[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping

To: "Daniel De Graaf" <dgdegra@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 22 Aug 2017 02:18:38 -0600
Cc: christopher.w.clark@xxxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Tue, 22 Aug 2017 08:18:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 18.08.17 at 23:55, <dgdegra@xxxxxxxxxxxxx> wrote:
> On 08/18/2017 05:02 PM, christopher.w.clark@xxxxxxxxx wrote:
>> From: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>
>> 
>> Isolation of devices passed through to domains usually requires an
>> active IOMMU. The existing method of requiring an IOMMU is via a Xen
>> boot parameter ("iommu=force") which will abort boot if an IOMMU is not
>> available.
>> 
>> More graceful degradation of behaviour when an IOMMU is absent can be
>> achieved by enabling XSM to perform enforcement of IOMMU requirement.
>> 
>> This patch enables an enforceable XSM policy to specify that an IOMMU is
>> required for particular domains to access devices and how capable that
>> IOMMU must be. This allows a Xen system to boot whilst still
>> ensuring that an IOMMU is active before permitting device use.
>> 
>> Using a XSM policy ensures that the isolation properties remain enforced
>> even when the large, complex toolstack software changes.
>> 
>> For some hardware platforms interrupt remapping is a strict requirement
>> for secure isolation. Not all IOMMUs provide interrupt remapping.
>> The XSM policy can now optionally require interrupt remapping.
>> 
>> The device use hooks now check whether an IOMMU is:
>>   * Active and securely isolating:
>>      -- current criteria for this is that interrupt remapping is ok
>>   * Active but interrupt remapping is not available
>>   * Not active
>> 
>> This patch also updates the reference XSM policy to use the new
>> primitives, with policy entries that do not require an active IOMMU.
>> 
>> Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>
> 
> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

To be honest, for this kind of a change I would have hoped for
a Reviewed-by (by you or someone else), not just an Acked-by.
Hence I'm hesitant to put the patch in right away.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping
  - From: Ross Philipson

References:
- [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping
  - From: christopher . w . clark
- Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping
  - From: Daniel De Graaf

Prev by Date: Re: [Xen-devel] [PATCH v4] hvm: vmx/svm_cpu_up_prepare should be called only once
Next by Date: Re: [Xen-devel] [PATCH] xen: Emit RTC_CHANGE upon TIMEOFFSET ioreq
Previous by thread: Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping
Next by thread: Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.