[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/3] xsm: only search for a policy file when needed


  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 31 May 2022 17:51:42 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=J+gb4sJ+/ewSSupf5o5IjWHAiGlAUe7ETcuOmm89aLM=; b=oSYDg1XQAA6zuaCEYjRcYM58hOlp3QnVP0O4av0pHObueOyKKAnWuGywepst1cwG2aHByFiWZ9ZENZN6bHT0DHRQm9e9e2BzUNeYP7RZ3sEPyRajO0dNm71Uw4nE9HjcjWTuSUR6q7FmkVfRm+8XY/hwV9vNeKM7X+y43SDAFJdjNEN4Qu1mHY+9iWUMnXZyoPZw8cXx1Uet9IVYoSCJG4KFeFvw+lUozVCzz+YgDT61hTm0+1nikAVmlyKo4lGpSjQq1T3JLK1ZK6KhUcdEyv8P3st20xwApy42IIKwJOosOlencPVHJo7j3eOpLbpli6GT0yLbOYo8RAaAc+93pA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hFsq7NfsgiHloXfKCTYk2qsZQErNYRPYbmT6I2zvKE8yJel3fad9qmXTFWtLYjJdLSZ7Yk3SxdjWEVrGqeJnympJZP446S1Cx8ce87BG12fGoyqvC+RSE9tIZUIF1w/aW20G+zqhdWg11fZxKFJ9jd2wTFZkINO06z2JzhqbkF+ZPBDLADoEPhP6Ww89EmFv5NEzTLzYrIlUMgEzYlSVcd9gmzp/+8/Z8A+F2hu5WepVdBxQJ0kOmDQ6ENt9J0VztUzstwwfMSijP0AADutXbqVSTE5nFK6LXDhQlf7MSLPgIKJEkdmsSmXhKdhCcP6IOMdfUd35P0oO3nl97HPomg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 31 May 2022 15:51:56 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 31.05.2022 17:08, Daniel P. Smith wrote:
> It is possible to select a few different build configurations that results in
> the unnecessary walking of the boot module list looking for a policy module.
> This specifically occurs when the flask policy is enabled but either the dummy
> or the SILO policy is selected as the enforcing policy. This is not ideal for
> configurations like hyperlaunch and dom0less when there could be a number of
> modules to be walked or doing an unnecessary device tree lookup.
> 
> This patch introduces the policy_file_required flag for tracking when an XSM
> policy module requires a policy file. Only when the policy_file_required flag
> is set to true, will XSM search the boot modules for a policy file.
> 
> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Looks technically okay, so
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
but couldn't you ...

> @@ -148,7 +160,7 @@ int __init xsm_multiboot_init(
>  
>      printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
>  
> -    if ( XSM_MAGIC )
> +    if ( policy_file_required && XSM_MAGIC )
>      {
>          ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer,
>                                          &policy_size);
> @@ -176,7 +188,7 @@ int __init xsm_dt_init(void)
>  
>      printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
>  
> -    if ( XSM_MAGIC )
> +    if ( policy_file_required && XSM_MAGIC )
>      {
>          ret = xsm_dt_policy_init(&policy_buffer, &policy_size);
>          if ( ret )

... drop the two "&& XSM_MAGIC" here at this time? Afaict policy_file_required
cannot be true when XSM_MAGIC is zero.

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.