From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Julien Grall <julien.grall@linaro.org>, Jan Beulich <JBeulich@suse.com>
Cc: xen-devel@lists.xenproject.org
Subject: Re: [PATCH v2] xsm: add device tree labeling support
Date: Fri, 13 Mar 2015 10:39:46 -0400 [thread overview]
Message-ID: <5502F6B2.8040707@tycho.nsa.gov> (raw)
In-Reply-To: <5502B64C.6080808@linaro.org>
On 03/13/2015 06:05 AM, Julien Grall wrote:
> Hi Jan,
>
> On 13/03/2015 09:23, Jan Beulich wrote:
>>>>> On 12.03.15 at 21:42, <dgdegra@tycho.nsa.gov> wrote:
>>> @@ -1999,11 +2055,23 @@ int policydb_read(struct policydb *p, void *fp)
>>> "Old xen policy does not support iomemcon");
>>> goto bad;
>>> }
>>> - rc = next_entry(buf, fp, sizeof(u32) *2);
>>> - if ( rc < 0 )
>>> - goto bad;
>>> - c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
>>> - c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
>>> + if ( p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE )
>>> + {
>>> + u64 b64[2];
>>> + rc = next_entry(b64, fp, sizeof(u64) *2);
>>> + if ( rc < 0 )
>>> + goto bad;
>>> + c->u.iomem.low_iomem = le64_to_cpu(b64[0]);
>>> + c->u.iomem.high_iomem = le64_to_cpu(b64[1]);
>>> + }
>>> + else
>>> + {
>>> + rc = next_entry(buf, fp, sizeof(u32) *2);
>>> + if ( rc < 0 )
>>> + goto bad;
>>> + c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
>>> + c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
>>> + }
>>
>> I might be completely wrong (knowing next to nothing about XSM),
>> but how is the permissible I/O mem range tied to DT (as expressed
>> by POLICYDB_VERSION_XEN_DEVICETREE)? All systems with
>> valid page frame number possibly being wider than 32 bits would
>> need this extension, i.e. namely also x86.
>
> I guess the name POLICYDB_VERSION_XEN_DEVICETREE was arbitrarily chose.
>
> The policy version 30 adds support for both device tree and 64 bits iomem.
Yes, the name was chosen to indicate the more significant of the two
changes in policy version 30; the original (POLICYDB_VERSION_AARCH) was
even more misleading although it did describe both changes.
> Although, I'm wondering if we should deny policy < 30 on newer Xen because a truncation on the MMIO pfns may occurs and give access to the wrong pfn.
The policy build does trigger an error if a MFN larger than 32 bits is used
in a static device policy statement, so this should already be covered.
Denying policy lower than version 30 would break the XSM-enabled build on
all distributions that do not include the newest checkpolicy binary, so
I don't really want to do that without a good reason.
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2015-03-13 14:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-12 20:42 [PATCH v2] xsm: add device tree labeling support Daniel De Graaf
2015-03-13 9:23 ` Jan Beulich
2015-03-13 10:05 ` Julien Grall
2015-03-13 14:39 ` Daniel De Graaf [this message]
2015-03-13 15:57 ` Julien Grall
2015-03-17 9:43 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5502F6B2.8040707@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=JBeulich@suse.com \
--cc=julien.grall@linaro.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.