[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 03/10] xsm: remove the ability to disable flask
- To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Tue, 13 Jul 2021 00:22:01 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cIelzpufYg9nItQp7ba1nwJVA5XICTgXKeIOBei7J3M=; b=n1oIgmZHXaDKZSu1EiExa6c6mjOGNYKkp/vAhHQpqUGymmD3gKovvRwbc5p3mv2y4hoLsY4NiBg7CJuvUa9aLeYVTqCxBqN/KMt6BUDgVuYtC2rEAsisaKlgZ0bq0XkRCsPG8tT/eSaDxHHP4S4EK2ymP2EM0q4LbMOb0tO2nQLRRIExnL9gV0pvHhuDPqrdCXu18AVwcnvAmbfaL7eingtAUQ9++2sg/ojd5Y53uVWKbJ/mWRTeXzBc4GWdXFknWk+Rri/fUSCePQQDZHVI8e+Czr/DCowUidk0I6B7IvLZYwh9uCg9JZ6VKogO0ojIZOiqk/mDUJ3WDbZbs0HmGA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JSkgTTOs4TclajAeTEYqEygHlLwtVcIzsJqwY0ZKnMlzln3Ipy0CqlAw7jm+EBZKlZUGEq6F/zGOryBR98au/o8M8Usq1Fsf7tyNkKNAwlvTlV4OJ9+VislGf2ZVwKsLUWyvD6oSvkobKQsb39dpou0UP9bcMNF3mq5JtcikJNQSHLIHuoD5WxZW4rCBpsmBc4Tr5YdAOiZQ/oDgSM7WtQHoO+foVFXgYDNVWHZNP7EcjJDdHCS/JYeyC14PEP45wFRjoahJDgp9Tri0BmIf+Bohsrm7D/KLGXk752YLJMm+EUzSpjpPn18knctmSiKaHnalg0tEAEnBdRN5BJyJbw==
- Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
- Delivery-date: Mon, 12 Jul 2021 23:22:20 +0000
- Ironport-hdrordr: A9a23:Bt12uaHAcv4M/fgkpLqFHZHXdLJyesId70hD6qkvc3Nom52j+/ xGws536faVslcssHFJo6HkBEDyewKiyXcT2/hsAV7CZniahILMFu9fBOTZskXd8kHFh4lgPO JbAtJD4b7LfChHZKTBkXCF+r8bqbHtmsDY5pat854ud3APV0gJ1XYJNu/xKDwReOApP+taKH PR3Ls9m9L2Ek5nEPhTS0N1EtTrlpnurtbLcBQGDxko5E2nii6p0qfzF1y90g0FWz1C7L8++S yd+jaJqZmLgrWe8FvxxmXT55NZlJ/IzcZCPtWFjowwJi/3ggilSYx9U/mpvSwzosuo9FE2+e O87ysIDoBW0Tf8b2u1qRzi103LyzA18ULvzleenD/KvdH5bChSMbsAuatpNj/ir2YwttB116 xGm0iDsYBMMB/GlCPho/DVShBRkFauq3ZKq59Ts5Vma/pdVFZtl/1bwKsMe61wWB4SqbpXXt WGNfusp8q/KjihHjfkVgAF+q3eYpwxdi32CnTq9PbllQS+p0oJu3fw8vZv10voxKhNPqWs2N 60RZiAtIs+BfP+PpgNTtvof6OMexrwqFT3QTuvHWg=
- Ironport-sdr: LcsHe/Bpj02iJPKX6pbhtXXkD2/pFkWy+NkKDI/4kGG+3FnZ1PqxKelkyB20zKqwQlxoDAerT7 0NPXwN9Kvr0DY/t7Pks6Bydz+xdGYBVyBhGkNMlW+tVLZ07vw9Vn3Da4j22llEHSWZQOSRMvBx IFiDb4ig1mw/uzLQigw3CSZXXT+JvRtTkvprz4gXrpAtd/MJozsVycYd6tA1CaRi1Mk51fOJnM vhs9k317S+dU6VI2nAbpUrB5CnLg88Ndixa3jzF+h4rCBJkfVRp8o5fRius46k1c03FMe1CCu4 1E0=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12/07/2021 21:32, Daniel P. Smith wrote:
> The flask XSM module provided the ability to switch from flask back to
> the dummy XSM module during runtime. With this removal the only way to
> switch between XSM modules is at boot time.
>
> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
This patch wants reordering ahead of "xsm: refactor xsm_ops handling"
which will reduce the churn in that patch.
In addition, you want:
diff --git a/xen/include/public/xsm/flask_op.h
b/xen/include/public/xsm/flask_op.h
index 16af7bc22f75..b41dd6dac894 100644
--- a/xen/include/public/xsm/flask_op.h
+++ b/xen/include/public/xsm/flask_op.h
@@ -188,7 +188,7 @@ struct xen_flask_op {
#define FLASK_SETBOOL 12
#define FLASK_COMMITBOOLS 13
#define FLASK_MLS 14
-#define FLASK_DISABLE 15
+#define FLASK_DISABLE 15 /* No longer implemented */
#define FLASK_GETAVC_THRESHOLD 16
#define FLASK_SETAVC_THRESHOLD 17
#define FLASK_AVC_HASHSTATS 18
to match the removal of FLASK_USER in c/s 559f439bfa3bf
~Andrew
|
