[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] [RFC] xsm: add a default policy to .init.data

  • To: Jan Beulich <JBeulich@xxxxxxxx>
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Mon, 23 May 2016 12:00:57 -0400
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, cardoe@xxxxxxxxxx
  • Delivery-date: Mon, 23 May 2016 16:01:20 +0000
  • Ironport-phdr: 9a23:90zLhRyKrwq7IJ3XCy+O+j09IxM/srCxBDY+r6Qd0eMWIJqq85mqBkHD//Il1AaPBtWKrakVwLuM+4nbGkU+or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6anHS+4HYoFwnlMkItf6KuSt+U1JX8hrr60qaQSjsLrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYeVcyDAgD1uSmxHh+pX4p8Y7oGx48sgs/M9YUKj8Y79wDfkBVGxnYF0v4IXXkTWLDU7VvjpPGlkRxzhBBUDv4Qz+X5zx+n/YnOdg3CiRPeXtUKs5Hz+l6vE4ZgXvjXIrPjg4/WWfpsE4o7hSqRzp8xBwz4Pbeoi9KOt1fqSbe8gTA2VGQJACBGR6HoqgYt5XXKI6NuFCoty4/gFWoA==
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 05/23/2016 11:34 AM, Jan Beulich wrote:
On 23.05.16 at 16:51, <dgdegra@xxxxxxxxxxxxx> wrote:
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -27,6 +27,27 @@ $(FLASK_H_FILES): $(FLASK_H_DEPEND)
        $(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)

+obj-y += policy.o
+ifeq ($(XEN_TARGET_ARCH),x86_64)
+    OBJCOPY_ARGS := -I binary -O elf64-x86-64 -B i386:x86-64
+else ifeq ($(XEN_TARGET_ARCH),arm32)
+    OBJCOPY_ARGS := -I binary -O elf32-littlearm -B arm
+else ifeq ($(XEN_TARGET_ARCH),arm64)
+    OBJCOPY_ARGS := -I binary -O elf64-littleaarch64 -B aarch64
+    $(error "Unknown XEN_TARGET_ARCH: $(XEN_TARGET_ARCH)")

As this is kind of ugly - did you try whether binutils can be talked
into generating an architecture neutral ELF object (using EM_NONE
as the architecture in the ELF header), and whether that could
then be linked? Of course that would be of limited use of the blob
was other than a plain stream of bytes (i.e. endian independent).


You get EM_NONE when you omit the -B argument, but the linker refuses
to accept this as an input unless passed --accept-unknown-input-arch.
With this flag enabled, the built_in.o is binary equal.

Daniel De Graaf
National Security Agency

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.