[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] domctl/XSM: pass full struct xen_domctl to xsm_domctl()

commit 83f0e11ed16b5ceb42e47dcaab5afd35583ec5d7
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jun 4 20:20:44 2026 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Jun 9 12:45:56 2026 +0100

    domctl/XSM: pass full struct xen_domctl to xsm_domctl()
    
    Subsequently some sub-ops will want to inspect their sub-sub-ops. Plus
    this way we don't need to pass SSIDref separately anymore for
    domain_create.
    
    This is part of XSA-492.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
---
 xen/arch/x86/mm/paging.c |  2 +-
 xen/common/domctl.c      |  4 +---
 xen/include/xsm/dummy.h  |  4 ++--
 xen/include/xsm/xsm.h    |  6 +++---
 xen/xsm/flask/hooks.c    | 10 +++++-----
 5 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index 2396f81ad5..92bd7d7f26 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -747,7 +747,7 @@ long do_paging_domctl_cont(
     if ( d == NULL )
         return -ESRCH;
 
-    ret = xsm_domctl(XSM_OTHER, d, op.cmd, 0 /* SSIDref not applicable */);
+    ret = xsm_domctl(XSM_OTHER, d, &op);
     if ( !ret )
     {
         if ( domctl_lock_acquire() )
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index d22fa089e1..d28626b4ca 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -526,9 +526,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
         break;
     }
 
-    ret = xsm_domctl(XSM_OTHER, d, op->cmd,
-                     /* SSIDRef only applicable for cmd == createdomain */
-                     op->u.createdomain.ssidref);
+    ret = xsm_domctl(XSM_OTHER, d, op);
     if ( ret )
         goto domctl_out_unlock_domonly;
 
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index ed2bcc6521..19e39d9c7d 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -162,10 +162,10 @@ static XSM_INLINE int cf_check xsm_set_target(
 }
 
 static XSM_INLINE int cf_check xsm_domctl(
-    XSM_DEFAULT_ARG struct domain *d, unsigned int cmd, uint32_t ssidref)
+    XSM_DEFAULT_ARG struct domain *d, struct xen_domctl *op)
 {
     XSM_ASSERT_ACTION(XSM_OTHER);
-    switch ( cmd )
+    switch ( op->cmd )
     {
     case XEN_DOMCTL_bind_pt_irq:
     case XEN_DOMCTL_getdomaininfo:
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index cce0972f53..31bbbc1597 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -61,7 +61,7 @@ struct xsm_ops {
     int (*sysctl_scheduler_op)(int op);
 #endif
     int (*set_target)(struct domain *d, struct domain *e);
-    int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
+    int (*domctl)(struct domain *d, struct xen_domctl *op);
     int (*sysctl)(int cmd);
     int (*readconsole)(uint32_t clear);
 
@@ -258,9 +258,9 @@ static inline int xsm_set_target(
 }
 
 static inline int xsm_domctl(xsm_default_t def, struct domain *d,
-                             unsigned int cmd, uint32_t ssidref)
+                             struct xen_domctl *op)
 {
-    return alternative_call(xsm_ops.domctl, d, cmd, ssidref);
+    return alternative_call(xsm_ops.domctl, d, op);
 }
 
 static inline int xsm_sysctl(xsm_default_t def, int cmd)
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 51188f33f3..086d4c81db 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -634,10 +634,9 @@ static int cf_check flask_set_target(struct domain *d, 
struct domain *t)
     return rc;
 }
 
-static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
-                                 uint32_t ssidref)
+static int cf_check flask_domctl(struct domain *d, struct xen_domctl *op)
 {
-    switch ( cmd )
+    switch ( op->cmd )
     {
     case XEN_DOMCTL_createdomain:
         /*
@@ -647,7 +646,8 @@ static int cf_check flask_domctl(struct domain *d, unsigned 
int cmd,
          * Note that d is NULL because we haven't even allocated memory for it
          * this early in XEN_DOMCTL_createdomain.
          */
-        return avc_current_has_perm(ssidref, SECCLASS_DOMAIN, DOMAIN__CREATE, 
NULL);
+        return avc_current_has_perm(op->u.createdomain.ssidref, 
SECCLASS_DOMAIN,
+                                    DOMAIN__CREATE, NULL);
 
     /* These have individual XSM hooks and don't make it here. */
     case XEN_DOMCTL_bind_pt_irq:
@@ -822,7 +822,7 @@ static int cf_check flask_domctl(struct domain *d, unsigned 
int cmd,
         return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_LLC_COLORS);
 
     default:
-        return avc_unknown_permission("domctl", cmd);
+        return avc_unknown_permission("domctl", op->cmd);
     }
 }
 
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.