On 31/05/2022 19:20, Daniel P. Smith wrote:
> diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
> index 53a73010e0..ed67b50c9d 100644
> --- a/xen/arch/x86/setup.c
> +++ b/xen/arch/x86/setup.c
> @@ -1700,7 +1701,11 @@ void __init noreturn __start_xen(unsigned long mbi_p)
> mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges",
> RANGESETF_prettyprint_hex);
>
> - xsm_multiboot_init(module_map, mbi);
> + if ( xsm_multiboot_init(module_map, mbi) )
> + warning_add("WARNING: XSM failed to initialize.\n"
> + "This has implications on the security of the system,\n"
> + "as uncontrolled communications between trusted and\n"
> + "untrusted domains may occur.\n");
The problem with this approach is that it forces each architecture to
opencode the failure string, in a function which is very busy with other
things too.
Couldn't xsm_{multiboot,dt}_init() be void, and the warning_add() move
into them, like the SLIO warning for ARM already?
That would simplify both ARM and x86's __start_xen(), and be an
improvement for the RISC-V series just posted to xen-devel...
~Andrew
