[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 23/23] xen/xsm: Add xsm_default parameter to XSM hooks



Include the default XSM hook action as the first argument of the hook to
facilitate quick understanding of how the call site is expected to be
used (dom0-only, arbitrary guest, or device model). This argument does
not solely define how a given hook is interpreted, since any changes to
the hook's default action need to be made identically to all callers of
a hook (if there are multiple callers; most hooks only have one), and
may also require changing the arguments of the hook.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: Tim Deegan <tim@xxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
Cc: Keir Fraser <keir@xxxxxxx>
---
 xen/arch/x86/cpu/mcheck/mce.c     |   2 +-
 xen/arch/x86/domctl.c             |  10 +-
 xen/arch/x86/hvm/hvm.c            |  26 +-
 xen/arch/x86/irq.c                |   2 +-
 xen/arch/x86/mm.c                 |  20 +-
 xen/arch/x86/mm/mem_event.c       |   4 +-
 xen/arch/x86/mm/mem_sharing.c     |   4 +-
 xen/arch/x86/mm/paging.c          |   2 +-
 xen/arch/x86/msi.c                |   2 +-
 xen/arch/x86/physdev.c            |  12 +-
 xen/arch/x86/platform_hypercall.c |  10 +-
 xen/arch/x86/sysctl.c             |   4 +-
 xen/arch/x86/traps.c              |   2 +-
 xen/common/domain.c               |   2 +-
 xen/common/domctl.c               |  10 +-
 xen/common/event_channel.c        |  12 +-
 xen/common/grant_table.c          |  16 +-
 xen/common/kexec.c                |   2 +-
 xen/common/memory.c               |   8 +-
 xen/common/schedule.c             |   2 +-
 xen/common/sysctl.c               |   8 +-
 xen/common/xenoprof.c             |   2 +-
 xen/drivers/char/console.c        |   2 +-
 xen/drivers/passthrough/iommu.c   |  10 +-
 xen/drivers/passthrough/pci.c     |   4 +-
 xen/include/xen/tmem_xen.h        |   4 +-
 xen/include/xsm/dummy.h           | 507 +++++++++++++++++++++-----------------
 xen/include/xsm/xsm.h             | 155 ++++++------
 28 files changed, 455 insertions(+), 389 deletions(-)

diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index 658774a..26273f9 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -1293,7 +1293,7 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc)
     struct xen_mc_msrinject *mc_msrinject;
     struct xen_mc_mceinject *mc_mceinject;
 
-    ret = xsm_do_mca();
+    ret = xsm_do_mca(XSM_PRIV);
     if ( ret )
         return x86_mcerr(NULL, ret);
 
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 2630bdb..0117375 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -76,7 +76,7 @@ long arch_do_domctl(
 
         if ( np == 0 )
             ret = 0;
-        else if ( xsm_ioport_permission(d, fp, fp + np - 1, allow) )
+        else if ( xsm_ioport_permission(XSM_HOOK, d, fp, fp + np - 1, allow) )
             ret = -EPERM;
         else if ( allow )
             ret = ioports_permit_access(d, fp, fp + np - 1);
@@ -566,7 +566,7 @@ long arch_do_domctl(
         if ( !is_hvm_domain(d) )
             break;
 
-        ret = xsm_bind_pt_irq(d, bind);
+        ret = xsm_bind_pt_irq(XSM_HOOK, d, bind);
         if ( ret )
             break;
 
@@ -599,7 +599,7 @@ long arch_do_domctl(
              !irq_access_permitted(current->domain, bind->machine_irq) )
             break;
 
-        ret = xsm_unbind_pt_irq(d, bind);
+        ret = xsm_unbind_pt_irq(XSM_HOOK, d, bind);
         if ( ret )
             break;
 
@@ -634,7 +634,7 @@ long arch_do_domctl(
              !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) )
             break;
 
-        ret = xsm_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
+        ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn + nr_mfns - 1, add);
         if ( ret )
             break;
 
@@ -712,7 +712,7 @@ long arch_do_domctl(
              !ioports_access_permitted(current->domain, fmp, fmp + np - 1) )
             break;
 
-        ret = xsm_ioport_mapping(d, fmp, fmp + np - 1, add);
+        ret = xsm_ioport_mapping(XSM_HOOK, d, fmp, fmp + np - 1, add);
         if ( ret )
             break;
 
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 5bdde8d..eda715f 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3400,7 +3400,7 @@ static int hvmop_set_pci_intx_level(
     if ( !is_hvm_domain(d) )
         goto out;
 
-    rc = xsm_hvm_set_pci_intx_level(d);
+    rc = xsm_hvm_set_pci_intx_level(XSM_DM_PRIV, d);
     if ( rc )
         goto out;
 
@@ -3567,7 +3567,7 @@ static int hvmop_set_isa_irq_level(
     if ( !is_hvm_domain(d) )
         goto out;
 
-    rc = xsm_hvm_set_isa_irq_level(d);
+    rc = xsm_hvm_set_isa_irq_level(XSM_DM_PRIV, d);
     if ( rc )
         goto out;
 
@@ -3611,7 +3611,7 @@ static int hvmop_set_pci_link_route(
     if ( !is_hvm_domain(d) )
         goto out;
 
-    rc = xsm_hvm_set_pci_link_route(d);
+    rc = xsm_hvm_set_pci_link_route(XSM_DM_PRIV, d);
     if ( rc )
         goto out;
 
@@ -3641,7 +3641,7 @@ static int hvmop_inject_msi(
     if ( !is_hvm_domain(d) )
         goto out;
 
-    rc = xsm_hvm_inject_msi(d);
+    rc = xsm_hvm_inject_msi(XSM_DM_PRIV, d);
     if ( rc )
         goto out;
 
@@ -3738,7 +3738,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail;
 
@@ -3984,7 +3984,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail2;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail2;
 
@@ -4023,7 +4023,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail3;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail3;
 
@@ -4069,7 +4069,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             return -ESRCH;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail_getmemtype;
 
@@ -4124,7 +4124,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail4;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail4;
 
@@ -4203,7 +4203,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail5;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail5;
 
@@ -4238,7 +4238,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail6;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail6;
 
@@ -4274,7 +4274,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) || !paging_mode_shadow(d) )
             goto param_fail7;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail7;
 
@@ -4328,7 +4328,7 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( !is_hvm_domain(d) )
             goto param_fail8;
 
-        rc = xsm_hvm_param(d, op);
+        rc = xsm_hvm_param(XSM_TARGET, d, op);
         if ( rc )
             goto param_fail8;
 
diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index 238600a..095c17d 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1874,7 +1874,7 @@ int map_domain_pirq(
         return 0;
     }
 
-    ret = xsm_map_domain_pirq(d, irq, data);
+    ret = xsm_map_domain_pirq(XSM_HOOK, d, irq, data);
     if ( ret )
     {
         dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d 
mapping to pirq %d\n",
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 9a2acca..f2cf7d9 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2716,7 +2716,7 @@ long do_mmuext_op(
         goto out;
     }
 
-    rc = xsm_mmuext_op(d, pg_owner);
+    rc = xsm_mmuext_op(XSM_TARGET, d, pg_owner);
     if ( rc )
     {
         rcu_unlock_domain(pg_owner);
@@ -2788,7 +2788,7 @@ long do_mmuext_op(
                 break;
             }
 
-            if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 )
+            if ( (rc = xsm_memory_pin_page(XSM_HOOK, d, pg_owner, page)) != 0 )
             {
                 put_page_and_type(page);
                 okay = 0;
@@ -3245,7 +3245,7 @@ long do_mmu_update(
             }
             if ( xsm_needed != xsm_checked )
             {
-                rc = xsm_mmu_update(d, pt_owner, pg_owner, xsm_needed);
+                rc = xsm_mmu_update(XSM_TARGET, d, pt_owner, pg_owner, 
xsm_needed);
                 if ( rc )
                     break;
                 xsm_checked = xsm_needed;
@@ -3364,7 +3364,7 @@ long do_mmu_update(
             xsm_needed |= XSM_MMU_MACHPHYS_UPDATE;
             if ( xsm_needed != xsm_checked )
             {
-                rc = xsm_mmu_update(d, NULL, pg_owner, xsm_needed);
+                rc = xsm_mmu_update(XSM_TARGET, d, NULL, pg_owner, xsm_needed);
                 if ( rc )
                     break;
                 xsm_checked = xsm_needed;
@@ -3932,7 +3932,7 @@ static int __do_update_va_mapping(
 
     perfc_incr(calls_to_update_va);
 
-    rc = xsm_update_va_mapping(d, pg_owner, val);
+    rc = xsm_update_va_mapping(XSM_TARGET, d, pg_owner, val);
     if ( rc )
         return rc;
 
@@ -4403,7 +4403,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         if ( d == NULL )
             return -ESRCH;
 
-        if ( xsm_add_to_physmap(current->domain, d) )
+        if ( xsm_add_to_physmap(XSM_TARGET, current->domain, d) )
         {
             rcu_unlock_domain(d);
             return -EPERM;
@@ -4442,7 +4442,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         if ( d == NULL )
             return -ESRCH;
 
-        rc = xsm_domain_memory_map(d);
+        rc = xsm_domain_memory_map(XSM_TARGET, d);
         if ( rc )
         {
             rcu_unlock_domain(d);
@@ -4517,7 +4517,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         XEN_GUEST_HANDLE_PARAM(e820entry_t) buffer_param;
         unsigned int i;
 
-        rc = xsm_machine_memory_map();
+        rc = xsm_machine_memory_map(XSM_PRIV);
         if ( rc )
             return rc;
 
@@ -4601,9 +4601,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
             return -ESRCH;
 
         if ( op == XENMEM_set_pod_target )
-            rc = xsm_set_pod_target(d);
+            rc = xsm_set_pod_target(XSM_PRIV, d);
         else
-            rc = xsm_get_pod_target(d);
+            rc = xsm_get_pod_target(XSM_PRIV, d);
 
         if ( rc != 0 )
             goto pod_target_out_unlock;
diff --git a/xen/arch/x86/mm/mem_event.c b/xen/arch/x86/mm/mem_event.c
index c2b3670..4222248 100644
--- a/xen/arch/x86/mm/mem_event.c
+++ b/xen/arch/x86/mm/mem_event.c
@@ -449,7 +449,7 @@ int do_mem_event_op(int op, uint32_t domain, void *arg)
     if ( ret )
         return ret;
 
-    ret = xsm_mem_event_op(d, op);
+    ret = xsm_mem_event_op(XSM_TARGET, d, op);
     if ( ret )
         goto out;
 
@@ -502,7 +502,7 @@ int mem_event_domctl(struct domain *d, 
xen_domctl_mem_event_op_t *mec,
 {
     int rc;
 
-    rc = xsm_mem_event_control(d, mec->mode, mec->op);
+    rc = xsm_mem_event_control(XSM_PRIV, d, mec->mode, mec->op);
     if ( rc )
         return rc;
 
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 9229b83..5f3d319 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -1351,7 +1351,7 @@ int mem_sharing_memop(struct domain *d, 
xen_mem_sharing_op_t *mec)
             if ( rc )
                 return rc;
 
-            rc = xsm_mem_sharing_op(d, cd, mec->op);
+            rc = xsm_mem_sharing_op(XSM_TARGET, d, cd, mec->op);
             if ( rc )
             {
                 rcu_unlock_domain(cd);
@@ -1415,7 +1415,7 @@ int mem_sharing_memop(struct domain *d, 
xen_mem_sharing_op_t *mec)
             if ( rc )
                 return rc;
 
-            rc = xsm_mem_sharing_op(d, cd, mec->op);
+            rc = xsm_mem_sharing_op(XSM_TARGET, d, cd, mec->op);
             if ( rc )
             {
                 rcu_unlock_domain(cd);
diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index ea44e39..ff7b0c6 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -678,7 +678,7 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t 
*sc,
         return -EINVAL;
     }
 
-    rc = xsm_shadow_control(d, sc->op);
+    rc = xsm_shadow_control(XSM_HOOK, d, sc->op);
     if ( rc )
         return rc;
 
diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
index 62ed290..e3f91c6 100644
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
@@ -1016,7 +1016,7 @@ int pci_restore_msi_state(struct pci_dev *pdev)
     if (!pdev)
         return -EINVAL;
 
-    ret = xsm_resource_setup_pci((pdev->seg << 16) | (pdev->bus << 8) | 
pdev->devfn);
+    ret = xsm_resource_setup_pci(XSM_PRIV, (pdev->seg << 16) | (pdev->bus << 
8) | pdev->devfn);
     if ( ret )
         return ret;
 
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 9c30245..9be1b47 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -232,7 +232,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq)
             goto free_domain;
     }
 
-    ret = xsm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
+    ret = xsm_unmap_domain_pirq(XSM_TARGET, d, domain_pirq_to_irq(d, pirq));
     if ( ret )
         goto free_domain;
 
@@ -423,7 +423,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         ret = -EFAULT;
         if ( copy_from_guest(&apic, arg, 1) != 0 )
             break;
-        ret = xsm_apic(v->domain, cmd);
+        ret = xsm_apic(XSM_PRIV, v->domain, cmd);
         if ( ret )
             break;
         ret = ioapic_guest_read(apic.apic_physbase, apic.reg, &apic.value);
@@ -437,7 +437,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         ret = -EFAULT;
         if ( copy_from_guest(&apic, arg, 1) != 0 )
             break;
-        ret = xsm_apic(v->domain, cmd);
+        ret = xsm_apic(XSM_PRIV, v->domain, cmd);
         if ( ret )
             break;
         ret = ioapic_guest_write(apic.apic_physbase, apic.reg, apic.value);
@@ -453,7 +453,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
 
         /* Use the APIC check since this dummy hypercall should still only
          * be called by the domain with access to program the ioapic */
-        ret = xsm_apic(v->domain, cmd);
+        ret = xsm_apic(XSM_PRIV, v->domain, cmd);
         if ( ret )
             break;
 
@@ -578,7 +578,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
     case PHYSDEVOP_pci_mmcfg_reserved: {
         struct physdev_pci_mmcfg_reserved info;
 
-        ret = xsm_resource_setup_misc();
+        ret = xsm_resource_setup_misc(XSM_PRIV);
         if ( ret )
             break;
 
@@ -632,7 +632,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         if ( setup_gsi.gsi < 0 || setup_gsi.gsi >= nr_irqs_gsi )
             break;
 
-        ret = xsm_resource_setup_gsi(setup_gsi.gsi);
+        ret = xsm_resource_setup_gsi(XSM_PRIV, setup_gsi.gsi);
         if ( ret )
             break;
 
diff --git a/xen/arch/x86/platform_hypercall.c 
b/xen/arch/x86/platform_hypercall.c
index e17d64f..cdbf8e4 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -72,7 +72,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     if ( op->interface_version != XENPF_INTERFACE_VERSION )
         return -EACCES;
 
-    ret = xsm_platform_op(op->cmd);
+    ret = xsm_platform_op(XSM_PRIV, op->cmd);
     if ( ret )
         return ret;
 
@@ -496,7 +496,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     {
         int cpu = op->u.cpu_ol.cpuid;
 
-        ret = xsm_resource_plug_core();
+        ret = xsm_resource_plug_core(XSM_HOOK);
         if ( ret )
             break;
 
@@ -521,7 +521,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     {
         int cpu = op->u.cpu_ol.cpuid;
 
-        ret = xsm_resource_unplug_core();
+        ret = xsm_resource_unplug_core(XSM_HOOK);
         if ( ret )
             break;
 
@@ -550,7 +550,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     break;
 
     case XENPF_cpu_hotadd:
-        ret = xsm_resource_plug_core();
+        ret = xsm_resource_plug_core(XSM_HOOK);
         if ( ret )
             break;
 
@@ -560,7 +560,7 @@ ret_t 
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
     break;
 
     case XENPF_mem_hotadd:
-        ret = xsm_resource_plug_core();
+        ret = xsm_resource_plug_core(XSM_HOOK);
         if ( ret )
             break;
 
diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c
index 5b0c4b7..23d0db1 100644
--- a/xen/arch/x86/sysctl.c
+++ b/xen/arch/x86/sysctl.c
@@ -184,14 +184,14 @@ long arch_do_sysctl(
         switch ( sysctl->u.cpu_hotplug.op )
         {
         case XEN_SYSCTL_CPU_HOTPLUG_ONLINE:
-            ret = xsm_resource_plug_core();
+            ret = xsm_resource_plug_core(XSM_HOOK);
             if ( ret )
                 break;
             ret = continue_hypercall_on_cpu(
                 0, cpu_up_helper, (void *)(unsigned long)cpu);
             break;
         case XEN_SYSCTL_CPU_HOTPLUG_OFFLINE:
-            ret = xsm_resource_unplug_core();
+            ret = xsm_resource_unplug_core(XSM_HOOK);
             if ( ret )
                 break;
             ret = continue_hypercall_on_cpu(
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 44a866e..7c180ea 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1643,7 +1643,7 @@ static int pci_cfg_ok(struct domain *d, int write, int 
size)
             start |= (d->arch.pci_cf8 >> 16) & 0xF00;
     }
     end = start + size - 1;
-    if (xsm_pci_config_permission(d, machine_bdf, start, end, write))
+    if (xsm_pci_config_permission(XSM_HOOK, d, machine_bdf, start, end, write))
         return 0;
     return 1;
 }
diff --git a/xen/common/domain.c b/xen/common/domain.c
index fcf24e2..3f91f62 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -252,7 +252,7 @@ struct domain *domain_create(
 
     if ( !is_idle_domain(d) )
     {
-        if ( (err = xsm_domain_create(d, ssidref)) != 0 )
+        if ( (err = xsm_domain_create(XSM_HOOK, d, ssidref)) != 0 )
             goto fail;
 
         d->is_paused_by_controller = 1;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 6f792e9..69e008a 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -264,7 +264,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
             return -ESRCH;
     }
 
-    ret = xsm_domctl(d, op->cmd);
+    ret = xsm_domctl(XSM_OTHER, d, op->cmd);
     if ( ret )
         goto domctl_out_unlock;
 
@@ -580,7 +580,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
             break;
         }
 
-        ret = xsm_getdomaininfo(d);
+        ret = xsm_getdomaininfo(XSM_HOOK, d);
         if ( ret )
             goto getdomaininfo_out;
 
@@ -722,7 +722,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
 
         if ( pirq >= d->nr_pirqs )
             ret = -EINVAL;
-        else if ( xsm_irq_permission(d, pirq, allow) )
+        else if ( xsm_irq_permission(XSM_HOOK, d, pirq, allow) )
             ret = -EPERM;
         else if ( allow )
             ret = irq_permit_access(d, pirq);
@@ -741,7 +741,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
         if ( (mfn + nr_mfns - 1) < mfn ) /* wrap? */
             break;
 
-        if ( xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) )
+        if ( xsm_iomem_permission(XSM_HOOK, d, mfn, mfn + nr_mfns - 1, allow) )
             ret = -EPERM;
         else if ( allow )
             ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
@@ -773,7 +773,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
             break;
         }
 
-        ret = xsm_set_target(d, e);
+        ret = xsm_set_target(XSM_HOOK, d, e);
         if ( ret ) {
             put_domain(e);
             break;
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index 37947a9..1dc3d0e 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -175,7 +175,7 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t 
*alloc)
         ERROR_EXIT_DOM(port, d);
     chn = evtchn_from_port(d, port);
 
-    rc = xsm_evtchn_unbound(d, chn, alloc->remote_dom);
+    rc = xsm_evtchn_unbound(XSM_TARGET, d, chn, alloc->remote_dom);
     if ( rc )
         goto out;
 
@@ -231,7 +231,7 @@ static long 
evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind)
          (rchn->u.unbound.remote_domid != ld->domain_id) )
         ERROR_EXIT_DOM(-EINVAL, rd);
 
-    rc = xsm_evtchn_interdomain(ld, lchn, rd, rchn);
+    rc = xsm_evtchn_interdomain(XSM_HOOK, ld, lchn, rd, rchn);
     if ( rc )
         goto out;
 
@@ -580,7 +580,7 @@ int evtchn_send(struct domain *d, unsigned int lport)
         return -EINVAL;
     }
 
-    ret = xsm_evtchn_send(ld, lchn);
+    ret = xsm_evtchn_send(XSM_HOOK, ld, lchn);
     if ( ret )
         goto out;
 
@@ -812,7 +812,7 @@ static long evtchn_status(evtchn_status_t *status)
 
     chn = evtchn_from_port(d, port);
 
-    rc = xsm_evtchn_status(d, chn);
+    rc = xsm_evtchn_status(XSM_TARGET, d, chn);
     if ( rc )
         goto out;
 
@@ -954,7 +954,7 @@ static long evtchn_reset(evtchn_reset_t *r)
     if ( d == NULL )
         return -ESRCH;
 
-    rc = xsm_evtchn_reset(current->domain, d);
+    rc = xsm_evtchn_reset(XSM_TARGET, current->domain, d);
     if ( rc )
         goto out;
 
@@ -1101,7 +1101,7 @@ int alloc_unbound_xen_event_channel(
         goto out;
     chn = evtchn_from_port(d, port);
 
-    rc = xsm_evtchn_unbound(d, chn, remote_domid);
+    rc = xsm_evtchn_unbound(XSM_TARGET, d, chn, remote_domid);
 
     chn->state = ECS_UNBOUND;
     chn->xen_consumer = get_xen_consumer(notification_fn);
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index eae9518..c58ea1b 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -552,7 +552,7 @@ __gnttab_map_grant_ref(
         return;
     }
 
-    rc = xsm_grant_mapref(ld, rd, op->flags);
+    rc = xsm_grant_mapref(XSM_HOOK, ld, rd, op->flags);
     if ( rc )
     {
         rcu_unlock_domain(rd);
@@ -872,7 +872,7 @@ __gnttab_unmap_common(
         return;
     }
 
-    rc = xsm_grant_unmapref(ld, rd);
+    rc = xsm_grant_unmapref(XSM_HOOK, ld, rd);
     if ( rc )
     {
         rcu_unlock_domain(rd);
@@ -1326,7 +1326,7 @@ gnttab_setup_table(
         goto out2;
     }
 
-    if ( xsm_grant_setup(current->domain, d) )
+    if ( xsm_grant_setup(XSM_TARGET, current->domain, d) )
     {
         op.status = GNTST_permission_denied;
         goto out2;
@@ -1395,7 +1395,7 @@ gnttab_query_size(
         goto query_out;
     }
 
-    rc = xsm_grant_query_size(current->domain, d);
+    rc = xsm_grant_query_size(XSM_TARGET, current->domain, d);
     if ( rc )
     {
         op.status = GNTST_permission_denied;
@@ -1571,7 +1571,7 @@ gnttab_transfer(
             goto copyback;
         }
 
-        if ( xsm_grant_transfer(d, e) )
+        if ( xsm_grant_transfer(XSM_HOOK, d, e) )
         {
             put_gfn(d, gop.mfn);
             gop.status = GNTST_permission_denied;
@@ -2010,7 +2010,7 @@ __gnttab_copy(
         PIN_FAIL(error_out, GNTST_bad_domain,
                  "couldn't find %d\n", op->dest.domid);
 
-    rc = xsm_grant_copy(sd, dd);
+    rc = xsm_grant_copy(XSM_HOOK, sd, dd);
     if ( rc )
     {
         rc = GNTST_permission_denied;
@@ -2267,7 +2267,7 @@ 
gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop,
         op.status = GNTST_bad_domain;
         goto out1;
     }
-    rc = xsm_grant_setup(current->domain, d);
+    rc = xsm_grant_setup(XSM_TARGET, current->domain, d);
     if ( rc ) {
         op.status = GNTST_permission_denied;
         goto out1;
@@ -2318,7 +2318,7 @@ 
gnttab_get_version(XEN_GUEST_HANDLE_PARAM(gnttab_get_version_t uop))
     if ( d == NULL )
         return -ESRCH;
 
-    rc = xsm_grant_query_size(current->domain, d);
+    rc = xsm_grant_query_size(XSM_TARGET, current->domain, d);
     if ( rc )
     {
         rcu_unlock_domain(d);
diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index d4f6332..6dd20c6 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -852,7 +852,7 @@ static int do_kexec_op_internal(unsigned long op,
     unsigned long flags;
     int ret = -EINVAL;
 
-    ret = xsm_kexec();
+    ret = xsm_kexec(XSM_PRIV);
     if ( ret )
         return ret;
 
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 7d3c326..c4d4ba8 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -336,7 +336,7 @@ static long 
memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
         goto fail_early;
     }
 
-    rc = xsm_memory_exchange(d);
+    rc = xsm_memory_exchange(XSM_TARGET, d);
     if ( rc )
     {
         rcu_unlock_domain(d);
@@ -585,7 +585,7 @@ long do_memory_op(unsigned long cmd, 
XEN_GUEST_HANDLE_PARAM(void) arg)
             return start_extent;
         args.domain = d;
 
-        rc = xsm_memory_adjust_reservation(current->domain, d);
+        rc = xsm_memory_adjust_reservation(XSM_TARGET, current->domain, d);
         if ( rc )
         {
             rcu_unlock_domain(d);
@@ -634,7 +634,7 @@ long do_memory_op(unsigned long cmd, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             return -ESRCH;
 
-        rc = xsm_memory_stat_reservation(current->domain, d);
+        rc = xsm_memory_stat_reservation(XSM_TARGET, current->domain, d);
         if ( rc )
         {
             rcu_unlock_domain(d);
@@ -672,7 +672,7 @@ long do_memory_op(unsigned long cmd, 
XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             return -ESRCH;
 
-        if ( xsm_remove_from_physmap(current->domain, d) )
+        if ( xsm_remove_from_physmap(XSM_TARGET, current->domain, d) )
         {
             rcu_unlock_domain(d);
             return -EPERM;
diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index cfd173d..009ae96 100644
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -921,7 +921,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             break;
 
-        ret = xsm_schedop_shutdown(current->domain, d);
+        ret = xsm_schedop_shutdown(XSM_DM_PRIV, current->domain, d);
         if ( ret )
         {
             rcu_unlock_domain(d);
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index cbefb0e..2a53038 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -39,7 +39,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
     if ( op->interface_version != XEN_SYSCTL_INTERFACE_VERSION )
         return -EACCES;
 
-    ret = xsm_sysctl(op->cmd);
+    ret = xsm_sysctl(XSM_PRIV, op->cmd);
     if ( ret )
         return ret;
 
@@ -57,7 +57,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
     {
     case XEN_SYSCTL_readconsole:
     {
-        ret = xsm_readconsole(op->u.readconsole.clear);
+        ret = xsm_readconsole(XSM_HOOK, op->u.readconsole.clear);
         if ( ret )
             break;
 
@@ -100,7 +100,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) 
u_sysctl)
             if ( num_domains == op->u.getdomaininfolist.max_domains )
                 break;
 
-            ret = xsm_getdomaininfo(d);
+            ret = xsm_getdomaininfo(XSM_HOOK, d);
             if ( ret )
                 continue;
 
@@ -231,7 +231,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) 
u_sysctl)
         uint32_t *status, *ptr;
         unsigned long pfn;
 
-        ret = xsm_page_offline(op->u.page_offline.cmd);
+        ret = xsm_page_offline(XSM_HOOK, op->u.page_offline.cmd);
         if ( ret )
             break;
 
diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c
index ae0435b..e834f3d 100644
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -680,7 +680,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) 
arg)
         return -EPERM;
     }
 
-    ret = xsm_profile(current->domain, op);
+    ret = xsm_profile(XSM_HOOK, current->domain, op);
     if ( ret )
         return ret;
 
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index b2c3ee3..e9f696d 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -406,7 +406,7 @@ long do_console_io(int cmd, int count, 
XEN_GUEST_HANDLE_PARAM(char) buffer)
     long rc;
     unsigned int idx, len;
 
-    rc = xsm_console_io(current->domain, cmd);
+    rc = xsm_console_io(XSM_OTHER, current->domain, cmd);
     if ( rc )
         return rc;
 
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 9d13185..6a0f8d6 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -452,7 +452,7 @@ static int iommu_get_device_group(
              ((pdev->bus == bus) && (pdev->devfn == devfn)) )
             continue;
 
-        if ( xsm_get_device_group((seg << 16) | (pdev->bus << 8) | 
pdev->devfn) )
+        if ( xsm_get_device_group(XSM_HOOK, (seg << 16) | (pdev->bus << 8) | 
pdev->devfn) )
             continue;
 
         sdev_id = ops->get_device_group_id(seg, pdev->bus, pdev->devfn);
@@ -555,7 +555,7 @@ int iommu_do_domctl(
         u32 max_sdevs;
         XEN_GUEST_HANDLE_64(uint32) sdevs;
 
-        ret = xsm_get_device_group(domctl->u.get_device_group.machine_sbdf);
+        ret = xsm_get_device_group(XSM_HOOK, 
domctl->u.get_device_group.machine_sbdf);
         if ( ret )
             break;
 
@@ -583,7 +583,7 @@ int iommu_do_domctl(
     break;
 
     case XEN_DOMCTL_test_assign_device:
-        ret = xsm_test_assign_device(domctl->u.assign_device.machine_sbdf);
+        ret = xsm_test_assign_device(XSM_HOOK, 
domctl->u.assign_device.machine_sbdf);
         if ( ret )
             break;
 
@@ -607,7 +607,7 @@ int iommu_do_domctl(
             break;
         }
 
-        ret = xsm_assign_device(d, domctl->u.assign_device.machine_sbdf);
+        ret = xsm_assign_device(XSM_HOOK, d, 
domctl->u.assign_device.machine_sbdf);
         if ( ret )
             break;
 
@@ -626,7 +626,7 @@ int iommu_do_domctl(
         break;
 
     case XEN_DOMCTL_deassign_device:
-        ret = xsm_deassign_device(d, domctl->u.assign_device.machine_sbdf);
+        ret = xsm_deassign_device(XSM_HOOK, d, 
domctl->u.assign_device.machine_sbdf);
         if ( ret )
             break;
 
diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c
index a61a9ba..d75b7b7 100644
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -380,7 +380,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn, const struct 
pci_dev_info *info)
         pdev_type = "device";
     }
 
-    ret = xsm_resource_plug_pci((seg << 16) | (bus << 8) | devfn);
+    ret = xsm_resource_plug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | devfn);
     if ( ret )
         return ret;
 
@@ -496,7 +496,7 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn)
     struct pci_dev *pdev;
     int ret;
 
-    ret = xsm_resource_unplug_pci((seg << 16) | (bus << 8) | devfn);
+    ret = xsm_resource_unplug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | devfn);
     if ( ret )
         return ret;
 
diff --git a/xen/include/xen/tmem_xen.h b/xen/include/xen/tmem_xen.h
index 8dec5aa..ad1ddd5 100644
--- a/xen/include/xen/tmem_xen.h
+++ b/xen/include/xen/tmem_xen.h
@@ -329,12 +329,12 @@ static inline bool_t tmh_set_client_from_id(
 
 static inline bool_t tmh_current_permitted(void)
 {
-    return !xsm_tmem_op();
+    return !xsm_tmem_op(XSM_HOOK);
 }
 
 static inline bool_t tmh_current_is_privileged(void)
 {
-    return !xsm_tmem_control();
+    return !xsm_tmem_control(XSM_PRIV);
 }
 
 static inline uint8_t tmh_get_first_byte(pfp_t *pfp)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 019183e..2c750de 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -6,68 +6,132 @@
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2,
  *  as published by the Free Software Foundation.
+ *
+ *
+ *  Each XSM hook implementing an access check should have its first parameter
+ *  preceded by XSM_DEFAULT_ARG (or use XSM_DEFAULT_VOID if it has no
+ *  arguments). The first non-declaration statement shold be XSM_ASSERT_ACTION
+ *  with the expected type of the hook, which will either define or check the
+ *  value of action.
  */
 
 #include <xen/sched.h>
 #include <xsm/xsm.h>
 
+/* Cannot use BUILD_BUG_ON here because the expressions we check are not
+ * considered constant at compile time. Instead, rely on constant propagation 
to
+ * inline out the calls to this invalid function, which will cause linker 
errors
+ * if references remain at link time.
+ */
+#define LINKER_BUG_ON(x) do { if (x) __xsm_action_mismatch_detected(); } while 
(0)
+/* DO NOT implement this function; it is supposed to trigger link errors */
+void __xsm_action_mismatch_detected(void);
+
+#ifdef XSM_ENABLE
+
+/* In XSM_ENABLE builds, this header file is included from xsm/dummy.c, and
+ * contains static (not inline) functions compiled to the dummy XSM module.
+ * There is no xsm_default_t argument available, so the value from the 
assertion
+ * is used to initialize the variable.
+ */
+#define XSM_INLINE /* */
+#define XSM_DEFAULT_ARG /* */
+#define XSM_DEFAULT_VOID void
+#define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action
+
+#else /* XSM_ENABLE */
+
+/* In !XSM_ENABLE builds, this header file is included from xsm/xsm.h, and
+ * contains inline functions for each XSM hook. These functions also perform
+ * compile-time checks on the xsm_default_t argument to ensure that the 
behavior
+ * of the dummy XSM module is the same as the behavior with XSM disabled.
+ */
+#define XSM_INLINE inline
+#define XSM_DEFAULT_ARG xsm_default_t action,
+#define XSM_DEFAULT_VOID xsm_default_t action
+#define XSM_ASSERT_ACTION(def) LINKER_BUG_ON(def != action)
+
+#endif /* XSM_ENABLE */
+
+static inline int xsm_default_action(xsm_default_t action, struct domain *src,
+                                     struct domain *target)
+{
+    switch ( action ) {
+    case XSM_HOOK:
+        return 0;
+    case XSM_DM_PRIV:
+        if ( !IS_PRIV_FOR(src, target) )
+            return -EPERM;
+        return 0;
+    case XSM_TARGET:
+        if ( src != target && !IS_PRIV_FOR(src, target) )
+            return -EPERM;
+        return 0;
+    case XSM_PRIV:
+        if ( !IS_PRIV(src) )
+            return -EPERM;
+        return 0;
+    default:
+        LINKER_BUG_ON(1);
+        return -EPERM;
+    }
+}
+
 static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
                                     struct xen_domctl_getdomaininfo *info)
 {
     return;
 }
 
-static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref)
+static XSM_INLINE int xsm_domain_create(XSM_DEFAULT_ARG struct domain *d, u32 
ssidref)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
+static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e)
+static XSM_INLINE int xsm_set_target(XSM_DEFAULT_ARG struct domain *d, struct 
domain *e)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_domctl(struct domain *d, int cmd)
+static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd)
 {
+    XSM_ASSERT_ACTION(XSM_OTHER);
     switch ( cmd )
     {
     case XEN_DOMCTL_ioport_mapping:
     case XEN_DOMCTL_memory_mapping:
     case XEN_DOMCTL_bind_pt_irq:
-    case XEN_DOMCTL_unbind_pt_irq: {
-        if ( !IS_PRIV_FOR(current->domain, d) )
-            return -EPERM;
-        break;
-    }
+    case XEN_DOMCTL_unbind_pt_irq:
+        return xsm_default_action(XSM_DM_PRIV, current->domain, d);
     default:
-        if ( !IS_PRIV(current->domain) )
-            return -EPERM;
+        return xsm_default_action(XSM_PRIV, current->domain, d);
     }
-    return 0;
 }
 
-static XSM_INLINE int xsm_sysctl(int cmd)
+static XSM_INLINE int xsm_sysctl(XSM_DEFAULT_ARG int cmd)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_readconsole(uint32_t clear)
+static XSM_INLINE int xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_do_mca(void)
+static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
 static XSM_INLINE int xsm_alloc_security_domain(struct domain *d)
@@ -80,109 +144,109 @@ static XSM_INLINE void xsm_free_security_domain(struct 
domain *d)
     return;
 }
 
-static XSM_INLINE int xsm_grant_mapref(struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_grant_mapref(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2,
                                                                 uint32_t flags)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_grant_unmapref(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_grant_setup(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_setup(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2)
 {
-    if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_grant_transfer(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_transfer(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_grant_copy(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_copy(XSM_DEFAULT_ARG struct domain *d1, struct 
domain *d2)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_grant_query_size(struct domain *d1, struct domain 
*d2)
+static XSM_INLINE int xsm_grant_query_size(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2)
 {
-    if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_memory_exchange(struct domain *d)
+static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d)
 {
-    if ( d != current->domain && !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1,
+static XSM_INLINE int xsm_memory_adjust_reservation(XSM_DEFAULT_ARG struct 
domain *d1,
                                                             struct domain *d2)
 {
-    if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_memory_stat_reservation(struct domain *d1, struct 
domain *d2)
+static XSM_INLINE int xsm_memory_stat_reservation(XSM_DEFAULT_ARG struct 
domain *d1, struct domain *d2)
 {
-    if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_console_io(struct domain *d, int cmd)
+static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd)
 {
-#ifndef VERBOSE
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
+    XSM_ASSERT_ACTION(XSM_OTHER);
+#ifdef VERBOSE
+    return xsm_default_action(XSM_HOOK, current->domain, NULL);
+#else
+    return xsm_default_action(XSM_PRIV, current->domain, NULL);
 #endif
-    return 0;
 }
 
-static XSM_INLINE int xsm_profile(struct domain *d, int op)
+static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_kexec(void)
+static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_schedop_shutdown(struct domain *d1, struct domain 
*d2)
+static XSM_INLINE int xsm_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2)
 {
-    if ( !IS_PRIV_FOR(d1, d2) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_DM_PRIV);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2,
                                           struct page_info *page)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_evtchn_unbound(struct domain *d, struct evtchn *chn,
+static XSM_INLINE int xsm_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d, 
struct evtchn *chn,
                                          domid_t id2)
 {
-    if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_evtchn_interdomain(struct domain *d1, struct evtchn
+static XSM_INLINE int xsm_evtchn_interdomain(XSM_DEFAULT_ARG struct domain 
*d1, struct evtchn
                                 *chan1, struct domain *d2, struct evtchn 
*chan2)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, d1, d2);
 }
 
 static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
@@ -190,23 +254,22 @@ static XSM_INLINE void xsm_evtchn_close_post(struct 
evtchn *chn)
     return;
 }
 
-static XSM_INLINE int xsm_evtchn_send(struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct 
evtchn *chn)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_evtchn_status(struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d, 
struct evtchn *chn)
 {
-    if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_evtchn_reset(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2)
 {
-    if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d1, d2);
 }
 
 static XSM_INLINE int xsm_alloc_security_evtchn(struct evtchn *chn)
@@ -224,100 +287,100 @@ static XSM_INLINE char *xsm_show_security_evtchn(struct 
domain *d, const struct
     return NULL;
 }
 
-static XSM_INLINE int xsm_get_pod_target(struct domain *d)
+static XSM_INLINE int xsm_get_pod_target(XSM_DEFAULT_ARG struct domain *d)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_set_pod_target(struct domain *d)
+static XSM_INLINE int xsm_set_pod_target(XSM_DEFAULT_ARG struct domain *d)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_get_device_group(uint32_t machine_bdf)
+static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t 
machine_bdf)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_test_assign_device(uint32_t machine_bdf)
+static XSM_INLINE int xsm_test_assign_device(XSM_DEFAULT_ARG uint32_t 
machine_bdf)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d, 
uint32_t machine_bdf)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_deassign_device(struct domain *d, uint32_t 
machine_bdf)
+static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, 
uint32_t machine_bdf)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_resource_plug_core(void)
+static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_resource_unplug_core(void)
+static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_resource_plug_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_plug_pci(XSM_DEFAULT_ARG uint32_t 
machine_bdf)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_resource_unplug_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_unplug_pci(XSM_DEFAULT_ARG uint32_t 
machine_bdf)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_resource_setup_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_setup_pci(XSM_DEFAULT_ARG uint32_t 
machine_bdf)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_resource_setup_gsi(int gsi)
+static XSM_INLINE int xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_resource_setup_misc(void)
+static XSM_INLINE int xsm_resource_setup_misc(XSM_DEFAULT_VOID)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_page_offline(uint32_t cmd)
+static XSM_INLINE int xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_tmem_op(void)
+static XSM_INLINE int xsm_tmem_op(XSM_DEFAULT_VOID)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_tmem_control(void)
+static XSM_INLINE int xsm_tmem_control(XSM_DEFAULT_VOID)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
 static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
@@ -330,187 +393,179 @@ static XSM_INLINE char *xsm_show_irq_sid(int irq)
     return NULL;
 }
 
-static XSM_INLINE int xsm_map_domain_pirq(struct domain *d, int irq, void 
*data)
+static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d, 
int irq, void *data)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_unmap_domain_pirq(struct domain *d, int irq)
+static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d, 
int irq)
 {
-    if ( !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_irq_permission(struct domain *d, int pirq, uint8_t 
allow)
+static XSM_INLINE int xsm_irq_permission(XSM_DEFAULT_ARG struct domain *d, int 
pirq, uint8_t allow)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_iomem_permission(struct domain *d, uint64_t s, 
uint64_t e, uint8_t allow)
+static XSM_INLINE int xsm_iomem_permission(XSM_DEFAULT_ARG struct domain *d, 
uint64_t s, uint64_t e, uint8_t allow)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_iomem_mapping(struct domain *d, uint64_t s, uint64_t 
e, uint8_t allow)
+static XSM_INLINE int xsm_iomem_mapping(XSM_DEFAULT_ARG struct domain *d, 
uint64_t s, uint64_t e, uint8_t allow)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_pci_config_permission(struct domain *d, uint32_t 
machine_bdf,
+static XSM_INLINE int xsm_pci_config_permission(XSM_DEFAULT_ARG struct domain 
*d, uint32_t machine_bdf,
                                         uint16_t start, uint16_t end,
                                         uint8_t access)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
 #ifdef CONFIG_X86
-static XSM_INLINE int xsm_shadow_control(struct domain *d, uint32_t op)
+static XSM_INLINE int xsm_shadow_control(XSM_DEFAULT_ARG struct domain *d, 
uint32_t op)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op)
+static XSM_INLINE int xsm_hvm_param(XSM_DEFAULT_ARG struct domain *d, unsigned 
long op)
 {
-    if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_hvm_set_pci_intx_level(struct domain *d)
+static XSM_INLINE int xsm_hvm_set_pci_intx_level(XSM_DEFAULT_ARG struct domain 
*d)
 {
-    if ( !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_DM_PRIV);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_hvm_set_isa_irq_level(struct domain *d)
+static XSM_INLINE int xsm_hvm_set_isa_irq_level(XSM_DEFAULT_ARG struct domain 
*d)
 {
-    if ( !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_DM_PRIV);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_hvm_set_pci_link_route(struct domain *d)
+static XSM_INLINE int xsm_hvm_set_pci_link_route(XSM_DEFAULT_ARG struct domain 
*d)
 {
-    if ( !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_DM_PRIV);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d)
+static XSM_INLINE int xsm_hvm_inject_msi(XSM_DEFAULT_ARG struct domain *d)
 {
-    if ( !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_DM_PRIV);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op)
+static XSM_INLINE int xsm_mem_event_control(XSM_DEFAULT_ARG struct domain *d, 
int mode, int op)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_mem_event_op(struct domain *d, int op)
+static XSM_INLINE int xsm_mem_event_op(XSM_DEFAULT_ARG struct domain *d, int 
op)
 {
-    if ( !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd, 
int op)
+static XSM_INLINE int xsm_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d, 
struct domain *cd, int op)
 {
-    if ( !IS_PRIV_FOR(current->domain, cd) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, current->domain, cd);
 }
 
-static XSM_INLINE int xsm_apic(struct domain *d, int cmd)
+static XSM_INLINE int xsm_apic(XSM_DEFAULT_ARG struct domain *d, int cmd)
 {
-    if ( !IS_PRIV(d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, d, NULL);
 }
 
-static XSM_INLINE int xsm_platform_op(uint32_t op)
+static XSM_INLINE int xsm_platform_op(XSM_DEFAULT_ARG uint32_t op)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_machine_memory_map(void)
+static XSM_INLINE int xsm_machine_memory_map(XSM_DEFAULT_VOID)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int xsm_domain_memory_map(struct domain *d)
+static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d)
 {
-    if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_mmu_update(struct domain *d, struct domain *t,
+static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct 
domain *t,
                                      struct domain *f, uint32_t flags)
 {
+    XSM_ASSERT_ACTION(XSM_TARGET);
     if ( t && d != t && !IS_PRIV_FOR(d, t) )
         return -EPERM;
-    if ( d != f && !IS_PRIV_FOR(d, f) )
-        return -EPERM;
-    return 0;
+    return xsm_default_action(action, d, f);
 }
 
-static XSM_INLINE int xsm_mmuext_op(struct domain *d, struct domain *f)
+static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct 
domain *f)
 {
-    if ( d != f && !IS_PRIV_FOR(d, f) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d, f);
 }
 
-static XSM_INLINE int xsm_update_va_mapping(struct domain *d, struct domain 
*f, 
+static XSM_INLINE int xsm_update_va_mapping(XSM_DEFAULT_ARG struct domain *d, 
struct domain *f, 
                                                             l1_pgentry_t pte)
 {
-    if ( d != f && !IS_PRIV_FOR(d, f) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d, f);
 }
 
-static XSM_INLINE int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1, 
struct domain *d2)
 {
-    if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_remove_from_physmap(struct domain *d1, struct domain 
*d2)
+static XSM_INLINE int xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain 
*d1, struct domain *d2)
 {
-    if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
-        return -EPERM;
-    return 0;
+    XSM_ASSERT_ACTION(XSM_TARGET);
+    return xsm_default_action(action, d1, d2);
 }
 
-static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d, struct 
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, 
struct xen_domctl_bind_pt_irq *bind)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_ioport_permission(XSM_DEFAULT_ARG struct domain *d, 
uint32_t s, uint32_t e, uint8_t allow)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_ioport_mapping(struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, 
uint32_t s, uint32_t e, uint8_t allow)
 {
-    return 0;
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
 }
 
 #endif
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 105201e..ce5ede8 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -27,6 +27,18 @@ typedef u32 xsm_magic_t;
 #define XSM_MAGIC 0x00000000
 #endif
 
+/* These annotations are used by callers and in dummy.h to document the
+ * default actions of XSM hooks. They should be compiled out otherwise.
+ */
+enum xsm_default {
+    XSM_HOOK,     /* Guests can normally access the hypercall */
+    XSM_DM_PRIV,  /* Device model can perform on its target domain */
+    XSM_TARGET,   /* Can perform on self or your target domain */
+    XSM_PRIV,     /* Privileged - normally restricted to dom0 */
+    XSM_OTHER     /* Something more complex */
+};
+typedef enum xsm_default xsm_default_t;
+
 extern char *policy_buffer;
 extern u32 policy_size;
 
@@ -155,48 +167,48 @@ static inline void xsm_security_domaininfo (struct domain 
*d,
     xsm_ops->security_domaininfo(d, info);
 }
 
-static inline int xsm_domain_create (struct domain *d, u32 ssidref)
+static inline int xsm_domain_create (xsm_default_t def, struct domain *d, u32 
ssidref)
 {
     return xsm_ops->domain_create(d, ssidref);
 }
 
-static inline int xsm_getdomaininfo (struct domain *d)
+static inline int xsm_getdomaininfo (xsm_default_t def, struct domain *d)
 {
     return xsm_ops->getdomaininfo(d);
 }
 
-static inline int xsm_set_target (struct domain *d, struct domain *e)
+static inline int xsm_set_target (xsm_default_t def, struct domain *d, struct 
domain *e)
 {
     return xsm_ops->set_target(d, e);
 }
 
-static inline int xsm_domctl (struct domain *d, int cmd)
+static inline int xsm_domctl (xsm_default_t def, struct domain *d, int cmd)
 {
     return xsm_ops->domctl(d, cmd);
 }
 
-static inline int xsm_sysctl (int cmd)
+static inline int xsm_sysctl (xsm_default_t def, int cmd)
 {
     return xsm_ops->sysctl(cmd);
 }
 
-static inline int xsm_readconsole (uint32_t clear)
+static inline int xsm_readconsole (xsm_default_t def, uint32_t clear)
 {
     return xsm_ops->readconsole(clear);
 }
 
-static inline int xsm_do_mca(void)
+static inline int xsm_do_mca(xsm_default_t def)
 {
     return xsm_ops->do_mca();
 }
 
-static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn,
+static inline int xsm_evtchn_unbound (xsm_default_t def, struct domain *d1, 
struct evtchn *chn,
                                                                     domid_t 
id2)
 {
     return xsm_ops->evtchn_unbound(d1, chn, id2);
 }
 
-static inline int xsm_evtchn_interdomain (struct domain *d1, 
+static inline int xsm_evtchn_interdomain (xsm_default_t def, struct domain *d1,
                 struct evtchn *chan1, struct domain *d2, struct evtchn *chan2)
 {
     return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2);
@@ -207,48 +219,48 @@ static inline void xsm_evtchn_close_post (struct evtchn 
*chn)
     xsm_ops->evtchn_close_post(chn);
 }
 
-static inline int xsm_evtchn_send (struct domain *d, struct evtchn *chn)
+static inline int xsm_evtchn_send (xsm_default_t def, struct domain *d, struct 
evtchn *chn)
 {
     return xsm_ops->evtchn_send(d, chn);
 }
 
-static inline int xsm_evtchn_status (struct domain *d, struct evtchn *chn)
+static inline int xsm_evtchn_status (xsm_default_t def, struct domain *d, 
struct evtchn *chn)
 {
     return xsm_ops->evtchn_status(d, chn);
 }
 
-static inline int xsm_evtchn_reset (struct domain *d1, struct domain *d2)
+static inline int xsm_evtchn_reset (xsm_default_t def, struct domain *d1, 
struct domain *d2)
 {
     return xsm_ops->evtchn_reset(d1, d2);
 }
 
-static inline int xsm_grant_mapref (struct domain *d1, struct domain *d2,
+static inline int xsm_grant_mapref (xsm_default_t def, struct domain *d1, 
struct domain *d2,
                                                                 uint32_t flags)
 {
     return xsm_ops->grant_mapref(d1, d2, flags);
 }
 
-static inline int xsm_grant_unmapref (struct domain *d1, struct domain *d2)
+static inline int xsm_grant_unmapref (xsm_default_t def, struct domain *d1, 
struct domain *d2)
 {
     return xsm_ops->grant_unmapref(d1, d2);
 }
 
-static inline int xsm_grant_setup (struct domain *d1, struct domain *d2)
+static inline int xsm_grant_setup (xsm_default_t def, struct domain *d1, 
struct domain *d2)
 {
     return xsm_ops->grant_setup(d1, d2);
 }
 
-static inline int xsm_grant_transfer (struct domain *d1, struct domain *d2)
+static inline int xsm_grant_transfer (xsm_default_t def, struct domain *d1, 
struct domain *d2)
 {
     return xsm_ops->grant_transfer(d1, d2);
 }
 
-static inline int xsm_grant_copy (struct domain *d1, struct domain *d2)
+static inline int xsm_grant_copy (xsm_default_t def, struct domain *d1, struct 
domain *d2)
 {
     return xsm_ops->grant_copy(d1, d2);
 }
 
-static inline int xsm_grant_query_size (struct domain *d1, struct domain *d2)
+static inline int xsm_grant_query_size (xsm_default_t def, struct domain *d1, 
struct domain *d2)
 {
     return xsm_ops->grant_query_size(d1, d2);
 }
@@ -278,60 +290,60 @@ static inline char *xsm_show_security_evtchn (struct 
domain *d, const struct evt
     return xsm_ops->show_security_evtchn(d, chn);
 }
 
-static inline int xsm_get_pod_target (struct domain *d)
+static inline int xsm_get_pod_target (xsm_default_t def, struct domain *d)
 {
     return xsm_ops->get_pod_target(d);
 }
 
-static inline int xsm_set_pod_target (struct domain *d)
+static inline int xsm_set_pod_target (xsm_default_t def, struct domain *d)
 {
     return xsm_ops->set_pod_target(d);
 }
 
-static inline int xsm_memory_exchange (struct domain *d)
+static inline int xsm_memory_exchange (xsm_default_t def, struct domain *d)
 {
     return xsm_ops->memory_exchange(d);
 }
 
-static inline int xsm_memory_adjust_reservation (struct domain *d1, struct
+static inline int xsm_memory_adjust_reservation (xsm_default_t def, struct 
domain *d1, struct
                                                                     domain *d2)
 {
     return xsm_ops->memory_adjust_reservation(d1, d2);
 }
 
-static inline int xsm_memory_stat_reservation (struct domain *d1,
+static inline int xsm_memory_stat_reservation (xsm_default_t def, struct 
domain *d1,
                                                             struct domain *d2)
 {
     return xsm_ops->memory_stat_reservation(d1, d2);
 }
 
-static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1, 
struct domain *d2,
                                       struct page_info *page)
 {
     return xsm_ops->memory_pin_page(d1, d2, page);
 }
 
-static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2)
+static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain 
*d1, struct domain *d2)
 {
     return xsm_ops->remove_from_physmap(d1, d2);
 }
 
-static inline int xsm_console_io (struct domain *d, int cmd)
+static inline int xsm_console_io (xsm_default_t def, struct domain *d, int cmd)
 {
     return xsm_ops->console_io(d, cmd);
 }
 
-static inline int xsm_profile (struct domain *d, int op)
+static inline int xsm_profile (xsm_default_t def, struct domain *d, int op)
 {
     return xsm_ops->profile(d, op);
 }
 
-static inline int xsm_kexec (void)
+static inline int xsm_kexec (xsm_default_t def)
 {
     return xsm_ops->kexec();
 }
 
-static inline int xsm_schedop_shutdown (struct domain *d1, struct domain *d2)
+static inline int xsm_schedop_shutdown (xsm_default_t def, struct domain *d1, 
struct domain *d2)
 {
     return xsm_ops->schedop_shutdown(d1, d2);
 }
@@ -341,102 +353,102 @@ static inline char *xsm_show_irq_sid (int irq)
     return xsm_ops->show_irq_sid(irq);
 }
 
-static inline int xsm_map_domain_pirq (struct domain *d, int irq, void *data)
+static inline int xsm_map_domain_pirq (xsm_default_t def, struct domain *d, 
int irq, void *data)
 {
     return xsm_ops->map_domain_pirq(d, irq, data);
 }
 
-static inline int xsm_unmap_domain_pirq (struct domain *d, int irq)
+static inline int xsm_unmap_domain_pirq (xsm_default_t def, struct domain *d, 
int irq)
 {
     return xsm_ops->unmap_domain_pirq(d, irq);
 }
 
-static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t 
allow)
+static inline int xsm_irq_permission (xsm_default_t def, struct domain *d, int 
pirq, uint8_t allow)
 {
     return xsm_ops->irq_permission(d, pirq, allow);
 }
 
-static inline int xsm_iomem_permission (struct domain *d, uint64_t s, uint64_t 
e, uint8_t allow)
+static inline int xsm_iomem_permission (xsm_default_t def, struct domain *d, 
uint64_t s, uint64_t e, uint8_t allow)
 {
     return xsm_ops->iomem_permission(d, s, e, allow);
 }
 
-static inline int xsm_iomem_mapping (struct domain *d, uint64_t s, uint64_t e, 
uint8_t allow)
+static inline int xsm_iomem_mapping (xsm_default_t def, struct domain *d, 
uint64_t s, uint64_t e, uint8_t allow)
 {
     return xsm_ops->iomem_mapping(d, s, e, allow);
 }
 
-static inline int xsm_pci_config_permission (struct domain *d, uint32_t 
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
+static inline int xsm_pci_config_permission (xsm_default_t def, struct domain 
*d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access)
 {
     return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access);
 }
 
-static inline int xsm_get_device_group(uint32_t machine_bdf)
+static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf)
 {
     return xsm_ops->get_device_group(machine_bdf);
 }
 
-static inline int xsm_test_assign_device(uint32_t machine_bdf)
+static inline int xsm_test_assign_device(xsm_default_t def, uint32_t 
machine_bdf)
 {
     return xsm_ops->test_assign_device(machine_bdf);
 }
 
-static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+static inline int xsm_assign_device(xsm_default_t def, struct domain *d, 
uint32_t machine_bdf)
 {
     return xsm_ops->assign_device(d, machine_bdf);
 }
 
-static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf)
+static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, 
uint32_t machine_bdf)
 {
     return xsm_ops->deassign_device(d, machine_bdf);
 }
 
-static inline int xsm_resource_plug_pci (uint32_t machine_bdf)
+static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t 
machine_bdf)
 {
     return xsm_ops->resource_plug_pci(machine_bdf);
 }
 
-static inline int xsm_resource_unplug_pci (uint32_t machine_bdf)
+static inline int xsm_resource_unplug_pci (xsm_default_t def, uint32_t 
machine_bdf)
 {
     return xsm_ops->resource_unplug_pci(machine_bdf);
 }
 
-static inline int xsm_resource_plug_core (void)
+static inline int xsm_resource_plug_core (xsm_default_t def)
 {
     return xsm_ops->resource_plug_core();
 }
 
-static inline int xsm_resource_unplug_core (void)
+static inline int xsm_resource_unplug_core (xsm_default_t def)
 {
     return xsm_ops->resource_unplug_core();
 }
 
-static inline int xsm_resource_setup_pci (uint32_t machine_bdf)
+static inline int xsm_resource_setup_pci (xsm_default_t def, uint32_t 
machine_bdf)
 {
     return xsm_ops->resource_setup_pci(machine_bdf);
 }
 
-static inline int xsm_resource_setup_gsi (int gsi)
+static inline int xsm_resource_setup_gsi (xsm_default_t def, int gsi)
 {
     return xsm_ops->resource_setup_gsi(gsi);
 }
 
-static inline int xsm_resource_setup_misc (void)
+static inline int xsm_resource_setup_misc (xsm_default_t def)
 {
     return xsm_ops->resource_setup_misc();
 }
 
-static inline int xsm_page_offline(uint32_t cmd)
+static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd)
 {
     return xsm_ops->page_offline(cmd);
 }
 
-static inline int xsm_tmem_op(void)
+static inline int xsm_tmem_op(xsm_default_t def)
 {
     return xsm_ops->tmem_op();
 }
 
-static inline int xsm_tmem_control(void)
+static inline int xsm_tmem_control(xsm_default_t def)
 {
     return xsm_ops->tmem_control();
 }
@@ -447,116 +459,116 @@ static inline long xsm_do_xsm_op 
(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
 }
 
 #ifdef CONFIG_X86
-static inline int xsm_shadow_control (struct domain *d, uint32_t op)
+static inline int xsm_shadow_control (xsm_default_t def, struct domain *d, 
uint32_t op)
 {
     return xsm_ops->shadow_control(d, op);
 }
 
-static inline int xsm_hvm_param (struct domain *d, unsigned long op)
+static inline int xsm_hvm_param (xsm_default_t def, struct domain *d, unsigned 
long op)
 {
     return xsm_ops->hvm_param(d, op);
 }
 
-static inline int xsm_hvm_set_pci_intx_level (struct domain *d)
+static inline int xsm_hvm_set_pci_intx_level (xsm_default_t def, struct domain 
*d)
 {
     return xsm_ops->hvm_set_pci_intx_level(d);
 }
 
-static inline int xsm_hvm_set_isa_irq_level (struct domain *d)
+static inline int xsm_hvm_set_isa_irq_level (xsm_default_t def, struct domain 
*d)
 {
     return xsm_ops->hvm_set_isa_irq_level(d);
 }
 
-static inline int xsm_hvm_set_pci_link_route (struct domain *d)
+static inline int xsm_hvm_set_pci_link_route (xsm_default_t def, struct domain 
*d)
 {
     return xsm_ops->hvm_set_pci_link_route(d);
 }
 
-static inline int xsm_hvm_inject_msi (struct domain *d)
+static inline int xsm_hvm_inject_msi (xsm_default_t def, struct domain *d)
 {
     return xsm_ops->hvm_inject_msi(d);
 }
 
-static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
+static inline int xsm_mem_event_control (xsm_default_t def, struct domain *d, 
int mode, int op)
 {
     return xsm_ops->mem_event_control(d, mode, op);
 }
 
-static inline int xsm_mem_event_op (struct domain *d, int op)
+static inline int xsm_mem_event_op (xsm_default_t def, struct domain *d, int 
op)
 {
     return xsm_ops->mem_event_op(d, op);
 }
 
-static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int 
op)
+static inline int xsm_mem_sharing_op (xsm_default_t def, struct domain *d, 
struct domain *cd, int op)
 {
     return xsm_ops->mem_sharing_op(d, cd, op);
 }
 
-static inline int xsm_apic (struct domain *d, int cmd)
+static inline int xsm_apic (xsm_default_t def, struct domain *d, int cmd)
 {
     return xsm_ops->apic(d, cmd);
 }
 
-static inline int xsm_memtype (uint32_t access)
+static inline int xsm_memtype (xsm_default_t def, uint32_t access)
 {
     return xsm_ops->memtype(access);
 }
 
-static inline int xsm_platform_op (uint32_t op)
+static inline int xsm_platform_op (xsm_default_t def, uint32_t op)
 {
     return xsm_ops->platform_op(op);
 }
 
-static inline int xsm_machine_memory_map(void)
+static inline int xsm_machine_memory_map(xsm_default_t def)
 {
     return xsm_ops->machine_memory_map();
 }
 
-static inline int xsm_domain_memory_map(struct domain *d)
+static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d)
 {
     return xsm_ops->domain_memory_map(d);
 }
 
-static inline int xsm_mmu_update (struct domain *d, struct domain *t,
+static inline int xsm_mmu_update (xsm_default_t def, struct domain *d, struct 
domain *t,
                                   struct domain *f, uint32_t flags)
 {
     return xsm_ops->mmu_update(d, t, f, flags);
 }
 
-static inline int xsm_mmuext_op (struct domain *d, struct domain *f)
+static inline int xsm_mmuext_op (xsm_default_t def, struct domain *d, struct 
domain *f)
 {
     return xsm_ops->mmuext_op(d, f);
 }
 
-static inline int xsm_update_va_mapping(struct domain *d, struct domain *f, 
+static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d, 
struct domain *f,
                                                             l1_pgentry_t pte)
 {
     return xsm_ops->update_va_mapping(d, f, pte);
 }
 
-static inline int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1, 
struct domain *d2)
 {
     return xsm_ops->add_to_physmap(d1, d2);
 }
 
-static inline int xsm_bind_pt_irq(struct domain *d, 
+static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d,
                                                 struct xen_domctl_bind_pt_irq 
*bind)
 {
     return xsm_ops->bind_pt_irq(d, bind);
 }
 
-static inline int xsm_unbind_pt_irq(struct domain *d,
+static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d,
                                                 struct xen_domctl_bind_pt_irq 
*bind)
 {
     return xsm_ops->unbind_pt_irq(d, bind);
 }
 
-static inline int xsm_ioport_permission (struct domain *d, uint32_t s, 
uint32_t e, uint8_t allow)
+static inline int xsm_ioport_permission (xsm_default_t def, struct domain *d, 
uint32_t s, uint32_t e, uint8_t allow)
 {
     return xsm_ops->ioport_permission(d, s, e, allow);
 }
 
-static inline int xsm_ioport_mapping (struct domain *d, uint32_t s, uint32_t 
e, uint8_t allow)
+static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, 
uint32_t s, uint32_t e, uint8_t allow)
 {
     return xsm_ops->ioport_mapping(d, s, e, allow);
 }
@@ -576,7 +588,6 @@ extern void xsm_fixup_ops(struct xsm_operations *ops);
 
 #else /* XSM_ENABLE */
 
-#define XSM_INLINE inline
 #include <xsm/dummy.h>
 
 static inline int xsm_init (unsigned long *module_map,
-- 
1.7.11.7


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.