From: Jan Beulich <jbeulich@suse.com>
To: "Daniel P. Smith" <dpsmith@apertussolutions.com>
Cc: "Stefano Stabellini" <sstabellini@kernel.org>,
"Julien Grall" <julien@xen.org>,
"Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"George Dunlap" <george.dunlap@citrix.com>,
"Ian Jackson" <iwj@xenproject.org>, "Wei Liu" <wl@xen.org>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Tamas K Lengyel" <tamas@tklengyel.com>,
"Tim Deegan" <tim@xen.org>, "Juergen Gross" <jgross@suse.com>,
"Alexandru Isaila" <aisaila@bitdefender.com>,
"Petre Pircalabu" <ppircalabu@bitdefender.com>,
"Dario Faggioli" <dfaggioli@suse.com>,
"Paul Durrant" <paul@xen.org>,
"Daniel De Graaf" <dgdegra@tycho.nsa.gov>,
persaur@gmail.com, christopher.w.clark@gmail.com,
adam.schwalm@starlab.io, scott.davis@starlab.io,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH 3/6] xsm: enabling xsm to always be included
Date: Fri, 18 Jun 2021 14:26:05 +0200 [thread overview]
Message-ID: <c8bd347f-cf14-8b86-81f7-51c035c5c972@suse.com> (raw)
In-Reply-To: <20210617233918.10095-4-dpsmith@apertussolutions.com>
On 18.06.2021 01:39, Daniel P. Smith wrote:
> The only difference between !CONFIG_XSM and CONFIG_XSM with !CONFIG_XSM_SILO and !CONFIG_XSM_FLASK
> is whether the XSM hooks in dummy.h are called as static inline functions or as function
> pointers to static functions. As such this commit,
> * eliminates CONFIG_XSM
Following from what Andrew has said (including him mentioning your
changing of certain Kconfig option defaults), I'm not convinced this is
a good move. This still ought to serve as the overall XSM-yes-or-no
setting. If internally you make said two variants match in behavior,
that's a different thing.
> * introduces CONFIG_XSM_EVTCHN_LABELING as replacement for enabling event channel labels
Is this mode needed as separate functionality at all? Nothing defines
XSM_NEED_GENERIC_EVTCHN_SSID anywhere. _If_ XSM went away as a separate
setting, then imo this one should go away as well.
> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -197,22 +197,33 @@ config XENOPROF
>
> If unsure, say Y.
>
> -config XSM
> - bool "Xen Security Modules support"
> - default ARM
> - ---help---
> - Enables the security framework known as Xen Security Modules which
> - allows administrators fine-grained control over a Xen domain and
> - its capabilities by defining permissible interactions between domains,
> - the hypervisor itself, and related resources such as memory and
> - devices.
> +menu "Xen Security Modules"
>
> - If unsure, say N.
> +choice
> + prompt "Default XSM module"
> + default XSM_SILO_DEFAULT if XSM_SILO && ARM
> + default XSM_FLASK_DEFAULT if XSM_FLASK
> + default XSM_SILO_DEFAULT if XSM_SILO
> + default XSM_DUMMY_DEFAULT
> + config XSM_DUMMY_DEFAULT
> + bool "Match non-XSM behavior"
> + config XSM_FLASK_DEFAULT
> + bool "FLux Advanced Security Kernel" if XSM_FLASK
> + config XSM_SILO_DEFAULT
> + bool "SILO" if XSM_SILO
> +endchoice
This did live after the individual options it depends on for a reason,
and you don't say anywhere why you need to move it up. The way you
have it, with the default command line kconfig tool, users will be
presented with dependent options before having chosen the settings of
the dependency ones. That's because this tool, to a degree, moves
linearly through the options it has parsed.
> @@ -261,25 +271,12 @@ config XSM_SILO
>
> If unsure, say Y.
>
> -choice
> - prompt "Default XSM implementation"
> - depends on XSM
> - default XSM_SILO_DEFAULT if XSM_SILO && ARM
> - default XSM_FLASK_DEFAULT if XSM_FLASK
> - default XSM_SILO_DEFAULT if XSM_SILO
> - default XSM_DUMMY_DEFAULT
> - config XSM_DUMMY_DEFAULT
> - bool "Match non-XSM behavior"
> - config XSM_FLASK_DEFAULT
> - bool "FLux Advanced Security Kernel" if XSM_FLASK
> - config XSM_SILO_DEFAULT
> - bool "SILO" if XSM_SILO
> -endchoice
> +endmenu
>
> config LATE_HWDOM
> bool "Dedicated hardware domain"
> default n
> - depends on XSM && X86
> + depends on XSM_FLASK && X86
I don't think this is a compatible change. I'm not going to exclude that
this is how it was meant, but as it stands LATE_HWDOM right now doesn't
really require FLASK, and could e.g. also go with SILO or dummy. If you
_mean_ to change this, then your description needs to say so (and ideally
it would then be split out, so - if this is actually a bug - it could
also be backported).
Jan
next prev parent reply other threads:[~2021-06-18 12:26 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-17 23:39 [PATCH 0/6] xsm: refactoring xsm hooks Daniel P. Smith
2021-06-17 23:39 ` [PATCH 1/6] xsm: refactor xsm_ops handling Daniel P. Smith
2021-06-18 11:34 ` Andrew Cooper
2021-06-18 11:44 ` Jan Beulich
2021-06-18 11:45 ` Andrew Cooper
2021-06-18 16:26 ` Daniel P. Smith
2021-06-18 16:17 ` Daniel P. Smith
2021-07-12 12:36 ` [PATCH 0.5/6] xen: Implement xen/alternative-call.h for use in common code Andrew Cooper
2021-06-17 23:39 ` [PATCH 2/6] xsm: decouple xsm header inclusion selection Daniel P. Smith
2021-06-17 23:39 ` [PATCH 3/6] xsm: enabling xsm to always be included Daniel P. Smith
2021-06-18 11:53 ` Andrew Cooper
2021-06-18 16:35 ` Daniel P. Smith
2021-06-21 6:53 ` Jan Beulich
2021-06-24 17:18 ` Daniel P. Smith
2021-06-25 6:39 ` Jan Beulich
2021-06-18 12:26 ` Jan Beulich [this message]
2021-06-18 20:27 ` Daniel P. Smith
2021-06-21 6:58 ` Jan Beulich
2021-06-21 10:41 ` Andrew Cooper
2021-06-21 11:39 ` Jan Beulich
2021-06-18 21:20 ` Andrew Cooper
2021-06-21 7:03 ` Jan Beulich
2021-06-17 23:39 ` [PATCH 4/6] xsm: remove xen_defualt_t from hook definitions Daniel P. Smith
2021-06-18 11:56 ` Andrew Cooper
2021-06-18 16:35 ` Daniel P. Smith
2021-06-18 12:32 ` Jan Beulich
2021-06-17 23:39 ` [PATCH 5/6] xsm: expanding function related macros in dummy.h Daniel P. Smith
2021-06-18 12:03 ` Andrew Cooper
2021-06-18 12:40 ` Jan Beulich
2021-06-18 12:44 ` Jan Beulich
2021-06-18 16:38 ` Daniel P. Smith
2021-06-18 16:36 ` Daniel P. Smith
2021-06-17 23:39 ` [PATCH 6/6] xsm: removing the XSM_ASSERT_ACTION macro Daniel P. Smith
2021-06-18 10:14 ` [PATCH 0/6] xsm: refactoring xsm hooks Andrew Cooper
2021-06-18 11:48 ` Jan Beulich
2021-06-18 21:21 ` Andrew Cooper
2021-06-21 6:45 ` Jan Beulich
2021-06-18 15:53 ` Daniel P. Smith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c8bd347f-cf14-8b86-81f7-51c035c5c972@suse.com \
--to=jbeulich@suse.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=adam.schwalm@starlab.io \
--cc=aisaila@bitdefender.com \
--cc=andrew.cooper3@citrix.com \
--cc=christopher.w.clark@gmail.com \
--cc=dfaggioli@suse.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=dpsmith@apertussolutions.com \
--cc=george.dunlap@citrix.com \
--cc=iwj@xenproject.org \
--cc=jgross@suse.com \
--cc=julien@xen.org \
--cc=paul@xen.org \
--cc=persaur@gmail.com \
--cc=ppircalabu@bitdefender.com \
--cc=roger.pau@citrix.com \
--cc=scott.davis@starlab.io \
--cc=sstabellini@kernel.org \
--cc=tamas@tklengyel.com \
--cc=tim@xen.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.