From nobody Mon Feb 9 07:56:39 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1564492820; cv=none; d=zoho.com; s=zohoarc; b=gMySoy6Twf6/8orYEoc2mDDmYZ7MZUFgwSoRK92Un+tiMOtaWRapYarB3+d/WIyiZNkoO+WI2k15qq5gOcuFBNRVMp4oncrRLfpVzB7eauYodDhyiBPlFL6BGa0O39HQGtuq5AOvF1vJG6mBfwL7AyclCbzAAhgA7UnejInecT0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564492820; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=NTdvfo6dJDBZZs2UJHNN9aIw+h7NdpO28ASlew3TnxA=; b=d8VU6tRofor038lTw+2IPSont6ALksWz23OZCv5CaV2GvxmyB7aZz5Pb8dgVsXQE1Q9OX190xieT9jrCXiPuu9GjXDl0PGqr4ajVGJWJm2Tp+mx1MMm0F5r3d5qty29OQYfcpgxeILDdJF6UtWHzOaMqluEfEDCGTYRozOi4sY0= ARC-Authentication-Results: i=1; mx.zoho.com; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1564492820044523.3077647971184; Tue, 30 Jul 2019 06:20:20 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hsS1z-0001zP-9u; Tue, 30 Jul 2019 13:19:07 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hsS1x-0001yP-RY for xen-devel@lists.xenproject.org; Tue, 30 Jul 2019 13:19:05 +0000 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 9a4efb19-b2cc-11e9-8980-bc764e045a96; Tue, 30 Jul 2019 13:19:04 +0000 (UTC) X-Inumbo-ID: 9a4efb19-b2cc-11e9-8980-bc764e045a96 Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=paul.durrant@citrix.com; spf=Pass smtp.mailfrom=Paul.Durrant@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of paul.durrant@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="paul.durrant@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa1.hc3370-68.iphmx.com: domain of Paul.Durrant@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="Paul.Durrant@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: 1zDfZbfPR/Ze1Uv/m4dqcDUA6PKO2QmtoAZKpMtsSUi2lJKhWd+kbK6+Ki6a+PRaYFJpDthpzg 9Fpxm41hxxDjWvo2AAtxx9VConoqdKJjH8bFGAMhQlheuFVK/z1MLgxNb0BPLDX5h6SM/JEJbW /6KCxUjzktP9ykexdjDZZTL6Ju1+CA+dXdHrk9WS6R9qniIBHmTkrXjiNMEndb7+QRAtJZMeSb 2Ng/xeCv5v7dwP6w09opzPDLG8a+0Du4snsb0ns8T39fudB3HdaGrvbReUPVID3qZ+BP5mhuMv ukw= X-SBRS: 2.7 X-MesageID: 3652031 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.64,326,1559534400"; d="scan'208";a="3652031" From: Paul Durrant To: Date: Tue, 30 Jul 2019 14:18:52 +0100 Message-ID: <20190730131852.20543-6-paul.durrant@citrix.com> X-Mailer: git-send-email 2.20.1.2.gb21ebb671 In-Reply-To: <20190730131852.20543-1-paul.durrant@citrix.com> References: <20190730131852.20543-1-paul.durrant@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v4 5/5] x86/domain: remove the 's3_integrity' flag X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Paul Durrant , Wei Liu , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" The flag is not needed since the domain 'options' can now be tested directly. Signed-off-by: Paul Durrant Reviewed-by: "Roger Pau Monn=C3=A9" Reviewed-by: Jan Beulich --- Cc: Andrew Cooper Cc: Wei Liu v4: - s/TBOOT/CONFIG_TBOOT/g v3: - Also sanitise the flag against CONFIG_TBOOT being set --- xen/arch/x86/domain.c | 9 +++++++-- xen/arch/x86/setup.c | 2 +- xen/arch/x86/tboot.c | 2 +- xen/include/asm-x86/domain.h | 2 -- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 87b4c033d6..fbc70b9f94 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -466,6 +466,13 @@ int arch_sanitise_domain_config(struct xen_domctl_crea= tedomain *config) return -EINVAL; } =20 + if ( (config->flags & XEN_DOMCTL_CDF_s3_integrity) && + !IS_ENABLED(CONFIG_TBOOT) ) + { + dprintk(XENLOG_INFO, "S3 integrity check not valid without CONFIG_= TBOOT\n"); + return -EINVAL; + } + return 0; } =20 @@ -544,8 +551,6 @@ int arch_domain_create(struct domain *d, d->domain_id); } =20 - d->arch.s3_integrity =3D config->flags & XEN_DOMCTL_CDF_s3_integrity; - emflags =3D config->arch.emulation_flags; =20 if ( is_hardware_domain(d) && is_pv_domain(d) ) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index d2011910fa..277170f386 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -689,7 +689,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) .stop_bits =3D 1 }; struct xen_domctl_createdomain dom0_cfg =3D { - .flags =3D XEN_DOMCTL_CDF_s3_integrity, + .flags =3D IS_ENABLED(CONFIG_TBOOT) ? XEN_DOMCTL_CDF_s3_integrity = : 0, .max_evtchn_port =3D -1, .max_grant_frames =3D opt_max_grant_frames, .max_maptrack_frames =3D opt_max_maptrack_frames, diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index f3fdee4d39..3db8a8a8d8 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -212,7 +212,7 @@ static void tboot_gen_domain_integrity(const uint8_t ke= y[TB_KEY_SIZE], vmac_set_key((uint8_t *)key, &ctx); for_each_domain( d ) { - if ( !d->arch.s3_integrity ) + if ( !(d->options & XEN_DOMCTL_CDF_s3_integrity) ) continue; printk("MACing Domain %u\n", d->domain_id); =20 diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 5f9899469c..5c038a1065 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -295,8 +295,6 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; =20 - bool_t s3_integrity; - union { struct pv_domain pv; struct hvm_domain hvm; --=20 2.20.1.2.gb21ebb671 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel