Xen project Mailing List

Re: [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS

To: Penny Zheng <Penny.Zheng@xxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 11 Sep 2025 13:02:18 +0200

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: ray.huang@xxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 11 Sep 2025 11:02:30 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 10.09.2025 09:38, Penny Zheng wrote: > @@ -508,13 +510,21 @@ static inline int xsm_unbind_pt_irq( > static inline int xsm_irq_permission( > xsm_default_t def, struct domain *d, int pirq, uint8_t allow) > { > +#ifdef CONFIG_MGMT_HYPERCALLS > return alternative_call(xsm_ops.irq_permission, d, pirq, allow); > +#else > + return -EOPNOTSUPP; > +#endif > } > > static inline int xsm_iomem_permission( > xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t > allow) > { > +#ifdef CONFIG_MGMT_HYPERCALLS > return alternative_call(xsm_ops.iomem_permission, d, s, e, allow); > +#else > + return -EOPNOTSUPP; > +#endif > } Along the lines of Stefano's comment - why would these inline functions stay around? Them returning an error in the MGMT_HYPERCALLS=n case is actually a problem: For xsm_iomem_permission() it's only a conceptual one, but for xsm_irq_permission() you break x86's handling of XEN_DOMCTL_gsi_permission. I would have added "transiently", but from the titles of later patches I can't spot where to expect that one to be taken care of. > --- a/xen/xsm/flask/hooks.c > +++ b/xen/xsm/flask/hooks.c > @@ -1111,12 +1111,14 @@ static int cf_check flask_unbind_pt_irq( > return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); > } > > +#ifdef CONFIG_MGMT_HYPERCALLS > static int cf_check flask_irq_permission( > struct domain *d, int pirq, uint8_t access) > { > /* the PIRQ number is not useful; real IRQ is checked during mapping */ > return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access)); > } > +#endif /* CONFIG_MGMT_HYPERCALLS */ > > struct iomem_has_perm_data { > uint32_t ssid; > @@ -1943,8 +1945,10 @@ static const struct xsm_ops __initconst_cf_clobber > flask_ops = { > .unmap_domain_irq = flask_unmap_domain_irq, > .bind_pt_irq = flask_bind_pt_irq, > .unbind_pt_irq = flask_unbind_pt_irq, > +#ifdef CONFIG_MGMT_HYPERCALLS > .irq_permission = flask_irq_permission, > .iomem_permission = flask_iomem_permission, > +#endif > .iomem_mapping = flask_iomem_mapping, > .pci_config_permission = flask_pci_config_permission, > It's odd that flask_iomem_permission() remains as a function, but for the moment that looks to be necessary, as it's (oddly enough) called from flask_iomem_mapping(). However, for that one I again can't drive from titles of subsequent patches where it would be taken care of. Daniel - is this layering actually helpful? Can't we either drop flask_iomem_mapping() (with the benefit of a cf_check disappearing), or have it do directly what it wants done, rather than calling the other hook function? Having reached the bottom of the patch - what about xsm/dummy.h? Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.