This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] fix broken ACM

To: aq <aquynh@xxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] fix broken ACM
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Thu, 23 Jun 2005 11:56:53 -0400
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 23 Jun 2005 15:55:56 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <9cde8bff05062308227dfd471e@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 06/23/2005 11:22:04 AM:

> On 6/24/05, Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> wrote:
> > 
> > On 23 Jun 2005, at 15:57, Stefan Berger wrote:
> > 
> > >> ok, i see the point. the problem is because i moved some codes
> > >> (acm_init() and acm_init_binary_policy()) to acm_hooks.h. now it 
> > >> better to move them back. but it is weird that i got no problem 
> > >> gcc 3.3.5
> > >>
> > >> could you please try again with the new patch below?
> > >
> > > I tried it with your attached patch. There was an unused function 
> > > trying out the NULL policy. The attached patch on top of yours and
> > > things
> > > compile fine.
> > 
> > I'm still confused what these patches are aiming to fix. If we are
> > building 'NULL' security policy then all the hooks should compile away
> > to nothing and acm core files do not get built. So why do they need
> > patching with ifdef's conditional on whether or not the policy is
> > 'NULL'?
> > 
> > Currently, if you re-enable building of acm/ directory in the Xen root
> > Makefile, yet the ACM_USE_SECURITY_POLICY is NULL_POLICY, the build
> > will certainly fail. But I don;t see why we would want to support 
> > :-)
> Keir, certainly i understand your point. but this patch doesnt harm, 
anyway ;-)
> one annoying problem at the moment is that if we want to compile ACM
> in, we should modify the value of ACM_USE_SECURITY_POLICY, since the
> current default value is ACM_NULL_POLICY( which is meaningless as Keir
> pointed out )

We have a choice of compiling in a NULL policy on two levels now:

Do not define ACM_USE_SECURITY_POLICY on makefile level to not compile any 
policy code in the xen/acm directory and effectlively have a NULL policy.

If ACM_USE_SECURITY_POLICY is defined on the makefile level and 
ACM_NULL_POLICY is the default as the policy to compile (see the choice in 
xen/include/public/acm.h), we also get a NULL policy. The inline calls 
that are compiled into the code will all be removed since they default to 
'return 0'. - so no hooks there and no overhead.

Is it a problem to have that 2nd level choice of a NULL policy?


Xen-devel mailing list