0N3rYyb151wDQk3aBErHNs6Xa5zQxdfGoPQ6WGzNXCpjyRc7vpL+KYY0Y210MEP4qI/WW17q4aUQbok1JhioJsqo/tsF7/bGyMTThRwornPVf0r+S27NqG3XwfQSTRsRzn+Lr81ZnpoHTi0TwEr93eY/NAA1Vf1bY4iKaLnWQM++napSepW0Re6yRRKawT6P2GVpZhN/pQQg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aEY/+2uAhgjEnR/wfyZ6E/Dl+bmz0IUXaR3/NK63Ks75l0P5Q/QuFjlK3cEHEcs63xb6KqWvMnTpICnuL6yvgWvfpmfBbd8Aea9+RRe3UE0YZaBbitm4ODhKJiLEw4WsqQmT647orVGK3nIU5xfohvtTDpA3EsGATW7gsyMIobjhAuixvkLReybqNZ6ANhNZmC2JF10t3hhz41CW6h5q7ioODaWGWvmxO2Fo5B+Q1u65BPb+FhNm/nlSBY+rMlBWyK50rKlNOX49jPkDLrkoBwy130Notn/iSXXW6AFuVwOQKHW6dG4J0i9X+tlWa9koBbfBHHb1b/tz5muyJ3MSyA==

Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, persaur@xxxxxxxxx, christopher.w.clark@xxxxxxxxx, adam.schwalm@xxxxxxxxxx, scott.davis@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Fri, 18 Jun 2021 12:26:20 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 18.06.2021 01:39, Daniel P. Smith wrote: > The only difference between !CONFIG_XSM and CONFIG_XSM with !CONFIG_XSM_SILO > and !CONFIG_XSM_FLASK > is whether the XSM hooks in dummy.h are called as static inline functions or > as function > pointers to static functions. As such this commit, > * eliminates CONFIG_XSM Following from what Andrew has said (including him mentioning your changing of certain Kconfig option defaults), I'm not convinced this is a good move. This still ought to serve as the overall XSM-yes-or-no setting. If internally you make said two variants match in behavior, that's a different thing. > * introduces CONFIG_XSM_EVTCHN_LABELING as replacement for enabling event > channel labels Is this mode needed as separate functionality at all? Nothing defines XSM_NEED_GENERIC_EVTCHN_SSID anywhere. _If_ XSM went away as a separate setting, then imo this one should go away as well. > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -197,22 +197,33 @@ config XENOPROF > > If unsure, say Y. > > -config XSM > - bool "Xen Security Modules support" > - default ARM > - ---help--- > - Enables the security framework known as Xen Security Modules which > - allows administrators fine-grained control over a Xen domain and > - its capabilities by defining permissible interactions between domains, > - the hypervisor itself, and related resources such as memory and > - devices. > +menu "Xen Security Modules" > > - If unsure, say N. > +choice > + prompt "Default XSM module" > + default XSM_SILO_DEFAULT if XSM_SILO && ARM > + default XSM_FLASK_DEFAULT if XSM_FLASK > + default XSM_SILO_DEFAULT if XSM_SILO > + default XSM_DUMMY_DEFAULT > + config XSM_DUMMY_DEFAULT > + bool "Match non-XSM behavior" > + config XSM_FLASK_DEFAULT > + bool "FLux Advanced Security Kernel" if XSM_FLASK > + config XSM_SILO_DEFAULT > + bool "SILO" if XSM_SILO > +endchoice This did live after the individual options it depends on for a reason, and you don't say anywhere why you need to move it up. The way you have it, with the default command line kconfig tool, users will be presented with dependent options before having chosen the settings of the dependency ones. That's because this tool, to a degree, moves linearly through the options it has parsed. > @@ -261,25 +271,12 @@ config XSM_SILO > > If unsure, say Y. > > -choice > - prompt "Default XSM implementation" > - depends on XSM > - default XSM_SILO_DEFAULT if XSM_SILO && ARM > - default XSM_FLASK_DEFAULT if XSM_FLASK > - default XSM_SILO_DEFAULT if XSM_SILO > - default XSM_DUMMY_DEFAULT > - config XSM_DUMMY_DEFAULT > - bool "Match non-XSM behavior" > - config XSM_FLASK_DEFAULT > - bool "FLux Advanced Security Kernel" if XSM_FLASK > - config XSM_SILO_DEFAULT > - bool "SILO" if XSM_SILO > -endchoice > +endmenu > > config LATE_HWDOM > bool "Dedicated hardware domain" > default n > - depends on XSM && X86 > + depends on XSM_FLASK && X86 I don't think this is a compatible change. I'm not going to exclude that this is how it was meant, but as it stands LATE_HWDOM right now doesn't really require FLASK, and could e.g. also go with SILO or dummy. If you _mean_ to change this, then your description needs to say so (and ideally it would then be split out, so - if this is actually a bug - it could also be backported). Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.