On 01.09.2025 12:52, Sergiy Kibrik wrote: > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -418,6 +418,17 @@ config XSM_FLASK_AVC_STATS > > If unsure, say Y. > > +config XSM_FLASK_SIDTABLE_ORDER > + int "Maximum number of security identifiers (base-2 exponent)" if EXPERT > + range 4 32 > + default 32
When 32 is chosen (i.e. also the default when the prompt is hidden), ... > --- a/xen/xsm/flask/ss/sidtab.c > +++ b/xen/xsm/flask/ss/sidtab.c > @@ -14,6 +14,8 @@ > #include "security.h" > #include "sidtab.h" > > +#define SID_LIMIT ((1UL << CONFIG_XSM_FLASK_SIDTABLE_ORDER) - 1) ... for Arm32 I expect either already the compiler will not like this construct, or the latest an UBSAN checker would object. Jan
