[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.17] domctl: handle XEN_DOMCTL_{,un}bind_pt_irq without acquiring domctl lock

commit 43013fe6b62db276fdce162a221c06d3f29bc223
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jun 4 21:42:55 2026 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Jun 4 22:29:12 2026 +0100

    domctl: handle XEN_DOMCTL_{,un}bind_pt_irq without acquiring domctl lock
    
    With dedicated locking added, the domctl lock isn't required here anymore.
    (It also already isn't used when pt_irq_{create,destroy}_bind() are
    invoked for PVH Dom0.) As the handling is in arch-specific code, no code
    is being moved, but the 2nd (extensible to other sub-ops like the ones
    here) invocation of arch_do_domctl() is being re-used.
    
    This is part of XSA-492.
    
    Fixes: fda49f9b3fbb ("Add build option to allow more hypercalls from 
stubdoms")
    Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
    Acked-by: Julien Grall <julien@xxxxxxx>
    (cherry picked from commit e263eeaf71b961d0d6f987bf7a33c8517be1bae5)
---
 xen/arch/arm/domctl.c   | 4 ++--
 xen/arch/x86/domctl.c   | 4 ++--
 xen/common/domctl.c     | 2 ++
 xen/include/xsm/dummy.h | 8 +++-----
 xen/xsm/flask/hooks.c   | 5 ++---
 5 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
index 5508661fcf..cd93636ac1 100644
--- a/xen/arch/arm/domctl.c
+++ b/xen/arch/arm/domctl.c
@@ -102,7 +102,7 @@ long arch_do_domctl(struct xen_domctl *domctl, struct 
domain *d,
         if ( rc )
             return rc;
 
-        rc = xsm_bind_pt_irq(XSM_HOOK, d, bind);
+        rc = xsm_bind_pt_irq(XSM_DM_PRIV, d, bind);
         if ( rc )
             return rc;
 
@@ -138,7 +138,7 @@ long arch_do_domctl(struct xen_domctl *domctl, struct 
domain *d,
         if ( irq != virq )
             return -EINVAL;
 
-        rc = xsm_unbind_pt_irq(XSM_HOOK, d, bind);
+        rc = xsm_unbind_pt_irq(XSM_DM_PRIV, d, bind);
         if ( rc )
             return rc;
 
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 12d8768da3..12f1e85c30 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -531,7 +531,7 @@ long arch_do_domctl(
         if ( !is_hvm_domain(d) )
             break;
 
-        ret = xsm_bind_pt_irq(XSM_HOOK, d, bind);
+        ret = xsm_bind_pt_irq(XSM_DM_PRIV, d, bind);
         if ( ret )
             break;
 
@@ -569,7 +569,7 @@ long arch_do_domctl(
         if ( !is_hvm_domain(d) )
             break;
 
-        ret = xsm_unbind_pt_irq(XSM_HOOK, d, bind);
+        ret = xsm_unbind_pt_irq(XSM_DM_PRIV, d, bind);
         if ( ret )
             break;
 
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 0f3bb6087a..f9d9ab5e38 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -453,6 +453,8 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
     }
 
     case XEN_DOMCTL_ioport_mapping:
+    case XEN_DOMCTL_bind_pt_irq:
+    case XEN_DOMCTL_unbind_pt_irq:
         ret = arch_do_domctl(op, d, u_domctl);
         goto domctl_out_unlock_domonly;
 
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 60dc474b2b..6cdba38c83 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -168,12 +168,10 @@ static XSM_INLINE int cf_check xsm_domctl(
     switch ( cmd )
     {
     case XEN_DOMCTL_bind_pt_irq:
-    case XEN_DOMCTL_unbind_pt_irq:
-        return xsm_default_action(XSM_DM_PRIV, current->domain, d);
-
     case XEN_DOMCTL_getdomaininfo:
     case XEN_DOMCTL_ioport_mapping:
     case XEN_DOMCTL_memory_mapping:
+    case XEN_DOMCTL_unbind_pt_irq:
         ASSERT_UNREACHABLE();
         return -EILSEQ;
 
@@ -540,14 +538,14 @@ static XSM_INLINE int cf_check xsm_unmap_domain_pirq(
 static XSM_INLINE int cf_check xsm_bind_pt_irq(
     XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind)
 {
-    XSM_ASSERT_ACTION(XSM_HOOK);
+    XSM_ASSERT_ACTION(XSM_DM_PRIV);
     return xsm_default_action(action, current->domain, d);
 }
 
 static XSM_INLINE int cf_check xsm_unbind_pt_irq(
     XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind)
 {
-    XSM_ASSERT_ACTION(XSM_HOOK);
+    XSM_ASSERT_ACTION(XSM_DM_PRIV);
     return xsm_default_action(action, current->domain, d);
 }
 
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index bfdc5da2cd..19e3bfd9c7 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -679,9 +679,11 @@ static int cf_check flask_domctl(struct domain *d, 
unsigned int cmd,
         return avc_current_has_perm(ssidref, SECCLASS_DOMAIN, DOMAIN__CREATE, 
NULL);
 
     /* These have individual XSM hooks and don't make it here. */
+    case XEN_DOMCTL_bind_pt_irq:
     case XEN_DOMCTL_getdomaininfo:
     case XEN_DOMCTL_ioport_mapping:
     case XEN_DOMCTL_memory_mapping:
+    case XEN_DOMCTL_unbind_pt_irq:
         ASSERT_UNREACHABLE();
         return -EILSEQ;
 
@@ -692,9 +694,6 @@ static int cf_check flask_domctl(struct domain *d, unsigned 
int cmd,
     case XEN_DOMCTL_set_target:
     case XEN_DOMCTL_vm_event_op:
 
-    /* These have individual XSM hooks (arch/../domctl.c) */
-    case XEN_DOMCTL_bind_pt_irq:
-    case XEN_DOMCTL_unbind_pt_irq:
 #ifdef CONFIG_X86
     /* These have individual XSM hooks (arch/x86/domctl.c) */
     case XEN_DOMCTL_shadow_op:
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.17

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.