On 26.09.2025 08:32, Sergiy Kibrik wrote: > 06.09.25 01:01, Daniel P. Smith: >> On 9/2/25 05:41, Jan Beulich wrote: >>> On 01.09.2025 12:52, Sergiy Kibrik wrote: >>>> --- a/xen/common/Kconfig >>>> +++ b/xen/common/Kconfig >>>> @@ -418,6 +418,17 @@ config XSM_FLASK_AVC_STATS >>>> >>>> If unsure, say Y. >>>> >>>> +config XSM_FLASK_SIDTABLE_ORDER >>>> + int "Maximum number of security identifiers (base-2 exponent)" if EXPERT >>>> + range 4 32 >>>> + default 32 >>> When 32 is chosen (i.e. also the default when the prompt is hidden), ... >>> >>>> --- a/xen/xsm/flask/ss/sidtab.c >>>> +++ b/xen/xsm/flask/ss/sidtab.c >>>> @@ -14,6 +14,8 @@ >>>> #include "security.h" >>>> #include "sidtab.h" >>>> >>>> +#define SID_LIMIT ((1UL << CONFIG_XSM_FLASK_SIDTABLE_ORDER) - 1) >>> ... for Arm32 I expect either already the compiler will not like this >>> construct, >>> or the latest an UBSAN checker would object. > > you're right, arm32 toolchain is not building this. > Would the following be acceptable then? : > > #define SID_LIMIT ((1ULL << CONFIG_XSM_FLASK_SIDTABLE_ORDER) - 1)
Personally I'd consider this an abuse of the ULL suffix. But it'll be Daniel to judge in the end. Jan
