From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arianna Avanzini <avanzini.arianna@gmail.com>
Subject: Re: [PATCH v12 11/14] flask/policy: allow domU to use
 previously-mapped I/O-memory
Date: Sat, 6 Sep 2014 01:25:58 +0200
Message-ID: <20140905232556.GA969@gmail.com>
References: <1409416189-16564-1-git-send-email-avanzini.arianna@gmail.com>
	<1409416189-16564-12-git-send-email-avanzini.arianna@gmail.com>
	<1409743296.22712.10.camel@eu.citrix.com>
	<5407297E.2080202@tycho.nsa.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <5407297E.2080202@tycho.nsa.gov>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: julien.grall@citrix.com, paolo.valente@unimore.it, keir@xen.org, stefano.stabellini@eu.citrix.com, Ian.Jackson@eu.citrix.com, dario.faggioli@citrix.com, tim@xen.org, xen-devel@lists.xen.org, Ian Campbell <Ian.Campbell@eu.citrix.com>, etrudeau@broadcom.com, JBeulich@suse.com, andrew.cooper3@citrix.com, viktor.kleinik@globallogic.com, andrii.tseglytskyi@globallogic.com
List-Id: xen-devel@lists.xenproject.org

Hello,

thank you for your thorough explanation.

On Wed, Sep 03, 2014 at 10:45:18AM -0400, Daniel De Graaf wrote:
> On 09/03/2014 07:21 AM, Ian Campbell wrote:
> >On Sat, 2014-08-30 at 18:29 +0200, Arianna Avanzini wrote:
> >>From: Andrii Tseglytskyi <andrii.tseglytskyi@globallogic.com>
> >>
> >>This commit allows the domU to access previously-mapped I/O-memory
> >>even if XSM is enabled and FLASK is enforced.
> >
> >CCing Daniel (XSM maintainer).
> >
> >I think this is probably OK, but I'm no XSM expert.
> >
> >(If I were writing the ocmmit message I would have said something like
> >"Update the example XSM policy to allow...")
> 
> The message Ian suggests is a bit clearer as to the effect of the patch.
> 

Thanks to both of you; as I took the liberty of writing the commit message for
Andrii's patch I will certainly fix my mistakes according to your suggestions.

> Regarding the patch: at minimum, a domU should only need the permissions
> defined by "use_device(domU_t, iomem_t)" to access mapped memory.  However,
> it is preferred to label the IO memory being used instead of allowing access
> to the default/fallback iomem_t.
> 
> The intention for handing pass-through devices with FLASK is to label the
> device (either using the tool flask-label-pci or manually in the policy;
> example lines for the latter are present and commented out).  The example
> policy defines the type nic_dev_t as a device that is usable by domU_t, and
> docs/misc/xsm-flask.txt has an example of flask-label-pci's use.
> 
> If you are actually only passing IO memory and not a PCI device, labeling
> the IO memory range would be the preferred solution.  If you cannot label
> it statically, a tool similar to flask-label-pci for memory will be needed -
> something like "flask-label-resource <type> <start>-<end> <label>".  This
> may be more common on ARM than on x86; I am not familiar with pass-through
> on ARM, and the only non-PCI device on x86 that I have used pass-through on
> is the TPM, which has a well-defined IO memory range.
> 

When using the iomem option to make an I/O-memory range available to a domU
the mapping to be performed is explicitly defined by domain configuration,
so labeling it should be possible, if I understood things correctly.



> -- 
> Daniel De Graaf
> National Security Agency

-- 
/*
 * Arianna Avanzini
 * avanzini.arianna@gmail.com
 * 73628@studenti.unimore.it
 */