[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v6 1/2] xsm: create idle domain privileged and demote after setup
- To: Luca Fancellu <Luca.Fancellu@xxxxxxx>
- From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 May 2022 07:05:00 -0400
- Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652267168; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=gTL+o8aNyNcXOAKDASLTIDGIYEIU0NEfdsDtKkGnT+U=; b=XWkulCxaPfh5o6/DSkZuk+XsM4OALhr5Mofko6yOdyMi1cn+eIIGaaieHWEyYYdlgyJd0i6KX9w3SYl5xZLZleV0ouIoWWLojAqBWNkKYmHHutXQmqJ/sqKWyxlnv5SXpJFeuqFhe9CPPRluIX/DihwIhKfmJoijmfvznWvy9XA=
- Arc-seal: i=1; a=rsa-sha256; t=1652267168; cv=none; d=zohomail.com; s=zohoarc; b=jqgIHLUDhkjHEbDGN56CG/foHg07cjKNEQZhC8OzOu+/nNSzPqMq0CU92VUFeD2mftzhLj7iYjQlOnUF3q74a1oYo/719AsOzRhMAG7LKh84ovReIQ+ItTauACWmI26BsyjiOZoq8ZFfVjEeF9cCBEwfN/3JL8WvULnjZdF9zmg=
- Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Scott Davis <scott.davis@xxxxxxxxxx>, "jandryuk@xxxxxxxxx" <jandryuk@xxxxxxxxx>, "christopher.clark@xxxxxxxxxx" <christopher.clark@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
- Delivery-date: Wed, 11 May 2022 11:06:20 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 5/3/22 09:17, Luca Fancellu wrote:
> Hi Daniel,
>
>> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
>> index 0bf63ffa84..b93101191e 100644
>> --- a/xen/xsm/flask/hooks.c
>> +++ b/xen/xsm/flask/hooks.c
>> @@ -186,6 +186,28 @@ static int cf_check flask_domain_alloc_security(struct
>> domain *d)
>> return 0;
>> }
>>
>> +static int cf_check flask_set_system_active(void)
>> +{
>> + struct domain *d = current->domain;
>> +
>> + ASSERT(d->is_privileged);
>> +
>> + if ( d->domain_id != DOMID_IDLE )
>> + {
>> + printk("xsm_set_system_active should only be called by idle
>> domain\n");
>
> Sorry I spotted that now, here in the printk probably you mean
> “flask_set_system_active”
> instead of “xsm_set_system_active”, you can keep my R-by after this change.
That was intentional as that was the hook it came in as, but after you
pointed it out I realized this may cause confusion since the default
policy function name is the same as the hook. Though changing it I would
do as Julien suggested and use __func__.
v/r,
dps
|