[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Penny Zheng <Penny.Zheng@xxxxxxx>
  • Date: Wed, 10 Sep 2025 15:38:16 +0800
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sPLCxnD1ZJb6r1rXSz/MjuR5iKDACsR2gEr90FFhFxk=; b=papn7aqDBMcvjvGcGClg1nriNzzStuchjIVmkjgpYsusP41MEnZRXZbnXSIkoQx2ZyHefd613XvC8gXiQg8j9t2GwZ6kdKKtmV8/e+8uDzGClX4etbniSlo6xHeHE4SxavGVaIUgCYvy0Ut5/amfH71JsLwKy0jF8y3lUCAwkbHTCm02s9eebi4IFM7UJhFXZT7ys8oF6Ut0SbSwoPEHg4hSbeT6RtNn8aNt7SQfmNR20ZRntXKQTVQ3lENmUmEOasTv9AZZ8jQPbsY3x2dzboah4SBNwdDoGP1hEUZ0cEyuzYVCl5zvIa1f9QNx9JovY4lS00nRLDp2APOBtHYU+A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ly7DLNkdRMxRw6S9/Y8rj/ZyB99eietlVtejRl0k6r8zacNApW8UekguDSPVI0uWl477AaFMQoJ7JVCdZkVNyesZL43ltXsngRGjE9d42f+2eP0J4T+4AwbSvMmFyRW2HQLxO1s4/zoDwRoCzG/7f7lwie/sqIJZgNlXCR2CL11BxWOUkr1/x6e+ro20RFtjhaHFiKDJrziMKCJJjpiDiDCpAzC4/QFwTN6Pypxx8eX53JQImB0ZH1qcR5R9KP8JWoStAzOpW6zmk1gEMxGUywnRArqZ6l0PxxdSFYlNq+6+1AuQXMFXLqCzj29f91SepG5iyhfRIkGXZdKWtfXAwA==
  • Cc: <ray.huang@xxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 10 Sep 2025 07:46:12 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
The following functions are invoked only under
XEN_DOMCTL_{irq_permission,iomem_permission} domctl-op, and shall be wrapped
with CONFIG_MGMT_HYPERCALLS:
- xsm_irq_permission
- xsm_iomem_permission

Signed-off-by: Penny Zheng <Penny.Zheng@xxxxxxx>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
 xen/include/xsm/xsm.h | 10 ++++++++++
 xen/xsm/dummy.c       |  2 ++
 xen/xsm/flask/hooks.c |  4 ++++
 3 files changed, 16 insertions(+)

diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4d332ceca2..1fcd945336 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -113,9 +113,11 @@ struct xsm_ops {
     int (*unmap_domain_irq)(struct domain *d, int irq, const void *data);
     int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
     int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq 
*bind);
+#ifdef CONFIG_MGMT_HYPERCALLS
     int (*irq_permission)(struct domain *d, int pirq, uint8_t allow);
     int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e,
                             uint8_t allow);
+#endif
     int (*iomem_mapping)(struct domain *d, uint64_t s, uint64_t e,
                          uint8_t allow);
     int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
@@ -508,13 +510,21 @@ static inline int xsm_unbind_pt_irq(
 static inline int xsm_irq_permission(
     xsm_default_t def, struct domain *d, int pirq, uint8_t allow)
 {
+#ifdef CONFIG_MGMT_HYPERCALLS
     return alternative_call(xsm_ops.irq_permission, d, pirq, allow);
+#else
+    return -EOPNOTSUPP;
+#endif
 }
 
 static inline int xsm_iomem_permission(
     xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
 {
+#ifdef CONFIG_MGMT_HYPERCALLS
     return alternative_call(xsm_ops.iomem_permission, d, s, e, allow);
+#else
+    return -EOPNOTSUPP;
+#endif
 }
 
 static inline int xsm_iomem_mapping(
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 2c878999a3..b216894579 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -73,8 +73,10 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops 
= {
     .unmap_domain_irq              = xsm_unmap_domain_irq,
     .bind_pt_irq                   = xsm_bind_pt_irq,
     .unbind_pt_irq                 = xsm_unbind_pt_irq,
+#ifdef CONFIG_MGMT_HYPERCALLS
     .irq_permission                = xsm_irq_permission,
     .iomem_permission              = xsm_iomem_permission,
+#endif
     .iomem_mapping                 = xsm_iomem_mapping,
     .pci_config_permission         = xsm_pci_config_permission,
     .get_vnumainfo                 = xsm_get_vnumainfo,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index e8a4deb2ea..198053be77 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1111,12 +1111,14 @@ static int cf_check flask_unbind_pt_irq(
     return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
 }
 
+#ifdef CONFIG_MGMT_HYPERCALLS
 static int cf_check flask_irq_permission(
     struct domain *d, int pirq, uint8_t access)
 {
     /* the PIRQ number is not useful; real IRQ is checked during mapping */
     return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
 }
+#endif /* CONFIG_MGMT_HYPERCALLS */
 
 struct iomem_has_perm_data {
     uint32_t ssid;
@@ -1943,8 +1945,10 @@ static const struct xsm_ops __initconst_cf_clobber 
flask_ops = {
     .unmap_domain_irq = flask_unmap_domain_irq,
     .bind_pt_irq = flask_bind_pt_irq,
     .unbind_pt_irq = flask_unbind_pt_irq,
+#ifdef CONFIG_MGMT_HYPERCALLS
     .irq_permission = flask_irq_permission,
     .iomem_permission = flask_iomem_permission,
+#endif
     .iomem_mapping = flask_iomem_mapping,
     .pci_config_permission = flask_pci_config_permission,
 
-- 
2.34.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.