Xen project Mailing List

[PATCH v2 25/26] xen/xsm: wrap xsm functions with CONFIG_MGMT_HYPERCALLS

From: Penny Zheng <Penny.Zheng@xxxxxxx>

Date: Wed, 10 Sep 2025 15:38:26 +0800

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hWuX102tq8N0iGW1Xc/rVxB+j69uluf4R+r4Cnb/XwU=; b=iKv5W3CgikRHbc9XWII0F+gSF9sZDdLpHgqYlepAsVROQQRaMHhGfjxpYj/tZvIxNs9YDEAusjY9v4AvgF/jZ3OVA6reZaGv6wSDF4YBk+CIOvFVbRoWB6N/uOC8FqT15U8JIKOiJdhkz0NDG7QhgoYPwAiWjpLz1VxPXmLm0ImcFUAXD8eBesDhDCBoZdt/rQCyJOOKpU+KrJpkYV1zZtr5LWioTnGUCT7y1716EzmW6DWwFkx8lq3Gkq1qz1ydRtYbOsz04GLJQvCZRkLPoK3DuronUBANdcEsP/Wn1Kz2Ed59KvRoew4nQcrBiSmoni8R/nn3QGmN2W5MJBQzzQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ps8wEh1u+KGi+t09RPAtHWmZRRNbgiW4Z+dWSJbExQRZL8APK6owBNqnFi3XfBYPxeSeMyUcpLzeIuOog7js9yuR8ClvmBaFumu5vp8zLeMEju7vQIk4Wbh6ph6RLaeke8DbIFPz3tTND79cvgKOrUWF7BkM19FgnmbP+m9KXEvzGALNJAxDYcnF+TJuLRgiS/Tdf1QRcxY0n3OgB1LoEB6q9aGWLvrg8reY7eCx89F51gbctUcCmE1BOFxKp0F/GZXvPJ8XZ6vXUSHaDndRY5nx/OMrwaeflYUued1ogBsn5VTQfSAE0ZHrdalJ2swZb/Svuopvt+mbcj+W9OA8CQ==

Cc: <ray.huang@xxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 10 Sep 2025 07:46:07 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

The following functions are xsm-related and only invoked under arch-specific domctl-op, so they shall all be wrapped with CONFIG_MGMT_HYPERCALLS: - xsm_domctl - xsm_{bind,unbind}_pt_irq - xsm_ioport_permission - xsm_ioport_mapping Signed-off-by: Penny Zheng <Penny.Zheng@xxxxxxx> --- v1 -> v2: - new commit --- xen/include/xsm/xsm.h | 14 ++++++++++++-- xen/xsm/dummy.c | 6 +++--- xen/xsm/flask/hooks.c | 12 ++++++------ 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 542488bd44..0539e3bf10 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -60,8 +60,8 @@ struct xsm_ops { int (*domctl_scheduler_op)(struct domain *d, int op); int (*sysctl_scheduler_op)(int op); int (*set_target)(struct domain *d, struct domain *e); -#endif int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref); +#endif int (*sysctl)(int cmd); int (*readconsole)(uint32_t clear); @@ -111,9 +111,9 @@ struct xsm_ops { int (*map_domain_irq)(struct domain *d, int irq, const void *data); int (*unmap_domain_pirq)(struct domain *d); int (*unmap_domain_irq)(struct domain *d, int irq, const void *data); +#ifdef CONFIG_MGMT_HYPERCALLS int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind); int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind); -#ifdef CONFIG_MGMT_HYPERCALLS int (*irq_permission)(struct domain *d, int pirq, uint8_t allow); int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e, uint8_t allow); @@ -190,10 +190,12 @@ struct xsm_ops { int (*update_va_mapping)(struct domain *d, struct domain *f, l1_pgentry_t pte); int (*priv_mapping)(struct domain *d, struct domain *t); +#ifdef CONFIG_MGMT_HYPERCALLS int (*ioport_permission)(struct domain *d, uint32_t s, uint32_t e, uint8_t allow); int (*ioport_mapping)(struct domain *d, uint32_t s, uint32_t e, uint8_t allow); +#endif int (*pmu_op)(struct domain *d, unsigned int op); #endif int (*dm_op)(struct domain *d); @@ -272,7 +274,11 @@ static inline int xsm_set_target( static inline int xsm_domctl(xsm_default_t def, struct domain *d, unsigned int cmd, uint32_t ssidref) { +#ifdef CONFIG_MGMT_HYPERCALLS return alternative_call(xsm_ops.domctl, d, cmd, ssidref); +#else + return -EOPNOTSUPP; +#endif } static inline int xsm_sysctl(xsm_default_t def, int cmd) @@ -503,6 +509,7 @@ static inline int xsm_unmap_domain_irq( return alternative_call(xsm_ops.unmap_domain_irq, d, irq, data); } +#ifdef CONFIG_MGMT_HYPERCALLS static inline int xsm_bind_pt_irq( xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { @@ -514,6 +521,7 @@ static inline int xsm_unbind_pt_irq( { return alternative_call(xsm_ops.unbind_pt_irq, d, bind); } +#endif /* CONFIG_MGMT_HYPERCALLS */ static inline int xsm_irq_permission( xsm_default_t def, struct domain *d, int pirq, uint8_t allow) @@ -757,6 +765,7 @@ static inline int xsm_priv_mapping( return alternative_call(xsm_ops.priv_mapping, d, t); } +#ifdef CONFIG_MGMT_HYPERCALLS static inline int xsm_ioport_permission( xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { @@ -768,6 +777,7 @@ static inline int xsm_ioport_mapping( { return alternative_call(xsm_ops.ioport_mapping, d, s, e, allow); } +#endif /* CONFIG_MGMT_HYPERCALLS */ static inline int xsm_pmu_op( xsm_default_t def, struct domain *d, unsigned int op) diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 2c8e0725b6..48ed724f86 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -22,9 +22,7 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = { .domctl_scheduler_op = xsm_domctl_scheduler_op, .sysctl_scheduler_op = xsm_sysctl_scheduler_op, .set_target = xsm_set_target, -#endif .domctl = xsm_domctl, -#ifdef CONFIG_MGMT_HYPERCALLS .sysctl = xsm_sysctl, .readconsole = xsm_readconsole, #endif @@ -71,9 +69,9 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = { .map_domain_irq = xsm_map_domain_irq, .unmap_domain_pirq = xsm_unmap_domain_pirq, .unmap_domain_irq = xsm_unmap_domain_irq, +#ifdef CONFIG_MGMT_HYPERCALLS .bind_pt_irq = xsm_bind_pt_irq, .unbind_pt_irq = xsm_unbind_pt_irq, -#ifdef CONFIG_MGMT_HYPERCALLS .irq_permission = xsm_irq_permission, .iomem_permission = xsm_iomem_permission, #endif @@ -143,8 +141,10 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = { .mmuext_op = xsm_mmuext_op, .update_va_mapping = xsm_update_va_mapping, .priv_mapping = xsm_priv_mapping, +#ifdef CONFIG_MGMT_HYPERCALLS .ioport_permission = xsm_ioport_permission, .ioport_mapping = xsm_ioport_mapping, +#endif .pmu_op = xsm_pmu_op, #endif .dm_op = xsm_dm_op, diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 66d8bfda3a..76bf1b5240 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -665,7 +665,6 @@ static int cf_check flask_set_target(struct domain *d, struct domain *t) &dsec->target_sid); return rc; } -#endif /* CONFIG_MGMT_HYPERCALLS */ static int cf_check flask_domctl(struct domain *d, unsigned int cmd, uint32_t ssidref) @@ -858,7 +857,6 @@ static int cf_check flask_domctl(struct domain *d, unsigned int cmd, } } -#ifdef CONFIG_MGMT_HYPERCALLS static int cf_check flask_sysctl(int cmd) { switch ( cmd ) @@ -1078,6 +1076,7 @@ static int cf_check flask_unmap_domain_irq( return rc; } +#ifdef CONFIG_MGMT_HYPERCALLS static int cf_check flask_bind_pt_irq( struct domain *d, struct xen_domctl_bind_pt_irq *bind) { @@ -1111,7 +1110,6 @@ static int cf_check flask_unbind_pt_irq( return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } -#ifdef CONFIG_MGMT_HYPERCALLS static int cf_check flask_irq_permission( struct domain *d, int pirq, uint8_t access) { @@ -1634,6 +1632,7 @@ static int cf_check flask_shadow_control(struct domain *d, uint32_t op) return current_has_perm(d, SECCLASS_SHADOW, perm); } +#ifdef CONFIG_MGMT_HYPERCALLS struct ioport_has_perm_data { uint32_t ssid; uint32_t dsid; @@ -1689,6 +1688,7 @@ static int cf_check flask_ioport_mapping( { return flask_ioport_permission(d, start, end, access); } +#endif /* CONFIG_MGMT_HYPERCALLS */ static int cf_check flask_mem_sharing_op( struct domain *d, struct domain *cd, int op) @@ -1894,9 +1894,7 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = { .domctl_scheduler_op = flask_domctl_scheduler_op, .sysctl_scheduler_op = flask_sysctl_scheduler_op, .set_target = flask_set_target, -#endif .domctl = flask_domctl, -#ifdef CONFIG_MGMT_HYPERCALLS .sysctl = flask_sysctl, .readconsole = flask_readconsole, #endif @@ -1943,9 +1941,9 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = { .map_domain_irq = flask_map_domain_irq, .unmap_domain_pirq = flask_unmap_domain_pirq, .unmap_domain_irq = flask_unmap_domain_irq, +#ifdef CONFIG_MGMT_HYPERCALLS .bind_pt_irq = flask_bind_pt_irq, .unbind_pt_irq = flask_unbind_pt_irq, -#ifdef CONFIG_MGMT_HYPERCALLS .irq_permission = flask_irq_permission, .iomem_permission = flask_iomem_permission, #endif @@ -2016,8 +2014,10 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = { .mmuext_op = flask_mmuext_op, .update_va_mapping = flask_update_va_mapping, .priv_mapping = flask_priv_mapping, +#ifdef CONFIG_MGMT_HYPERCALLS .ioport_permission = flask_ioport_permission, .ioport_mapping = flask_ioport_mapping, +#endif .pmu_op = flask_pmu_op, #endif .dm_op = flask_dm_op, -- 2.34.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.