[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/3] libsepol, checkpolicy: widen Xen IOMEM ocontext entries

To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, selinux@xxxxxxxxxxxxx
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Thu, 12 Mar 2015 23:13:15 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 12 Mar 2015 23:13:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 12/03/2015 20:40, Daniel De Graaf wrote:
> This expands IOMEMCON device context entries to 64 bits.  This change is
> required to support static I/O memory range labeling for systems with
> over 16TB of physical address space.  The policy version number change
> is shared with the next patch.
>
> While this makes no changes to SELinux policy, a new SELinux policy
> compatibility entry was added in order to avoid breaking compilation of
> an SELinux policy without explicitly specifying the policy version.
>
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> ---
>  checkpolicy/policy_define.c                |  6 +++---
>  checkpolicy/policy_define.h                |  2 +-
>  checkpolicy/policy_parse.y                 |  9 ++++++--
>  libsepol/cil/src/cil_build_ast.c           | 32 ++++++++++++++++++++++++++---
>  libsepol/cil/src/cil_build_ast.h           |  1 +
>  libsepol/cil/src/cil_internal.h            |  4 ++--
>  libsepol/cil/src/cil_policy.c              |  2 +-
>  libsepol/cil/src/cil_tree.c                |  2 +-
>  libsepol/include/sepol/policydb/policydb.h |  7 ++++---
>  libsepol/src/policydb.c                    | 33 
> +++++++++++++++++++++++++-----
>  libsepol/src/write.c                       | 32 ++++++++++++++++++++++-------
>  policycoreutils/hll/pp/pp.c                |  4 ++--
>  12 files changed, 104 insertions(+), 30 deletions(-)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index a6c5d65..f4c6fba 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -3932,7 +3932,7 @@ bad:
>       return -1;
>  }
>  
> -int define_iomem_context(unsigned long low, unsigned long high)
> +int define_iomem_context(uint64_t low, uint64_t high)
>  {
>       ocontext_t *newc, *c, *l, *head;
>       char *id;
> @@ -3972,13 +3972,13 @@ int define_iomem_context(unsigned long low, unsigned 
> long high)
>  
>       head = policydbp->ocontexts[OCON_XEN_IOMEM];
>       for (l = NULL, c = head; c; l = c, c = c->next) {
> -             uint32_t low2, high2;
> +             uint64_t low2, high2;
>  
>               low2 = c->u.iomem.low_iomem;
>               high2 = c->u.iomem.high_iomem;
>               if (low <= high2 && low2 <= high) {
>                       yyerror2("iomemcon entry for 0x%lx-0x%lx overlaps with "
> -                             "earlier entry 0x%x-0x%x", low, high,
> +                             "earlier entry 0x%lx-0x%lx", low, high,

This will break a 32bit build.  You must use PRIx64 from <inttypes.h>
instead of %lx for uint64_t's

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v2 0/3] Xen/FLASK policy updates for device contexts
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 2/3] libsepol, checkpolicy: widen Xen IOMEM ocontext entries
  - From: Daniel De Graaf

Prev by Date: Re: [Xen-devel] xenstored crashes with SIGSEGV
Next by Date: Re: [Xen-devel] [PATCHv5 12/14] xen-blkback: safely unmap grants in case they are still in use
Previous by thread: [Xen-devel] [PATCH 2/3] libsepol, checkpolicy: widen Xen IOMEM ocontext entries
Next by thread: [Xen-devel] [PATCH 3/3] libsepol, checkpolicy: add device tree ocontext nodes to Xen policy
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.