[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.19] domctl/XSM: drop shadow_control_op hook

commit 7fcb12d5208e18124d14c81c55f193bd26cc6fc3
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jun 4 21:40:34 2026 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Jun 4 21:47:50 2026 +0100

    domctl/XSM: drop shadow_control_op hook
    
    Integrate the checking with xsm_domctl(), now that it has the full op
    struct passed. As a positive side effect, permissions are then checked at
    the same early point with and without Flask.
    
    This is part of XSA-492.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
    (cherry picked from commit d9d2758622422a4db0498a74c3dfd1c8168a8154)
---
 xen/arch/x86/mm/paging.c |  4 ----
 xen/include/xsm/dummy.h  |  7 -------
 xen/include/xsm/xsm.h    |  7 -------
 xen/xsm/dummy.c          |  1 -
 xen/xsm/flask/hooks.c    | 13 +++++++------
 5 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index e213171ea9..beb7b88e67 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -709,10 +709,6 @@ int paging_domctl(struct domain *d, struct 
xen_domctl_shadow_op *sc,
         return -EBUSY;
     }
 
-    rc = xsm_shadow_control(XSM_HOOK, d, sc->op);
-    if ( rc )
-        return rc;
-
     /* Code to handle log-dirty. Note that some log dirty operations
      * piggy-back on shadow operations. For example, when
      * XEN_DOMCTL_SHADOW_OP_OFF is called, it first checks whether log dirty
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 8352d22d43..8b3b648532 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -680,13 +680,6 @@ static XSM_INLINE int cf_check xsm_do_mca(XSM_DEFAULT_VOID)
     return xsm_default_action(action, current->domain, NULL);
 }
 
-static XSM_INLINE int cf_check xsm_shadow_control(
-    XSM_DEFAULT_ARG struct domain *d, uint32_t op)
-{
-    XSM_ASSERT_ACTION(XSM_HOOK);
-    return xsm_default_action(action, current->domain, d);
-}
-
 static XSM_INLINE int cf_check xsm_mem_sharing_op(
     XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op)
 {
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index d0e9c33927..d60917f93d 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -169,7 +169,6 @@ struct xsm_ops {
 
 #ifdef CONFIG_X86
     int (*do_mca)(void);
-    int (*shadow_control)(struct domain *d, uint32_t op);
     int (*mem_sharing_op)(struct domain *d, struct domain *cd, int op);
     int (*apic)(struct domain *d, int cmd);
     int (*machine_memory_map)(void);
@@ -657,12 +656,6 @@ static inline int xsm_do_mca(xsm_default_t def)
     return alternative_call(xsm_ops.do_mca);
 }
 
-static inline int xsm_shadow_control(
-    xsm_default_t def, struct domain *d, uint32_t op)
-{
-    return alternative_call(xsm_ops.shadow_control, d, op);
-}
-
 static inline int xsm_mem_sharing_op(
     xsm_default_t def, struct domain *d, struct domain *cd, int op)
 {
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index cb312eb7cb..f4bcefc46b 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -124,7 +124,6 @@ static const struct xsm_ops __initconst_cf_clobber 
dummy_ops = {
     .platform_op                   = xsm_platform_op,
 #ifdef CONFIG_X86
     .do_mca                        = xsm_do_mca,
-    .shadow_control                = xsm_shadow_control,
     .mem_sharing_op                = xsm_mem_sharing_op,
     .apic                          = xsm_apic,
     .machine_memory_map            = xsm_machine_memory_map,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 2b2bbb5627..96c13b71ef 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -40,6 +40,7 @@
 
 #ifdef CONFIG_X86
 #include <asm/pv/shim.h>
+static int flask_shadow_control(struct domain *d, unsigned int op);
 #else
 #define pv_shim false
 #endif
@@ -693,10 +694,6 @@ static int cf_check flask_domctl(struct domain *d, struct 
xen_domctl *op)
     /* These have individual XSM hooks (common/domctl.c) */
     case XEN_DOMCTL_set_target:
 
-#ifdef CONFIG_X86
-    /* These have individual XSM hooks (arch/x86/domctl.c) */
-    case XEN_DOMCTL_shadow_op:
-#endif
 #ifdef CONFIG_HAS_PASSTHROUGH
     /*
      * These have individual XSM hooks
@@ -781,6 +778,11 @@ static int cf_check flask_domctl(struct domain *d, struct 
xen_domctl *op)
     case XEN_DOMCTL_get_address_size:
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE);
 
+#ifdef CONFIG_X86
+    case XEN_DOMCTL_shadow_op:
+        return flask_shadow_control(d, op->u.shadow_op.op);
+#endif
+
     case XEN_DOMCTL_mem_sharing_op:
         return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
 
@@ -1587,7 +1589,7 @@ static int cf_check flask_do_mca(void)
     return domain_has_xen(current->domain, XEN__MCA_OP);
 }
 
-static int cf_check flask_shadow_control(struct domain *d, uint32_t op)
+static int flask_shadow_control(struct domain *d, unsigned int op)
 {
     uint32_t perm;
 
@@ -1968,7 +1970,6 @@ static const struct xsm_ops __initconst_cf_clobber 
flask_ops = {
     .platform_op = flask_platform_op,
 #ifdef CONFIG_X86
     .do_mca = flask_do_mca,
-    .shadow_control = flask_shadow_control,
     .mem_sharing_op = flask_mem_sharing_op,
     .apic = flask_apic,
     .machine_memory_map = flask_machine_memory_map,
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.19

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.