[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v2 2/2] xen: convert XSM_ENABLE to Kconfig
Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM within Kconfig. This also re-adds the dependency of CONFIG_FLASK on CONFIG_XSM. CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> CC: Keir Fraser <keir@xxxxxxx> CC: Jan Beulich <jbeulich@xxxxxxxx> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> --- Change from v2: - adopt wording from Daniel De Graaf about the dedicated hardware domain - make the dedicated hardware domain feature optional --- Config.mk | 3 --- INSTALL | 8 ++------ docs/misc/xsm-flask.txt | 6 +++--- xen/Rules.mk | 1 - xen/common/Kconfig | 37 ++++++++++++++++++++++++++++++++++++- xen/include/asm-x86/config.h | 4 ---- xen/include/xen/sched.h | 2 +- xen/include/xsm/dummy.h | 10 +++++----- xen/include/xsm/xsm.h | 6 +++--- xen/xsm/Makefile | 6 ++---- 10 files changed, 52 insertions(+), 31 deletions(-) diff --git a/Config.mk b/Config.mk index 7e56b48..8e58c36 100644 --- a/Config.mk +++ b/Config.mk @@ -212,9 +212,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -# Enable XSM security module (by default, Flask). -XSM_ENABLE ?= n - XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on # the internet. The original download URL is preserved as a comment diff --git a/INSTALL b/INSTALL index c51447b..3d2e86a 100644 --- a/INSTALL +++ b/INSTALL @@ -275,14 +275,10 @@ Building the python tools may fail unless certain options are passed to setup.py. Config.mk contains additional info how to use this variable. PYTHON_PREFIX_ARG= -The hypervisor may be build with XSM support, which can be changed with -the following variables. -XSM_ENABLE=y - -The hypervisor may be build with Flask support, which can be changed +he hypervisor may be build with XSM/Flask support, which can be changed by running: make -C xen menuconfig -and enabling Flask in the 'Common Features' menu. +and enabling XSM/Flask in the 'Common Features' menu. Do a build for coverage. coverage=y diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index f2f0fd4..fb2fe9f 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/misc/xsm-flask.txt @@ -172,9 +172,9 @@ Setting up FLASK ---------------- Xen must be compiled with XSM and FLASK enabled; by default, the security -framework is disabled. Edit Config.mk or the .config file to set XSM_ENABLE to -"y" and running 'make -C xen menuconfig' and enabling FLASK inside 'Common -Features'; this change requires a make clean and rebuild. +framework is disabled. Running 'make -C xen menuconfig' and enabling XSM +and FLASK inside 'Common Features'; this change requires a make clean and +rebuild. FLASK uses only one domain configuration parameter (seclabel) defining the full security label of the newly created domain. If using the example policy, diff --git a/xen/Rules.mk b/xen/Rules.mk index 489cfd1..bdd8ccf 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -52,7 +52,6 @@ CFLAGS += -Werror -Wredundant-decls -Wno-pointer-arith CFLAGS += -pipe -g -D__XEN__ -include $(BASEDIR)/include/xen/config.h CFLAGS += '-D__OBJECT_FILE__="$@"' -CFLAGS-$(XSM_ENABLE) += -DXSM_ENABLE CFLAGS-$(verbose) += -DVERBOSE CFLAGS-$(crash_debug) += -DCRASH_DEBUG CFLAGS-$(perfc) += -DPERF_COUNTERS diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 3419816..eadfc3b 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -10,7 +10,8 @@ config COMPAT config FLASK bool "FLux Advanced Security Kernel support" - default n + default y + depends on XSM ---help--- Enables the FLASK (FLux Advanced Security Kernel) support which provides a mandatory access control framework by which security @@ -62,4 +63,38 @@ config KEXEC If unsure, say Y. +# Allows "late" initialization of the hardware domain +config LATE_HWDOM + bool "dedicated hardware domain" + default n + depends on XSM && X86 + ---help--- + Allows the creation of a dedicated hardware domain distinct from + domain 0 that manages devices without needing access to other + privileged functionality such as the ability to manage domains. + This requires that the actual domain 0 be a stub domain that + constructs the actual hardware domain instead of initializing the + hardware itself. Because the hardware domain needs access to + hypercalls not available to unprivileged guests, an XSM policy + is required to properly define the privilege of these domains. + + This feature does nothing if the "hardware_dom" boot parameter is + not present. If this feature is being used for security, it should + be combined with an IOMMU in strict mode. + + If unsure, say N. + +# Enable/Disable XSM support +config XSM + bool "Xen Security Modules support" + default n + ---help--- + Enables the security framework known as Xen Security Modules which + allows administrators fine-grained control over a Xen domain and + its capabilities by defining permissible interactions between domains, + the hypervisor itself, and related resources such as memory and + devices. + + If unsure, say N. + endmenu diff --git a/xen/include/asm-x86/config.h b/xen/include/asm-x86/config.h index f25d92e..3305a75 100644 --- a/xen/include/asm-x86/config.h +++ b/xen/include/asm-x86/config.h @@ -52,10 +52,6 @@ #define CONFIG_MULTIBOOT 1 -#ifdef XSM_ENABLE -#define CONFIG_LATE_HWDOM 1 -#endif - #define HZ 100 #define OPT_CONSOLE_STR "vga" diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 6ea3cc7..e1428f7 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -110,7 +110,7 @@ struct evtchn u8 priority; u8 last_priority; u16 last_vcpu_id; -#ifdef XSM_ENABLE +#ifdef CONFIG_XSM union { #ifdef XSM_NEED_GENERIC_EVTCHN_SSID /* diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 81fba40..55b84f0 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -27,9 +27,9 @@ /* DO NOT implement this function; it is supposed to trigger link errors */ void __xsm_action_mismatch_detected(void); -#ifdef XSM_ENABLE +#ifdef CONFIG_XSM -/* In XSM_ENABLE builds, this header file is included from xsm/dummy.c, and +/* In CONFIG_XSM builds, this header file is included from xsm/dummy.c, and * contains static (not inline) functions compiled to the dummy XSM module. * There is no xsm_default_t argument available, so the value from the assertion * is used to initialize the variable. @@ -39,9 +39,9 @@ void __xsm_action_mismatch_detected(void); #define XSM_DEFAULT_VOID void #define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action -#else /* XSM_ENABLE */ +#else /* CONFIG_XSM */ -/* In !XSM_ENABLE builds, this header file is included from xsm/xsm.h, and +/* In !CONFIG_XSM builds, this header file is included from xsm/xsm.h, and * contains inline functions for each XSM hook. These functions also perform * compile-time checks on the xsm_default_t argument to ensure that the behavior * of the dummy XSM module is the same as the behavior with XSM disabled. @@ -51,7 +51,7 @@ void __xsm_action_mismatch_detected(void); #define XSM_DEFAULT_VOID xsm_default_t action #define XSM_ASSERT_ACTION(def) LINKER_BUG_ON(def != action) -#endif /* XSM_ENABLE */ +#endif /* CONFIG_XSM */ static always_inline int xsm_default_action( xsm_default_t action, struct domain *src, struct domain *target) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 3fc3824..2c365cd 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -194,7 +194,7 @@ struct xsm_operations { #endif }; -#ifdef XSM_ENABLE +#ifdef CONFIG_XSM extern struct xsm_operations *xsm_ops; @@ -752,7 +752,7 @@ extern int unregister_xsm(struct xsm_operations *ops); extern struct xsm_operations dummy_xsm_ops; extern void xsm_fixup_ops(struct xsm_operations *ops); -#else /* XSM_ENABLE */ +#else /* CONFIG_XSM */ #include <xsm/dummy.h> @@ -772,6 +772,6 @@ static inline int xsm_dt_init(void) } #endif -#endif /* XSM_ENABLE */ +#endif /* CONFIG_XSM */ #endif /* __XSM_H */ diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile index d29e71c..3252c46 100644 --- a/xen/xsm/Makefile +++ b/xen/xsm/Makefile @@ -1,7 +1,5 @@ obj-y += xsm_core.o -ifeq ($(XSM_ENABLE),y) -obj-y += xsm_policy.o -obj-y += dummy.o -endif +obj-$(CONFIG_XSM) += xsm_policy.o +obj-$(CONFIG_XSM) += dummy.o subdir-$(CONFIG_FLASK) += flask -- 2.4.10 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |