From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Dongxiao Xu <dongxiao.xu@intel.com>, xen-devel@lists.xen.org
Cc: keir@xen.org, Ian.Campbell@citrix.com,
stefano.stabellini@eu.citrix.com, George.Dunlap@eu.citrix.com,
andrew.cooper3@citrix.com, Ian.Jackson@eu.citrix.com,
JBeulich@suse.com
Subject: Re: [PATCH v12 2/9] xsm: add resource operation related xsm policy
Date: Tue, 08 Jul 2014 17:22:23 -0400 [thread overview]
Message-ID: <53BC610F.6050905@tycho.nsa.gov> (raw)
In-Reply-To: <0645dbf3e6acd6b61d24aad6fa72a4eb0b8a7a30.1404462280.git.dongxiao.xu@intel.com>
On 07/04/2014 04:34 AM, Dongxiao Xu wrote:
> Add xsm policies for resource access related hypercall, such as MSR
> access, port I/O read/write, and other related resource operations.
>
> Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
This is correct as far as a permission check, but I think the name
should be changed to reflect the contents of the white-list for the
access: pqos_monitor_op would work for the two MSRs used in #9.
If arbitrary access to MSRs is permitted without a white-list or other
categorization in the hypervisor, then the XSM policy needs to be able
to label individual MSRs and allow the security policy author to create
their own white- or black-lists. This handles the use case you
described at the cost of requiring XSM to be enabled to manage the lists
of MSRs permitted to a toolstack domain. I do not think this is the
best solution, since it will leave Xen without XSM unprotected, and the
construction of an XSM policy that permits useful features (like CQM)
but denies harmful ones (SYSENTER_EIP) will be more difficult than if
the permissions were explicit (pqos_monitor_op, compromise_hypervisor_op).
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2014-07-08 21:22 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-04 8:34 [PATCH v12 0/9] enable Cache QoS Monitoring (CQM) feature Dongxiao Xu
2014-07-04 8:34 ` [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall Dongxiao Xu
2014-07-04 9:40 ` Andrew Cooper
2014-07-04 10:30 ` Jan Beulich
2014-07-04 10:52 ` Andrew Cooper
2014-07-08 7:06 ` Xu, Dongxiao
2014-07-08 9:07 ` Andrew Cooper
2014-07-08 9:30 ` Jürgen Groß
2014-07-09 2:06 ` Xu, Dongxiao
2014-07-09 14:17 ` Daniel De Graaf
2014-07-08 8:57 ` George Dunlap
2014-07-08 9:20 ` Andrew Cooper
2014-07-04 10:44 ` Jan Beulich
2014-07-11 4:29 ` Xu, Dongxiao
2014-07-11 9:24 ` Andrew Cooper
2014-07-04 8:34 ` [PATCH v12 2/9] xsm: add resource operation related xsm policy Dongxiao Xu
2014-07-08 21:22 ` Daniel De Graaf [this message]
2014-07-09 5:28 ` Xu, Dongxiao
2014-07-09 14:17 ` Daniel De Graaf
2014-07-04 8:34 ` [PATCH v12 3/9] tools: provide interface for generic MSR access Dongxiao Xu
2014-07-04 11:42 ` Jan Beulich
2014-07-09 16:58 ` Ian Campbell
2014-07-23 7:48 ` Jan Beulich
2014-07-24 6:31 ` Xu, Dongxiao
2014-07-24 6:56 ` Jan Beulich
2014-07-24 6:36 ` Xu, Dongxiao
2014-07-09 17:01 ` Ian Campbell
2014-07-04 8:34 ` [PATCH v12 4/9] x86: detect and initialize Platform QoS Monitoring feature Dongxiao Xu
2014-07-04 11:56 ` Jan Beulich
2014-07-15 6:18 ` Xu, Dongxiao
2014-07-04 8:34 ` [PATCH v12 5/9] x86: dynamically attach/detach QoS monitoring service for a guest Dongxiao Xu
2014-07-04 12:06 ` Jan Beulich
2014-07-15 5:31 ` Xu, Dongxiao
2014-07-23 7:53 ` Jan Beulich
2014-07-04 8:34 ` [PATCH v12 6/9] x86: collect global QoS monitoring information Dongxiao Xu
2014-07-04 12:14 ` Jan Beulich
2014-08-01 8:26 ` Xu, Dongxiao
2014-08-01 9:19 ` Jan Beulich
2014-07-04 8:34 ` [PATCH v12 7/9] x86: enable QoS monitoring for each domain RMID Dongxiao Xu
2014-07-04 12:15 ` Jan Beulich
2014-07-04 8:34 ` [PATCH v12 8/9] xsm: add platform QoS related xsm policies Dongxiao Xu
2014-07-08 21:22 ` Daniel De Graaf
2014-07-04 8:34 ` [PATCH v12 9/9] tools: CMDs and APIs for Platform QoS Monitoring Dongxiao Xu
2014-07-10 15:50 ` Ian Campbell
2014-07-04 10:26 ` [PATCH v12 0/9] enable Cache QoS Monitoring (CQM) feature Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53BC610F.6050905@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=George.Dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dongxiao.xu@intel.com \
--cc=keir@xen.org \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.