[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 3/3] xsm: properly handle error from XSM init
- To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Wed, 1 Jun 2022 08:49:46 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=flItGDFpmQXNLeZ5YZ5v5mwNooKUQqcZOJe2gt7SM4U=; b=Ni6QvXDyP4lkBho0EsNvyXsK+NjYf67PaZ5j20BkPL5LSZf8B8ZeQa7GjXoQ2XL3qRe56a556DY6LWaumD2srdN2c+2BNR1fJYCz913UVS7365W3hWdxrjVZD9UFH4XU0BR+49EXHSn5PEKC4TFz3shrDpVmDhPPt8LktN/c6QHP5Vb6LQhl2uwD/P/ubrrSMJYxZFiMO/j0ZmqK1JaxODD70TBNEVZDNsoLE2jkoq/vdPhmqApAAKCHWWJi2VzqMWm+osMBJSSgBKt/muqIMokELrcInDeP1ludfZSFH3X3DrEWN36yafVMEejqGTAvpZ8Jjlv3QA6wbtW7mukH0w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HnYnlEWP8puhZm3pRWROLwOx7pOviYIU9yDUMYRp9Km5j2kVEBG0EbEDImh6r3aqBwBqp76bGBZn/MK/kY86B1ZYKAhzbNuvm/J+74v/XIl9dDZ2sYtBQIkInP9mcH56n9F/DEe/J3GezawlZeXXUB117tbw03MMteZ4FXDGsKpZV16YOUrq8crwnvxdf+H/HstMI8EmmZSgejId+haYzzkRYnDoB3DGDWeEqi2AmUJsKfuKZKtQ2OlD6rw62uUaTd3YFFPGGaavZeRcVRl9S01YvTvHrDSoYf0x1/dj1VlaC/QQ2zLN9iHjQD48Sk/8T6qvwNECmnVM7YLUoFjj2g==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: "scott.davis@xxxxxxxxxx" <scott.davis@xxxxxxxxxx>, "christopher.clark@xxxxxxxxxx" <christopher.clark@xxxxxxxxxx>, "jandryuk@xxxxxxxxx" <jandryuk@xxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Wed, 01 Jun 2022 06:50:03 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 31.05.2022 21:18, Andrew Cooper wrote:
> On 31/05/2022 19:20, Daniel P. Smith wrote:
>> diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
>> index 53a73010e0..ed67b50c9d 100644
>> --- a/xen/arch/x86/setup.c
>> +++ b/xen/arch/x86/setup.c
>> @@ -1700,7 +1701,11 @@ void __init noreturn __start_xen(unsigned long mbi_p)
>> mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges",
>> RANGESETF_prettyprint_hex);
>>
>> - xsm_multiboot_init(module_map, mbi);
>> + if ( xsm_multiboot_init(module_map, mbi) )
>> + warning_add("WARNING: XSM failed to initialize.\n"
>> + "This has implications on the security of the system,\n"
>> + "as uncontrolled communications between trusted and\n"
>> + "untrusted domains may occur.\n");
>
> The problem with this approach is that it forces each architecture to
> opencode the failure string, in a function which is very busy with other
> things too.
>
> Couldn't xsm_{multiboot,dt}_init() be void, and the warning_add() move
> into them, like the SLIO warning for ARM already?
I, too, was considering to suggest this (but then didn't on v3). Furthermore
the warning_add() could then be wrapped in a trivial helper function to be
used by both MB and DT.
Jan
|
