George S. Coker, II
2007-May-07 21:41 UTC
[Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK
Updates in this patch set include:
- reintroduction of rcu locking support in security cache
- track xsm changes
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Chris Wright
2007-May-07 23:24 UTC
Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK
And to drill down into module based on core evtchn stuff...> +static int flask_alloc_security_evtchn(struct evtchn *chn) > +{ > + int i; > + struct evtchn_security_struct *esec; > + > + for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) { > + esec = xmalloc(struct evtchn_security_struct); > +As I mentioned in 1/4 review, this should be done at higher level.> + if (!esec) > + return -ENOMEM;In fact, this is a leak because there''s no unwind, and bucket is freed if this error is encountered.> + > + memset(esec, 0, sizeof(struct evtchn_security_struct)); > + > + esec->chn = &chn[i]; > + esec->sid = SECINITSID_UNLABELED; > + > + (&chn[i])->ssid = esec; > + } > + > + return 0; > +} > + > +static void flask_free_security_evtchn(struct evtchn *chn) > +{ > + int i; > + struct evtchn_security_struct *esec; > + > + if (!chn) > + return; > + > + for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) { > + esec = (&chn[i])->ssid;This is not a bucket, because this _is_ done at a higher level. Thus, writing on and freeing random memory.> + > + if (!esec) > + continue; > + > + (&chn[i])->ssid = NULL; > + xfree(esec); > + } > + > +}_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Mark Williamson
2007-May-08 03:15 UTC
Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK
Hi George, More coding style nits from my automated pedantry script.> Updates in this patch set include: > - reintroduction of rcu locking support in security cache > - track xsm changes > > Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>I''ve not attached the style checker output this one gave me because most of it''s fairly homogeneous can be fixed by a regexp find/replace. Issues identified: Most Xen code spaces out the if conditional brackets like so: if ( !node_ptr ) if boolean operators are used in the expression they''re also surrounded by space. There are a number of places where Linux-style spacing is used instead. Braces are always on their own line in the Xen code... There are a number of places where this patch puts them on a line with another statement, K&R / Linux style. I also found a number of instances of trailing whitespace, and of tabs being used for indentation instead of spaces. All these things can probably be fixed using sed / emacs / etc so I''ve not attached the rather verbose output from the checker... Please let me know if I can help speed things up and I''ll send you more information. Cheers, Mark -- Dave: Just a question. What use is a unicyle with no seat? And no pedals! Mark: To answer a question with a question: What use is a skateboard? Dave: Skateboards have wheels. Mark: My wheel has a wheel! _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
George S. Coker, II
2007-Jun-04 19:06 UTC
[Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK
Updates in this patch set include:
- coding style cleanups
- track xsm changes
- remove patch cruft
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
George S. Coker, II
2007-Jun-14 18:14 UTC
Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK
The previously posted flask xsm patch was a dupe of the xsm tools patch. The correct patch is attached to this e-mail. The XSM patches apply cleanly to 15200:bd3d6b4c52ec as well as to the tip 15249:93f77a5a8437. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> On Mon, 2007-06-04 at 15:06 -0400, George S. Coker, II wrote:> Updates in this patch set include: > - coding style cleanups > - track xsm changes > - remove patch cruft > > Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel