[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4] xsm: add a default policy to .init.data

  • To: Jan Beulich <JBeulich@xxxxxxxx>
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Thu, 7 Jul 2016 10:44:27 -0400
  • Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 07 Jul 2016 14:45:27 +0000
  • Ironport-phdr: 9a23:fojk9hIJJ1csuYNPWNmcpTZWNBhigK39O0sv0rFitYgUIvjxwZ3uMQTl6Ol3ixeRBMOAuqoC0bqd7fGocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXsq3G/pQQfBg/4fVIsYL+kQsiI34/phqibwN76W01wnj2zYLd/fl2djD76kY0ou7ZkMbs70RDTo3FFKKx8zGJsIk+PzV6nvp/jtLYqySlbuuog+shcSu26Ov1gFf0LMS4ie1wRyIWr8EObDFjH2nxJcGwQ2jBFHgzE5xGyCrXbvzb+t+F98DKHJsCwRrcxD2eM9aBuHTPhjiYKM3YV/Sn4kMV5guoPrB2tqhNlyqbIcYqVM7x4ZaqbctQEEzkSFv1NXjBMV9vvJ7AECPAMaKMB9dHw
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
On 07/07/2016 06:30 AM, Jan Beulich wrote:

On 05.07.16 at 19:44, <dgdegra@xxxxxxxxxxxxx> wrote:

--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -762,6 +762,13 @@ static inline void flask_init(void)
 }
 #endif

+#ifdef CONFIG_XSM_POLICY
+extern const unsigned char xsm_init_policy[];
+extern const int xsm_init_policy_size;


unsigned int or size_t please.


--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -27,6 +27,17 @@ $(FLASK_H_FILES): $(FLASK_H_DEPEND)
 $(AV_H_FILES): $(AV_H_DEPEND)
        $(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)

+obj-$(CONFIG_XSM_POLICY) += policy.o
+
+POLICY_SRC := $(XEN_ROOT)/tools/flask/policy/xenpolicy-$(XEN_FULLVERSION)
+
+policy.bin: FORCE
+       $(MAKE) -C $(XEN_ROOT)/tools/flask/policy
+       cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@
+
+policy.c: policy.bin gen-policy.py
+       $(PYTHON) gen-policy.py < $< > $@
+
 .PHONY: clean
 clean::
        rm -f $(ALL_H_FILES) *.o $(DEPS)


I suppose the clean target then also needs adjustment?


Yes, it does.


+static inline void xsm_policy_init(void)
+{
+#ifdef CONFIG_XSM_POLICY
+    if ( policy_size == 0 )
+    {
+        policy_buffer = (char*)xsm_init_policy;


Can't xsm_init_policy by of type const char[] then, avoiding the need
for a cast (you certainly shouldn't be casting away constness)? If not,
besides adding the const please also add a blank before the *.


The policy_buffer global cannot be a const char* because it is passed to
xfree() below (only in ARM); the cast would only be moved.  The buffer is
never modified, if that's what you are asking.

The reason that xsm_init_policy is unsigned is to avoid compiler warnings
resulting from assigning values such as 0xF3 to a signed character.

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.