[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.19] domctl/XSM: pass full struct xen_domctl to xsm_domctl()

commit 5c86d123d7580aba4305519c39da873ada5dd124
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jun 4 21:40:34 2026 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Jun 4 21:47:50 2026 +0100

    domctl/XSM: pass full struct xen_domctl to xsm_domctl()
    
    Subsequently some sub-ops will want to inspect their sub-sub-ops. Plus
    this way we don't need to pass SSIDref separately anymore for
    domain_create.
    
    This is part of XSA-492.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
    (cherry picked from commit 83f0e11ed16b5ceb42e47dcaab5afd35583ec5d7)
---
 xen/arch/x86/mm/paging.c |  2 +-
 xen/common/domctl.c      |  4 +---
 xen/include/xsm/dummy.h  |  4 ++--
 xen/include/xsm/xsm.h    |  6 +++---
 xen/xsm/flask/hooks.c    | 10 +++++-----
 5 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index dd47bde5ce..e213171ea9 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -767,7 +767,7 @@ long do_paging_domctl_cont(
     if ( d == NULL )
         return -ESRCH;
 
-    ret = xsm_domctl(XSM_OTHER, d, op.cmd, 0 /* SSIDref not applicable */);
+    ret = xsm_domctl(XSM_OTHER, d, &op);
     if ( !ret )
     {
         if ( domctl_lock_acquire() )
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index f1f0d60615..4981ae5925 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -515,9 +515,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
         break;
     }
 
-    ret = xsm_domctl(XSM_OTHER, d, op->cmd,
-                     /* SSIDRef only applicable for cmd == createdomain */
-                     op->u.createdomain.ssidref);
+    ret = xsm_domctl(XSM_OTHER, d, op);
     if ( ret )
         goto domctl_out_unlock_domonly;
 
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index f20be2e899..a941827105 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -162,10 +162,10 @@ static XSM_INLINE int cf_check xsm_set_target(
 }
 
 static XSM_INLINE int cf_check xsm_domctl(
-    XSM_DEFAULT_ARG struct domain *d, unsigned int cmd, uint32_t ssidref)
+    XSM_DEFAULT_ARG struct domain *d, struct xen_domctl *op)
 {
     XSM_ASSERT_ACTION(XSM_OTHER);
-    switch ( cmd )
+    switch ( op->cmd )
     {
     case XEN_DOMCTL_bind_pt_irq:
     case XEN_DOMCTL_getdomaininfo:
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index f2bbe3ed8b..e91fa49d7d 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -60,7 +60,7 @@ struct xsm_ops {
     int (*domctl_scheduler_op)(struct domain *d, int op);
     int (*sysctl_scheduler_op)(int op);
     int (*set_target)(struct domain *d, struct domain *e);
-    int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
+    int (*domctl)(struct domain *d, struct xen_domctl *op);
     int (*sysctl)(int cmd);
     int (*readconsole)(uint32_t clear);
 
@@ -249,9 +249,9 @@ static inline int xsm_set_target(
 }
 
 static inline int xsm_domctl(xsm_default_t def, struct domain *d,
-                             unsigned int cmd, uint32_t ssidref)
+                             struct xen_domctl *op)
 {
-    return alternative_call(xsm_ops.domctl, d, cmd, ssidref);
+    return alternative_call(xsm_ops.domctl, d, op);
 }
 
 static inline int xsm_sysctl(xsm_default_t def, int cmd)
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 3fb4330f70..97526b4211 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -663,10 +663,9 @@ static int cf_check flask_set_target(struct domain *d, 
struct domain *t)
     return rc;
 }
 
-static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
-                                 uint32_t ssidref)
+static int cf_check flask_domctl(struct domain *d, struct xen_domctl *op)
 {
-    switch ( cmd )
+    switch ( op->cmd )
     {
     case XEN_DOMCTL_createdomain:
         /*
@@ -676,7 +675,8 @@ static int cf_check flask_domctl(struct domain *d, unsigned 
int cmd,
          * Note that d is NULL because we haven't even allocated memory for it
          * this early in XEN_DOMCTL_createdomain.
          */
-        return avc_current_has_perm(ssidref, SECCLASS_DOMAIN, DOMAIN__CREATE, 
NULL);
+        return avc_current_has_perm(op->u.createdomain.ssidref, 
SECCLASS_DOMAIN,
+                                    DOMAIN__CREATE, NULL);
 
     /* These have individual XSM hooks and don't make it here. */
     case XEN_DOMCTL_bind_pt_irq:
@@ -846,7 +846,7 @@ static int cf_check flask_domctl(struct domain *d, unsigned 
int cmd,
         return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__DT_OVERLAY);
 
     default:
-        return avc_unknown_permission("domctl", cmd);
+        return avc_unknown_permission("domctl", op->cmd);
     }
 }
 
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.19

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.