Xen project Mailing List

Re: [Xen-devel] [PATCH v3] xsm: add a default policy to .init.data

To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>

Date: Thu, 30 Jun 2016 09:45:29 -0400

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Doug Goldstein <cardoe@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>

Delivery-date: Thu, 30 Jun 2016 13:45:51 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Wed, Jun 29, 2016 at 11:09:01AM -0400, Daniel De Graaf wrote: > This adds a Kconfig option and support for including the XSM policy from > tools/flask/policy in the hypervisor so that the bootloader does not > need to provide a policy to get sane behavior from an XSM-enabled > hypervisor. The policy provided by the bootloader, if present, will > override the built-in policy. > > The XSM policy is not moved out of tools because that remains the > primary location for installing and configuring the policy. > > Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > --- > > Changes from v2 (dropped acks and reviewed-by): > - Drop linker script changes, use python binary-to-C file script > - Make the config option always include the policy if selected > - Note the new conditional dependency on checkpolicy in INSTALL I liked the previous patch of putting in it in __init section. Is that something this patch could do? Ah, n/m. I see that the python script generates the binary with __init! Secondly I was wondering why the suggestion I had - which was to check of the 'checkpolicy' availability - and if not found - then hide the Kconfig option was not mentioned? .. snip... > +sys.stdout.write("\n};\nconst int __init xsm_init_policy_size = %d;\n" % > policy_size) > diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c > index 8df1a3c..93c7d43 100644 > --- a/xen/xsm/xsm_core.c > +++ b/xen/xsm/xsm_core.c > @@ -36,6 +36,24 @@ static inline int verify(struct xsm_operations *ops) > return 0; > } > > +#ifdef CONFIG_XSM_POLICY > +extern char xsm_init_policy[]; > +extern int xsm_init_policy_size; > +#else > +#define xsm_init_policy 0 > +#endif > + > +static void __init xsm_policy_init(void) > +{ > +#ifdef CONFIG_XSM_POLICY > + if ( policy_size == 0 ) > + { > + policy_buffer = xsm_init_policy; > + policy_size = xsm_init_policy_size; > + } > +#endif > +} > + This all looks like it could go in a header file? > static int __init xsm_core_init(void) > { > if ( verify(&dummy_xsm_ops) ) > @@ -46,6 +64,7 @@ static int __init xsm_core_init(void) > } > > xsm_ops = &dummy_xsm_ops; > + xsm_policy_init(); > flask_init(); > > return 0; > @@ -98,7 +117,8 @@ int __init xsm_dt_init(void) > > ret = xsm_core_init(); > > - xfree(policy_buffer); > + if ( policy_buffer != xsm_init_policy ) > + xfree(policy_buffer); > > return ret; > } > -- > 2.7.4 > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxx > http://lists.xen.org/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.