[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v12 11/14] flask/policy: allow domU to use previously-mapped I/O-memory

On 09/03/2014 07:21 AM, Ian Campbell wrote:
On Sat, 2014-08-30 at 18:29 +0200, Arianna Avanzini wrote:
From: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>

This commit allows the domU to access previously-mapped I/O-memory
even if XSM is enabled and FLASK is enforced.

CCing Daniel (XSM maintainer).

I think this is probably OK, but I'm no XSM expert.

(If I were writing the ocmmit message I would have said something like
"Update the example XSM policy to allow...")

The message Ian suggests is a bit clearer as to the effect of the patch.

Regarding the patch: at minimum, a domU should only need the permissions
defined by "use_device(domU_t, iomem_t)" to access mapped memory.  However,
it is preferred to label the IO memory being used instead of allowing access
to the default/fallback iomem_t.

The intention for handing pass-through devices with FLASK is to label the
device (either using the tool flask-label-pci or manually in the policy;
example lines for the latter are present and commented out).  The example
policy defines the type nic_dev_t as a device that is usable by domU_t, and
docs/misc/xsm-flask.txt has an example of flask-label-pci's use.

If you are actually only passing IO memory and not a PCI device, labeling
the IO memory range would be the preferred solution.  If you cannot label
it statically, a tool similar to flask-label-pci for memory will be needed -
something like "flask-label-resource <type> <start>-<end> <label>".  This
may be more common on ARM than on x86; I am not familiar with pass-through
on ARM, and the only non-PCI device on x86 that I have used pass-through on
is the TPM, which has a well-defined IO memory range.

Daniel De Graaf
National Security Agency

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.