From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: Re: [PATCH 0/4] flask: XSA-84 follow-ups Date: Mon, 10 Feb 2014 15:22:33 -0500 Message-ID: <52F93509.2030304@tycho.nsa.gov> References: <52F4B840020000780011A1E2@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1WCxOE-00069l-2i for xen-devel@lists.xenproject.org; Mon, 10 Feb 2014 20:23:38 +0000 In-Reply-To: <52F4B840020000780011A1E2@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich , xen-devel Cc: George Dunlap List-Id: xen-devel@lists.xenproject.org On 02/07/2014 04:41 AM, Jan Beulich wrote: > 1: fix memory leaks > 2: fix error propagation from flask_security_set_bool() > 3: check permissions first thing in flask_security_set_bool() > 4: add compat mode guest support > > Signed-off-by: Jan Beulich > > Release-wise, I would think that 1-3 should certainly go in. While I'd > like 4 to be in for 4.4 too, I realize that's a little more intrusive than > one would want at this point. > > Jan All four patches look correct to me. I assume the movement of the flask_security_commit_bools inside the #ifdef is made possible by the xlat.lst parsing, but didn't look too closely at how that was done. Acked-by: Daniel De Graaf Re: what goes in release - I agree that #4 would be nice but I wouldn't push too hard to make an exception for it. The users of the XSM interface would primarily be toolstack and related domains where a requirement to be 64-bit should not be too restrictive (not to say this shouldn't be fixed, of course). -- Daniel De Graaf National Security Agency