06.09.25 01:01, Daniel P. Smith:
Hi Sergiy,
If you don't mind, please CC me directly, as I am the only XSM
maintainer for which you will need my Ack. And for whatever reason, I
cannot find the v2 post in my xen-devel folder. If you want to resend me
v2, it would be greatly appreciated.
yes, sure
On 9/2/25 05:41, Jan Beulich wrote:
On 01.09.2025 12:52, Sergiy Kibrik wrote:
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -418,6 +418,17 @@ config XSM_FLASK_AVC_STATS
If unsure, say Y.
+config XSM_FLASK_SIDTABLE_ORDER
+ int "Maximum number of security identifiers (base-2 exponent)" if EXPERT
+ range 4 32
+ default 32
When 32 is chosen (i.e. also the default when the prompt is hidden), ...
--- a/xen/xsm/flask/ss/sidtab.c
+++ b/xen/xsm/flask/ss/sidtab.c
@@ -14,6 +14,8 @@
#include "security.h"
#include "sidtab.h"
+#define SID_LIMIT ((1UL << CONFIG_XSM_FLASK_SIDTABLE_ORDER) - 1)
... for Arm32 I expect either already the compiler will not like this construct,
or the latest an UBSAN checker would object.
you're right, arm32 toolchain is not building this.
Would the following be acceptable then? :
#define SID_LIMIT ((1ULL << CONFIG_XSM_FLASK_SIDTABLE_ORDER) - 1)
-Sergiy
