18 messages in com.xensource.lists.xen-develRe: [Xen-devel] [PATCH] fix broken ACM| From | Sent On | Attachments |
|---|---|---|
| aq | 22 Jun 2005 10:39 |  .patch |
| Keir Fraser | 22 Jun 2005 10:51 | |
| aq | 22 Jun 2005 10:52 | |
| aq | 22 Jun 2005 11:22 | |
| Stefan Berger | 22 Jun 2005 20:41 | |
| aq | 22 Jun 2005 20:55 | |
| Stefan Berger | 22 Jun 2005 21:17 | |
| Keir Fraser | 23 Jun 2005 00:48 | |
| aq | 23 Jun 2005 00:56 | .patch |
| aq | 23 Jun 2005 01:04 | |
| Keir Fraser | 23 Jun 2005 01:14 | |
| aq | 23 Jun 2005 01:19 | |
| Stefan Berger | 23 Jun 2005 07:56 | .patch |
| Keir Fraser | 23 Jun 2005 08:15 | |
| aq | 23 Jun 2005 08:21 | |
| Keir Fraser | 23 Jun 2005 08:51 | |
| Stefan Berger | 23 Jun 2005 08:56 | |
| aq | 23 Jun 2005 15:05 |
| Subject: | Re: [Xen-devel] [PATCH] fix broken ACM |
|---|---|
| From: | Stefan Berger (stef...@us.ibm.com) |
| Date: | 06/23/2005 08:56:31 AM |
| List: | com.xensource.lists.xen-devel |
xen-...@lists.xensource.com wrote on 06/23/2005 11:22:04 AM:
On 6/24/05, Keir Fraser <Keir...@cl.cam.ac.uk> wrote:
On 23 Jun 2005, at 15:57, Stefan Berger wrote:
ok, i see the point. the problem is because i moved some codes (acm_init() and acm_init_binary_policy()) to acm_hooks.h. now it seems better to move them back. but it is weird that i got no problem with gcc 3.3.5
could you please try again with the new patch below?
I tried it with your attached patch. There was an unused function when trying out the NULL policy. The attached patch on top of yours and things compile fine.
I'm still confused what these patches are aiming to fix. If we are building 'NULL' security policy then all the hooks should compile away to nothing and acm core files do not get built. So why do they need patching with ifdef's conditional on whether or not the policy is 'NULL'?
Currently, if you re-enable building of acm/ directory in the Xen root Makefile, yet the ACM_USE_SECURITY_POLICY is NULL_POLICY, the build will certainly fail. But I don;t see why we would want to support that. :-)
Keir, certainly i understand your point. but this patch doesnt harm, anyway ;-)
one annoying problem at the moment is that if we want to compile ACM in, we should modify the value of ACM_USE_SECURITY_POLICY, since the current default value is ACM_NULL_POLICY( which is meaningless as Keir pointed out )
We have a choice of compiling in a NULL policy on two levels now:
Do not define ACM_USE_SECURITY_POLICY on makefile level to not compile any policy code in the xen/acm directory and effectlively have a NULL policy.
If ACM_USE_SECURITY_POLICY is defined on the makefile level and ACM_NULL_POLICY is the default as the policy to compile (see the choice in xen/include/public/acm.h), we also get a NULL policy. The inline calls that are compiled into the code will all be removed since they default to 'return 0'. - so no hooks there and no overhead.
Is it a problem to have that 2nd level choice of a NULL policy?
Stefan
_______________________________________________ Xen-devel mailing list Xen-...@lists.xensource.com http://lists.xensource.com/xen-devel