| Message ID | d82ece7d-5c77-bf05-7eb3-3387c7c5f3e7@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
> -----Original Message----- > From: Boris Ostrovsky [mailto:boris.ostrovsky@oracle.com] > Sent: 26 January 2017 13:26 > To: Paul Durrant <Paul.Durrant@citrix.com>; xen-devel@lists.xenproject.org > Cc: Ian Jackson <Ian.Jackson@citrix.com>; Jennifer Herbert > <jennifer.herbert@citrix.com>; Jan Beulich <jbeulich@suse.com> > Subject: Re: [Xen-devel] [PATCH v8 1/8] public / x86: Introduce > __HYPERCALL_dm_op... > > On 01/24/2017 10:27 AM, Paul Durrant wrote: > > ...as a set of hypercalls to be used by a device model. > > > > As stated in the new docs/designs/dm_op.markdown: > > > > "The aim of DMOP is to prevent a compromised device model from > > compromising domains other then the one it is associated with. (And is > > therefore likely already compromised)." > > > > See that file for further information. > > > > This patch simply adds the boilerplate for the hypercall. > > > > Signed-off-by: Paul Durrant <paul.durrant@citrix.com> > > Suggested-by: Ian Jackson <ian.jackson@citrix.com> > > Suggested-by: Jennifer Herbert <jennifer.herbert@citrix.com> > > Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> > > Acked-by: Wei Liu <wei.liu2@citrix.com> > > Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> > > This patch (and possibly others in the series) break FLASK-enabled build. Boris, See the thread starting at https://lists.xenproject.org/archives/html/xen-devel/2017-01/msg02721.html I believe Wei still awaiting an ack. Paul > > First, this > > > diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h > > index 95460af..b206f5a 100644 > > --- a/xen/include/xsm/dummy.h > > +++ b/xen/include/xsm/dummy.h > > @@ -727,6 +727,12 @@ static XSM_INLINE int xsm_pmu_op > (XSM_DEFAULT_ARG struct domain *d, unsigned int > > } > > } > > > > +static XSM_INLINE int xsm_dm_op(XSM_DEFAULT_ARG struct domain > *d) > > +{ > > + XSM_ASSERT_ACTION(XSM_DM_PRIV); > > + return xsm_default_action(action, current->domain, d); > > +} > > + > > > > generates > > /home/build/xtt-x86_64/bootstrap/xen.git/xen/include/xsm/dummy.h:700: > error: ‘xsm_dm_op’ defined but not used > > and I think needs > > diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c > index 1f659c7..3cb5492 100644 > --- a/xen/xsm/dummy.c > +++ b/xen/xsm/dummy.c > @@ -156,6 +156,7 @@ void __init xsm_fixup_ops (struct xsm_operations > *ops) > set_to_dummy_if_null(ops, ioport_permission); > set_to_dummy_if_null(ops, ioport_mapping); > set_to_dummy_if_null(ops, pmu_op); > + set_to_dummy_if_null(ops, dm_op); > #endif > set_to_dummy_if_null(ops, xen_version); > } > > > And then > > make[4]: Entering directory > `/home/build/xtt-x86_64/bootstrap/xen.git/xen/xsm/flask' > gcc -m64 -DBUILD_ID -fno-strict-aliasing -std=gnu99 -Wall > -Wstrict-prototypes -Wdeclaration-after-statement > -Wno-unused-but-set-variable -O1 -nostdinc -fno-builtin -fno-common > -Werror -Wredundant-decls -Wno-pointer-arith -pipe -g -D__XEN__ -include > /home/build/xtt-x86_64/bootstrap/xen.git/xen/include/xen/config.h > '-D__OBJECT_FILE__="hooks.o"' -Wa,--strip-local-absolute > -fno-omit-frame-pointer -MMD -MF ./.hooks.o.d > -I/home/build/xtt-x86_64/bootstrap/xen.git/xen/include > -I/home/build/xtt-x86_64/bootstrap/xen.git/xen/include/asm-x86/mach- > generic > -I/home/build/xtt-x86_64/bootstrap/xen.git/xen/include/asm-x86/mach- > default > '-D__OBJECT_LABEL__=xsm$flask$hooks.o' -msoft-float -fno-stack-protector > -fno-exceptions -Wnested-externs -DHAVE_GAS_VMX - > DHAVE_GAS_SSE4_2 > -DHAVE_GAS_EPT -mno-red-zone -mno-sse -fpic > -fno-asynchronous-unwind-tables -DGCC_HAS_VISIBILITY_ATTRIBUTE > -I./include -c hooks.c -o hooks.o > hooks.c: In function ‘flask_dm_op’: > hooks.c:1613: error: ‘HVM__DM’ undeclared (first use in this function) > hooks.c:1613: error: (Each undeclared identifier is reported only once > hooks.c:1613: error: for each function it appears in.) > hooks.c: At top level: > hooks.c:1779: error: unknown field ‘hvm_set_pci_intx_level’ specified in > initializer > hooks.c:1779: error: ‘flask_hvm_set_pci_intx_level’ undeclared here (not > in a function) > hooks.c:1780: error: unknown field ‘hvm_set_isa_irq_level’ specified in > initializer > hooks.c:1780: error: ‘flask_hvm_set_isa_irq_level’ undeclared here (not > in a function) > hooks.c:1781: error: unknown field ‘hvm_set_pci_link_route’ specified in > initializer > hooks.c:1781: error: ‘flask_hvm_set_pci_link_route’ undeclared here (not > in a function) > make[4]: *** [hooks.o] Error 1 > > > -boris
On 01/26/2017 08:55 AM, Paul Durrant wrote: >> -----Original Message----- >> From: Boris Ostrovsky [mailto:boris.ostrovsky@oracle.com] >> Sent: 26 January 2017 13:26 >> To: Paul Durrant <Paul.Durrant@citrix.com>; xen-devel@lists.xenproject.org >> Cc: Ian Jackson <Ian.Jackson@citrix.com>; Jennifer Herbert >> <jennifer.herbert@citrix.com>; Jan Beulich <jbeulich@suse.com> >> Subject: Re: [Xen-devel] [PATCH v8 1/8] public / x86: Introduce >> __HYPERCALL_dm_op... >> >> On 01/24/2017 10:27 AM, Paul Durrant wrote: >>> ...as a set of hypercalls to be used by a device model. >>> >>> As stated in the new docs/designs/dm_op.markdown: >>> >>> "The aim of DMOP is to prevent a compromised device model from >>> compromising domains other then the one it is associated with. (And is >>> therefore likely already compromised)." >>> >>> See that file for further information. >>> >>> This patch simply adds the boilerplate for the hypercall. >>> >>> Signed-off-by: Paul Durrant <paul.durrant@citrix.com> >>> Suggested-by: Ian Jackson <ian.jackson@citrix.com> >>> Suggested-by: Jennifer Herbert <jennifer.herbert@citrix.com> >>> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> >>> Acked-by: Wei Liu <wei.liu2@citrix.com> >>> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> >> This patch (and possibly others in the series) break FLASK-enabled build. > Boris, > > See the thread starting at https://lists.xenproject.org/archives/html/xen-devel/2017-01/msg02721.html > > I believe Wei still awaiting an ack. Ah, I missed that. Sorry about that. -boris
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 1f659c7..3cb5492 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -156,6 +156,7 @@ void __init xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, ioport_permission); set_to_dummy_if_null(ops, ioport_mapping); set_to_dummy_if_null(ops, pmu_op); + set_to_dummy_if_null(ops, dm_op); #endif set_to_dummy_if_null(ops, xen_version); }