[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping

>>> On 23.08.17 at 17:56, <dgdegra@xxxxxxxxxxxxx> wrote:
> On 08/22/2017 04:18 AM, Jan Beulich wrote:
>>>>> On 18.08.17 at 23:55, <dgdegra@xxxxxxxxxxxxx> wrote:
>>> On 08/18/2017 05:02 PM, christopher.w.clark@xxxxxxxxx wrote:
>>>> From: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>
>>>> Isolation of devices passed through to domains usually requires an
>>>> active IOMMU. The existing method of requiring an IOMMU is via a Xen
>>>> boot parameter ("iommu=force") which will abort boot if an IOMMU is not
>>>> available.
>>>> More graceful degradation of behaviour when an IOMMU is absent can be
>>>> achieved by enabling XSM to perform enforcement of IOMMU requirement.
>>>> This patch enables an enforceable XSM policy to specify that an IOMMU is
>>>> required for particular domains to access devices and how capable that
>>>> IOMMU must be. This allows a Xen system to boot whilst still
>>>> ensuring that an IOMMU is active before permitting device use.
>>>> Using a XSM policy ensures that the isolation properties remain enforced
>>>> even when the large, complex toolstack software changes.
>>>> For some hardware platforms interrupt remapping is a strict requirement
>>>> for secure isolation. Not all IOMMUs provide interrupt remapping.
>>>> The XSM policy can now optionally require interrupt remapping.
>>>> The device use hooks now check whether an IOMMU is:
>>>>    * Active and securely isolating:
>>>>       -- current criteria for this is that interrupt remapping is ok
>>>>    * Active but interrupt remapping is not available
>>>>    * Not active
>>>> This patch also updates the reference XSM policy to use the new
>>>> primitives, with policy entries that do not require an active IOMMU.
>>>> Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>
>>> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
>> To be honest, for this kind of a change I would have hoped for
>> a Reviewed-by (by you or someone else), not just an Acked-by.
>> Hence I'm hesitant to put the patch in right away.
> I'll keep that in mind for the future.  I have looked at this patch
> in depth, so you can change that to
> Reviewed-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Thanks, a few minutes too late though - I've just committed it the
way it was (with Ross' R-b).


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.