Xen project Mailing List

[v2 1/3] xsm: optimize policy loading

To: xen-devel@xxxxxxxxxxxxxxxxxxxx, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Mon, 30 May 2022 22:39:42 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1653950422; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=C2+K4LrGQhQgI5/c0uDyjquPaNz/qaLDWh7HXB1QsBw=; b=DAvVEOemHHwllNmMfxOKFgYw0cvol/HZDanJ7SB8cEeaVo1VbAvfg8UwaKyEkA8g9Hw8skFXPpuwe6PZff2AGUtc2gz7c8B+iFfqS2pcmJWHE15kg29HEq2kftZkWZk+2FYmBqnwxDzWJMqedA4l1Vi10M8tT9e8rIRnqwz3Z94=

Arc-seal: i=1; a=rsa-sha256; t=1653950422; cv=none; d=zohomail.com; s=zohoarc; b=HaPbuXhvTV3X6Se6zXMBzcGDRhj3MDypTXFfiWd7HBCmoEeXAbCF3BKOieyMma85KzeEcOP37uWPyTlJCT/qPU07m39QVWQ07itW3vYl+C++tHB7/x8H0evkHx1ghinfy8NOeJM88zWtdaB6etHJoqUO25CsGD2H8qADhtYtgT4=

Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Mon, 30 May 2022 22:40:48 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

It is possible to select a few different build configurations that results in the unnecessary walking of the boot module list looking for a policy module. This specifically occurs when the flask policy is enabled but either the dummy or the SILO policy is selected as the enforcing policy. This is not ideal for configurations like hyperlaunch and dom0less when there could be a number of modules to be walked or unnecessary device tree lookups This patch introduces the policy_file_required flag for tracking when an XSM policy module requires a policy file. Only when the policy_file_required flag is set to true will XSM search the boot modules for a policy file. Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> --- xen/xsm/xsm_core.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 2286a502e3..4a29ee9558 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -55,19 +55,31 @@ static enum xsm_bootparam __initdata xsm_bootparam = XSM_BOOTPARAM_DUMMY; #endif +static bool __initdata policy_file_required = + IS_ENABLED(CONFIG_XSM_FLASK_DEFAULT); + static int __init cf_check parse_xsm_param(const char *s) { int rc = 0; if ( !strcmp(s, "dummy") ) + { xsm_bootparam = XSM_BOOTPARAM_DUMMY; + policy_file_required = false; + } #ifdef CONFIG_XSM_FLASK else if ( !strcmp(s, "flask") ) + { xsm_bootparam = XSM_BOOTPARAM_FLASK; + policy_file_required = true; + } #endif #ifdef CONFIG_XSM_SILO else if ( !strcmp(s, "silo") ) + { xsm_bootparam = XSM_BOOTPARAM_SILO; + policy_file_required = false; + } #endif else rc = -EINVAL; @@ -148,7 +160,7 @@ int __init xsm_multiboot_init( printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); - if ( XSM_MAGIC ) + if ( policy_file_required && XSM_MAGIC ) { ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer, &policy_size); @@ -176,7 +188,7 @@ int __init xsm_dt_init(void) printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); - if ( XSM_MAGIC ) + if ( policy_file_required && XSM_MAGIC ) { ret = xsm_dt_policy_init(&policy_buffer, &policy_size); if ( ret ) -- 2.20.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.