Message ID | 20200519072106.26894-3-jgross@suse.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Add hypervisor sysfs-like support | expand |
On 19.05.2020 09:20, Juergen Gross wrote: > --- a/xen/xsm/flask/Makefile > +++ b/xen/xsm/flask/Makefile > @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE > obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o > flask-policy.o: policy.bin > > +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile > + $(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy I realize the script gets installed as executable, but such permissions can get lost. Typically I think we invoke the shell instead, with the script as first argument. Thoughts? Would affect patch 8 then as well. Sorry for noticing this only now. Jan
On 19.05.20 09:47, Jan Beulich wrote: > On 19.05.2020 09:20, Juergen Gross wrote: >> --- a/xen/xsm/flask/Makefile >> +++ b/xen/xsm/flask/Makefile >> @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE >> obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o >> flask-policy.o: policy.bin >> >> +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile >> + $(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy > > I realize the script gets installed as executable, but such > permissions can get lost. Typically I think we invoke the shell > instead, with the script as first argument. Thoughts? Would > affect patch 8 then as well. Sorry for noticing this only now. Shall I resend or would you do that while committing? Juergen
On 19.05.2020 09:52, Jürgen Groß wrote: > On 19.05.20 09:47, Jan Beulich wrote: >> On 19.05.2020 09:20, Juergen Gross wrote: >>> --- a/xen/xsm/flask/Makefile >>> +++ b/xen/xsm/flask/Makefile >>> @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE >>> obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o >>> flask-policy.o: policy.bin >>> >>> +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile >>> + $(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy >> >> I realize the script gets installed as executable, but such >> permissions can get lost. Typically I think we invoke the shell >> instead, with the script as first argument. Thoughts? Would >> affect patch 8 then as well. Sorry for noticing this only now. > > Shall I resend or would you do that while committing? In patch 8 I'd be fine adding $(SHELL). Here, though, the question is whether it should be $(SHELL) or $(CONFIG_SHELL) - I don't have any idea why the latter exists in the first place. Daniel? Jan
On 19.05.20 09:58, Jan Beulich wrote: > On 19.05.2020 09:52, Jürgen Groß wrote: >> On 19.05.20 09:47, Jan Beulich wrote: >>> On 19.05.2020 09:20, Juergen Gross wrote: >>>> --- a/xen/xsm/flask/Makefile >>>> +++ b/xen/xsm/flask/Makefile >>>> @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE >>>> obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o >>>> flask-policy.o: policy.bin >>>> >>>> +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile >>>> + $(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy >>> >>> I realize the script gets installed as executable, but such >>> permissions can get lost. Typically I think we invoke the shell >>> instead, with the script as first argument. Thoughts? Would >>> affect patch 8 then as well. Sorry for noticing this only now. >> >> Shall I resend or would you do that while committing? > > In patch 8 I'd be fine adding $(SHELL). Here, though, the question is > whether it should be $(SHELL) or $(CONFIG_SHELL) - I don't have any > idea why the latter exists in the first place. Daniel? Why would different shells be needed in the two patches? The binfile script is rather simple without any bash-isms in it (AFAICT CONFIG_SHELL seems to prefer bash). So $(SHELL) should be fine IMO. Juergen
diff --git a/.gitignore b/.gitignore index bfa53723b3..034f44b21b 100644 --- a/.gitignore +++ b/.gitignore @@ -314,6 +314,7 @@ xen/test/livepatch/*.livepatch xen/tools/kconfig/.tmp_gtkcheck xen/tools/kconfig/.tmp_qtcheck xen/tools/symbols +xen/xsm/flask/flask-policy.S xen/xsm/flask/include/av_perm_to_string.h xen/xsm/flask/include/av_permissions.h xen/xsm/flask/include/class_to_string.h diff --git a/xen/tools/binfile b/xen/tools/binfile new file mode 100755 index 0000000000..df0301183f --- /dev/null +++ b/xen/tools/binfile @@ -0,0 +1,43 @@ +#!/bin/sh +# usage: binfile [-i] [-a <align>] <target-src.S> <binary-file> <varname> +# -a <align> align data at 2^<align> boundary (default: byte alignment) +# -i add to .init.rodata (default: .rodata) section + +section="" +align=0 + +OPTIND=1 +while getopts "ia:" opt; do + case "$opt" in + i) + section=".init" + ;; + a) + align=$OPTARG + ;; + esac +done +let "SHIFT=$OPTIND-1" +shift $SHIFT + +target=$1 +binsource=$2 +varname=$3 + +cat <<EOF >$target +#include <asm/asm_defns.h> + + .section $section.rodata, "a", %progbits + + .p2align $align + .global $varname +$varname: + .incbin "$binsource" +.Lend: + + .type $varname, %object + .size $varname, .Lend - $varname + + .global ${varname}_size + ASM_INT(${varname}_size, .Lend - $varname) +EOF diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index eebfceecc5..d8486fc7e4 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o flask-policy.o: policy.bin +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile + $(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy + FLASK_BUILD_DIR := $(CURDIR) POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION) @@ -48,4 +51,4 @@ policy.bin: FORCE .PHONY: clean clean:: - rm -f $(ALL_H_FILES) *.o $(DEPS_RM) policy.* $(POLICY_SRC) + rm -f $(ALL_H_FILES) *.o $(DEPS_RM) policy.* $(POLICY_SRC) flask-policy.S diff --git a/xen/xsm/flask/flask-policy.S b/xen/xsm/flask/flask-policy.S deleted file mode 100644 index d38aa39964..0000000000 --- a/xen/xsm/flask/flask-policy.S +++ /dev/null @@ -1,16 +0,0 @@ -#include <asm/asm_defns.h> - - .section .init.rodata, "a", %progbits - -/* const unsigned char xsm_flask_init_policy[] __initconst */ - .global xsm_flask_init_policy -xsm_flask_init_policy: - .incbin "policy.bin" -.Lend: - - .type xsm_flask_init_policy, %object - .size xsm_flask_init_policy, . - xsm_flask_init_policy - -/* const unsigned int __initconst xsm_flask_init_policy_size */ - .global xsm_flask_init_policy_size - ASM_INT(xsm_flask_init_policy_size, .Lend - xsm_flask_init_policy)