From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: xen-devel@lists.xenproject.org,
Doug Goldstein <cardoe@cardoe.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Jan Beulich <JBeulich@suse.com>
Subject: Re: [PATCH v3] xsm: add a default policy to .init.data
Date: Thu, 30 Jun 2016 09:45:29 -0400 [thread overview]
Message-ID: <20160630134528.GB6428@char.us.oracle.com> (raw)
In-Reply-To: <1467212941-8265-1-git-send-email-dgdegra@tycho.nsa.gov>
On Wed, Jun 29, 2016 at 11:09:01AM -0400, Daniel De Graaf wrote:
> This adds a Kconfig option and support for including the XSM policy from
> tools/flask/policy in the hypervisor so that the bootloader does not
> need to provide a policy to get sane behavior from an XSM-enabled
> hypervisor. The policy provided by the bootloader, if present, will
> override the built-in policy.
>
> The XSM policy is not moved out of tools because that remains the
> primary location for installing and configuring the policy.
>
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> ---
>
> Changes from v2 (dropped acks and reviewed-by):
> - Drop linker script changes, use python binary-to-C file script
> - Make the config option always include the policy if selected
> - Note the new conditional dependency on checkpolicy in INSTALL
I liked the previous patch of putting in it in __init section.
Is that something this patch could do? Ah, n/m. I see that
the python script generates the binary with __init!
Secondly I was wondering why the suggestion I had - which was to check
of the 'checkpolicy' availability - and if not found - then
hide the Kconfig option was not mentioned?
.. snip...
> +sys.stdout.write("\n};\nconst int __init xsm_init_policy_size = %d;\n" % policy_size)
> diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
> index 8df1a3c..93c7d43 100644
> --- a/xen/xsm/xsm_core.c
> +++ b/xen/xsm/xsm_core.c
> @@ -36,6 +36,24 @@ static inline int verify(struct xsm_operations *ops)
> return 0;
> }
>
> +#ifdef CONFIG_XSM_POLICY
> +extern char xsm_init_policy[];
> +extern int xsm_init_policy_size;
> +#else
> +#define xsm_init_policy 0
> +#endif
> +
> +static void __init xsm_policy_init(void)
> +{
> +#ifdef CONFIG_XSM_POLICY
> + if ( policy_size == 0 )
> + {
> + policy_buffer = xsm_init_policy;
> + policy_size = xsm_init_policy_size;
> + }
> +#endif
> +}
> +
This all looks like it could go in a header file?
> static int __init xsm_core_init(void)
> {
> if ( verify(&dummy_xsm_ops) )
> @@ -46,6 +64,7 @@ static int __init xsm_core_init(void)
> }
>
> xsm_ops = &dummy_xsm_ops;
> + xsm_policy_init();
> flask_init();
>
> return 0;
> @@ -98,7 +117,8 @@ int __init xsm_dt_init(void)
>
> ret = xsm_core_init();
>
> - xfree(policy_buffer);
> + if ( policy_buffer != xsm_init_policy )
> + xfree(policy_buffer);
>
> return ret;
> }
> --
> 2.7.4
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-06-30 13:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-29 15:09 [PATCH v3] xsm: add a default policy to .init.data Daniel De Graaf
2016-06-30 13:45 ` Konrad Rzeszutek Wilk [this message]
2016-06-30 14:01 ` Daniel De Graaf
2016-06-30 15:13 ` Konrad Rzeszutek Wilk
2016-07-01 7:19 ` Jan Beulich
2016-07-05 15:37 ` Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160630134528.GB6428@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=JBeulich@suse.com \
--cc=cardoe@cardoe.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=ian.jackson@eu.citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).