[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping



I did test and review this submission back when I worked on the OpenXT project with Christopher so I can add a reviewed by.

Reviewed-by: Ross Philipson <ross.philipson@xxxxxxxxx>

On Tue, Aug 22, 2017 at 4:18 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>> On 18.08.17 at 23:55, <dgdegra@xxxxxxxxxxxxx> wrote:
> On 08/18/2017 05:02 PM, christopher.w.clark@xxxxxxxxx wrote:
>> From: Christopher Clark <christopher.clark6@baesystems.com>
>>
>> Isolation of devices passed through to domains usually requires an
>> active IOMMU. The existing method of requiring an IOMMU is via a Xen
>> boot parameter ("iommu=force") which will abort boot if an IOMMU is not
>> available.
>>
>> More graceful degradation of behaviour when an IOMMU is absent can be
>> achieved by enabling XSM to perform enforcement of IOMMU requirement.
>>
>> This patch enables an enforceable XSM policy to specify that an IOMMU is
>> required for particular domains to access devices and how capable that
>> IOMMU must be. This allows a Xen system to boot whilst still
>> ensuring that an IOMMU is active before permitting device use.
>>
>> Using a XSM policy ensures that the isolation properties remain enforced
>> even when the large, complex toolstack software changes.
>>
>> For some hardware platforms interrupt remapping is a strict requirement
>> for secure isolation. Not all IOMMUs provide interrupt remapping.
>> The XSM policy can now optionally require interrupt remapping.
>>
>> The device use hooks now check whether an IOMMU is:
>>   * Active and securely isolating:
>>      -- current criteria for this is that interrupt remapping is ok
>>   * Active but interrupt remapping is not available
>>   * Not active
>>
>> This patch also updates the reference XSM policy to use the new
>> primitives, with policy entries that do not require an active IOMMU.
>>
>> Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
>
> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

To be honest, for this kind of a change I would have hoped for
a Reviewed-by (by you or someone else), not just an Acked-by.
Hence I'm hesitant to put the patch in right away.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel



--
Ross Philipson
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.