[v5,20/44] x86/boot: convert xsm policy loading to struct boot_module

Commit Message

Daniel P. Smith Oct. 6, 2024, 9:49 p.m. UTC

Iterate through the unclaimed struct boot_module to see if any are an XSM FLASK
policy. If one is located, mark it as an xsm policy.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
 xen/arch/x86/include/asm/bootinfo.h |  1 +
 xen/arch/x86/setup.c                |  2 +-
 xen/include/xsm/xsm.h               | 11 +++++++----
 xen/xsm/xsm_core.c                  | 13 +++++++++++--
 xen/xsm/xsm_policy.c                | 15 ++++++++-------
 5 files changed, 28 insertions(+), 14 deletions(-)

Comments

Jason Andryuk Oct. 8, 2024, 4:13 p.m. UTC | #1

On 2024-10-06 17:49, Daniel P. Smith wrote:
> Iterate through the unclaimed struct boot_module to see if any are an XSM FLASK
> policy. If one is located, mark it as an xsm policy.
> 
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>

> @@ -161,6 +162,14 @@ int __init xsm_multiboot_init(
>       }
>   
>       ret = xsm_core_init(policy_buffer, policy_size);
> +    if ( ret == 0 )
> +    {
> +        int idx = first_boot_module_index(bi, BOOTMOD_XSM_POLICY);
> +
> +        /* If the policy was loaded from a boot module, mark it consumed */
> +        if ( idx >= 0 )
> +            bi->mods[idx].flags |= BOOTMOD_FLAG_X86_CONSUMED;

Maybe xsm_multiboot_policy_init() should return the idx used instead of 
having a second search?  (Also, xsm_multiboot_policy_init() can't fail?)

> +    }
>       bootstrap_map(NULL);
>   
>       return 0;

The other changes look okay.

Regards,
Jason

Daniel P. Smith Oct. 9, 2024, 5:21 p.m. UTC | #2

On 10/8/24 12:13, Jason Andryuk wrote:
> On 2024-10-06 17:49, Daniel P. Smith wrote:
>> Iterate through the unclaimed struct boot_module to see if any are an 
>> XSM FLASK
>> policy. If one is located, mark it as an xsm policy.
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> 
>> @@ -161,6 +162,14 @@ int __init xsm_multiboot_init(
>>       }
>>       ret = xsm_core_init(policy_buffer, policy_size);
>> +    if ( ret == 0 )
>> +    {
>> +        int idx = first_boot_module_index(bi, BOOTMOD_XSM_POLICY);
>> +
>> +        /* If the policy was loaded from a boot module, mark it 
>> consumed */
>> +        if ( idx >= 0 )
>> +            bi->mods[idx].flags |= BOOTMOD_FLAG_X86_CONSUMED;
> 
> Maybe xsm_multiboot_policy_init() should return the idx used instead of 
> having a second search?  (Also, xsm_multiboot_policy_init() can't fail?)

I was debating on whether to make similar changes because the existing 
logic just seems sub-optimal. Currently I am looking to just write an 
independent XSM patch that looks at both this function and the device 
tree version of the function. Specifically, looking to use the 
IS_ENABLED() macro instead of #ifdef to reduce code, provide better code 
coverage, and to refine the logic.

>> +    }
>>       bootstrap_map(NULL);
>>       return 0;
> 
> The other changes look okay.

R-b then?

v/r,
dps

Jason Andryuk Oct. 10, 2024, 5:23 p.m. UTC | #3

On 2024-10-09 13:21, Daniel P. Smith wrote:
> On 10/8/24 12:13, Jason Andryuk wrote:
>> On 2024-10-06 17:49, Daniel P. Smith wrote:
>>> Iterate through the unclaimed struct boot_module to see if any are an 
>>> XSM FLASK
>>> policy. If one is located, mark it as an xsm policy.
>>>
>>> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
>>
>>> @@ -161,6 +162,14 @@ int __init xsm_multiboot_init(
>>>       }
>>>       ret = xsm_core_init(policy_buffer, policy_size);
>>> +    if ( ret == 0 )
>>> +    {
>>> +        int idx = first_boot_module_index(bi, BOOTMOD_XSM_POLICY);
>>> +
>>> +        /* If the policy was loaded from a boot module, mark it 
>>> consumed */
>>> +        if ( idx >= 0 )
>>> +            bi->mods[idx].flags |= BOOTMOD_FLAG_X86_CONSUMED;
>> Maybe xsm_multiboot_policy_init() should return the idx used instead 
>> of having a second search?  (Also, xsm_multiboot_policy_init() can't 
>> fail?)
> 
> I was debating on whether to make similar changes because the existing 
> logic just seems sub-optimal. Currently I am looking to just write an 
> independent XSM patch that looks at both this function and the device 
> tree version of the function. Specifically, looking to use the 
> IS_ENABLED() macro instead of #ifdef to reduce code, provide better code 
> coverage, and to refine the logic.

Ok.

>>> +    }
>>>       bootstrap_map(NULL);
>>>       return 0;
>>
>> The other changes look okay.
> 
> R-b then?

Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>

Regards,
Jason

Patch

diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h
index 1ec29a423061..5cbd1cbbbccd 100644
--- a/xen/arch/x86/include/asm/bootinfo.h
+++ b/xen/arch/x86/include/asm/bootinfo.h
@@ -21,6 +21,7 @@  enum bootmod_type {
     BOOTMOD_KERNEL,
     BOOTMOD_RAMDISK,
     BOOTMOD_MICROCODE,
+    BOOTMOD_XSM_POLICY,
 };
 
 struct boot_module {
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 48c509b62a4c..e560fa798d71 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1865,7 +1865,7 @@  void asmlinkage __init noreturn __start_xen(unsigned long mbi_p)
     mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges",
                                   RANGESETF_prettyprint_hex);
 
-    xsm_multiboot_init(module_map, mbi);
+    xsm_multiboot_init(module_map, bi);
 
     /*
      * IOMMU-related ACPI table parsing may require some of the system domains
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 627c0d2731af..9e511ef8878c 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -17,7 +17,10 @@ 
 
 #include <xen/alternative-call.h>
 #include <xen/sched.h>
-#include <xen/multiboot.h>
+
+#ifdef CONFIG_MULTIBOOT
+#include <asm/bootinfo.h>
+#endif
 
 /* policy magic number (defined by XSM_MAGIC) */
 typedef uint32_t xsm_magic_t;
@@ -779,9 +782,9 @@  static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
 
 #ifdef CONFIG_MULTIBOOT
 int xsm_multiboot_init(
-    unsigned long *module_map, const multiboot_info_t *mbi);
+    unsigned long *module_map, const struct boot_info *bi);
 int xsm_multiboot_policy_init(
-    unsigned long *module_map, const multiboot_info_t *mbi,
+    unsigned long *module_map, const struct boot_info *bi,
     void **policy_buffer, size_t *policy_size);
 #endif
 
@@ -829,7 +832,7 @@  static const inline struct xsm_ops *silo_init(void)
 
 #ifdef CONFIG_MULTIBOOT
 static inline int xsm_multiboot_init (
-    unsigned long *module_map, const multiboot_info_t *mbi)
+    unsigned long *module_map, const struct boot_info *bi)
 {
     return 0;
 }
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index eaa028109bde..69d3800d4c39 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -21,6 +21,7 @@ 
 #ifdef CONFIG_XSM
 
 #ifdef CONFIG_MULTIBOOT
+#include <asm/bootinfo.h>
 #include <asm/setup.h>
 #endif
 
@@ -140,7 +141,7 @@  static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
 
 #ifdef CONFIG_MULTIBOOT
 int __init xsm_multiboot_init(
-    unsigned long *module_map, const multiboot_info_t *mbi)
+    unsigned long *module_map, struct boot_info *bi)
 {
     int ret = 0;
     void *policy_buffer = NULL;
@@ -150,7 +151,7 @@  int __init xsm_multiboot_init(
 
     if ( XSM_MAGIC )
     {
-        ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer,
+        ret = xsm_multiboot_policy_init(module_map, bi, &policy_buffer,
                                         &policy_size);
         if ( ret )
         {
@@ -161,6 +162,14 @@  int __init xsm_multiboot_init(
     }
 
     ret = xsm_core_init(policy_buffer, policy_size);
+    if ( ret == 0 )
+    {
+        int idx = first_boot_module_index(bi, BOOTMOD_XSM_POLICY);
+
+        /* If the policy was loaded from a boot module, mark it consumed */
+        if ( idx >= 0 )
+            bi->mods[idx].flags |= BOOTMOD_FLAG_X86_CONSUMED;
+    }
     bootstrap_map(NULL);
 
     return 0;
diff --git a/xen/xsm/xsm_policy.c b/xen/xsm/xsm_policy.c
index 8dafbc93810f..921bb254b9d1 100644
--- a/xen/xsm/xsm_policy.c
+++ b/xen/xsm/xsm_policy.c
@@ -21,6 +21,7 @@ 
 #include <xsm/xsm.h>
 #ifdef CONFIG_MULTIBOOT
 #include <xen/multiboot.h>
+#include <asm/bootinfo.h>
 #include <asm/setup.h>
 #endif
 #include <xen/bitops.h>
@@ -31,11 +32,10 @@ 
 
 #ifdef CONFIG_MULTIBOOT
 int __init xsm_multiboot_policy_init(
-    unsigned long *module_map, const multiboot_info_t *mbi,
+    unsigned long *module_map, struct boot_info *bi,
     void **policy_buffer, size_t *policy_size)
 {
     int i;
-    module_t *mod = (module_t *)__va(mbi->mods_addr);
     int rc = 0;
     u32 *_policy_start;
     unsigned long _policy_len;
@@ -44,13 +44,13 @@  int __init xsm_multiboot_policy_init(
      * Try all modules and see whichever could be the binary policy.
      * Adjust module_map for the module that is the binary policy.
      */
-    for ( i = mbi->mods_count-1; i >= 1; i-- )
+    for ( i = bi->nr_modules-1; i >= 1; i-- )
     {
-        if ( !test_bit(i, module_map) )
+        if ( bi->mods[i].type != BOOTMOD_UNKNOWN )
             continue;
 
-        _policy_start = bootstrap_map(mod + i);
-        _policy_len   = mod[i].mod_end;
+        _policy_start = bootstrap_map_bm(&bi->mods[i]);
+        _policy_len   = bi->mods[i].size;
 
         if ( (xsm_magic_t)(*_policy_start) == XSM_MAGIC )
         {
@@ -61,11 +61,12 @@  int __init xsm_multiboot_policy_init(
                    _policy_len,_policy_start);
 
             __clear_bit(i, module_map);
+            bi->mods[i].type = BOOTMOD_XSM_POLICY;
             break;
 
         }
 
-        bootstrap_map(NULL);
+        bootstrap_map_bm(NULL);
     }
 
     return rc;