On 6/1/22 02:49, Jan Beulich wrote: > On 31.05.2022 21:18, Andrew Cooper wrote: >> On 31/05/2022 19:20, Daniel P. Smith wrote: >>> diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c >>> index 53a73010e0..ed67b50c9d 100644 >>> --- a/xen/arch/x86/setup.c >>> +++ b/xen/arch/x86/setup.c >>> @@ -1700,7 +1701,11 @@ void __init noreturn __start_xen(unsigned long mbi_p) >>> mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges", >>> RANGESETF_prettyprint_hex); >>> >>> - xsm_multiboot_init(module_map, mbi); >>> + if ( xsm_multiboot_init(module_map, mbi) ) >>> + warning_add("WARNING: XSM failed to initialize.\n" >>> + "This has implications on the security of the >>> system,\n" >>> + "as uncontrolled communications between trusted and\n" >>> + "untrusted domains may occur.\n"); >> >> The problem with this approach is that it forces each architecture to >> opencode the failure string, in a function which is very busy with other >> things too. >> >> Couldn't xsm_{multiboot,dt}_init() be void, and the warning_add() move >> into them, like the SLIO warning for ARM already? > > I, too, was considering to suggest this (but then didn't on v3). Furthermore > the warning_add() could then be wrapped in a trivial helper function to be > used by both MB and DT.
Re: helper function, ack.