Re: [Xen-devel] [PATCH] xsm: policy hooks to require an IOMMU and interrupt remapping

Wed, 23 Aug 2017 07:01:31 -0700 

I did test and review this submission back when I worked on the OpenXT
project with Christopher so I can add a reviewed by.

Reviewed-by: Ross Philipson <ross.philip...@gmail.com>

On Tue, Aug 22, 2017 at 4:18 AM, Jan Beulich <jbeul...@suse.com> wrote:

> >>> On 18.08.17 at 23:55, <dgde...@tycho.nsa.gov> wrote:
> > On 08/18/2017 05:02 PM, christopher.w.cl...@gmail.com wrote:
> >> From: Christopher Clark <christopher.cla...@baesystems.com>
> >>
> >> Isolation of devices passed through to domains usually requires an
> >> active IOMMU. The existing method of requiring an IOMMU is via a Xen
> >> boot parameter ("iommu=force") which will abort boot if an IOMMU is not
> >> available.
> >>
> >> More graceful degradation of behaviour when an IOMMU is absent can be
> >> achieved by enabling XSM to perform enforcement of IOMMU requirement.
> >>
> >> This patch enables an enforceable XSM policy to specify that an IOMMU is
> >> required for particular domains to access devices and how capable that
> >> IOMMU must be. This allows a Xen system to boot whilst still
> >> ensuring that an IOMMU is active before permitting device use.
> >>
> >> Using a XSM policy ensures that the isolation properties remain enforced
> >> even when the large, complex toolstack software changes.
> >>
> >> For some hardware platforms interrupt remapping is a strict requirement
> >> for secure isolation. Not all IOMMUs provide interrupt remapping.
> >> The XSM policy can now optionally require interrupt remapping.
> >>
> >> The device use hooks now check whether an IOMMU is:
> >>   * Active and securely isolating:
> >>      -- current criteria for this is that interrupt remapping is ok
> >>   * Active but interrupt remapping is not available
> >>   * Not active
> >>
> >> This patch also updates the reference XSM policy to use the new
> >> primitives, with policy entries that do not require an active IOMMU.
> >>
> >> Signed-off-by: Christopher Clark <christopher.cla...@baesystems.com>
> >
> > Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
>
> To be honest, for this kind of a change I would have hoped for
> a Reviewed-by (by you or someone else), not just an Acked-by.
> Hence I'm hesitant to put the patch in right away.
>
> Jan
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> https://lists.xen.org/xen-devel
>



-- 
Ross Philipson

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Reply via email to