Xen project Mailing List

Re: [PATCH v4 3/3] xsm: properly handle error from XSM init

To: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Tue, 7 Jun 2022 09:56:43 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654610304; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=gi6Pus47de7pulvticJ0b4ipqHwzYws15CHcLrCm5S0=; b=CNwv75cs21mHMbmPbCAEP5Myrmyzc3JSSiGgo5fFJfUg+iRLmYLj29ie+LvzKDcBWAZmi6jROgqKo3R0q9mPlN30gXIFgTFU+1JeRndk85A+Xc8DizEXlSI+Fg2rVFNoaWGbzzyCE3Anj1NfwtbLph44sXB8fIoH9ea0HDDt46c=

Arc-seal: i=1; a=rsa-sha256; t=1654610304; cv=none; d=zohomail.com; s=zohoarc; b=Fnp8UMO+bB8cCYj2NMvftNSOUQb1g0qKEwP0oMxmjb+EcrCcwlUKhbPYN9rsr0diNGswoqkgReXZ0ubvLogeVbgz9r/Z4Lx89y4jzO4sZkmXDk2MlA0srGAByk8DiLxnaldiyxhsuAo7tuqpGuXohfVtVIIEQGdlDFumihbMR6Q=

Cc: "scott.davis@xxxxxxxxxx" <scott.davis@xxxxxxxxxx>, "christopher.clark@xxxxxxxxxx" <christopher.clark@xxxxxxxxxx>, "jandryuk@xxxxxxxxx" <jandryuk@xxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Tue, 07 Jun 2022 13:58:31 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 6/1/22 02:49, Jan Beulich wrote: > On 31.05.2022 21:18, Andrew Cooper wrote: >> On 31/05/2022 19:20, Daniel P. Smith wrote: >>> diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c >>> index 53a73010e0..ed67b50c9d 100644 >>> --- a/xen/arch/x86/setup.c >>> +++ b/xen/arch/x86/setup.c >>> @@ -1700,7 +1701,11 @@ void __init noreturn __start_xen(unsigned long mbi_p) >>> mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges", >>> RANGESETF_prettyprint_hex); >>> >>> - xsm_multiboot_init(module_map, mbi); >>> + if ( xsm_multiboot_init(module_map, mbi) ) >>> + warning_add("WARNING: XSM failed to initialize.\n" >>> + "This has implications on the security of the >>> system,\n" >>> + "as uncontrolled communications between trusted and\n" >>> + "untrusted domains may occur.\n"); >> >> The problem with this approach is that it forces each architecture to >> opencode the failure string, in a function which is very busy with other >> things too. >> >> Couldn't xsm_{multiboot,dt}_init() be void, and the warning_add() move >> into them, like the SLIO warning for ARM already? > > I, too, was considering to suggest this (but then didn't on v3). Furthermore > the warning_add() could then be wrapped in a trivial helper function to be > used by both MB and DT. Re: helper function, ack.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.