From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: Re: [PATCH v2] xsm: add device tree labeling support Date: Fri, 13 Mar 2015 10:39:46 -0400 Message-ID: <5502F6B2.8040707@tycho.nsa.gov> References: <1426192942-6029-1-git-send-email-dgdegra@tycho.nsa.gov> <5502BA930200007800069A16@mail.emea.novell.com> <5502B64C.6080808@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YWQl0-0007va-BN for xen-devel@lists.xenproject.org; Fri, 13 Mar 2015 14:40:10 +0000 In-Reply-To: <5502B64C.6080808@linaro.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Julien Grall , Jan Beulich Cc: xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org On 03/13/2015 06:05 AM, Julien Grall wrote: > Hi Jan, > > On 13/03/2015 09:23, Jan Beulich wrote: >>>>> On 12.03.15 at 21:42, wrote: >>> @@ -1999,11 +2055,23 @@ int policydb_read(struct policydb *p, void *fp) >>> "Old xen policy does not support iomemcon"); >>> goto bad; >>> } >>> - rc = next_entry(buf, fp, sizeof(u32) *2); >>> - if ( rc < 0 ) >>> - goto bad; >>> - c->u.iomem.low_iomem = le32_to_cpu(buf[0]); >>> - c->u.iomem.high_iomem = le32_to_cpu(buf[1]); >>> + if ( p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE ) >>> + { >>> + u64 b64[2]; >>> + rc = next_entry(b64, fp, sizeof(u64) *2); >>> + if ( rc < 0 ) >>> + goto bad; >>> + c->u.iomem.low_iomem = le64_to_cpu(b64[0]); >>> + c->u.iomem.high_iomem = le64_to_cpu(b64[1]); >>> + } >>> + else >>> + { >>> + rc = next_entry(buf, fp, sizeof(u32) *2); >>> + if ( rc < 0 ) >>> + goto bad; >>> + c->u.iomem.low_iomem = le32_to_cpu(buf[0]); >>> + c->u.iomem.high_iomem = le32_to_cpu(buf[1]); >>> + } >> >> I might be completely wrong (knowing next to nothing about XSM), >> but how is the permissible I/O mem range tied to DT (as expressed >> by POLICYDB_VERSION_XEN_DEVICETREE)? All systems with >> valid page frame number possibly being wider than 32 bits would >> need this extension, i.e. namely also x86. > > I guess the name POLICYDB_VERSION_XEN_DEVICETREE was arbitrarily chose. > > The policy version 30 adds support for both device tree and 64 bits iomem. Yes, the name was chosen to indicate the more significant of the two changes in policy version 30; the original (POLICYDB_VERSION_AARCH) was even more misleading although it did describe both changes. > Although, I'm wondering if we should deny policy < 30 on newer Xen because a truncation on the MMIO pfns may occurs and give access to the wrong pfn. The policy build does trigger an error if a MFN larger than 32 bits is used in a static device policy statement, so this should already be covered. Denying policy lower than version 30 would break the XSM-enabled build on all distributions that do not include the newest checkpolicy binary, so I don't really want to do that without a good reason. -- Daniel De Graaf National Security Agency