n Campbell <ian.campb...@citrix.com>
Cc: Daniel De Graaf <dgde...@tycho.nsa.gov>
---
Daniel, you input on the description of the unmap notification stuff
would be much appreciated.
The description looks complete and correct to me. The statement that
the interfaces operate on a
an many of the other things below, so maybe the
ifdef could be ditched?
The #ifdef is there mostly as a failsafe reminder to ensure that the
implementation for other architectures actually calls the same XSM hooks
that the x86 version does.
--
Daniel De Graaf
Nati
On 16/11/15 07:30, Ian Campbell wrote:
On Fri, 2015-11-13 at 15:38 -0500, Daniel De Graaf wrote:
On 13/11/15 10:02, Ian Campbell wrote:
On Wed, 2015-11-11 at 15:03 +, Ian Jackson wrote:
Ian Campbell writes ("[PATCH XEN v5 07/23] tools: Refactor
/dev/xen/gnt{dev,shr} wra
Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
ess,
uint32_t count);
What effect does this have on the peer ?
Daniel?
If this removes the (final copy of the) mapping and a notify offset/port
is set, that processing happens. Otherwise, the peer cannot tell when
this is called.
--
Daniel De Graaf
National Security Agency
_
exist,
- query for specific payloads,
- check*1, apply*1, replace*1, and unload payloads.
*1: Which of course in this patch are nops.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Signed-off-by: Ross Lagerwall <ross.lagerw...@citrix.com>
Acked-by: Daniel De Graaf <
<k...@xen.org>
CC: Jan Beulich <jbeul...@suse.com>
CC: Andrew Cooper <andrew.coop...@citrix.com>
CC: Daniel De Graaf <dgde...@tycho.nsa.gov>
Signed-off-by: Doug Goldstein <car...@cardoe.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
aser <k...@xen.org>
CC: Jan Beulich <jbeul...@suse.com>
CC: Andrew Cooper <andrew.coop...@citrix.com>
CC: Razvan Cojocaru <rcojoc...@bitdefender.com>
CC: Tamas K Lengyel <ta...@tklengyel.com>
CC: Daniel De Graaf <dgde...@tycho.nsa.gov>
Signed-off-by: Doug Goldstein
itrix.com>
CC: Razvan Cojocaru <rcojoc...@bitdefender.com>
CC: Tamas K Lengyel <ta...@tklengyel.com>
CC: Daniel De Graaf <dgde...@tycho.nsa.gov>
Signed-off-by: Doug Goldstein <car...@cardoe.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Jan Beulich <jbeul...@suse.com>
CC: Daniel De Graaf <dgde...@tycho.nsa.gov>
Signed-off-by: Doug Goldstein <car...@cardoe.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
itrix.com>
CC: Razvan Cojocaru <rcojoc...@bitdefender.com>
CC: Tamas K Lengyel <ta...@tklengyel.com>
CC: Daniel De Graaf <dgde...@tycho.nsa.gov>
Signed-off-by: Doug Goldstein <car...@cardoe.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
On 11/11/15 11:49, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_PCI defines in the code base.
Signed-off-by: Doug Goldstein <car...@cardoe.com>
CC: Keir Fraser <k...@xen.org>
CC: Jan Beulich <jbeul...@suse.com>
CC: Andrew Cooper <andrew.coop...@citrix.com
when before calling do_settime,
so that system_time actually accounts for all the time in nsec between
machine boot and when the wallclock was set.
Expose xsm_platform_op to ARM.
Signed-off-by: Stefano Stabellini <stefano.stabell...@eu.citrix.com>
CC: dgde...@tycho.nsa.gov
Acked-by: Dan
On 09/11/15 12:32, sstabell...@kernel.org wrote:
From: Stefano Stabellini
Call update_domain_wallclock_time at domain initialization, specifically
in arch_set_info_guest for vcpu0, like we do on x86.
Set time_offset_seconds to the number of seconds between
r than placing version_use in domain2.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 10/10/15 12:26, Quan Xu wrote:
Signed-off-by: Quan Xu <quan...@intel.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
idea. The read check wouldn't be
covered, but I think the protections of that XSM hook are only really
important on writes. The read check could also be duplicated as a
more conservative alternative.
--
Daniel De Graaf
National Security Agency
___
Xen
Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
n.
As far as the xsm_default_t value, this is really what XSM_OTHER is for,
but if there are going to be many instances of this type of data, a new
value like XSM_PRIV_INFOLEAK could be introduced.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailin
u could). How Linux chooses to behave itself has absolutely no
bearing on how we go about securing the hypercall.
But making something slower is surely not something we strive for.
~Andrew
--
Daniel De Graaf
National Security Agency
___
Xen-devel ma
e rest of the functions.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 27/08/15 07:02, Konrad Rzeszutek Wilk wrote:
The sysctl is where the tmem control operations are done and the
XSM checks are done via there. The old mechanism (to check
for control tmem op XSM from do_tmem_op) is not needed anymore.
CC: Daniel De Graaf dgde...@tycho.nsa.gov
Signed-off
On 06/23/2015 12:11 PM, Vitaly Kuznetsov wrote:
Add new soft_reset vector to domain2 class, add it to create_domain
in the default policy.
Signed-off-by: Vitaly Kuznetsov vkuzn...@redhat.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen
added to an existing channel from the guest to the monitor. The
best way to control this communication is probably when the shared page is
mapped by the monitor, but this is an existing mechanism which appears to
be covered by the ability to map any page in the target domain.
--
Daniel De Graaf
On 07/01/2015 02:09 PM, Ed White wrote:
From: Ravi Sahita ravi.sah...@intel.com
Signed-off-by: Ravi Sahita ravi.sah...@intel.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org
On 06/26/2015 03:35 PM, Ed White wrote:
On 06/26/2015 12:24 PM, Daniel De Graaf wrote:
On 06/22/2015 02:56 PM, Ed White wrote:
From: Ravi Sahita ravi.sah...@intel.com
Signed-off-by: Ravi Sahita ravi.sah...@intel.com
One comment, below.
[...]
diff --git a/tools/flask/policy/policy/modules
enable the feature on a domain before anyone can use it.
Otherwise, this looks good, although if patch #10 is changed to expose
a single subop, the altp2mhvm_op XSM checks will need to be relocated.
--
Daniel De Graaf
National Security Agency
___
Xen
-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
to initialize bool_maxstr correctly prior to its use, it is
simpler to use a fixed maximum of PAGE_SIZE as is done for the other
calls to safe_copy_string_from_guest.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
xen/xsm/flask/flask_op.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
tools/libxc/xc_flask.c | 12
1 file changed, 12 insertions(+)
diff --git a/tools/libxc/xc_flask.c b/tools/libxc/xc_flask.c
index bb117f7..e24a2e7 100644
--- a/tools/libxc/xc_flask.c
+++ b/tools/libxc/xc_flask.c
@@ -191,6
these possibilities.
Reported-by: Wei Liu wei.l...@citrix.com
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
tools/flask/policy/policy/modules/xen/xen.if | 2 ++
tools/flask/policy/policy/modules/xen/xen.te | 10 ++
2 files changed, 12 insertions(+)
diff --git a/tools/flask/policy
guest_writeconsole off will disable this
permission, which defaults to on. Actual output to the console is also
controlled by log levels, so this may not even be needed to hide the output
in normal use.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing
of XSM_TARGET against _both_ domains?
Jan
Unless there is a change in how XSM_TARGET is implemented, the result
is going to be equivalent: it is not possible for a domain to have
more than one target at a time, so if current-domain is not dom0,
then one of the two XSM_TARGET checks will fail.
--
Daniel De
On 05/21/2015 05:49 AM, Vitaly Kuznetsov wrote:
Daniel De Graaf dgde...@tycho.nsa.gov writes:
On 05/13/2015 05:49 AM, Vitaly Kuznetsov wrote:
Dummy policy just checks that the current domain is privileged,
in flask policy soft_reset is added to create_domain.
Signed-off-by: Vitaly Kuznetsov
= source soft reset domain
+# target = destination soft reset domain
+soft_reset
These comments are a bit ambiguous. I would suggest something like:
# source = domain making the hypercall
# target = domain being reset (source or destination)
--
Daniel De Graaf
National Security Agency
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 05/20/2015 10:38 AM, Ian Campbell wrote:
When called from the tools side in a later patch we will want to
direct its output to the appropriate place.
Signed-off-by: Ian Campbell ian.campb...@citrix.com
Acked-by: Wei Liu wei.l...@citrix.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
-by: Andrew Cooper andrew.coop...@citrix.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
in the
hypervisor
Signed-off-by: Ian Campbell ian.campb...@citrix.com
Acked-by: Wei Liu wei.l...@citrix.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
.
Signed-off-by: Ian Campbell ian.campb...@citrix.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
Add default security contexts to the XSM policy for use by the toolstack
when a domain is created without specifying an explicit security label.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
docs/misc/xsm-flask.txt | 6 +++---
tools/flask/policy/policy
On 05/19/2015 09:44 AM, Ian Campbell wrote:
From: Daniel De Graaf dgde...@tycho.nsa.gov
Acked-by: Ian Campbell ian.campb...@citrix.com
---
Daniel -- this is from your example patch in
2b0e.8050...@tycho.nsa.gov and so needs your S-o-b, please.
Signed-off-by: Daniel De Graaf dgde
(tools/...)
are intended to be used by components outside the hypervisor that do not
implement their own security policy. The current example policy defines
a class for xenstore permissions, but since xenstore does not actually
use this, it is just an example.
--
Daniel De Graaf
National Security
On 05/15/2015 05:39 AM, Ian Campbell wrote:
On Thu, 2015-05-14 at 19:09 -0400, Daniel De Graaf wrote:
On 05/14/2015 07:54 AM, Ian Campbell wrote:
On Thu, 2015-05-14 at 12:21 +0100, Julien Grall wrote:
Hi Ian,
On 14/05/15 11:33, Ian Campbell wrote:
system_u:system_r:domU_t is defined
bitmap of domain 0 to also be cleared
after the hardware domain is created, but it's not really a requirement to
make things work.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen
On 05/14/2015 07:54 AM, Ian Campbell wrote:
On Thu, 2015-05-14 at 12:21 +0100, Julien Grall wrote:
Hi Ian,
On 14/05/15 11:33, Ian Campbell wrote:
system_u:system_r:domU_t is defined in the default policy and makes as
much sense as anything for a default.
So you rule out the possibility to
that method. This method has the advantage
of not making more architecture-specific hooks which are sometimes harder
to test/maintain.
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen
policy, group public key. At the end of these hashes the PCR values are
appended.
Signed-off-by: Emil Condrea emilcond...@gmail.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen
, offset + (uint8_t *)shr, shr-length);
use length rather than shr-length otherwise length goes unused.
Agreed; the values from the shared page should not be read more than
once, because an uncooperative peer could end up changing them.
--
Daniel De Graaf
National Security Agency
On 04/14/2015 05:08 AM, Emil Condrea wrote:
Currently, the flags are not interpreted by vTPM. They are just
packed and sent to vtpmmgr.
Signed-off-by: Emil Condrea emilcond...@gmail.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
[...]
+- res = TPM_DeepQuote(nonce, myPCR, ptPCR
On 04/06/2015 06:12 PM, Boris Ostrovsky wrote:
Signed-off-by: Boris Ostrovsky boris.ostrov...@oracle.com.
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 04/07/2015 03:12 AM, Emil Condrea wrote:
On Mon, Apr 6, 2015 at 6:49 PM, Daniel De Graaf dgde...@tycho.nsa.gov
wrote:
On 04/05/2015 07:09 AM, Emil Condrea wrote:
Enables deep quote execution for vtpmmgr which can not be started
using locality 2. The VTPM_ORD_GET_QUOTE command is backwards
julien.gr...@linaro.org
Looks good to me with one assumption below.
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
[...]
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index b1a4f8a..31bc702 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -600,6 +600,9 @@ void avc_audit
Ostrovsky boris.ostrov...@oracle.com
Reported-by: Wei Liu wei.l...@citrix.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
In order to support assigning security lables to ARM device tree nodes
in Xen's XSM policy, a new ocontext type is needed in the security
policy.
In addition to adding the new ocontext, the existing I/O memory range
ocontext is expanded to 64 bits in order to support hardware with more
than 44
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/policy_define.c| 55 +
checkpolicy/policy_define.h| 1
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l
SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/policy_define.c| 11 +-
checkpolicy
, so
I don't really want to do that without a good reason.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 03/13/2015 06:13 AM, Chao Peng wrote:
Add xsm policies for Cache Allocation Technology(CAT) related hypercalls
to restrict the functions visibility to control domain only.
Signed-off-by: Chao Peng chao.p.p...@linux.intel.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
In order to support assigning security lables to ARM device tree nodes
in Xen's XSM policy, a new ocontext type is needed in the security
policy.
This addition requires a new policy version for Xen. In order to keep
the build process for Xen policy sane, a method of determining the
highest Xen
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l
This change is required to support static I/O memory range labeling for
systems with over 16TB of physical address space.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/policy_define.c| 6 +++---
checkpolicy/policy_define.h| 2
On 03/12/2015 01:27 PM, Julien Grall wrote:
Hi Daniel,
On 12/03/15 17:12, Daniel De Graaf wrote:
;
+dtree_context_def : DEVICETREECON path security_context_def
+ {if (define_devicetree_context()) return -1
due to the Xen policy having a different maximum version number.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/checkpolicy.c | 59 ++
libsepol/include/sepol/policydb/policydb.h | 9 +++--
2 files changed, 49 insertions(+), 19
This adds support in the hypervisor and policy build toolchain for
Xen/Flask policy version 25, which adds the ability to label ARM device
tree nodes and expands the IOMEM ocontext entries to 64 bits.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
Note: Actually using the features
On 03/12/2015 01:13 PM, Daniel De Graaf wrote:
This adds support in the hypervisor and policy build toolchain for
Xen/Flask policy version 25, which adds the ability to label ARM device
tree nodes and expands the IOMEM ocontext entries to 64 bits.
Signed-off-by: Daniel De Graaf dgde
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l
SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/policy_define.c| 6 +++---
checkpolicy/policy_define.h
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
checkpolicy/policy_define.c| 55 +
checkpolicy/policy_define.h| 1
This adds support in the hypervisor and policy build toolchain for
Xen/Flask policy version 30, which adds the ability to label ARM device
tree nodes and expands the IOMEM ocontext entries to 64 bits.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
tools/flask/policy/Makefile
In order to support assigning security lables to ARM device tree nodes
in Xen's XSM policy, a new ocontext type is needed in the security
policy.
In addition to adding the new ocontext, the existing I/O memory range
ocontext is expanded to 64 bits in order to support hardware with more
than 44
some directions about using the xen policy type in
checkpolicy which is no longer needed.
Reported-by: Julien Grall julien.gr...@linaro.org
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
docs/misc/xsm-flask.txt | 31 +++
tools/flask/policy
On 03/10/2015 12:52 PM, Julien Grall wrote:
Hi Daniel,
On 23/02/15 16:25, Daniel De Graaf wrote:
On 02/20/2015 12:17 PM, Ian Campbell wrote:
On Tue, 2015-01-13 at 14:25 +, Julien Grall wrote:
TODO: Update the commit message
A device node is described by a path. It will be used
On 03/10/2015 07:07 PM, Julien Grall wrote:
Hi Daniel,
On 10/03/2015 22:45, Daniel De Graaf wrote:
BTW, do you have any pointer on how to write a policy for device/IRQ
passthrough?
There is a bit of documentation in xsm-flask.txt about device labeling,
which is the hard part of making
?
It is useful to be able to ask for the current value of both physical and
virtual PCRs in a single atomic operation. Including the value of all PCRs
in the response could make the reply packet too large (which is part of the
reason why TPM_Quote2 removed them).
--
Daniel De Graaf
National Security Agency
On 03/09/2015 11:58 AM, Emil Condrea wrote:
On Mon, Mar 9, 2015 at 4:40 PM, Daniel De Graaf dgde...@tycho.nsa.gov
wrote:
On 03/08/2015 07:41 AM, Emil Condrea wrote:
I am trying to validate a Deep Quote request made by domU but I feel that
something is missing. Right now when a domU requests
On 03/06/2015 07:22 AM, Wei Liu wrote:
On Tue, Mar 03, 2015 at 12:00:19PM -0500, Daniel De Graaf wrote:
[...]
diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1
index 6b89ba8..48b8f98 100644
--- a/docs/man/xl.pod.1
+++ b/docs/man/xl.pod.1
@@ -1441,8 +1441,8 @@ Determine if the FLASK security
Chagnes from v3:
- Moved documentation to xen-command-line.markdown
Changes from v2:
- Add flask= parameter and split off cleanup patch
[PATCH 1/2] flask: clean up initialization and #defines
[PATCH 2/2] flask: create unified flask= boot parameter
parameter.
This also changes the return type of xsm_initcall_t to void to properly
reflect the fact that the caller ignores the return value.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
Reviewed-by: Wei Liu wei.l...@citrix.com
---
xen/include/xen/config.h | 4
xen/include/xsm
On 03/03/2015 07:44 AM, Wei Liu wrote:
Translate gawk regex to mawk regex to allow using mawk. The new regex
works on both gawk and mawk.
Signed-off-by: Wei Liu wei.l...@citrix.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel
in
enforcing mode if present, but errors will disable access controls until
a successful loadpolicy instead of causing a panic at boot.
Suggested-by: Julien Grall julien.gr...@linaro.org
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
docs/man/xl.pod.1| 4 ++--
docs/misc/xsm
This series has changed quite a bit from v2; the focus has changed from
fixing the behavior on failed policy loads to adding the flask= boot
parameter. The first patch, which is purely cleanup with no functional
changes, was extracted to simplify review.
[PATCH 1/2] flask: clean up
parameter.
This also changes the return type of xsm_initcall_t to void to properly
reflect the fact that the caller ignores the return value.
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
xen/include/xen/config.h | 4
xen/include/xsm/xsm.h| 2 +-
xen/xsm/flask
useless marker messages Flask: Initializing. and AVC INITIALIZED;
they convey no useful information.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 02/24/2015 05:21 AM, Ian Campbell wrote:
On Tue, 2015-02-24 at 09:51 +, Julien Grall wrote:
On 24/02/2015 09:39, Ian Campbell wrote:
On Tue, 2015-02-24 at 09:31 +, Julien Grall wrote:
On 24/02/2015 08:47, Ian Campbell wrote:
On Mon, 2015-02-23 at 12:53 -0500, Daniel De Graaf
On 02/23/2015 10:04 AM, Julien Grall wrote:
Hi Daniel,
On 20/02/15 23:01, Daniel De Graaf wrote:
On 02/20/2015 10:58 AM, Julien Grall wrote:
Each class can contains 32 permisions which are encoded on a word (one
bit per permission).
Currently the awk script will generate an hexadecimal value
from a successful policy
load in logs.
To clarify that the return value of XSM initcalls is ignored, this patch
also changes the return type of these functions to void.
Reported-by: Julien Grall julien.gr...@linaro.org
Signed-off-by: Daniel De Graaf dgde...@tycho.nsa.gov
---
xen/include/xsm/xsm.h
way as PCI devices and x86 legacy I/O ports.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
nobody
ran the script on a system with this bug - in part because nobody ran
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
Wow, that's quite an annoying bug. Thankfully, it's more likely to make a
broken system than an insecure one, since doing an access check on the
permission 0x7fff
on which future applications can build
on.
Suggested-by: Andrew Cooper andrew.coop...@citrix.com
Signed-off-by: Tamas K Lengyel tamas.leng...@zentific.com
Acked-by: Ian Campbell ian.campb...@citrix.com
Acked-by: Kevin Tian kevin.t...@intel.com
One minor typo, then:
Acked-by: Daniel De Graaf dgde
for off-loading the decision making logic into helper
applications when encountering various events during a VM's execution.
Signed-off-by: Tamas K Lengyel tamas.leng...@zentific.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
separate labels for each of these memops.
Signed-off-by: Tamas K Lengyel tamas.leng...@zentific.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http
. Otherwise:
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
/mem_event.h
delete mode 100644 xen/include/xen/mem_event.h
You should also remove mem_event from xen/xsm/flask/policy/access_vectors
in this patch.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http
dropped.
Signed-off-by: Jan Beulich jbeul...@suse.com
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
2.0 is not backward compatible with TPM 1.2.
Updates from v3 all look good, all patches in this series:
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
PS: If you need to re-post this in the future, you should add that line
below the signed-off-by on the unchanged patches, so that it is clear
the previously DOMCTL arm_configure_domain introduced
in Xen 4.5, as it has been made useless.
Signed-off-by: Julien Grall julien.gr...@linaro.org
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http
into safe_copy_string_from_guest
- Add comment to explain the extra +1
- Return directly the buffer and use the macros provided by
xen/err.h to return an error code if necessary.
Signed-off-by: Julien Grall julien.gr...@linaro.org
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov
with tpm2. If you also want to support tpm2=1, then
checking for that explicitly is preferred. Currently, tpm2=0 will enable
the tpm2 driver, which is confusing.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel
201 - 300 of 321 matches
Mail list logo