Re: [Xen-devel] [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
On Thu, 14 Jun 2018, DeGraaf, Daniel G wrote: > -Original Message- > > On 13/06/18 23:15, Stefano Stabellini wrote: > > > This is very useful when starting multiple domains from Xen without > > > xenstore access. It will allow them to print out to the Xen console. > > > > > > Signed-off-by: Stefano Stabellini > > > CC: andrew.coop...@citrix.com > > > CC: george.dun...@eu.citrix.com > > > CC: ian.jack...@eu.citrix.com > > > CC: jbeul...@suse.com > > > CC: konrad.w...@oracle.com > > > CC: t...@xen.org > > > CC: wei.l...@citrix.com > > > CC: dgde...@tycho.nsa.gov > > > --- > > > If there is a better way to do this with XSM, please advise. > > > > We definitely need to keep the XSM around to avoid opening a hole. We also > > don't want all the domain to access the console. > > > > Looking at the implementation, any domain with is_privileged will be able > > to access the console. IHMO, I don't think we should set > > that for DomU created by Xen. > > > > So I would suggest to introduce a new variable is_console and to tell > > whether a domain can access the console. xsm_console_io(...) > > would then need to be updated accordingly. > > There is an existing CONFIG_VERBOSE_DEBUG option which, among other things, > allows console output from any domain. The console output part of that > (which is just the #ifdef in include/xsm/dummy.h) could be moved to another > CONFIG or ORed with an ARM flag. This would apply to all domains; if that's > not what you want, you'll need to add a flag (like Julien suggested) or use > XSM. > > If XSM is enabled, guest hypervisor console output is controlled by the > guest_writeconsole boolean in the default policy > (tools/flask/policy/modules/guest_features.te) which defaults to allowing it. I think the best user experience would be: - do not to require XSM to be enabled - do not to allow all domains to use the Xen console, only the ones started from Xen - domUs started from Xen should not be is_privileged Indeed, the best approach would be be to add a new is_console option. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
-Original Message- > On 13/06/18 23:15, Stefano Stabellini wrote: > > This is very useful when starting multiple domains from Xen without > > xenstore access. It will allow them to print out to the Xen console. > > > > Signed-off-by: Stefano Stabellini > > CC: andrew.coop...@citrix.com > > CC: george.dun...@eu.citrix.com > > CC: ian.jack...@eu.citrix.com > > CC: jbeul...@suse.com > > CC: konrad.w...@oracle.com > > CC: t...@xen.org > > CC: wei.l...@citrix.com > > CC: dgde...@tycho.nsa.gov > > --- > > If there is a better way to do this with XSM, please advise. > > We definitely need to keep the XSM around to avoid opening a hole. We also > don't want all the domain to access the console. > > Looking at the implementation, any domain with is_privileged will be able to > access the console. IHMO, I don't think we should set > that for DomU created by Xen. > > So I would suggest to introduce a new variable is_console and to tell whether > a domain can access the console. xsm_console_io(...) > would then need to be updated accordingly. There is an existing CONFIG_VERBOSE_DEBUG option which, among other things, allows console output from any domain. The console output part of that (which is just the #ifdef in include/xsm/dummy.h) could be moved to another CONFIG or ORed with an ARM flag. This would apply to all domains; if that's not what you want, you'll need to add a flag (like Julien suggested) or use XSM. If XSM is enabled, guest hypervisor console output is controlled by the guest_writeconsole boolean in the default policy (tools/flask/policy/modules/guest_features.te) which defaults to allowing it. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
Hi Stefano, On 13/06/18 23:15, Stefano Stabellini wrote: This is very useful when starting multiple domains from Xen without xenstore access. It will allow them to print out to the Xen console. Signed-off-by: Stefano Stabellini CC: andrew.coop...@citrix.com CC: george.dun...@eu.citrix.com CC: ian.jack...@eu.citrix.com CC: jbeul...@suse.com CC: konrad.w...@oracle.com CC: t...@xen.org CC: wei.l...@citrix.com CC: dgde...@tycho.nsa.gov --- If there is a better way to do this with XSM, please advise. We definitely need to keep the XSM around to avoid opening a hole. We also don't want all the domain to access the console. Looking at the implementation, any domain with is_privileged will be able to access the console. IHMO, I don't think we should set that for DomU created by Xen. So I would suggest to introduce a new variable is_console and to tell whether a domain can access the console. xsm_console_io(...) would then need to be updated accordingly. Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
[Xen-devel] [PATCH RFC 01/15] xen: allow console_io hypercalls from DomUs on ARM
This is very useful when starting multiple domains from Xen without xenstore access. It will allow them to print out to the Xen console. Signed-off-by: Stefano Stabellini CC: andrew.coop...@citrix.com CC: george.dun...@eu.citrix.com CC: ian.jack...@eu.citrix.com CC: jbeul...@suse.com CC: konrad.w...@oracle.com CC: t...@xen.org CC: wei.l...@citrix.com CC: dgde...@tycho.nsa.gov --- If there is a better way to do this with XSM, please advise. --- xen/drivers/char/console.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 0f05369..dc9e0bb 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -555,9 +555,11 @@ long do_console_io(int cmd, int count, XEN_GUEST_HANDLE_PARAM(char) buffer) long rc; unsigned int idx, len; +#ifndef CONFIG_ARM rc = xsm_console_io(XSM_OTHER, current->domain, cmd); if ( rc ) return rc; +#endif switch ( cmd ) { -- 1.9.1 ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel