diff mbox series

xsm/flask: code style formatting

Message ID 20220422194344.9318-1-dpsmith@apertussolutions.com (mailing list archive)
State New, archived
Headers show
Series xsm/flask: code style formatting | expand

Commit Message

Daniel P. Smith April 22, 2022, 7:43 p.m. UTC
This is a quick code style cleanup patch for xsm/flask. The files flask_op.c
and hooks.c are Xen specific, thus full code style rules were applied. The
remaining files are from Linux and therefore only trailing whitespace was
remove from those files.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
 xen/xsm/flask/avc.c            |  14 +--
 xen/xsm/flask/flask_op.c       |  27 ++---
 xen/xsm/flask/hooks.c          | 186 +++++++++++++++++----------------
 xen/xsm/flask/include/avc.h    |   2 +-
 xen/xsm/flask/ss/avtab.c       |  10 +-
 xen/xsm/flask/ss/avtab.h       |   4 +-
 xen/xsm/flask/ss/conditional.c |   4 +-
 xen/xsm/flask/ss/context.h     |   4 +-
 xen/xsm/flask/ss/mls.c         |   2 +-
 xen/xsm/flask/ss/policydb.c    |   2 +-
 xen/xsm/flask/ss/services.c    |   6 +-
 xen/xsm/flask/ss/sidtab.c      |   6 +-
 12 files changed, 136 insertions(+), 131 deletions(-)

Comments

Andrew Cooper April 22, 2022, 11:07 p.m. UTC | #1
On 22/04/2022 20:43, Daniel P. Smith wrote:
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index 0bf63ffa84..e2ebbc7716 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -120,8 +121,8 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
>          struct irq_desc *desc = irq_to_desc(irq);
>          if ( desc->msi_desc && desc->msi_desc->dev ) {
>              struct pci_dev *dev = desc->msi_desc->dev;
> -            u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
> -            if (ad) {
> +            uint32_t sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
> +            if ( ad ) {

Brace on newline, and in the subsequent hunk.  Can be fixed on commit.

Otherwise, LGTM.  Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jason Andryuk April 25, 2022, 7:36 p.m. UTC | #2
On Fri, Apr 22, 2022 at 7:07 PM Andrew Cooper <Andrew.Cooper3@citrix.com> wrote:
>
> On 22/04/2022 20:43, Daniel P. Smith wrote:
> > diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> > index 0bf63ffa84..e2ebbc7716 100644
> > --- a/xen/xsm/flask/hooks.c
> > +++ b/xen/xsm/flask/hooks.c
> > @@ -120,8 +121,8 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
> >          struct irq_desc *desc = irq_to_desc(irq);
> >          if ( desc->msi_desc && desc->msi_desc->dev ) {
> >              struct pci_dev *dev = desc->msi_desc->dev;
> > -            u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
> > -            if (ad) {
> > +            uint32_t sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
> > +            if ( ad ) {
>
> Brace on newline, and in the subsequent hunk.  Can be fixed on commit.
>
> Otherwise, LGTM.  Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jason Andryuk <jandryuk@gmail.com>
Jan Beulich April 26, 2022, 8:38 a.m. UTC | #3
On 23.04.2022 01:07, Andrew Cooper wrote:
> On 22/04/2022 20:43, Daniel P. Smith wrote:
>> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
>> index 0bf63ffa84..e2ebbc7716 100644
>> --- a/xen/xsm/flask/hooks.c
>> +++ b/xen/xsm/flask/hooks.c
>> @@ -120,8 +121,8 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
>>          struct irq_desc *desc = irq_to_desc(irq);
>>          if ( desc->msi_desc && desc->msi_desc->dev ) {

I've elected to also fix this misplaced brace while committing.

>>              struct pci_dev *dev = desc->msi_desc->dev;
>> -            u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
>> -            if (ad) {
>> +            uint32_t sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
>> +            if ( ad ) {
> 
> Brace on newline, and in the subsequent hunk.  Can be fixed on commit.
> 
> Otherwise, LGTM.  Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

Strictly speaking the u32 -> uint32_t conversion was getting us only
half the mileage, but I've committed the change as is (in this regard)
nevertheless. In many of the cases "unsigned int" or alike should be
used instead.

Jan
Daniel P. Smith April 26, 2022, 10:49 a.m. UTC | #4
On 4/26/22 04:38, Jan Beulich wrote:
> On 23.04.2022 01:07, Andrew Cooper wrote:
>> On 22/04/2022 20:43, Daniel P. Smith wrote:
>>> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
>>> index 0bf63ffa84..e2ebbc7716 100644
>>> --- a/xen/xsm/flask/hooks.c
>>> +++ b/xen/xsm/flask/hooks.c
>>> @@ -120,8 +121,8 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
>>>           struct irq_desc *desc = irq_to_desc(irq);
>>>           if ( desc->msi_desc && desc->msi_desc->dev ) {
> 
> I've elected to also fix this misplaced brace while committing.

Ack.

>>>               struct pci_dev *dev = desc->msi_desc->dev;
>>> -            u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
>>> -            if (ad) {
>>> +            uint32_t sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
>>> +            if ( ad ) {
>>
>> Brace on newline, and in the subsequent hunk.  Can be fixed on commit.
>>
>> Otherwise, LGTM.  Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
> 
> Strictly speaking the u32 -> uint32_t conversion was getting us only
> half the mileage, but I've committed the change as is (in this regard)
> nevertheless. In many of the cases "unsigned int" or alike should be
> used instead.

Thank you, I can add a review of uint{X}_t usage to the list of updates 
for flask.

v/r,
dps
diff mbox series

Patch

diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index e20c165042..4a75ec97e2 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -13,9 +13,9 @@ 
  *    it under the terms of the GNU General Public License version 2,
  *      as published by the Free Software Foundation.
  */
- 
+
 /* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
- 
+
 #include <xen/lib.h>
 #include <xen/xmalloc.h>
 #include <xen/types.h>
@@ -267,7 +267,7 @@  int avc_get_hash_stats(struct xen_flask_hash_stats *arg)
     }
 
     rcu_read_unlock(&avc_rcu_lock);
-    
+
     arg->entries = atomic_read(&avc_cache.active_nodes);
     arg->buckets_used = slots_used;
     arg->buckets_total = AVC_CACHE_SLOTS;
@@ -336,7 +336,7 @@  static inline int avc_reclaim_node(void)
         }
         rcu_read_unlock(&avc_rcu_lock);
         spin_unlock_irqrestore(lock, flags);
-    }    
+    }
  out:
     return ecx;
 }
@@ -622,7 +622,7 @@  static int avc_update_node(u32 perms, u32 ssid, u32 tsid, u16 tclass,
     struct hlist_head *head;
     struct hlist_node *next;
     spinlock_t *lock;
-    
+
     node = avc_alloc_node();
     if ( !node )
     {
@@ -630,7 +630,7 @@  static int avc_update_node(u32 perms, u32 ssid, u32 tsid, u16 tclass,
         goto out;
     }
 
-    hvalue = avc_hash(ssid, tsid, tclass);    
+    hvalue = avc_hash(ssid, tsid, tclass);
 
     head = &avc_cache.slots[hvalue];
     lock = &avc_cache.slots_lock[hvalue];
@@ -695,7 +695,7 @@  int avc_ss_reset(u32 seqno)
         rcu_read_unlock(&avc_rcu_lock);
         spin_unlock_irqrestore(lock, flag);
     }
-    
+
     avc_latest_notif_update(seqno, 0);
     return rc;
 }
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 707be72a3b..eb16e289c3 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -75,15 +75,15 @@  static int __init cf_check parse_flask_param(const char *s)
 }
 custom_param("flask", parse_flask_param);
 
-static int domain_has_security(struct domain *d, u32 perms)
+static int domain_has_security(struct domain *d, uint32_t perms)
 {
     struct domain_security_struct *dsec;
-    
+
     dsec = d->ssid;
     if ( !dsec )
         return -EACCES;
-        
-    return avc_has_perm(dsec->sid, SECINITSID_SECURITY, SECCLASS_SECURITY, 
+
+    return avc_has_perm(dsec->sid, SECINITSID_SECURITY, SECCLASS_SECURITY,
                         perms, NULL);
 }
 
@@ -130,7 +130,7 @@  static int flask_security_access(struct xen_flask_access *arg)
     arg->audit_allow = avd.auditallow;
     arg->audit_deny = avd.auditdeny;
     arg->seqno = avd.seqno;
-                
+
     return rv;
 }
 
@@ -196,7 +196,7 @@  static int flask_security_sid(struct xen_flask_sid_context *arg)
 {
     int rv;
     char *context;
-    u32 len;
+    uint32_t len;
 
     rv = domain_has_security(current->domain, SECURITY__CHECK_CONTEXT);
     if ( rv )
@@ -223,7 +223,8 @@  static int flask_security_sid(struct xen_flask_sid_context *arg)
 
 #ifndef COMPAT
 
-static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *arg)
+static int flask_security_setavc_threshold(
+    struct xen_flask_setavc_threshold *arg)
 {
     int rv = 0;
 
@@ -350,7 +351,7 @@  static int flask_security_get_bool(struct xen_flask_boolean *arg)
         if ( nameout_len > arg->size )
             rv = -ERANGE;
         arg->size = nameout_len;
- 
+
         if ( !rv && _copy_to_guest(arg->name, nameout, nameout_len) )
             rv = -EFAULT;
         xfree(nameout);
@@ -386,9 +387,9 @@  static int flask_security_make_bools(void)
     int ret = 0;
     int num;
     int *values = NULL;
-    
+
     xfree(bool_pending_values);
-    
+
     ret = security_get_bools(&num, NULL, &values, NULL);
     if ( ret != 0 )
         goto out;
@@ -474,8 +475,8 @@  static int flask_devicetree_label(struct xen_flask_devicetree_label *arg)
 {
     int rv;
     char *buf;
-    u32 sid = arg->sid;
-    u32 perm = sid ? SECURITY__ADD_OCONTEXT : SECURITY__DEL_OCONTEXT;
+    uint32_t sid = arg->sid;
+    uint32_t perm = sid ? SECURITY__ADD_OCONTEXT : SECURITY__DEL_OCONTEXT;
 
     rv = domain_has_security(current->domain, perm);
     if ( rv )
@@ -670,7 +671,7 @@  ret_t cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op)
 
     case FLASK_MLS:
         rv = flask_mls_enabled;
-        break;    
+        break;
 
     case FLASK_GETAVC_THRESHOLD:
         rv = avc_cache_threshold;
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 0bf63ffa84..e2ebbc7716 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -38,34 +38,34 @@ 
 #include <conditional.h>
 #include "private.h"
 
-static u32 domain_sid(const struct domain *dom)
+static uint32_t domain_sid(const struct domain *dom)
 {
     struct domain_security_struct *dsec = dom->ssid;
     return dsec->sid;
 }
 
-static u32 domain_target_sid(const struct domain *src,
-                             const struct domain *dst)
+static uint32_t domain_target_sid(
+    const struct domain *src, const struct domain *dst)
 {
     struct domain_security_struct *ssec = src->ssid;
     struct domain_security_struct *dsec = dst->ssid;
-    if (src == dst)
+    if ( src == dst )
         return ssec->self_sid;
-    if (src->target == dst)
+    if ( src->target == dst )
         return ssec->target_sid;
     return dsec->sid;
 }
 
-static u32 evtchn_sid(const struct evtchn *chn)
+static uint32_t evtchn_sid(const struct evtchn *chn)
 {
     return chn->ssid.flask_sid;
 }
 
-static int domain_has_perm(const struct domain *dom1,
-                           const struct domain *dom2,
-                           u16 class, u32 perms)
+static int domain_has_perm(
+    const struct domain *dom1, const struct domain *dom2, uint16_t class,
+    uint32_t perms)
 {
-    u32 ssid, tsid;
+    uint32_t ssid, tsid;
     struct avc_audit_data ad;
     AVC_AUDIT_DATA_INIT(&ad, NONE);
     ad.sdom = dom1;
@@ -77,34 +77,35 @@  static int domain_has_perm(const struct domain *dom1,
     return avc_has_perm(ssid, tsid, class, perms, &ad);
 }
 
-static int avc_current_has_perm(u32 tsid, u16 class, u32 perm,
-                                struct avc_audit_data *ad)
+static int avc_current_has_perm(
+    uint32_t tsid, uint16_t class, uint32_t perm, struct avc_audit_data *ad)
 {
-    u32 csid = domain_sid(current->domain);
+    uint32_t csid = domain_sid(current->domain);
     return avc_has_perm(csid, tsid, class, perm, ad);
 }
 
-static int current_has_perm(struct domain *d, u16 class, u32 perms)
+static int current_has_perm(struct domain *d, uint16_t class, uint32_t perms)
 {
     return domain_has_perm(current->domain, d, class, perms);
 }
 
-static int domain_has_evtchn(struct domain *d, struct evtchn *chn, u32 perms)
+static int domain_has_evtchn(
+    struct domain *d, struct evtchn *chn, uint32_t perms)
 {
-    u32 dsid = domain_sid(d);
-    u32 esid = evtchn_sid(chn);
+    uint32_t dsid = domain_sid(d);
+    uint32_t esid = evtchn_sid(chn);
 
     return avc_has_perm(dsid, esid, SECCLASS_EVENT, perms, NULL);
 }
 
-static int domain_has_xen(struct domain *d, u32 perms)
+static int domain_has_xen(struct domain *d, uint32_t perms)
 {
-    u32 dsid = domain_sid(d);
+    uint32_t dsid = domain_sid(d);
 
     return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN, perms, NULL);
 }
 
-static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
+static int get_irq_sid(int irq, uint32_t *sid, struct avc_audit_data *ad)
 {
     if ( irq >= nr_irqs || irq < 0 )
         return -EINVAL;
@@ -120,8 +121,8 @@  static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
         struct irq_desc *desc = irq_to_desc(irq);
         if ( desc->msi_desc && desc->msi_desc->dev ) {
             struct pci_dev *dev = desc->msi_desc->dev;
-            u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
-            if (ad) {
+            uint32_t sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
+            if ( ad ) {
                 AVC_AUDIT_DATA_INIT(ad, DEV);
                 ad->device = sbdf;
             }
@@ -130,7 +131,7 @@  static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
     }
 #endif
 
-    if (ad) {
+    if ( ad ) {
         AVC_AUDIT_DATA_INIT(ad, IRQ);
         ad->irq = irq;
     }
@@ -200,7 +201,7 @@  static void cf_check flask_domain_free_security(struct domain *d)
 static int cf_check flask_evtchn_unbound(
     struct domain *d1, struct evtchn *chn, domid_t id2)
 {
-    u32 sid1, sid2, newsid;
+    uint32_t sid1, sid2, newsid;
     int rc;
     struct domain *d2;
 
@@ -234,7 +235,7 @@  static int cf_check flask_evtchn_interdomain(
     struct domain *d1, struct evtchn *chn1,
     struct domain *d2, struct evtchn *chn2)
 {
-    u32 sid1, sid2, newsid, reverse_sid;
+    uint32_t sid1, sid2, newsid, reverse_sid;
     int rc;
     struct avc_audit_data ad;
     AVC_AUDIT_DATA_INIT(&ad, NONE);
@@ -336,9 +337,9 @@  static char *cf_check flask_show_security_evtchn(
     struct domain *d, const struct evtchn *chn)
 {
     int irq;
-    u32 sid = 0;
+    uint32_t sid = 0;
     char *ctx;
-    u32 ctx_len;
+    uint32_t ctx_len;
 
     switch ( chn->state )
     {
@@ -354,7 +355,7 @@  static char *cf_check flask_show_security_evtchn(
     }
     if ( !sid )
         return NULL;
-    if (security_sid_to_context(sid, &ctx, &ctx_len))
+    if ( security_sid_to_context(sid, &ctx, &ctx_len) )
         return NULL;
     return ctx;
 }
@@ -367,7 +368,7 @@  static int cf_check flask_init_hardware_domain(struct domain *d)
 static int cf_check flask_grant_mapref(
     struct domain *d1, struct domain *d2, uint32_t flags)
 {
-    u32 perms = GRANT__MAP_READ;
+    uint32_t perms = GRANT__MAP_READ;
 
     if ( !(flags & GNTMAP_readonly) )
         perms |= GRANT__MAP_WRITE;
@@ -445,7 +446,7 @@  static int cf_check flask_get_vnumainfo(struct domain *d)
 
 static int cf_check flask_console_io(struct domain *d, int cmd)
 {
-    u32 perm;
+    uint32_t perm;
 
     switch ( cmd )
     {
@@ -464,7 +465,7 @@  static int cf_check flask_console_io(struct domain *d, int cmd)
 
 static int cf_check flask_profile(struct domain *d, int op)
 {
-    u32 perm;
+    uint32_t perm;
 
     switch ( op )
     {
@@ -510,7 +511,7 @@  static void cf_check flask_security_domaininfo(
     info->ssidref = domain_sid(d);
 }
 
-static int cf_check flask_domain_create(struct domain *d, u32 ssidref)
+static int cf_check flask_domain_create(struct domain *d, uint32_t ssidref)
 {
     int rc;
     struct domain_security_struct *dsec = d->ssid;
@@ -843,7 +844,7 @@  static int cf_check flask_sysctl(int cmd)
 
 static int cf_check flask_readconsole(uint32_t clear)
 {
-    u32 perms = XEN__READCONSOLE;
+    uint32_t perms = XEN__READCONSOLE;
 
     if ( clear )
         perms |= XEN__CLEARCONSOLE;
@@ -851,7 +852,7 @@  static int cf_check flask_readconsole(uint32_t clear)
     return domain_has_xen(current->domain, perms);
 }
 
-static inline u32 resource_to_perm(uint8_t access)
+static inline uint32_t resource_to_perm(uint8_t access)
 {
     if ( access )
         return RESOURCE__ADD;
@@ -861,13 +862,13 @@  static inline u32 resource_to_perm(uint8_t access)
 
 static char *cf_check flask_show_irq_sid(int irq)
 {
-    u32 sid, ctx_len;
+    uint32_t sid, ctx_len;
     char *ctx;
     int rc = get_irq_sid(irq, &sid, NULL);
     if ( rc )
         return NULL;
 
-    if (security_sid_to_context(sid, &ctx, &ctx_len))
+    if ( security_sid_to_context(sid, &ctx, &ctx_len) )
         return NULL;
 
     return ctx;
@@ -878,12 +879,13 @@  static int cf_check flask_map_domain_pirq(struct domain *d)
     return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
 }
 
-static int flask_map_domain_msi (struct domain *d, int irq, const void *data,
-                                 u32 *sid, struct avc_audit_data *ad)
+static int flask_map_domain_msi (
+    struct domain *d, int irq, const void *data, uint32_t *sid,
+    struct avc_audit_data *ad)
 {
 #ifdef CONFIG_HAS_PCI_MSI
     const struct msi_info *msi = data;
-    u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
+    uint32_t machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
 
     AVC_AUDIT_DATA_INIT(ad, DEV);
     ad->device = machine_bdf;
@@ -894,7 +896,7 @@  static int flask_map_domain_msi (struct domain *d, int irq, const void *data,
 #endif
 }
 
-static u32 flask_iommu_resource_use_perm(const struct domain *d)
+static uint32_t flask_iommu_resource_use_perm(const struct domain *d)
 {
     /* Obtain the permission level required for allowing a domain
      * to use an assigned device.
@@ -905,7 +907,7 @@  static u32 flask_iommu_resource_use_perm(const struct domain *d)
      * less capable hardware (no IOMMU or IOMMU missing intremap capability)
      * via other separate permissions.
      */
-    u32 perm = RESOURCE__USE_NOIOMMU;
+    uint32_t perm = RESOURCE__USE_NOIOMMU;
 
     if ( is_iommu_enabled(d) )
         perm = ( iommu_intremap ? RESOURCE__USE_IOMMU :
@@ -913,18 +915,18 @@  static u32 flask_iommu_resource_use_perm(const struct domain *d)
     return perm;
 }
 
-static int cf_check flask_map_domain_irq(struct domain *d, int irq, const void *data)
+static int cf_check flask_map_domain_irq(
+    struct domain *d, int irq, const void *data)
 {
-    u32 sid, dsid;
+    uint32_t sid, dsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
-    u32 dperm = flask_iommu_resource_use_perm(d);
+    uint32_t dperm = flask_iommu_resource_use_perm(d);
 
-    if ( irq >= nr_static_irqs && data ) {
+    if ( irq >= nr_static_irqs && data )
         rc = flask_map_domain_msi(d, irq, data, &sid, &ad);
-    } else {
+    else
         rc = get_irq_sid(irq, &sid, &ad);
-    }
 
     if ( rc )
         return rc;
@@ -944,12 +946,13 @@  static int cf_check flask_unmap_domain_pirq(struct domain *d)
     return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
 }
 
-static int flask_unmap_domain_msi (struct domain *d, int irq, const void *data,
-                                   u32 *sid, struct avc_audit_data *ad)
+static int flask_unmap_domain_msi (
+    struct domain *d, int irq, const void *data, uint32_t *sid,
+    struct avc_audit_data *ad)
 {
 #ifdef CONFIG_HAS_PCI_MSI
     const struct pci_dev *pdev = data;
-    u32 machine_bdf = (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn;
+    uint32_t machine_bdf = (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn;
 
     AVC_AUDIT_DATA_INIT(ad, DEV);
     ad->device = machine_bdf;
@@ -963,15 +966,15 @@  static int flask_unmap_domain_msi (struct domain *d, int irq, const void *data,
 static int cf_check flask_unmap_domain_irq(
     struct domain *d, int irq, const void *data)
 {
-    u32 sid;
+    uint32_t sid;
     int rc = -EPERM;
     struct avc_audit_data ad;
 
-    if ( irq >= nr_static_irqs && data ) {
+    if ( irq >= nr_static_irqs && data )
         rc = flask_unmap_domain_msi(d, irq, data, &sid, &ad);
-    } else {
+    else
         rc = get_irq_sid(irq, &sid, &ad);
-    }
+
     if ( rc )
         return rc;
 
@@ -982,11 +985,11 @@  static int cf_check flask_unmap_domain_irq(
 static int cf_check flask_bind_pt_irq(
     struct domain *d, struct xen_domctl_bind_pt_irq *bind)
 {
-    u32 dsid, rsid;
+    uint32_t dsid, rsid;
     int rc = -EPERM;
     int irq;
     struct avc_audit_data ad;
-    u32 dperm = flask_iommu_resource_use_perm(d);
+    uint32_t dperm = flask_iommu_resource_use_perm(d);
 
     rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
     if ( rc )
@@ -1020,14 +1023,14 @@  static int cf_check flask_irq_permission(
 }
 
 struct iomem_has_perm_data {
-    u32 ssid;
-    u32 dsid;
-    u32 perm;
-    u32 use_perm;
+    uint32_t ssid;
+    uint32_t dsid;
+    uint32_t perm;
+    uint32_t use_perm;
 };
 
 static int cf_check _iomem_has_perm(
-    void *v, u32 sid, unsigned long start, unsigned long end)
+    void *v, uint32_t sid, unsigned long start, unsigned long end)
 {
     struct iomem_has_perm_data *data = v;
     struct avc_audit_data ad;
@@ -1077,10 +1080,10 @@  static int cf_check flask_pci_config_permission(
     struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end,
     uint8_t access)
 {
-    u32 dsid, rsid;
+    uint32_t dsid, rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
-    u32 perm;
+    uint32_t perm;
 
     rc = security_device_sid(machine_bdf, &rsid);
     if ( rc )
@@ -1116,7 +1119,7 @@  static int flask_resource_use_core(void)
 
 static int cf_check flask_resource_plug_pci(uint32_t machine_bdf)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
 
@@ -1131,7 +1134,7 @@  static int cf_check flask_resource_plug_pci(uint32_t machine_bdf)
 
 static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
 
@@ -1146,7 +1149,7 @@  static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf)
 
 static int cf_check flask_resource_setup_pci(uint32_t machine_bdf)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
 
@@ -1161,7 +1164,7 @@  static int cf_check flask_resource_setup_pci(uint32_t machine_bdf)
 
 static int cf_check flask_resource_setup_gsi(int gsi)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
 
@@ -1179,7 +1182,8 @@  static int cf_check flask_resource_setup_misc(void)
 
 static inline int cf_check flask_page_offline(uint32_t cmd)
 {
-    switch (cmd) {
+    switch ( cmd )
+    {
     case sysctl_page_offline:
         return flask_resource_unplug_core();
     case sysctl_page_online:
@@ -1214,7 +1218,7 @@  static int cf_check flask_map_gmfn_foreign(struct domain *d, struct domain *t)
 
 static int cf_check flask_hvm_param(struct domain *d, unsigned long op)
 {
-    u32 perm;
+    uint32_t perm;
 
     switch ( op )
     {
@@ -1289,7 +1293,7 @@  static int cf_check flask_mem_sharing(struct domain *d)
 #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
 static int cf_check flask_get_device_group(uint32_t machine_bdf)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
 
     rc = security_device_sid(machine_bdf, &rsid);
@@ -1301,7 +1305,7 @@  static int cf_check flask_get_device_group(uint32_t machine_bdf)
 
 static int flask_test_assign_device(uint32_t machine_bdf)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
 
     rc = security_device_sid(machine_bdf, &rsid);
@@ -1313,10 +1317,10 @@  static int flask_test_assign_device(uint32_t machine_bdf)
 
 static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf)
 {
-    u32 dsid, rsid;
+    uint32_t dsid, rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
-    u32 dperm;
+    uint32_t dperm;
 
     if ( !d )
         return flask_test_assign_device(machine_bdf);
@@ -1344,7 +1348,7 @@  static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf)
 static int cf_check flask_deassign_device(
     struct domain *d, uint32_t machine_bdf)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
 
     rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
@@ -1362,7 +1366,7 @@  static int cf_check flask_deassign_device(
 #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE)
 static int flask_test_assign_dtdevice(const char *dtpath)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
 
     rc = security_devicetree_sid(dtpath, &rsid);
@@ -1375,10 +1379,10 @@  static int flask_test_assign_dtdevice(const char *dtpath)
 
 static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath)
 {
-    u32 dsid, rsid;
+    uint32_t dsid, rsid;
     int rc = -EPERM;
     struct avc_audit_data ad;
-    u32 dperm;
+    uint32_t dperm;
 
     if ( !d )
         return flask_test_assign_dtdevice(dtpath);
@@ -1406,7 +1410,7 @@  static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath)
 static int cf_check flask_deassign_dtdevice(
     struct domain *d, const char *dtpath)
 {
-    u32 rsid;
+    uint32_t rsid;
     int rc = -EPERM;
 
     rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
@@ -1498,7 +1502,7 @@  static int cf_check flask_do_mca(void)
 
 static int cf_check flask_shadow_control(struct domain *d, uint32_t op)
 {
-    u32 perm;
+    uint32_t perm;
 
     switch ( op )
     {
@@ -1524,14 +1528,14 @@  static int cf_check flask_shadow_control(struct domain *d, uint32_t op)
 }
 
 struct ioport_has_perm_data {
-    u32 ssid;
-    u32 dsid;
-    u32 perm;
-    u32 use_perm;
+    uint32_t ssid;
+    uint32_t dsid;
+    uint32_t perm;
+    uint32_t use_perm;
 };
 
 static int cf_check _ioport_has_perm(
-    void *v, u32 sid, unsigned long start, unsigned long end)
+    void *v, uint32_t sid, unsigned long start, unsigned long end)
 {
     struct ioport_has_perm_data *data = v;
     struct avc_audit_data ad;
@@ -1590,7 +1594,7 @@  static int cf_check flask_mem_sharing_op(
 
 static int cf_check flask_apic(struct domain *d, int cmd)
 {
-    u32 perm;
+    uint32_t perm;
 
     switch ( cmd )
     {
@@ -1622,7 +1626,7 @@  static int cf_check flask_mmu_update(
     struct domain *d, struct domain *t, struct domain *f, uint32_t flags)
 {
     int rc = 0;
-    u32 map_perms = 0;
+    uint32_t map_perms = 0;
 
     if ( t && d != t )
         rc = domain_has_perm(d, t, SECCLASS_MMU, MMU__REMOTE_REMAP);
@@ -1649,7 +1653,7 @@  static int cf_check flask_mmuext_op(struct domain *d, struct domain *f)
 static int cf_check flask_update_va_mapping(
     struct domain *d, struct domain *f, l1_pgentry_t pte)
 {
-    u32 map_perms = MMU__MAP_READ;
+    uint32_t map_perms = MMU__MAP_READ;
     if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) )
         return 0;
     if ( l1e_get_flags(pte) & _PAGE_RW )
@@ -1665,7 +1669,7 @@  static int cf_check flask_priv_mapping(struct domain *d, struct domain *t)
 
 static int cf_check flask_pmu_op(struct domain *d, unsigned int op)
 {
-    u32 dsid = domain_sid(d);
+    uint32_t dsid = domain_sid(d);
 
     switch ( op )
     {
@@ -1694,7 +1698,7 @@  static int cf_check flask_dm_op(struct domain *d)
 
 static int cf_check flask_xen_version(uint32_t op)
 {
-    u32 dsid = domain_sid(current->domain);
+    uint32_t dsid = domain_sid(current->domain);
 
     switch ( op )
     {
@@ -1902,8 +1906,8 @@  static const struct xsm_ops __initconst_cf_clobber flask_ops = {
 #endif
 };
 
-const struct xsm_ops *__init flask_init(const void *policy_buffer,
-                                        size_t policy_size)
+const struct xsm_ops *__init flask_init(
+    const void *policy_buffer, size_t policy_size)
 {
     int ret = -ENOENT;
 
diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h
index c14bd07a2b..e29949f5a8 100644
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -3,7 +3,7 @@ 
  *
  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
  */
- 
+
 /* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
 
 #ifndef _FLASK_AVC_H_
diff --git a/xen/xsm/flask/ss/avtab.c b/xen/xsm/flask/ss/avtab.c
index 55c2b4d8a4..017f5183de 100644
--- a/xen/xsm/flask/ss/avtab.c
+++ b/xen/xsm/flask/ss/avtab.c
@@ -35,7 +35,7 @@  static inline int avtab_hash(struct avtab_key *keyp, u16 mask)
 }
 
 static struct avtab_node* avtab_insert_node(struct avtab *h, int hvalue,
-    struct avtab_node * prev, struct avtab_node * cur, struct avtab_key *key, 
+    struct avtab_node * prev, struct avtab_node * cur, struct avtab_key *key,
                                                     struct avtab_datum *datum)
 {
     struct avtab_node *newnode = xzalloc(struct avtab_node);
@@ -59,7 +59,7 @@  static struct avtab_node* avtab_insert_node(struct avtab *h, int hvalue,
     return newnode;
 }
 
-static int avtab_insert(struct avtab *h, struct avtab_key *key, 
+static int avtab_insert(struct avtab *h, struct avtab_key *key,
                                                     struct avtab_datum *datum)
 {
     int hvalue;
@@ -100,7 +100,7 @@  static int avtab_insert(struct avtab *h, struct avtab_key *key,
  * key/specified mask into the table, as needed by the conditional avtab.
  * It also returns a pointer to the node inserted.
  */
-struct avtab_node * avtab_insert_nonunique(struct avtab * h, 
+struct avtab_node * avtab_insert_nonunique(struct avtab * h,
                             struct avtab_key * key, struct avtab_datum * datum)
 {
     int hvalue;
@@ -110,7 +110,7 @@  struct avtab_node * avtab_insert_nonunique(struct avtab * h,
     if ( !h || !h->htable )
         return NULL;
     hvalue = avtab_hash(key, h->mask);
-    for ( prev = NULL, cur = h->htable[hvalue]; cur; 
+    for ( prev = NULL, cur = h->htable[hvalue]; cur;
                                                 prev = cur, cur = cur->next )
     {
         if ( key->source_type == cur->key.source_type &&
@@ -199,7 +199,7 @@  struct avtab_node* avtab_search_node(struct avtab *h, struct avtab_key *key)
     return NULL;
 }
 
-struct avtab_node* avtab_search_node_next(struct avtab_node *node, 
+struct avtab_node* avtab_search_node_next(struct avtab_node *node,
                                                                 int specified)
 {
     struct avtab_node *cur;
diff --git a/xen/xsm/flask/ss/avtab.h b/xen/xsm/flask/ss/avtab.h
index a2b50c222a..591604f927 100644
--- a/xen/xsm/flask/ss/avtab.h
+++ b/xen/xsm/flask/ss/avtab.h
@@ -74,12 +74,12 @@  int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 
 int avtab_read(struct avtab *a, void *fp, struct policydb *pol);
 
-struct avtab_node *avtab_insert_nonunique(struct avtab *h, 
+struct avtab_node *avtab_insert_nonunique(struct avtab *h,
                             struct avtab_key *key, struct avtab_datum *datum);
 
 struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key);
 
-struct avtab_node *avtab_search_node_next(struct avtab_node *node, 
+struct avtab_node *avtab_search_node_next(struct avtab_node *node,
                                                                 int specified);
 
 #define MAX_AVTAB_HASH_BITS 13
diff --git a/xen/xsm/flask/ss/conditional.c b/xen/xsm/flask/ss/conditional.c
index b4b116666c..e74fc01746 100644
--- a/xen/xsm/flask/ss/conditional.c
+++ b/xen/xsm/flask/ss/conditional.c
@@ -452,7 +452,7 @@  static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
             goto err;
         }
 
-        if ( i == 0 ) 
+        if ( i == 0 )
             node->expr = expr;
         else
             last->next = expr;
@@ -513,7 +513,7 @@  err:
 /* Determine whether additional permissions are granted by the conditional
  * av table, and if so, add them to the result
  */
-void cond_compute_av(struct avtab *ctab, struct avtab_key *key, 
+void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
                                                         struct av_decision *avd)
 {
     struct avtab_node *node;
diff --git a/xen/xsm/flask/ss/context.h b/xen/xsm/flask/ss/context.h
index 302b3698a7..311edf8794 100644
--- a/xen/xsm/flask/ss/context.h
+++ b/xen/xsm/flask/ss/context.h
@@ -12,9 +12,9 @@ 
  *
  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
  */
- 
+
 /* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
- 
+
 #ifndef _SS_CONTEXT_H_
 #define _SS_CONTEXT_H_
 
diff --git a/xen/xsm/flask/ss/mls.c b/xen/xsm/flask/ss/mls.c
index f2fa560810..a3255ae01a 100644
--- a/xen/xsm/flask/ss/mls.c
+++ b/xen/xsm/flask/ss/mls.c
@@ -70,7 +70,7 @@  int mls_compute_context_len(struct context * context)
         }
         if ( l == 0 )
         {
-            if ( mls_level_eq(&context->range.level[0], 
+            if ( mls_level_eq(&context->range.level[0],
                               &context->range.level[1]) )
                 break;
             else
diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c
index ff2103c63e..162470bbbd 100644
--- a/xen/xsm/flask/ss/policydb.c
+++ b/xen/xsm/flask/ss/policydb.c
@@ -339,7 +339,7 @@  static int cf_check sens_index(void *key, void *datum, void *datap)
 
     if ( !levdatum->isalias )
     {
-        if ( !levdatum->level->sens || levdatum->level->sens > 
+        if ( !levdatum->level->sens || levdatum->level->sens >
                                                         p->p_levels.nprim )
             return -EINVAL;
         p->p_sens_val_to_name[levdatum->level->sens - 1] = key;
diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c
index 2f6d3d350d..dab07b5f60 100644
--- a/xen/xsm/flask/ss/services.c
+++ b/xen/xsm/flask/ss/services.c
@@ -99,7 +99,7 @@  static int context_struct_compute_av(struct context *scontext,
  * constraint_expr_eval should pass in NULL for xcontext.
  */
 static int constraint_expr_eval(struct context *scontext,
-                            struct context *tcontext, struct context *xcontext, 
+                            struct context *tcontext, struct context *xcontext,
                                                 struct constraint_expr *cexpr)
 {
     u32 val1, val2;
@@ -1073,7 +1073,7 @@  static int security_compute_sid(u32 ssid,
                 /* Look for a role transition rule. */
                 for ( roletr = policydb.role_tr; roletr; roletr = roletr->next )
                 {
-                    if ( roletr->role == scontext->role && 
+                    if ( roletr->role == scontext->role &&
                                             roletr->type == tcontext->type )
                     {
                         /* Use the role transition rule. */
@@ -1485,7 +1485,7 @@  int security_irq_sid(int pirq, u32 *out_sid)
     POLICY_RDLOCK;
 
     c = policydb.ocontexts[OCON_PIRQ];
-    
+
     while ( c )
     {
         if ( c->u.pirq == pirq )
diff --git a/xen/xsm/flask/ss/sidtab.c b/xen/xsm/flask/ss/sidtab.c
index cd1360cb4a..74babfac9c 100644
--- a/xen/xsm/flask/ss/sidtab.c
+++ b/xen/xsm/flask/ss/sidtab.c
@@ -3,9 +3,9 @@ 
  *
  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
  */
- 
+
 /* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
- 
+
 #include <xen/lib.h>
 #include <xen/xmalloc.h>
 #include <xen/errno.h>
@@ -192,7 +192,7 @@  void sidtab_map_remove_on_error(struct sidtab *s,
     return;
 }
 
-static inline u32 sidtab_search_context(struct sidtab *s, 
+static inline u32 sidtab_search_context(struct sidtab *s,
                                                         struct context *context)
 {
     int i;