[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.21] XSM/Flask: split the .iomem_mapping() hook

commit a0e384c64d1149a3048e3ab5031f3057e589358b
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jun 4 21:37:32 2026 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Jun 4 21:38:04 2026 +0100

    XSM/Flask: split the .iomem_mapping() hook
    
    It's used twice in entirely different situations. The use in do_domctl()
    wants to become an ordinary XSM_DM_PRIV invocation, while the one in vPCI
    code need to remain XSM_HOOK (it may plausibly become XSM_TARGET). For
    Flask, the same backing function will continue to be used for the time
    being.
    
    This is part of XSA-492.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
    (cherry picked from commit 6bb83b1aa01bb3baabc150a881849977c82146a4)
---
 xen/drivers/vpci/header.c | 2 +-
 xen/include/xsm/dummy.h   | 7 +++++++
 xen/include/xsm/xsm.h     | 8 ++++++++
 xen/xsm/dummy.c           | 1 +
 xen/xsm/flask/hooks.c     | 1 +
 5 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/xen/drivers/vpci/header.c b/xen/drivers/vpci/header.c
index a3e8d0ec82..9fdd8c4874 100644
--- a/xen/drivers/vpci/header.c
+++ b/xen/drivers/vpci/header.c
@@ -67,7 +67,7 @@ static int cf_check map_range(
             return -EPERM;
         }
 
-        rc = xsm_iomem_mapping(XSM_HOOK, map->d, map_mfn, m_end, map->map);
+        rc = xsm_iomem_mapping_vpci(XSM_HOOK, map->d, map_mfn, m_end, 
map->map);
         if ( rc )
         {
             printk(XENLOG_G_WARNING
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 561b078419..3a83392d15 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -580,6 +580,13 @@ static XSM_INLINE int cf_check xsm_iomem_mapping(
     return xsm_default_action(action, current->domain, d);
 }
 
+static XSM_INLINE int cf_check xsm_iomem_mapping_vpci(
+    XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
+{
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, d);
+}
+
 static XSM_INLINE int cf_check xsm_pci_config_permission(
     XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, uint16_t start,
     uint16_t end, uint8_t access)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 9a23d2827c..73b58f9ee3 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -118,6 +118,8 @@ struct xsm_ops {
                             uint8_t allow);
     int (*iomem_mapping)(struct domain *d, uint64_t s, uint64_t e,
                          uint8_t allow);
+    int (*iomem_mapping_vpci)(struct domain *d, uint64_t s, uint64_t e,
+                              uint8_t allow);
     int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
                                  uint16_t start, uint16_t end, uint8_t access);
 
@@ -523,6 +525,12 @@ static inline int xsm_iomem_mapping(
     return alternative_call(xsm_ops.iomem_mapping, d, s, e, allow);
 }
 
+static inline int xsm_iomem_mapping_vpci(
+    xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
+{
+    return alternative_call(xsm_ops.iomem_mapping_vpci, d, s, e, allow);
+}
+
 static inline int xsm_pci_config_permission(
     xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start,
     uint16_t end, uint8_t access)
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 8b7e01b506..c7d030768a 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -76,6 +76,7 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops 
= {
     .irq_permission                = xsm_irq_permission,
     .iomem_permission              = xsm_iomem_permission,
     .iomem_mapping                 = xsm_iomem_mapping,
+    .iomem_mapping_vpci            = xsm_iomem_mapping_vpci,
     .pci_config_permission         = xsm_pci_config_permission,
     .get_vnumainfo                 = xsm_get_vnumainfo,
 
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 094cb7691f..19f1451d0a 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1950,6 +1950,7 @@ static const struct xsm_ops __initconst_cf_clobber 
flask_ops = {
     .irq_permission = flask_irq_permission,
     .iomem_permission = flask_iomem_permission,
     .iomem_mapping = flask_iomem_mapping,
+    .iomem_mapping_vpci = flask_iomem_mapping,
     .pci_config_permission = flask_pci_config_permission,
 
     .resource_plug_core = flask_resource_plug_core,
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.21

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.