[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/3] xsm: only search for a policy file when needed

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 31 May 2022 12:15:48 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654013839; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=vrGrsXsKMeGJYOjt6Ch9wm5kkhtaTzHolvvolDcSGk4=; b=XTUmsg2kUotzjzg7Taxy/iBPuh7cDhCLzIskHJtJ34GtndYAeOGolxcQ8vO9kFwKgRW24rGv+NSrXUzFuhBcGzwyt6x1bfOla42QDJIXvzDYaE2IU7S6z/9zwf5TXDcivjZ2UswCIwe9M/vVR1u62+dTO0rkQpiSc7wjtRA9SfM=
  • Arc-seal: i=1; a=rsa-sha256; t=1654013839; cv=none; d=zohomail.com; s=zohoarc; b=Lp0cZBacg2y9/sc5/afICGrKtarrhdLwoXwFUumbt4zSohnuao5/VCAvRuma2znsk7czKXBawFUlSj5iqGMaM75iKyf4T8MQYMpLAKQ+CDOIa13RwWu79cTRJoHl65bFpxY7VHYjDq3008iipKopNm4OMnATBNXT5VyMgOwo79c=
  • Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 31 May 2022 16:17:30 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 5/31/22 11:51, Jan Beulich wrote:
> On 31.05.2022 17:08, Daniel P. Smith wrote:
>> It is possible to select a few different build configurations that results in
>> the unnecessary walking of the boot module list looking for a policy module.
>> This specifically occurs when the flask policy is enabled but either the 
>> dummy
>> or the SILO policy is selected as the enforcing policy. This is not ideal for
>> configurations like hyperlaunch and dom0less when there could be a number of
>> modules to be walked or doing an unnecessary device tree lookup.
>>
>> This patch introduces the policy_file_required flag for tracking when an XSM
>> policy module requires a policy file. Only when the policy_file_required flag
>> is set to true, will XSM search the boot modules for a policy file.
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
> 
> Looks technically okay, so
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
> but couldn't you ...
> 
>> @@ -148,7 +160,7 @@ int __init xsm_multiboot_init(
>>  
>>      printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
>>  
>> -    if ( XSM_MAGIC )
>> +    if ( policy_file_required && XSM_MAGIC )
>>      {
>>          ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer,
>>                                          &policy_size);
>> @@ -176,7 +188,7 @@ int __init xsm_dt_init(void)
>>  
>>      printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
>>  
>> -    if ( XSM_MAGIC )
>> +    if ( policy_file_required && XSM_MAGIC )
>>      {
>>          ret = xsm_dt_policy_init(&policy_buffer, &policy_size);
>>          if ( ret )
> 
> ... drop the two "&& XSM_MAGIC" here at this time? Afaict policy_file_required
> cannot be true when XSM_MAGIC is zero.

I was on the fence about this, as it should be rendered as redundant as
you point out. I am good with dropping on next spin.

v/r,
dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.