diff mbox series

[v10,02/12] xen: add a generic way to include binary files as variables

Message ID 20200519072106.26894-3-jgross@suse.com (mailing list archive)
State New, archived
Headers show
Series Add hypervisor sysfs-like support | expand

Commit Message

Jürgen Groß May 19, 2020, 7:20 a.m. UTC 
Add a new script xen/tools/binfile for including a binary file at build
time being usable via a pointer and a size variable in the hypervisor.

Make use of that generic tool in xsm.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wl@xen.org>
---
V3:
- new patch

V4:
- add alignment parameter (Jan Beulich)
- use .Lend instead of . (Jan Beulich)

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 .gitignore                   |  1 +
 xen/tools/binfile            | 43 ++++++++++++++++++++++++++++++++++++
 xen/xsm/flask/Makefile       |  5 ++++-
 xen/xsm/flask/flask-policy.S | 16 --------------
 4 files changed, 48 insertions(+), 17 deletions(-)
 create mode 100755 xen/tools/binfile
 delete mode 100644 xen/xsm/flask/flask-policy.S

Comments

Jan Beulich May 19, 2020, 7:47 a.m. UTC | #1 
On 19.05.2020 09:20, Juergen Gross wrote:
> --- a/xen/xsm/flask/Makefile
> +++ b/xen/xsm/flask/Makefile
> @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE
>  obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o
>  flask-policy.o: policy.bin
>  
> +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile
> +	$(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy

I realize the script gets installed as executable, but such
permissions can get lost. Typically I think we invoke the shell
instead, with the script as first argument. Thoughts? Would
affect patch 8 then as well. Sorry for noticing this only now.

Jan
Jürgen Groß May 19, 2020, 7:52 a.m. UTC | #2 
On 19.05.20 09:47, Jan Beulich wrote:
> On 19.05.2020 09:20, Juergen Gross wrote:
>> --- a/xen/xsm/flask/Makefile
>> +++ b/xen/xsm/flask/Makefile
>> @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE
>>   obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o
>>   flask-policy.o: policy.bin
>>   
>> +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile
>> +	$(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy
> 
> I realize the script gets installed as executable, but such
> permissions can get lost. Typically I think we invoke the shell
> instead, with the script as first argument. Thoughts? Would
> affect patch 8 then as well. Sorry for noticing this only now.

Shall I resend or would you do that while committing?


Juergen
Jan Beulich May 19, 2020, 7:58 a.m. UTC | #3 
On 19.05.2020 09:52, Jürgen Groß wrote:
> On 19.05.20 09:47, Jan Beulich wrote:
>> On 19.05.2020 09:20, Juergen Gross wrote:
>>> --- a/xen/xsm/flask/Makefile
>>> +++ b/xen/xsm/flask/Makefile
>>> @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE
>>>   obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o
>>>   flask-policy.o: policy.bin
>>>   
>>> +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile
>>> +	$(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy
>>
>> I realize the script gets installed as executable, but such
>> permissions can get lost. Typically I think we invoke the shell
>> instead, with the script as first argument. Thoughts? Would
>> affect patch 8 then as well. Sorry for noticing this only now.
> 
> Shall I resend or would you do that while committing?

In patch 8 I'd be fine adding $(SHELL). Here, though, the question is
whether it should be $(SHELL) or $(CONFIG_SHELL) - I don't have any
idea why the latter exists in the first place. Daniel?

Jan
Jürgen Groß May 19, 2020, 8:14 a.m. UTC | #4 
On 19.05.20 09:58, Jan Beulich wrote:
> On 19.05.2020 09:52, Jürgen Groß wrote:
>> On 19.05.20 09:47, Jan Beulich wrote:
>>> On 19.05.2020 09:20, Juergen Gross wrote:
>>>> --- a/xen/xsm/flask/Makefile
>>>> +++ b/xen/xsm/flask/Makefile
>>>> @@ -39,6 +39,9 @@ $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE
>>>>    obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o
>>>>    flask-policy.o: policy.bin
>>>>    
>>>> +flask-policy.S: $(XEN_ROOT)/xen/tools/binfile
>>>> +	$(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy
>>>
>>> I realize the script gets installed as executable, but such
>>> permissions can get lost. Typically I think we invoke the shell
>>> instead, with the script as first argument. Thoughts? Would
>>> affect patch 8 then as well. Sorry for noticing this only now.
>>
>> Shall I resend or would you do that while committing?
> 
> In patch 8 I'd be fine adding $(SHELL). Here, though, the question is
> whether it should be $(SHELL) or $(CONFIG_SHELL) - I don't have any
> idea why the latter exists in the first place. Daniel?

Why would different shells be needed in the two patches?

The binfile script is rather simple without any bash-isms in it (AFAICT
CONFIG_SHELL seems to prefer bash). So $(SHELL) should be fine IMO.


Juergen
diff mbox series

Patch

diff --git a/.gitignore b/.gitignore
index bfa53723b3..034f44b21b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -314,6 +314,7 @@  xen/test/livepatch/*.livepatch
 xen/tools/kconfig/.tmp_gtkcheck
 xen/tools/kconfig/.tmp_qtcheck
 xen/tools/symbols
+xen/xsm/flask/flask-policy.S
 xen/xsm/flask/include/av_perm_to_string.h
 xen/xsm/flask/include/av_permissions.h
 xen/xsm/flask/include/class_to_string.h
diff --git a/xen/tools/binfile b/xen/tools/binfile
new file mode 100755
index 0000000000..df0301183f
--- /dev/null
+++ b/xen/tools/binfile
@@ -0,0 +1,43 @@ 
+#!/bin/sh
+# usage: binfile [-i] [-a <align>] <target-src.S> <binary-file> <varname>
+# -a <align>  align data at 2^<align> boundary (default: byte alignment)
+# -i          add to .init.rodata (default: .rodata) section
+
+section=""
+align=0
+
+OPTIND=1
+while getopts "ia:" opt; do
+    case "$opt" in
+    i)
+        section=".init"
+        ;;
+    a)
+        align=$OPTARG
+        ;;
+    esac
+done
+let "SHIFT=$OPTIND-1"
+shift $SHIFT
+
+target=$1
+binsource=$2
+varname=$3
+
+cat <<EOF >$target
+#include <asm/asm_defns.h>
+
+        .section $section.rodata, "a", %progbits
+
+        .p2align $align
+        .global $varname
+$varname:
+        .incbin "$binsource"
+.Lend:
+
+        .type $varname, %object
+        .size $varname, .Lend - $varname
+
+        .global ${varname}_size
+        ASM_INT(${varname}_size, .Lend - $varname)
+EOF
diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
index eebfceecc5..d8486fc7e4 100644
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -39,6 +39,9 @@  $(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE
 obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o
 flask-policy.o: policy.bin
 
+flask-policy.S: $(XEN_ROOT)/xen/tools/binfile
+	$(XEN_ROOT)/xen/tools/binfile -i $@ policy.bin xsm_flask_init_policy
+
 FLASK_BUILD_DIR := $(CURDIR)
 POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION)
 
@@ -48,4 +51,4 @@  policy.bin: FORCE
 
 .PHONY: clean
 clean::
-	rm -f $(ALL_H_FILES) *.o $(DEPS_RM) policy.* $(POLICY_SRC)
+	rm -f $(ALL_H_FILES) *.o $(DEPS_RM) policy.* $(POLICY_SRC) flask-policy.S
diff --git a/xen/xsm/flask/flask-policy.S b/xen/xsm/flask/flask-policy.S
deleted file mode 100644
index d38aa39964..0000000000
--- a/xen/xsm/flask/flask-policy.S
+++ /dev/null
@@ -1,16 +0,0 @@ 
-#include <asm/asm_defns.h>
-
-        .section .init.rodata, "a", %progbits
-
-/* const unsigned char xsm_flask_init_policy[] __initconst */
-        .global xsm_flask_init_policy
-xsm_flask_init_policy:
-        .incbin "policy.bin"
-.Lend:
-
-        .type xsm_flask_init_policy, %object
-        .size xsm_flask_init_policy, . - xsm_flask_init_policy
-
-/* const unsigned int __initconst xsm_flask_init_policy_size */
-        .global xsm_flask_init_policy_size
-        ASM_INT(xsm_flask_init_policy_size, .Lend - xsm_flask_init_policy)