[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Xense-devel] [PATCH] [1/4] XSM Framework

Hello George,

what's the to-be-expected side-effect if a hook like this is enforced (rc != 0)?

@@ -2217,6 +2222,10 @@ int do_mmu_update(
         case MMU_NORMAL_PT_UPDATE:
+            rc = xsm_mmu_normal_update(current->domain, req.val);
+            if (rc)
+                goto out;
             gmfn = req.ptr >> PAGE_SHIFT;
             mfn = gmfn_to_mfn(d, gmfn);


xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 12/20/2006 09:08:40 AM:

> This patch provides the basic XSM framework for x86_32/x86/64.  It
> includes a dummy module that implements call/return for each security
> function.
> The hooks implemented by this patch provide a framework for security
> modules to interpose and complement the existing privileged operations
> in xen as well as interpose on the discretionary operations between
> domains.
> I have done very casual performance testing of the XSM in comparison to
> native xen.  The XSM (with or without the dummy module) has negligible
> impact as measured by lmbench and kbench from either dom0 or domU.  The
> tests were conducted on xen running idle dom0's and idle domU's.  The
> micro-benchmarks can/do especially vary when a security module (other
> than the dummy module) is in place.  This is to be expected.  The macro-
> benchmarks for a specific security module tend to average out the micro-
> benchmark variations but may not be representative of a real platform
> workload.
> The framework is configured as default-enable in this patch set.
> Configuration of XSM is made in Config.mk.  The only configuration
> option is XSM_ENABLE = y/n.  XSM_ENABLE must be y to compile an XSM
> module.  
> XSM provides a generalized hook infrastructure allowing third-party
> security modules to interpose on the Xen code path.  A default or dummy
> module provides basic call/return functionality for hooks not
> implemented by a given module.  During module initialization, a module
> registers its security hooks and the equivalent dummy hooks are
> unregistered.  If a module does not implement a hook, the equivalent
> dummy hook remains in place.  Modules also may define and register at
> boot time a module specific hypercall through the XSM hook
> infrastructure.
> Modules may also define at Xen compile time a magic number XSM_MAGIC to
> indicate that a policy should be discovered from the images loaded at
> boot.  The policy file should then be listed in grub as one of the
> multi-boot modules after the dom0 kernel.
> Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
> [attachment "xsm-121906-xen-unstable.diff" deleted by Stefan
> Berger/Watson/IBM] _______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.