WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] fix broken ACM

To: aq <aquynh@xxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] fix broken ACM
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Thu, 23 Jun 2005 11:56:53 -0400
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 23 Jun 2005 15:55:56 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <9cde8bff05062308227dfd471e@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 06/23/2005 11:22:04 AM:

> On 6/24/05, Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> wrote:
> > 
> > On 23 Jun 2005, at 15:57, Stefan Berger wrote:
> > 
> > >> ok, i see the point. the problem is because i moved some codes
> > >> (acm_init() and acm_init_binary_policy()) to acm_hooks.h. now it 
seems
> > >> better to move them back. but it is weird that i got no problem 
with
> > >> gcc 3.3.5
> > >>
> > >> could you please try again with the new patch below?
> > >
> > > I tried it with your attached patch. There was an unused function 
when
> > > trying out the NULL policy. The attached patch on top of yours and
> > > things
> > > compile fine.
> > 
> > I'm still confused what these patches are aiming to fix. If we are
> > building 'NULL' security policy then all the hooks should compile away
> > to nothing and acm core files do not get built. So why do they need
> > patching with ifdef's conditional on whether or not the policy is
> > 'NULL'?
> > 
> > Currently, if you re-enable building of acm/ directory in the Xen root
> > Makefile, yet the ACM_USE_SECURITY_POLICY is NULL_POLICY, the build
> > will certainly fail. But I don;t see why we would want to support 
that.
> > :-)
> 
> Keir, certainly i understand your point. but this patch doesnt harm, 
anyway ;-)
> 
> one annoying problem at the moment is that if we want to compile ACM
> in, we should modify the value of ACM_USE_SECURITY_POLICY, since the
> current default value is ACM_NULL_POLICY( which is meaningless as Keir
> pointed out )

We have a choice of compiling in a NULL policy on two levels now:

Do not define ACM_USE_SECURITY_POLICY on makefile level to not compile any 
policy code in the xen/acm directory and effectlively have a NULL policy.

If ACM_USE_SECURITY_POLICY is defined on the makefile level and 
ACM_NULL_POLICY is the default as the policy to compile (see the choice in 
xen/include/public/acm.h), we also get a NULL policy. The inline calls 
that are compiled into the code will all be removed since they default to 
'return 0'. - so no hooks there and no overhead.

Is it a problem to have that 2nd level choice of a NULL policy?

  Stefan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel