[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 12/15] xen/xsm: remove .xsm_initcall.init section


  • To: xen-devel@xxxxxxxxxxxxx
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Thu, 9 Jun 2016 10:47:15 -0400
  • Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Delivery-date: Thu, 09 Jun 2016 14:47:36 +0000
  • Ironport-phdr: 9a23:4gT7hhKWE5ewN46VcdmcpTZWNBhigK39O0sv0rFitYgULP3xwZ3uMQTl6Ol3ixeRBMOAu6MC1Led7PqocFdDyKjCmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBybrysXNWC3oLoiqvtodX6WEZhunmUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO9MxGlldhq5lhf44dqsrtY4q3wD888784Z8dYmyP+FiFf0LRAghZnA44ojnuAfOSSOL52AASSMGnxwOBBLKvz/gWZKkniL8t+d5kAWXdeLsRLk6EWCu4KtmRwXhoDsWPD4+tmfMg4p/i7wN80HpnAB234OBONLdD/F5ZK6IOIlCSA==
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

Since FLASK is the only implementation of XSM hooks in Xen, using an
iterated initcall dispatch for setup is overly complex.  Change this to
a direct function call to a globally visible function; if additional XSM
hooks are added in the future, a switching mechanism will be needed
regardless, and that can be placed in xsm_core.c.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 xen/arch/arm/xen.lds.S |  5 -----
 xen/arch/x86/xen.lds.S |  5 -----
 xen/common/Kconfig     | 37 +++++++++++++++++++------------------
 xen/include/xsm/xsm.h  | 16 ++++++++--------
 xen/xsm/flask/hooks.c  |  4 +---
 xen/xsm/xsm_core.c     |  8 +-------
 6 files changed, 29 insertions(+), 46 deletions(-)

diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S
index 76982b2..8320381 100644
--- a/xen/arch/arm/xen.lds.S
+++ b/xen/arch/arm/xen.lds.S
@@ -162,11 +162,6 @@ SECTIONS
        *(.initcall1.init)
        __initcall_end = .;
   } :text
-  .xsm_initcall.init : {
-       __xsm_initcall_start = .;
-       *(.xsm_initcall.init)
-       __xsm_initcall_end = .;
-  } :text
   __init_end_efi = .;
   . = ALIGN(STACK_SIZE);
   __init_end = .;
diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S
index a43b29d..dcbb8fe 100644
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -190,11 +190,6 @@ SECTIONS
        *(.initcall1.init)
        __initcall_end = .;
   } :text
-  .xsm_initcall.init : {
-       __xsm_initcall_start = .;
-       *(.xsm_initcall.init)
-       __xsm_initcall_end = .;
-  } :text
   . = ALIGN(PAGE_SIZE);
   __init_end = .;
 
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index cd59574..b8f1800 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -11,24 +11,6 @@ config COMPAT
 config CORE_PARKING
        bool
 
-config FLASK
-       bool "FLux Advanced Security Kernel support"
-       default y
-       depends on XSM
-       ---help---
-         Enables the FLASK (FLux Advanced Security Kernel) support which
-         provides a mandatory access control framework by which security
-         enforcement, isolation, and auditing can be achieved with fine
-         granular control via a security policy.
-
-         If unsure, say N.
-
-config FLASK_AVC_STATS
-       def_bool y
-       depends on FLASK
-       ---help---
-         Maintain statistics on the access vector cache
-
 # Select HAS_DEVICE_TREE if device tree is supported
 config HAS_DEVICE_TREE
        bool
@@ -137,6 +119,25 @@ config XSM
 
          If unsure, say N.
 
+config FLASK
+       bool "FLux Advanced Security Kernel support"
+       default y
+       depends on XSM
+       ---help---
+         Enables FLASK (FLux Advanced Security Kernel) as the access control
+         mechanism used by the XSM framework.  This provides a mandatory access
+         control framework by which security enforcement, isolation, and
+         auditing can be achieved with fine granular control via a security
+         policy.
+
+         If unsure, say Y.
+
+config FLASK_AVC_STATS
+       def_bool y
+       depends on FLASK
+       ---help---
+         Maintain statistics on the access vector cache
+
 # Enable schedulers
 menu "Schedulers"
        visible if EXPERT = "y"
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 8ed8ee5..0d525ec 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -46,14 +46,6 @@ typedef enum xsm_default xsm_default_t;
 extern char *policy_buffer;
 extern u32 policy_size;
 
-typedef void (*xsm_initcall_t)(void);
-
-extern xsm_initcall_t __xsm_initcall_start[], __xsm_initcall_end[];
-
-#define xsm_initcall(fn) \
-    static xsm_initcall_t __initcall_##fn \
-    __used_section(".xsm_initcall.init") = fn
-
 struct xsm_operations {
     void (*security_domaininfo) (struct domain *d,
                                         struct xen_domctl_getdomaininfo *info);
@@ -763,6 +755,14 @@ extern int unregister_xsm(struct xsm_operations *ops);
 extern struct xsm_operations dummy_xsm_ops;
 extern void xsm_fixup_ops(struct xsm_operations *ops);
 
+#ifdef CONFIG_FLASK
+extern void flask_init(void);
+#else
+static inline void flask_init(void)
+{
+}
+#endif
+
 #else /* CONFIG_XSM */
 
 #include <xsm/dummy.h>
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 3ab3fbf..596ac0a 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1816,7 +1816,7 @@ static struct xsm_operations flask_ops = {
     .xen_version = flask_xen_version,
 };
 
-static __init void flask_init(void)
+__init void flask_init(void)
 {
     int ret = -ENOENT;
 
@@ -1859,8 +1859,6 @@ static __init void flask_init(void)
         printk(XENLOG_INFO "Flask:  Starting in permissive mode.\n");
 }
 
-xsm_initcall(flask_init);
-
 /*
  * Local variables:
  * mode: C
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 634ec98..cb2fdb6 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -38,13 +38,7 @@ static inline int verify(struct xsm_operations *ops)
 
 static void __init do_xsm_initcalls(void)
 {
-    xsm_initcall_t *call;
-    call = __xsm_initcall_start;
-    while ( call < __xsm_initcall_end )
-    {
-        (*call) ();
-        call++;
-    }
+    flask_init();
 }
 
 static int __init xsm_core_init(void)
-- 
2.5.5


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.