About XSM/flask

[Jean-Edouard LEJOSNE <jean-edouard.lejosne@citrix.com>]

  Hi!

I've got some trouble with XSM/flask recently.
Basically, it blocks stuffs when not enforced, which is not (?) supposed to happen.

The problem is actually pretty simple when looking at the code.
As an example, here is a function from xen/xsm/flask/hooks.c :

static int flask_hvm_param(struct domain *d, unsigned long op)
{
      u32 perm;

      switch ( op )
      {
          case HVMOP_set_param:
              perm = HVM__SETPARAM;
          break;
          case HVMOP_get_param:
              perm = HVM__GETPARAM;
          break;
          default:
              return -EPERM;
      }

      return domain_has_perm(current->domain, d, SECCLASS_HVM, perm);
}

As it is pretty obvious, if "op" is not "HVMOP_set_param" or
"HVMOP_get_param", XSM will deny the action, even if we are in permissive mode.
It is currently a problem for us because, for this particular function
at least, we use other values of "op" (for dirty bit tracking).

I think in that case, flask should just print a warning and return 0
when in permissive mode.
The only other solution I see is to make sure every possible values are
treated by flask, and that it's maintained that way, which is probably a
pain.

So my question is : is there something that should be done about that? Is the current behaviour mandatory for some reason I didn't think about?

Thanks,

-- 
Jean-Edouard LEJOSNE
XenClient Lead Software Developpment Engineer
Citrix Systems
Cambridge, UK