[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/4] flask: XSA-84 follow-ups



>>> On 10.02.14 at 21:22, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
> On 02/07/2014 04:41 AM, Jan Beulich wrote:
>> 1: fix memory leaks
>> 2: fix error propagation from flask_security_set_bool()
>> 3: check permissions first thing in flask_security_set_bool()
>> 4: add compat mode guest support
>>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>>
>> Release-wise, I would think that 1-3 should certainly go in. While I'd
>> like 4 to be in for 4.4 too, I realize that's a little more intrusive than
>> one would want at this point.
> 
> All four patches look correct to me. I assume the movement of the 
> flask_security_commit_bools inside the #ifdef is made possible by
> the xlat.lst parsing, but didn't look too closely at how that was
> done.

No, that has nothing to do with the xlat.lst parsing. It's solely with
the goal of having one less #ifndef COMPAT code section (as we
need static helper functions to be defined exactly once in the whole
compilation unit, yet the file includes itself after #define-ing COMPAT,
all these functions must be inside such conditionals).

> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> 
> Re: what goes in release - I agree that #4 would be nice but I wouldn't
> push too hard to make an exception for it. The users of the XSM interface
> would primarily be toolstack and related domains where a requirement to
> be 64-bit should not be too restrictive (not to say this shouldn't be
> fixed, of course).

With George's feedback on the same matter, I already pushed the
patch back to my 4.5 queue.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.