[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 1/3] xsm: only search for a policy file when needed
- To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Wed, 1 Jun 2022 08:08:05 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qEUwB/AVRNW+SOSSQmEQiPixxgsqNXK7nt7cMYX3VFA=; b=HaTmJSW/2Dbu1xcEDv6HYIUEi2afhaqoPkQ69FkoS9E1y12/ldNXV9Y/l63RKZHqttIM6KxPqxFbghwHCp9SblfBdUrZjr0fF2f+X3ma/uUxxVzFmDOAqM3d689isCdFDRIpT2Gpgjvj8jbsBpdxQ6nsC/7TsJdLBwU2kbevx3gCpS89YdIigbozSYBVIUiZieOsZgEB49IXtx+o0SsyeQ0Ops4fv/5uuuEsz5WcG00cPVHWF52FxOLMNGVVfH/kp2y4B/TZTAImXMKJ9Z3XnChWIBSZ0BLbuEQsm4NSIYSk6uP9WakxKV+XlUYv9XLl9sifZaATjafQmNn3JebQzA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L3eReNnavcFxzYI4gwF5T+X1BLMV+XA0B4w2ombN6bU05fRZJg7m4KDLljCiqqg4Y5gW/tG6UfgEZcFr1DvjVE2qHQYW6NYXecsax80lwSgOnbCBZ+j02g+onpwndJfx7vxyp9m0Q1A4rAC2suJybBxLIuvoWLbMGugps9VY+ytBCtwlZmohKP/jYPRqyu7NdcyIsTDTsUSP/cY//Gm9rn1EA5g7JAjvTZdB3sx6IXvV8oHwoLh2OlcV5pSWAtGW3vqjW6zA1379ym3AkkYfpkLC3TQgsBdM+BZiAvQF3IiPk4eLJr9ykpBUjww1KdzxVuuK5u49SMdwpj+WfCl9fQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Wed, 01 Jun 2022 06:08:21 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 31.05.2022 17:08, Daniel P. Smith wrote:
> It is possible to select a few different build configurations that results in
> the unnecessary walking of the boot module list looking for a policy module.
> This specifically occurs when the flask policy is enabled but either the dummy
> or the SILO policy is selected as the enforcing policy. This is not ideal for
> configurations like hyperlaunch and dom0less when there could be a number of
> modules to be walked or doing an unnecessary device tree lookup.
>
> This patch introduces the policy_file_required flag for tracking when an XSM
> policy module requires a policy file.
In light of the "flask=late" aspect of patch 2, I'd like to suggest to
slightly alter wording here: "... requires looking for a policy file."
> --- a/xen/xsm/xsm_core.c
> +++ b/xen/xsm/xsm_core.c
> @@ -55,19 +55,31 @@ static enum xsm_bootparam __initdata xsm_bootparam =
> XSM_BOOTPARAM_DUMMY;
> #endif
>
> +static bool __initdata policy_file_required =
> + IS_ENABLED(CONFIG_XSM_FLASK_DEFAULT);
The variable may then also want renaming, to e.g. "find_policy_file".
Jan
|