From patchwork Tue May 31 18:20:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12866007 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3F29DC433F5 for ; Tue, 31 May 2022 18:22:43 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.339937.564865 (Exim 4.92) (envelope-from ) id 1nw6Vd-0001Rr-5v; Tue, 31 May 2022 18:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 339937.564865; Tue, 31 May 2022 18:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nw6Vd-0001Rg-2l; Tue, 31 May 2022 18:22:25 +0000 Received: by outflank-mailman (input) for mailman id 339937; Tue, 31 May 2022 18:22:24 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nw6Vc-0001Bv-4G for xen-devel@lists.xenproject.org; Tue, 31 May 2022 18:22:24 +0000 Received: from sender4-of-o51.zoho.com (sender4-of-o51.zoho.com [136.143.188.51]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 9cc2d719-e10e-11ec-837f-e5687231ffcc; Tue, 31 May 2022 20:22:23 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1654021331693774.6960042471216; Tue, 31 May 2022 11:22:11 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9cc2d719-e10e-11ec-837f-e5687231ffcc ARC-Seal: i=1; a=rsa-sha256; t=1654021334; cv=none; d=zohomail.com; s=zohoarc; b=Bvd6GbCqZn3R4EQJ81pbDxE7AZfJguAFwQqXKIsxLFjzS3vsuR4apnMRKK6GuSqQcrxtQDlasTKZb+tyVEqjUEGpN58QVWlA4wQoEgEm654DPeBE+uOjbeDrM0MAZcTWvn8B8jDCaZtYGaW1D1tNJo04AIyLK9lL5Ru+gi2nIdM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654021334; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=KBY2xXMWGEMcMlJzy44xfoRM1aSupSi2T4p8kowrFvI=; b=Oa7AGmnYeVrVnp7FXaiCqyplfhh31yIZRiV1u9h5Ark33I55CKSK8d+eHFddCjtSImVPmTQuwSKQW6RXMd82BkI9ki6qWPSb0Q1hv9ZKr8Ug/9oLpl+WiwiwJjYtdqGMfRKAIL6eFFqFGJbUiR7uNQjcsFugGBp1eM5rByz1sh8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1654021334; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=KBY2xXMWGEMcMlJzy44xfoRM1aSupSi2T4p8kowrFvI=; b=R5y+ohRsEVbOl5jnu31oTMSRf73GGsQx1Qt9wrzKKxonxWcddVh9MTtFSun/HXAg AiB15z+afNvl5443gtxKs3k4bgcFEj8dHo+OX3oGEtu94qAVzwWtKojewJjilGZiGtK XRpRUKNGGlbpXwnX/pQA9eIpKU7WfJuyon55nOAQ= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org, "Daniel P. Smith" Cc: scott.davis@starlab.io, christopher.clark@starlab.io, jandryuk@gmail.com, Jan Beulich , Daniel De Graaf Subject: [PATCH v4 1/3] xsm: only search for a policy file when needed Date: Tue, 31 May 2022 14:20:39 -0400 Message-Id: <20220531182041.10640-2-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20220531182041.10640-1-dpsmith@apertussolutions.com> References: <20220531182041.10640-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External It is possible to select a few different build configurations that results in the unnecessary walking of the boot module list looking for a policy module. This specifically occurs when the flask policy is enabled but either the dummy or the SILO policy is selected as the enforcing policy. This is not ideal for configurations like hyperlaunch and dom0less when there could be a number of modules to be walked or doing an unnecessary device tree lookup. This patch introduces the policy_file_required flag for tracking when an XSM policy module requires a policy file. Only when the policy_file_required flag is set to true, will XSM search the boot modules for a policy file. Signed-off-by: Daniel P. Smith Reviewed-by: Jan Beulich Reviewed-by: Jason Andryuk --- xen/xsm/xsm_core.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 2286a502e3..675e4f552c 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -55,19 +55,31 @@ static enum xsm_bootparam __initdata xsm_bootparam = XSM_BOOTPARAM_DUMMY; #endif +static bool __initdata policy_file_required = + IS_ENABLED(CONFIG_XSM_FLASK_DEFAULT); + static int __init cf_check parse_xsm_param(const char *s) { int rc = 0; if ( !strcmp(s, "dummy") ) + { xsm_bootparam = XSM_BOOTPARAM_DUMMY; + policy_file_required = false; + } #ifdef CONFIG_XSM_FLASK else if ( !strcmp(s, "flask") ) + { xsm_bootparam = XSM_BOOTPARAM_FLASK; + policy_file_required = true; + } #endif #ifdef CONFIG_XSM_SILO else if ( !strcmp(s, "silo") ) + { xsm_bootparam = XSM_BOOTPARAM_SILO; + policy_file_required = false; + } #endif else rc = -EINVAL; @@ -148,7 +160,7 @@ int __init xsm_multiboot_init( printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); - if ( XSM_MAGIC ) + if ( policy_file_required ) { ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer, &policy_size); @@ -176,7 +188,7 @@ int __init xsm_dt_init(void) printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); - if ( XSM_MAGIC ) + if ( policy_file_required ) { ret = xsm_dt_policy_init(&policy_buffer, &policy_size); if ( ret ) From patchwork Tue May 31 18:20:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12866008 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D22DDC433EF for ; Tue, 31 May 2022 18:22:53 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.339944.564877 (Exim 4.92) (envelope-from ) id 1nw6Vu-0001xd-Ms; Tue, 31 May 2022 18:22:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 339944.564877; Tue, 31 May 2022 18:22:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nw6Vu-0001xU-JH; Tue, 31 May 2022 18:22:42 +0000 Received: by outflank-mailman (input) for mailman id 339944; Tue, 31 May 2022 18:22:41 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nw6Vt-0001Bv-CO for xen-devel@lists.xenproject.org; Tue, 31 May 2022 18:22:41 +0000 Received: from sender4-of-o51.zoho.com (sender4-of-o51.zoho.com [136.143.188.51]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id a6f22442-e10e-11ec-837f-e5687231ffcc; Tue, 31 May 2022 20:22:40 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 165402133284993.92840751191375; Tue, 31 May 2022 11:22:12 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a6f22442-e10e-11ec-837f-e5687231ffcc ARC-Seal: i=1; a=rsa-sha256; t=1654021335; cv=none; d=zohomail.com; s=zohoarc; b=dZ2eIA7qYawzC7eXfN54pWpsHSrDuTSItfpDqYJH51vXEYT14cPu9aZtLpSv2BRRJ3Rcb4IBjoMy3I8hoDDxeia5TRSBgpngtfYFlcg2qcMyFYBzlcRldApF8hmnBJc49GgQnlkxLIK78ULJJkrH98G6uFF8rOBh+qg+2Nka7/Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654021335; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=GFL69TM/rWsqG1UsJSNR/jCSJfExay3yhIv9zgA8Pao=; b=bLn4+sSit+K4cdsBFDWYS1YYgpM3CWSfbO0+xxuX1xOZEMTQrBLsTliq/mdI8UJHoPUq3IhhZ2ODLL3ujYS/FqkJA4nG5pdz5LltzxOlHreuZndl3KWc5F21inW7Scs9w0chpRZVlpgRX83jF9sDTUxgQ1s8QwE/E8w8Ym4p+7k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1654021335; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=GFL69TM/rWsqG1UsJSNR/jCSJfExay3yhIv9zgA8Pao=; b=MEDSOWUA/M8+0Ai3mt2vDAMtVkNEBTqym6nm4+wd4L2wfmPdMtDt5VE/ZwgZ9wEs PZFkUdbCofs7OEHyBcF1+Our8fRvmpI8HyIVCutxYO6BjuEZqY/0VxVMBBD3K63QG+w 2R9FBNUJR8DeqpzvF2cu3Jzia/E+uqiwbzHeYLd0= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org, "Daniel P. Smith" Cc: scott.davis@starlab.io, christopher.clark@starlab.io, jandryuk@gmail.com, Daniel De Graaf Subject: [PATCH v4 2/3] xsm: consolidate loading the policy buffer Date: Tue, 31 May 2022 14:20:40 -0400 Message-Id: <20220531182041.10640-3-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20220531182041.10640-1-dpsmith@apertussolutions.com> References: <20220531182041.10640-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External Previously, initializing the policy buffer was split between two functions, xsm_{multiboot,dt}_policy_init() and xsm_core_init(). The latter for loading the policy from boot modules and the former for falling back to built-in policy. This patch moves all policy buffer initialization logic under the xsm_{multiboot,dt}_policy_init() functions. It then ensures that an error message is printed for every error condition that may occur in the functions. With all policy buffer init contained and only called when the policy buffer must be populated, the respective xsm_{mb,dt}_init() functions will panic for all errors except ENOENT. An ENOENT signifies that a policy file could not be located. Since it is not possible to know if late loading of the policy file is intended, a warning is reported and XSM initialization is continued. Signed-off-by: Daniel P. Smith --- xen/include/xsm/xsm.h | 2 +- xen/xsm/xsm_core.c | 51 ++++++++++++++++++++----------------------- xen/xsm/xsm_policy.c | 34 ++++++++++++++++++++++++----- 3 files changed, 54 insertions(+), 33 deletions(-) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 3e2b7fe3db..1676c261c9 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -775,7 +775,7 @@ int xsm_multiboot_init( unsigned long *module_map, const multiboot_info_t *mbi); int xsm_multiboot_policy_init( unsigned long *module_map, const multiboot_info_t *mbi, - void **policy_buffer, size_t *policy_size); + const unsigned char *policy_buffer[], size_t *policy_size); #endif #ifdef CONFIG_HAS_DEVICE_TREE diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 675e4f552c..a3715fa239 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -92,14 +92,6 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) { const struct xsm_ops *ops = NULL; -#ifdef CONFIG_XSM_FLASK_POLICY - if ( policy_size == 0 ) - { - policy_buffer = xsm_flask_init_policy; - policy_size = xsm_flask_init_policy_size; - } -#endif - if ( xsm_ops_registered != XSM_OPS_UNREGISTERED ) { printk(XENLOG_ERR @@ -154,28 +146,29 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) int __init xsm_multiboot_init( unsigned long *module_map, const multiboot_info_t *mbi) { - int ret = 0; - void *policy_buffer = NULL; + const unsigned char *policy_buffer; size_t policy_size = 0; printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); if ( policy_file_required ) { - ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer, + int ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer, &policy_size); - if ( ret ) - { - bootstrap_map(NULL); - printk(XENLOG_ERR "Error %d initializing XSM policy\n", ret); - return -EINVAL; - } + bootstrap_map(NULL); + + if ( ret == -ENOENT ) + /* + * The XSM module needs a policy file but one was not located. + * Report as a warning and continue as the XSM module may late + * load a policy file. + */ + printk(XENLOG_WARNING "xsm: starting without a policy loaded!\n"); + else + panic("Error %d initializing XSM policy\n", ret); } - ret = xsm_core_init(policy_buffer, policy_size); - bootstrap_map(NULL); - - return 0; + return xsm_core_init(policy_buffer, policy_size); } #endif @@ -183,7 +176,7 @@ int __init xsm_multiboot_init( int __init xsm_dt_init(void) { int ret = 0; - void *policy_buffer = NULL; + const unsigned char *policy_buffer; size_t policy_size = 0; printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); @@ -191,11 +184,15 @@ int __init xsm_dt_init(void) if ( policy_file_required ) { ret = xsm_dt_policy_init(&policy_buffer, &policy_size); - if ( ret ) - { - printk(XENLOG_ERR "Error %d initializing XSM policy\n", ret); - return -EINVAL; - } + if ( ret == -ENOENT ) + /* + * The XSM module needs a policy file but one was not located. + * Report as a warning and continue as the XSM module may late + * load a policy file. + */ + printk(XENLOG_WARNING "xsm: starting without a policy loaded!\n"); + else + panic("Error %d initializing XSM policy\n", ret); } ret = xsm_core_init(policy_buffer, policy_size); diff --git a/xen/xsm/xsm_policy.c b/xen/xsm/xsm_policy.c index 8dafbc9381..690fd23e9f 100644 --- a/xen/xsm/xsm_policy.c +++ b/xen/xsm/xsm_policy.c @@ -8,7 +8,7 @@ * Contributors: * Michael LeMay, * George Coker, - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. @@ -32,14 +32,21 @@ #ifdef CONFIG_MULTIBOOT int __init xsm_multiboot_policy_init( unsigned long *module_map, const multiboot_info_t *mbi, - void **policy_buffer, size_t *policy_size) + const unsigned char **policy_buffer, size_t *policy_size) { int i; module_t *mod = (module_t *)__va(mbi->mods_addr); - int rc = 0; + int rc = -ENOENT; u32 *_policy_start; unsigned long _policy_len; +#ifdef CONFIG_XSM_FLASK_POLICY + /* Initially set to builtin policy, overriden if boot module is found. */ + *policy_buffer = xsm_flask_init_policy; + *policy_size = xsm_flask_init_policy_size; + rc = 0; +#endif + /* * Try all modules and see whichever could be the binary policy. * Adjust module_map for the module that is the binary policy. @@ -54,13 +61,14 @@ int __init xsm_multiboot_policy_init( if ( (xsm_magic_t)(*_policy_start) == XSM_MAGIC ) { - *policy_buffer = _policy_start; + *policy_buffer = (unsigned char *)_policy_start; *policy_size = _policy_len; printk("Policy len %#lx, start at %p.\n", _policy_len,_policy_start); __clear_bit(i, module_map); + rc = 0; break; } @@ -68,18 +76,31 @@ int __init xsm_multiboot_policy_init( bootstrap_map(NULL); } + if ( rc == -ENOENT ) + printk(XENLOG_ERR "xsm: Unable to locate policy file\n"); + return rc; } #endif #ifdef CONFIG_HAS_DEVICE_TREE -int __init xsm_dt_policy_init(void **policy_buffer, size_t *policy_size) +int __init xsm_dt_policy_init( + const unsigned char **policy_buffer, size_t *policy_size) { struct bootmodule *mod = boot_module_find_by_kind(BOOTMOD_XSM); paddr_t paddr, len; if ( !mod || !mod->size ) + { +#ifdef CONFIG_XSM_FLASK_POLICY + *policy_buffer = xsm_flask_init_policy; + *policy_size = xsm_flask_init_policy_size; return 0; +#else + printk(XENLOG_ERR "xsm: Unable to locate policy file\n"); + return -ENOENT; +#endif + } paddr = mod->start; len = mod->size; @@ -95,7 +116,10 @@ int __init xsm_dt_policy_init(void **policy_buffer, size_t *policy_size) *policy_buffer = xmalloc_bytes(len); if ( !*policy_buffer ) + { + printk(XENLOG_ERR "xsm: Unable to allocate memory for XSM policy\n"); return -ENOMEM; + } copy_from_paddr(*policy_buffer, paddr, len); *policy_size = len; From patchwork Tue May 31 18:20:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12866009 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A6571C433F5 for ; Tue, 31 May 2022 18:22:58 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.339946.564887 (Exim 4.92) (envelope-from ) id 1nw6W0-0002RQ-Uu; Tue, 31 May 2022 18:22:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 339946.564887; Tue, 31 May 2022 18:22:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nw6W0-0002RJ-RZ; Tue, 31 May 2022 18:22:48 +0000 Received: by outflank-mailman (input) for mailman id 339946; Tue, 31 May 2022 18:22:48 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nw6W0-0001Bv-Bn for xen-devel@lists.xenproject.org; Tue, 31 May 2022 18:22:48 +0000 Received: from sender4-of-o51.zoho.com (sender4-of-o51.zoho.com [136.143.188.51]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ab20d6a3-e10e-11ec-837f-e5687231ffcc; Tue, 31 May 2022 20:22:47 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1654021334373232.38234809614937; Tue, 31 May 2022 11:22:14 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ab20d6a3-e10e-11ec-837f-e5687231ffcc ARC-Seal: i=1; a=rsa-sha256; t=1654021337; cv=none; d=zohomail.com; s=zohoarc; b=AsuYly0VWy8e71su1i/AHWaxzZt9xGmSQJfgrjhb+cIx0ksEypGFW4C50B7wNxTz1SohtP0vUvKcwSpNpDJbtcy1eOsEy8jJAIf0HKRfV0mBZTT3kCJsbWl2RYk7XRiZG2G05FdHIB3cuR2d4RlXzQYOA+nCs47g5te5rfUf7uo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654021337; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=YjPh9YmDNkWWBLcePvW+k5QuQW9YQ7i+jWEwgIPyRtU=; b=hBIC15yxLw2ltpAI1SkWpquCGRQeIndknB9cO20F2yBghRPihYk5410OHw14bb7mSsJLO+qHyhHjk55TV02RySiivPUHAU7/auWq5vIDd2PmKrMQlpmHoNC9vhMw7IxUkDY908ufDRV/9vcZgFMW/w761wUyJJSMibkI4ExEUu0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1654021337; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=YjPh9YmDNkWWBLcePvW+k5QuQW9YQ7i+jWEwgIPyRtU=; b=ImgQlZtfltHT1AN3zPRYVH601IEzpBb63GbaTAG1qA8QPK4UNeBTRIdD0DngvThr uyrBxf0DUkLkpt9lCAkuqnt05B4VoO4Xln1QbcDxebhJeZpeDfA6NnQ+Iu+i0bjKUrV jLx3n7xlKRLM7qRO5ld6LmDF8Ai3M0iYmaaEn9Xw= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org, Volodymyr Babchuk , Wei Liu , "Daniel P. Smith" Cc: scott.davis@starlab.io, christopher.clark@starlab.io, jandryuk@gmail.com, Bertrand Marquis , Stefano Stabellini , Julien Grall , Jan Beulich , Andrew Cooper , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Daniel De Graaf Subject: [PATCH v4 3/3] xsm: properly handle error from XSM init Date: Tue, 31 May 2022 14:20:41 -0400 Message-Id: <20220531182041.10640-4-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20220531182041.10640-1-dpsmith@apertussolutions.com> References: <20220531182041.10640-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External This commit is to move towards providing a uniform interface across architectures to initialize the XSM framework. Specifically, it provides a common handling of initialization failure by providing the printing of a warning message. For Arm, xsm_dt_init() was tailored to have an Arm specific expansion of the return values. This expansion added a value to reflect whether the security supported XSM policy module was the enforcing policy module. This was then used to determine if a warning message would be printed. Despite this expansion, like x86, Arm does not address any XSM initialization errors that may have occurred. Signed-off-by: Daniel P. Smith Reviewed-by: Bertrand Marquis # arm --- xen/arch/arm/setup.c | 10 +++++----- xen/arch/x86/setup.c | 9 +++++++-- xen/xsm/xsm_core.c | 22 +++++++++++----------- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index ea1f5ee3d3..6bf71e1064 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -967,11 +967,11 @@ void __init start_xen(unsigned long boot_phys_offset, tasklet_subsys_init(); - if ( xsm_dt_init() != 1 ) - warning_add("WARNING: SILO mode is not enabled.\n" - "It has implications on the security of the system,\n" - "unless the communications have been forbidden between\n" - "untrusted domains.\n"); + if ( xsm_dt_init() ) + warning_add("WARNING: XSM failed to initialize.\n" + "This has implications on the security of the system,\n" + "as uncontrolled communications between trusted and\n" + "untrusted domains may occur.\n"); init_maintenance_interrupt(); init_timer_interrupt(); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 53a73010e0..ed67b50c9d 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #ifdef CONFIG_COMPAT @@ -1690,7 +1691,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) open_softirq(NEW_TLBFLUSH_CLOCK_PERIOD_SOFTIRQ, new_tlbflush_clock_period); - if ( opt_watchdog ) + if ( opt_watchdog ) nmi_watchdog = NMI_LOCAL_APIC; find_smp_config(); @@ -1700,7 +1701,11 @@ void __init noreturn __start_xen(unsigned long mbi_p) mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges", RANGESETF_prettyprint_hex); - xsm_multiboot_init(module_map, mbi); + if ( xsm_multiboot_init(module_map, mbi) ) + warning_add("WARNING: XSM failed to initialize.\n" + "This has implications on the security of the system,\n" + "as uncontrolled communications between trusted and\n" + "untrusted domains may occur.\n"); /* * IOMMU-related ACPI table parsing may require some of the system domains diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index a3715fa239..fa17401a5f 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -10,23 +10,17 @@ * as published by the Free Software Foundation. */ -#include #include +#include +#include #include #include - -#include +#include #include -#ifdef CONFIG_XSM - -#ifdef CONFIG_MULTIBOOT #include -#endif -#ifdef CONFIG_HAS_DEVICE_TREE -#include -#endif +#ifdef CONFIG_XSM #define XSM_FRAMEWORK_VERSION "1.0.1" @@ -199,7 +193,13 @@ int __init xsm_dt_init(void) xfree(policy_buffer); - return ret ?: (xsm_bootparam == XSM_BOOTPARAM_SILO); + if ( xsm_bootparam != XSM_BOOTPARAM_SILO ) + warning_add("WARNING: SILO mode is not enabled.\n" + "It has implications on the security of the system,\n" + "unless the communications have been forbidden between\n" + "untrusted domains.\n"); + + return ret; } /**