diff mbox series

[v3,5/5] x86/domain: remove the 's3_integrity' flag

Message ID 20190730093904.1794-6-paul.durrant@citrix.com (mailing list archive)
State Superseded
Headers show
Series use stashed domain create flags | expand

Commit Message

Paul Durrant July 30, 2019, 9:39 a.m. UTC 
The flag is not needed since the domain 'options' can now be tested
directly.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: "Roger Pau Monné" <roger.pau@citrix.com>
---
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Wei Liu <wl@xen.org>

v3:
 - Also sanitise the flag against CONFIG_TBOOT being set
---
 xen/arch/x86/domain.c        | 9 +++++++--
 xen/arch/x86/setup.c         | 2 +-
 xen/arch/x86/tboot.c         | 2 +-
 xen/include/asm-x86/domain.h | 2 --
 4 files changed, 9 insertions(+), 6 deletions(-)

Comments

Jan Beulich July 30, 2019, 12:02 p.m. UTC | #1 
On 30.07.2019 11:39, Paul Durrant wrote:
> --- a/xen/arch/x86/domain.c
> +++ b/xen/arch/x86/domain.c
> @@ -466,6 +466,13 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
>           return -EINVAL;
>       }
>   
> +    if ( (config->flags & XEN_DOMCTL_CDF_s3_integrity) &&
> +         !IS_ENABLED(TBOOT) )

This lacks the CONFIG_ prefix.

> --- a/xen/arch/x86/setup.c
> +++ b/xen/arch/x86/setup.c
> @@ -689,7 +689,7 @@ void __init noreturn __start_xen(unsigned long mbi_p)
>           .stop_bits = 1
>       };
>       struct xen_domctl_createdomain dom0_cfg = {
> -        .flags = XEN_DOMCTL_CDF_s3_integrity,
> +        .flags = IS_ENABLED(TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0,

Same here. With this taken care of (could be done while committing,
but I'm not sure whether this patch is independent of the earlier
ones)
Reviewed-by: Jan Beulich <jbeulich@suse.com>

Jan
Paul Durrant July 30, 2019, 1 p.m. UTC | #2 
> -----Original Message-----
> From: Jan Beulich <JBeulich@suse.com>
> Sent: 30 July 2019 13:03
> To: Paul Durrant <Paul.Durrant@citrix.com>
> Cc: xen-devel@lists.xenproject.org; Andrew Cooper <Andrew.Cooper3@citrix.com>; Roger Pau Monne
> <roger.pau@citrix.com>; Wei Liu <wl@xen.org>
> Subject: Re: [Xen-devel] [PATCH v3 5/5] x86/domain: remove the 's3_integrity' flag
> 
> On 30.07.2019 11:39, Paul Durrant wrote:
> > --- a/xen/arch/x86/domain.c
> > +++ b/xen/arch/x86/domain.c
> > @@ -466,6 +466,13 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
> >           return -EINVAL;
> >       }
> >
> > +    if ( (config->flags & XEN_DOMCTL_CDF_s3_integrity) &&
> > +         !IS_ENABLED(TBOOT) )
> 
> This lacks the CONFIG_ prefix.
> 
> > --- a/xen/arch/x86/setup.c
> > +++ b/xen/arch/x86/setup.c
> > @@ -689,7 +689,7 @@ void __init noreturn __start_xen(unsigned long mbi_p)
> >           .stop_bits = 1
> >       };
> >       struct xen_domctl_createdomain dom0_cfg = {
> > -        .flags = XEN_DOMCTL_CDF_s3_integrity,
> > +        .flags = IS_ENABLED(TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0,
> 
> Same here. With this taken care of (could be done while committing,
> but I'm not sure whether this patch is independent of the earlier
> ones)
> Reviewed-by: Jan Beulich <jbeulich@suse.com>

Thanks. I'll fix it in v4.

  Paul

> 
> Jan
diff mbox series

Patch

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 0f43da3b6a..15ace7df70 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -466,6 +466,13 @@  int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
         return -EINVAL;
     }
 
+    if ( (config->flags & XEN_DOMCTL_CDF_s3_integrity) &&
+         !IS_ENABLED(TBOOT) )
+    {
+        dprintk(XENLOG_INFO, "S3 integrity check not valid without CONFIG_TBOOT\n");
+        return -EINVAL;
+    }
+
     return 0;
 }
 
@@ -544,8 +551,6 @@  int arch_domain_create(struct domain *d,
                d->domain_id);
     }
 
-    d->arch.s3_integrity = config->flags & XEN_DOMCTL_CDF_s3_integrity;
-
     emflags = config->arch.emulation_flags;
 
     if ( is_hardware_domain(d) && is_pv_domain(d) )
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index d2011910fa..fdd1f2b489 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -689,7 +689,7 @@  void __init noreturn __start_xen(unsigned long mbi_p)
         .stop_bits = 1
     };
     struct xen_domctl_createdomain dom0_cfg = {
-        .flags = XEN_DOMCTL_CDF_s3_integrity,
+        .flags = IS_ENABLED(TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0,
         .max_evtchn_port = -1,
         .max_grant_frames = opt_max_grant_frames,
         .max_maptrack_frames = opt_max_maptrack_frames,
diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
index f3fdee4d39..3db8a8a8d8 100644
--- a/xen/arch/x86/tboot.c
+++ b/xen/arch/x86/tboot.c
@@ -212,7 +212,7 @@  static void tboot_gen_domain_integrity(const uint8_t key[TB_KEY_SIZE],
     vmac_set_key((uint8_t *)key, &ctx);
     for_each_domain( d )
     {
-        if ( !d->arch.s3_integrity )
+        if ( !(d->options & XEN_DOMCTL_CDF_s3_integrity) )
             continue;
         printk("MACing Domain %u\n", d->domain_id);
 
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
index 5f9899469c..5c038a1065 100644
--- a/xen/include/asm-x86/domain.h
+++ b/xen/include/asm-x86/domain.h
@@ -295,8 +295,6 @@  struct arch_domain
     uint32_t pci_cf8;
     uint8_t cmos_idx;
 
-    bool_t s3_integrity;
-
     union {
         struct pv_domain pv;
         struct hvm_domain hvm;