[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] domctl/XSM: drop shadow_control_op hook

commit d9d2758622422a4db0498a74c3dfd1c8168a8154
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jun 4 20:20:44 2026 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Jun 9 12:45:56 2026 +0100

    domctl/XSM: drop shadow_control_op hook
    
    Integrate the checking with xsm_domctl(), now that it has the full op
    struct passed. As a positive side effect, permissions are then checked at
    the same early point with and without Flask.
    
    This is part of XSA-492.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
---
 xen/arch/x86/mm/paging.c |  4 ----
 xen/include/xsm/dummy.h  |  7 -------
 xen/include/xsm/xsm.h    |  7 -------
 xen/xsm/dummy.c          |  1 -
 xen/xsm/flask/hooks.c    | 13 +++++++------
 5 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index 92bd7d7f26..1a58228086 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -689,10 +689,6 @@ int paging_domctl(struct domain *d, struct 
xen_domctl_shadow_op *sc,
         return -EBUSY;
     }
 
-    rc = xsm_shadow_control(XSM_HOOK, d, sc->op);
-    if ( rc )
-        return rc;
-
     /* Code to handle log-dirty. Note that some log dirty operations
      * piggy-back on shadow operations. For example, when
      * XEN_DOMCTL_SHADOW_OP_OFF is called, it first checks whether log dirty
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 19e1283d55..1dde2cd5c6 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -675,13 +675,6 @@ static XSM_INLINE int cf_check xsm_do_mca(XSM_DEFAULT_VOID)
     return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int cf_check xsm_shadow_control(
-    XSM_DEFAULT_ARG struct domain *d, uint32_t op)
-{
-    XSM_ASSERT_ACTION(XSM_HOOK);
-    return xsm_default_action(action, current->domain, d);
-}
-
 static XSM_INLINE int cf_check xsm_mem_sharing_op(
     XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op)
 {
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 266af2c7ba..dfff432ff1 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -170,7 +170,6 @@ struct xsm_ops {
 
 #ifdef CONFIG_X86
     int (*do_mca)(void);
-    int (*shadow_control)(struct domain *d, uint32_t op);
     int (*mem_sharing_op)(struct domain *d, struct domain *cd, int op);
     int (*apic)(struct domain *d, int cmd);
     int (*machine_memory_map)(void);
@@ -673,12 +672,6 @@ static inline int xsm_do_mca(xsm_default_t def)
     return alternative_call(xsm_ops.do_mca);
 }
 
-static inline int xsm_shadow_control(
-    xsm_default_t def, struct domain *d, uint32_t op)
-{
-    return alternative_call(xsm_ops.shadow_control, d, op);
-}
-
 static inline int xsm_mem_sharing_op(
     xsm_default_t def, struct domain *d, struct domain *cd, int op)
 {
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index b49bd96ef1..cfa83380e6 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -128,7 +128,6 @@ static const struct xsm_ops __initconst_cf_clobber 
dummy_ops = {
     .platform_op                   = xsm_platform_op,
 #ifdef CONFIG_X86
     .do_mca                        = xsm_do_mca,
-    .shadow_control                = xsm_shadow_control,
     .mem_sharing_op                = xsm_mem_sharing_op,
     .apic                          = xsm_apic,
     .machine_memory_map            = xsm_machine_memory_map,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index d344338fc6..a7075f742b 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -39,6 +39,7 @@
 
 #ifdef CONFIG_X86
 #include <asm/pv/shim.h>
+static int flask_shadow_control(struct domain *d, unsigned int op);
 #else
 #define pv_shim false
 #endif
@@ -666,10 +667,6 @@ static int cf_check flask_domctl(struct domain *d, struct 
xen_domctl *op)
     /* These have individual XSM hooks (common/domctl.c) */
     case XEN_DOMCTL_set_target:
 
-#ifdef CONFIG_X86
-    /* These have individual XSM hooks (arch/x86/domctl.c) */
-    case XEN_DOMCTL_shadow_op:
-#endif
 #ifdef CONFIG_HAS_PASSTHROUGH
     /*
      * These have individual XSM hooks
@@ -754,6 +751,11 @@ static int cf_check flask_domctl(struct domain *d, struct 
xen_domctl *op)
     case XEN_DOMCTL_get_address_size:
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE);
 
+#ifdef CONFIG_X86
+    case XEN_DOMCTL_shadow_op:
+        return flask_shadow_control(d, op->u.shadow_op.op);
+#endif
+
     case XEN_DOMCTL_mem_sharing_op:
         return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
 
@@ -1566,7 +1568,7 @@ static int cf_check flask_do_mca(void)
     return domain_has_xen(current->domain, XEN__MCA_OP);
 }
 
-static int cf_check flask_shadow_control(struct domain *d, uint32_t op)
+static int flask_shadow_control(struct domain *d, unsigned int op)
 {
     uint32_t perm;
 
@@ -1960,7 +1962,6 @@ static const struct xsm_ops __initconst_cf_clobber 
flask_ops = {
     .platform_op = flask_platform_op,
 #ifdef CONFIG_X86
     .do_mca = flask_do_mca,
-    .shadow_control = flask_shadow_control,
     .mem_sharing_op = flask_mem_sharing_op,
     .apic = flask_apic,
     .machine_memory_map = flask_machine_memory_map,
--
generated by git-patchbot for /home/xen/git/xen.git#staging

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.