entirely, and write a short flask-policy.S instead.
Signed-off-by: Andrew Cooper
Acked-by: Daniel De Graaf
With either .align or .p2align as appropriate for more assemblers.
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xe
be prevented by moving the call
after we check the validity for the domain pointer.
Coverity-ID: 1486741
Fixes: 71e617a6b8 ('use is_iommu_enabled() where appropriate...')
Signed-off-by: Julien Grall
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
On 10/4/19 12:56 PM, Julien Grall wrote:
xmalloc_array() may return NULL if there are memory. Rather than trying
to deference it directly, we should check the return value first.
Coverity-ID: 1381852
Signed-off-by: Julien Grall
Acked-by: Daniel De Graaf
-declaration]
printf("Expected: ");
vtpmblk.c:322:7: warning: incompatible implicit declaration of built-in
function 'printf'
vtpmblk.c:322:7: note: include '' or provide a declaration of 'printf'
Signed-off-by: Olaf Hering
Acked-by: Danie
domain_iommu *hd = dom_iommu(d);
^~
Signed-off-by: Paul Durrant
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
p
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 6/14/19 11:38 AM, Jan Beulich wrote:
this_cpu{,_ptr}() are shorter, and have previously been marked as
preferred in Xen anyway.
Signed-off-by: Jan Beulich
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
-declaration]
printf("Expected: ");
vtpmblk.c:322:7: warning: incompatible implicit declaration of built-in
function 'printf'
vtpmblk.c:322:7: note: include '' or provide a declaration of 'printf'
Signed-off-by: Olaf Hering
Acked-by: Danie
On 6/3/19 4:26 AM, Jan Beulich wrote:
On 16.05.19 at 23:37, wrote:
Disable it by default as it is only an experimental subsystem.
Signed-off-by: Tamas K Lengyel
Daniel, it looks like you weren't Cc-ed here, but your ack is needed.
Jan
Acked-by: Daniel De Graaf
On 3/14/19 7:59 AM, Juergen Gross wrote:
Add a sysctl interface for obtaining the .config file used to build
the hypervisor. The mechanism is inspired by the Linux kernel's one.
Signed-off-by: Juergen Gross
Reviewed-by: Jan Beulich (apart from XSM changes)
Acked-by: Daniel De Graaf
On 2/27/19 1:45 PM, Julien Grall wrote:
Hi Wei,
On 2/27/19 12:55 PM, Wei Liu wrote:
On Tue, Feb 26, 2019 at 11:03:51PM +, Julien Grall wrote:
After upgrading Debian to Buster, I started noticing console mangling
when using zsh. This is happenning because output sent by zsh to the
console
On 1/30/19 8:51 AM, Roger Pau Monné wrote:
On Sat, Jan 26, 2019 at 03:31:16AM +0100, Marek Marczykowski-Górecki wrote:
Allow device model running in stubdomain to enable/disable MSI(-X),
bypassing pciback. While pciback is still used to access config space
from within stubdomain, it refuse to
On 12/5/18 5:15 PM, Stefano Stabellini wrote:
From: Zhongze Liu
The existing XENMAPSPACE_gmfn_foreign subop of XENMEM_add_to_physmap forbids
a Dom0 to map memory pages from one DomU to another, which restricts some useful
yet not dangerous use cases -- such as sharing pages among DomU's so
On 11/28/18 8:58 AM, Wei Liu wrote:
Signed-off-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
to avoid breaking
guests. Remove the hypervisor only part and put guest visible part
under a xen version check. Take the chance to remove trailing
whitespaces.
Signed-off-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
On 10/31/2018 11:19 PM, Xin Li (Talons) wrote:
In patchset v4, we call register_xsm() to setup silo module.
This debug log is to check if some ops not overrided by the module.
I thought this is OK, since the log level is debug.
I think calling register_xsm() is good,
if we do want to suppress
Reported-by: Andrew Cooper
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/modules/dom0.te | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/flask/policy/modules/dom0.te
b/tools/flask/policy/modules/dom0.te
index dfdcdcd128..a0566671d6 100644
--- a/tools/flask/policy/modules
On 10/09/2018 05:33 AM, Xin Li wrote:
this #define is unnecessary since XSM_INLINE is redefined in
xsm/dummy.h, it's a risk of build breakage, so remove it.
Signed-off-by: Xin Li
Reviewed-by: Jan Beulich
Acked-by: Daniel De Graaf
___
Xen-devel
These entries are not always sorted by checkpolicy, so sort them during
policy load (as is already done for later ocontext additions).
Reported-by: Nicolas Poirot
Signed-off-by: Daniel De Graaf
---
xen/xsm/flask/ss/policydb.c | 35 +--
1 file changed, 29
These entries are not always sorted by checkpolicy. Enforce the sorting
(which can be done manually if using an unpatched checkpolicy) when
loading the policy so that later uses by the security server do not
incorrectly use the initial sid.
Reported-by: Nicolas Poirot
Signed-off-by: Daniel De
This is apparently a mismatch between what the checkpolicy compilation does
and what it is expected to do. While some parts of checkpolicy do this
sorting, the main compilation flow does not, and the policy compilation
process does not ensure inputs are sorted. In the future, newer versions
of
On 09/28/2018 04:18 AM, Xin Li wrote:
When SILO is enabled, there would be no page-sharing or event notifications
between unprivileged VMs (no grant tables or event channels).
Signed-off-by: Xin Li
v3: make copies of dummy functions to avoid indirect call.
This still makes indirect calls.
On 09/28/2018 04:18 AM, Xin Li wrote:
Introduce new boot parameter xsm to choose which xsm module is enabled,
and set default to dummy.
Signed-off-by: Xin Li
This changes the default behavior of a hypervisor compiled with XSM+FLASK when
booted with no command line arguments from enabling
On 09/18/2018 02:03 AM, Juergen Gross wrote:
Add a new domctl for setting domain specific parameters similar to
XEN_SYSCTL_set_parameter for global hypervisor parameters.
Enhance XEN_SYSCTL_set_parameter to be usable for setting cpupool
specific parameters, too. For now do only extended
On 08/23/2018 09:32 AM, Volodymyr Babchuk wrote:
Hello Daniel,
On 23.08.18 01:44, DeGraaf, Daniel G wrote:
From: Volodymyr Babchuk
Sent: Wednesday, August 22, 2018 10:12 AM
As we don't want any guest to access limited resources of TEE, we need a way to
control who can work with it.
Thus,
On 07/13/2018 04:03 PM, Andrew Cooper wrote:
From: Sergey Dyasli
This finally (after literally years of work!) marks the point where the
toolstack can ask the hypervisor for the current CPUID configuration of a
specific domain.
Also extend xen-cpuid's --policy mode to be able to take a domid
be.
Signed-off-by: Paul Durrant
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 07/19/2018 05:19 AM, Julien Grall wrote:
Hi Stefano,
On 18/07/18 18:10, Stefano Stabellini wrote:
On Tue, 17 Jul 2018, Julien Grall wrote:
Hi Stefano,
On 17/07/2018 21:05, Stefano Stabellini wrote:
On Mon, 9 Jul 2018, Julien Grall wrote:
Hi,
On 07/07/18 00:11, Stefano Stabellini wrote:
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 07/24/2018 04:18 AM, Xin Li (Talons) wrote:
Hi Daniel,
I think the main questions here are:
1. Do we need a separated KConfig option for SILO
Yes; I made comments on your patch doing so
2. Can we use indirect call like "dummy_xsm_ops.grant_copy"
Any suggestion?
On 07/02/2018 09:26 PM, Xin Li wrote:
Introduce new boot parameter xsm to choose which xsm module is enabled,
and set default to dummy.
Signed-off-by: Xin Li
This is a change in defaults for the command line: previously, if you
compiled Xen with FLASK support, Xen defaulted to using it
t"? The latter may be more
amenable to grepping.
Either way,
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 06/26/2018 07:09 AM, Andrew Cooper wrote:
Flask is one single XSM module, and another is about to be introduced.
Properly namespace the symbols for clarity.
No functional change.
Signed-off-by: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen
the fact.
Drop XEN_DOMCTL_set_max_evtchn completely (including XSM hooks and libxc
wrappers), and retain the functionality in XEN_DOMCTL_createdomain.
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tych
_max_vcpus function.
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
ed-off-by: Andrii Anisov <andrii_ani...@epam.com>
Acked-by: Daniel De Graaf <dge...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
tls to adjust values
- more docs
- update libxl.h
- update python tests
- flask check bound to tsc permissions
- not runtime tested due to dlsym() build errors in staging
Signed-off-by: Olaf Hering <o...@aepfle.de>
Acked-by: Daniel De Gr
from the
same changeset.
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
in production, introduce
__xsm_action_mismatch_detected for llvm coverage builds.
Signed-off-by: Roger Pau Monné <roger@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xenproje
On 01/09/2018 04:06 AM, Chao Gao wrote:
On Mon, Jan 08, 2018 at 01:14:44PM -0500, Daniel De Graaf wrote:
On 01/07/2018 11:01 PM, Chao Gao wrote:
Define interface, structures and hypercalls for toolstack to build
cpu topology and for guest that will retrieve it [1].
Two subop hypercalls
On 01/07/2018 11:01 PM, Chao Gao wrote:
Define interface, structures and hypercalls for toolstack to build
cpu topology and for guest that will retrieve it [1].
Two subop hypercalls introduced by this patch:
XEN_DOMCTL_set_cpu_topology to define cpu topology information per domain
and
On 01/08/2018 06:56 AM, Andrew Cooper wrote:
... rather than obtaining it via function pointer.
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing li
On 12/04/2017 05:34 AM, Jan Beulich wrote:
This clarifies that the involved structures are read-only.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing li
ed-off-by: Tamas K Lengyel <lengy...@ainfosec.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
44 matches
Mail list logo
