Xen project Mailing List

Re: [PATCH v3 1/3] xsm: only search for a policy file when needed

To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Wed, 1 Jun 2022 08:04:08 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=05k4mje6QfRWLhMHFWF/guLKIpRIrLgBZQocG3RvjF0=; b=KCs5a0N7dbuyIESh7oUlMf6pw3k+RsAVwSWNhe5k4DpmMSEuckwjYxA2TcAOD3LMK6BSYhOs6ivSvs0jdUFtwI76Q3JdF4fJmhR7/Cfwo0LO7T7PlzUeNjCc6oN7tsq4/PEWvzb7RFljF6+QHum5BNfqHWpUJ27Ed4GLrDUt3/A6xz9ow6dHHf1vY+ZoLCcdpG3MtS7gPOgNcy6HZep5t3OuRXXDDUafrznMA4U8app0GCQvJNVfeWL45UA9gRb8Zt8gt8Hd11FIuBuWv13lJI6cU9VykkAbwt/udQp0pjNsD8dLjAjsSMTtQDaZxXppXd9uZkRKQwEHu/Gk5NFRCw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d5qynFxRnXmNoGyDa3upXqCrTgGLH+6NVJYxvxvZxZ3fBmox8Cxscun1959cvFa2D3vCAhPUGlyVqu6ZS4rkD7oQuKNV4iSxIazEDat1LTDrJpRfK4xqYjKZvvdESF3rqqmcmYnlGjW91JNfuI/xVvEDKqiKI4vt71BGGHtGvl28pIYYQsWgGXnjuCjuPCXY0QitoLY0TdIYt4wbAqepo/LVQuBYWtXuQO6TGTEu6hxQJp49a4c6t8gjvxcXP6zq7YsRnzKG7GF0bIlNBAHYm5Oi98qjbg8fHODLjkZDKzFmp4rZx9/q2necl3tBKyj8HQ2iRpdpzDC+dZsgTx1eiA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Wed, 01 Jun 2022 06:04:23 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 31.05.2022 18:15, Daniel P. Smith wrote: > > On 5/31/22 11:51, Jan Beulich wrote: >> On 31.05.2022 17:08, Daniel P. Smith wrote: >>> It is possible to select a few different build configurations that results >>> in >>> the unnecessary walking of the boot module list looking for a policy module. >>> This specifically occurs when the flask policy is enabled but either the >>> dummy >>> or the SILO policy is selected as the enforcing policy. This is not ideal >>> for >>> configurations like hyperlaunch and dom0less when there could be a number of >>> modules to be walked or doing an unnecessary device tree lookup. >>> >>> This patch introduces the policy_file_required flag for tracking when an XSM >>> policy module requires a policy file. Only when the policy_file_required >>> flag >>> is set to true, will XSM search the boot modules for a policy file. >>> >>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> >> >> Looks technically okay, so >> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> >> but couldn't you ... >> >>> @@ -148,7 +160,7 @@ int __init xsm_multiboot_init( >>> >>> printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); >>> >>> - if ( XSM_MAGIC ) >>> + if ( policy_file_required && XSM_MAGIC ) >>> { >>> ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer, >>> &policy_size); >>> @@ -176,7 +188,7 @@ int __init xsm_dt_init(void) >>> >>> printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); >>> >>> - if ( XSM_MAGIC ) >>> + if ( policy_file_required && XSM_MAGIC ) >>> { >>> ret = xsm_dt_policy_init(&policy_buffer, &policy_size); >>> if ( ret ) >> >> ... drop the two "&& XSM_MAGIC" here at this time? Afaict >> policy_file_required >> cannot be true when XSM_MAGIC is zero. > > I was on the fence about this, as it should be rendered as redundant as > you point out. I am good with dropping on next spin. I'd also be okay dropping this while committing, unless a v4 appears first ... Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.