diff mbox series

[v2,03/70] xen/xsm: Move {do,compat}_flask_op() declarations into a header

Message ID 20220214125127.17985-4-andrew.cooper3@citrix.com (mailing list archive)
State New, archived
Headers show
Series x86: Support for CET Indirect Branch Tracking | expand

Commit Message

Andrew Cooper Feb. 14, 2022, 12:50 p.m. UTC 
Declaring sideways like this is unsafe, because the compiler can't check that
the implementaton in flask_op.c still has the same type.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
CC: Daniel Smith <dpsmith@apertussolutions.com>

v2:
 * Rework in the face of no useful progress on the better fix.
---
 xen/xsm/flask/flask_op.c | 1 +
 xen/xsm/flask/hooks.c    | 4 +---
 xen/xsm/flask/private.h  | 9 +++++++++
 3 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 xen/xsm/flask/private.h

Comments

Daniel P. Smith Feb. 14, 2022, 2:36 p.m. UTC | #1 
On 2/14/22 07:50, Andrew Cooper wrote:
> Declaring sideways like this is unsafe, because the compiler can't check that
> the implementaton in flask_op.c still has the same type.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> CC: Daniel Smith <dpsmith@apertussolutions.com>
> 
> v2:
>  * Rework in the face of no useful progress on the better fix.
> ---
>  xen/xsm/flask/flask_op.c | 1 +
>  xen/xsm/flask/hooks.c    | 4 +---
>  xen/xsm/flask/private.h  | 9 +++++++++
>  3 files changed, 11 insertions(+), 3 deletions(-)
>  create mode 100644 xen/xsm/flask/private.h
> 
> diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
> index 221ff00fd3cc..bb3bebc30e01 100644
> --- a/xen/xsm/flask/flask_op.c
> +++ b/xen/xsm/flask/flask_op.c
> @@ -21,6 +21,7 @@
>  #include <avc_ss.h>
>  #include <objsec.h>
>  #include <conditional.h>
> +#include "private.h"
>  
>  #define ret_t long
>  #define _copy_to_guest copy_to_guest
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index 3b29f7fde372..6ff1be28e4a4 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -36,6 +36,7 @@
>  #include <avc_ss.h>
>  #include <objsec.h>
>  #include <conditional.h>
> +#include "private.h"
>  
>  static u32 domain_sid(const struct domain *dom)
>  {
> @@ -1742,9 +1743,6 @@ static int flask_argo_send(const struct domain *d, const struct domain *t)
>  
>  #endif
>  
> -long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
> -int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
> -
>  static const struct xsm_ops __initconstrel flask_ops = {
>      .security_domaininfo = flask_security_domaininfo,
>      .domain_create = flask_domain_create,
> diff --git a/xen/xsm/flask/private.h b/xen/xsm/flask/private.h
> new file mode 100644
> index 000000000000..73b0de87245a
> --- /dev/null
> +++ b/xen/xsm/flask/private.h
> @@ -0,0 +1,9 @@
> +#ifndef XSM_FLASK_PRIVATE
> +#define XSM_FLASK_PRIVATE
> +
> +#include <public/xen.h>
> +
> +long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
> +int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
> +
> +#endif /* XSM_FLASK_PRIVATE */

Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
diff mbox series

Patch

diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 221ff00fd3cc..bb3bebc30e01 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -21,6 +21,7 @@ 
 #include <avc_ss.h>
 #include <objsec.h>
 #include <conditional.h>
+#include "private.h"
 
 #define ret_t long
 #define _copy_to_guest copy_to_guest
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 3b29f7fde372..6ff1be28e4a4 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -36,6 +36,7 @@ 
 #include <avc_ss.h>
 #include <objsec.h>
 #include <conditional.h>
+#include "private.h"
 
 static u32 domain_sid(const struct domain *dom)
 {
@@ -1742,9 +1743,6 @@  static int flask_argo_send(const struct domain *d, const struct domain *t)
 
 #endif
 
-long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
-int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
-
 static const struct xsm_ops __initconstrel flask_ops = {
     .security_domaininfo = flask_security_domaininfo,
     .domain_create = flask_domain_create,
diff --git a/xen/xsm/flask/private.h b/xen/xsm/flask/private.h
new file mode 100644
index 000000000000..73b0de87245a
--- /dev/null
+++ b/xen/xsm/flask/private.h
@@ -0,0 +1,9 @@ 
+#ifndef XSM_FLASK_PRIVATE
+#define XSM_FLASK_PRIVATE
+
+#include <public/xen.h>
+
+long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
+int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
+
+#endif /* XSM_FLASK_PRIVATE */