[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Thu, 17 Jan 2013 12:13:50 -0500
Cc: Lars Rasmusson <lra@xxxxxxx>, "Tim \(Xen.org\)" <tim@xxxxxxx>, Stefano Stabellini <Stefano.Stabellini@xxxxxxxxxxxxx>, "Keir \(Xen.org\)" <keir@xxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 17 Jan 2013 17:14:11 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 01/17/2013 12:05 PM, Ian Campbell wrote:
> On Tue, 2013-01-15 at 14:35 +0000, Daniel De Graaf wrote:
>> The rest of the changes look correct. The #ifdefs are a bit ugly, but
>> refactoring the MSI code into an arch-specific function should fix
>> that. 
> 
> I've just sent out a new patch which takes are of only the build failure
> on ARM with XSM disabled.
> 
> For fixing the flask build on ARM: what does security_device_sid return?
> If I want to refactor this:
>         #ifdef CONFIG_X86
>             if ( desc->msi_desc ) {
>                 struct pci_dev *dev = desc->msi_desc->dev;
>                 u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
>                 if (ad) {
>                     AVC_AUDIT_DATA_INIT(ad, DEV);
>                     ad->device = sbdf;
>                 }
>                 return security_device_sid(sbdf, sid);
>             }
>         #endif
> into an arch specific function I need to be able to return something in
> the !desc->msi_desc case. Can a sid be any integer or could I return
> e.g. 0 in this case?
> 
> Ian.
> 

There are some reserved sids that might be useful here (SECINITSID_UNLABELED
if this case shouldn't be encountered). Zero might be the most suitable value,
since zero is not a valid sid and can be used to indicate "unable to resolve".
Zero will be treated as the unlabeled SID if passed to avc_has_perm.

security_device_sid returns either SECINITSID_DEVICE or the assigned SID of
the requested PCI device (as indexed by its sbdf number, and set either in
XSM policy or by flask-label-pci).

-- 
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM
  - From: Keir Fraser
- Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] [PATCH] Re: Ever increasing time offset for HVM domain / Huge amounts of drift
Next by Date: Re: [Xen-devel] [PATCH v2 1/2] xenconsoled: use grant references instead of map_foreign_range
Previous by thread: Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM
Next by thread: Re: [Xen-devel] [PATCH 0 of 9 RFC v2] blktap3: Introduce a small subset of blktap3 files
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.