Hi Sergiy,
If you don't mind, please CC me directly, as I am the only XSM
maintainer for which you will need my Ack. And for whatever reason, I
cannot find the v2 post in my xen-devel folder. If you want to resend me
v2, it would be greatly appreciated.
V/r,
Daniel P. Smith
Apertus Solutions, LLC
On 9/2/25 05:41, Jan Beulich wrote:
On 01.09.2025 12:52, Sergiy Kibrik wrote:
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -418,6 +418,17 @@ config XSM_FLASK_AVC_STATS
If unsure, say Y.
+config XSM_FLASK_SIDTABLE_ORDER
+ int "Maximum number of security identifiers (base-2 exponent)" if EXPERT
+ range 4 32
+ default 32
When 32 is chosen (i.e. also the default when the prompt is hidden), ...
--- a/xen/xsm/flask/ss/sidtab.c
+++ b/xen/xsm/flask/ss/sidtab.c
@@ -14,6 +14,8 @@
#include "security.h"
#include "sidtab.h"
+#define SID_LIMIT ((1UL << CONFIG_XSM_FLASK_SIDTABLE_ORDER) - 1)
... for Arm32 I expect either already the compiler will not like this construct,
or the latest an UBSAN checker would object.
Jan
