[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/3] xsm: only search for a policy file when needed

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 7 Jun 2022 08:07:57 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654603779; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=ScXb0xdi8YgdMGfuuVK8ZgufA8fQmT/uIWL/VcY2uL0=; b=QWTyTRTUvJyJ982Du1iWooSedRej7un+HfCj5zSiG+gGfxBnIfvaFpVL8MyL/GagyFlNOYc8yyPI/paiz0fpS3MxhshVYFmW7s+a74kYgcnYBo80k9Goo+w5LKlyqijr1irOxIS9Y3ScKMTlu4Vbmu8XK1Lh9EI2tySF3pezclo=
  • Arc-seal: i=1; a=rsa-sha256; t=1654603779; cv=none; d=zohomail.com; s=zohoarc; b=dPjRd8sYiMzP0IwITrb4TfhNnXFtLRstH2f17kz4Q2A72E+pptieTSWoZIpuMN0N00ZrJFScYrSRX4i3TYo269dkZxaCxvnuARTH8zPojtn86aipcO1p/KnA+MLEyH8t160wNmMBQKQN6VIFizhffGAkem04KW8kMB6XL+HCnWg=
  • Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 07 Jun 2022 12:09:49 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 6/1/22 02:04, Jan Beulich wrote:
> On 31.05.2022 18:15, Daniel P. Smith wrote:
>>
>> On 5/31/22 11:51, Jan Beulich wrote:
>>> On 31.05.2022 17:08, Daniel P. Smith wrote:
>>>> It is possible to select a few different build configurations that results 
>>>> in
>>>> the unnecessary walking of the boot module list looking for a policy 
>>>> module.
>>>> This specifically occurs when the flask policy is enabled but either the 
>>>> dummy
>>>> or the SILO policy is selected as the enforcing policy. This is not ideal 
>>>> for
>>>> configurations like hyperlaunch and dom0less when there could be a number 
>>>> of
>>>> modules to be walked or doing an unnecessary device tree lookup.
>>>>
>>>> This patch introduces the policy_file_required flag for tracking when an 
>>>> XSM
>>>> policy module requires a policy file. Only when the policy_file_required 
>>>> flag
>>>> is set to true, will XSM search the boot modules for a policy file.
>>>>
>>>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>>>
>>> Looks technically okay, so
>>> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
>>> but couldn't you ...
>>>
>>>> @@ -148,7 +160,7 @@ int __init xsm_multiboot_init(
>>>>  
>>>>      printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
>>>>  
>>>> -    if ( XSM_MAGIC )
>>>> +    if ( policy_file_required && XSM_MAGIC )
>>>>      {
>>>>          ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer,
>>>>                                          &policy_size);
>>>> @@ -176,7 +188,7 @@ int __init xsm_dt_init(void)
>>>>  
>>>>      printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
>>>>  
>>>> -    if ( XSM_MAGIC )
>>>> +    if ( policy_file_required && XSM_MAGIC )
>>>>      {
>>>>          ret = xsm_dt_policy_init(&policy_buffer, &policy_size);
>>>>          if ( ret )
>>>
>>> ... drop the two "&& XSM_MAGIC" here at this time? Afaict 
>>> policy_file_required
>>> cannot be true when XSM_MAGIC is zero.
>>
>> I was on the fence about this, as it should be rendered as redundant as
>> you point out. I am good with dropping on next spin.
> 
> I'd also be okay dropping this while committing, unless a v4 appears
> first ...

ack

v/r,
dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.