Xen project Mailing List

[PATCH v3 19/28] xen/domctl: wrap xsm_irq_permission with CONFIG_MGMT_HYPERCALLS

From: Penny Zheng <Penny.Zheng@xxxxxxx>

Date: Mon, 13 Oct 2025 18:15:31 +0800

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S9x7Xa5KkUvXjjgvJRgz/0aHtQ5ZefYKpd00CZcZ/TA=; b=uJAFQ5akoEY2xHTpQ+5SWsX6NIstGNgvHgMOmbT1fIaOZO/w+a3ZDQzZSmyZtBt4Ih9e5aIUk+F/XF2/m0+LBaLPgEB9qUbLpy0JrmxsRyB2xAwTSKzmZIu9vHdODeAAbZmNyEm0qfUFCIuGNSFW8nI3gDnC4uHma7QG3PQqm2keCcZtbBcW6gKSc9C5JmbbMB6W5kkvedB7d1CfgvTFhdJVQOrpLPjt7SFTokyl9mpcLMi+Au2O2x9RgLc0d6NvlYKrLKiEmJx4dM6yWBr5X/olK/nfi10zpnRrI40sF8rc7Cjf98ExNGTj309YVMetkq0k6qK611C2eaMs+Dy0sw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JIE/XPUodBLpLPFOCaDDaY/iFHAKmJDiwHv+lBFH0IkYCFs7VHFjbUsgFZ9GX5PeC+nJ6wdrBrgg+GeyZeXB9wnaW4OsVosfoeKxE+fZbsUWWuaPhunS8FgEu1lLXH2Xlu67gu+b6cVxTylUsOHYeh7bOzqUs+fmt2or5CflD8YsQGQ75YkPTkei0mKuLbEKJs9bWw5Q73Xh1xspfXbKU2lie6pnBoi/Kh6BgPMgDBlZDkjDHfs+EV7l8+UTMG61icESFVeATqR/QckZNScud2itrzpc8tT47cJYPDeUXxDM3TuwRydwu5l+g8IFfpb7vg7Qj7YjHB2uoQjJYn7ZZw==

Cc: <ray.huang@xxxxxxx>, <oleksii.kurochko@xxxxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 13 Oct 2025 10:27:20 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Function xsm_irq_permission() is invoked only under XEN_DOMCTL_irq_permission domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS. Otherwise it will become unreanchable when MGMT_HYPERCALLS=n, and hence violating Misra rule 2.1. Signed-off-by: Penny Zheng <Penny.Zheng@xxxxxxx> --- v1 -> v2: - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS" --- v2 -> v3 - add missing wrapping in xsm/dummy.h - adapt to the commit of "remove redundant xsm_iomem_mapping()" - address "violating Misra rule 2.1" in commit message --- xen/include/xsm/dummy.h | 2 ++ xen/include/xsm/xsm.h | 4 ++++ xen/xsm/dummy.c | 2 ++ xen/xsm/flask/hooks.c | 4 ++++ 4 files changed, 12 insertions(+) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 5810a18087..a5deb8a975 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -564,12 +564,14 @@ static XSM_INLINE int cf_check xsm_unmap_domain_irq( return xsm_default_action(action, current->domain, d); } +#ifdef CONFIG_MGMT_HYPERCALLS static XSM_INLINE int cf_check xsm_irq_permission( XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } +#endif static XSM_INLINE int cf_check xsm_iomem_permission( XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 9dd485646a..ee43002fdb 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -115,7 +115,9 @@ struct xsm_ops { int (*unmap_domain_irq)(struct domain *d, int irq, const void *data); int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind); int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind); +#ifdef CONFIG_MGMT_HYPERCALLS int (*irq_permission)(struct domain *d, int pirq, uint8_t allow); +#endif int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e, uint8_t allow); int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf, @@ -499,11 +501,13 @@ static inline int xsm_unbind_pt_irq( return alternative_call(xsm_ops.unbind_pt_irq, d, bind); } +#ifdef CONFIG_MGMT_HYPERCALLS static inline int xsm_irq_permission( xsm_default_t def, struct domain *d, int pirq, uint8_t allow) { return alternative_call(xsm_ops.irq_permission, d, pirq, allow); } +#endif /* CONFIG_MGMT_HYPERCALLS */ static inline int xsm_iomem_permission( xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 724b2a2653..7cf00ce37e 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -73,7 +73,9 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = { .unmap_domain_irq = xsm_unmap_domain_irq, .bind_pt_irq = xsm_bind_pt_irq, .unbind_pt_irq = xsm_unbind_pt_irq, +#ifdef CONFIG_MGMT_HYPERCALLS .irq_permission = xsm_irq_permission, +#endif .iomem_permission = xsm_iomem_permission, .pci_config_permission = xsm_pci_config_permission, .get_vnumainfo = xsm_get_vnumainfo, diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 839a4cf9e6..ca07585450 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1111,12 +1111,14 @@ static int cf_check flask_unbind_pt_irq( return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } +#ifdef CONFIG_MGMT_HYPERCALLS static int cf_check flask_irq_permission( struct domain *d, int pirq, uint8_t access) { /* the PIRQ number is not useful; real IRQ is checked during mapping */ return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access)); } +#endif /* CONFIG_MGMT_HYPERCALLS */ struct iomem_has_perm_data { uint32_t ssid; @@ -1938,7 +1940,9 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = { .unmap_domain_irq = flask_unmap_domain_irq, .bind_pt_irq = flask_bind_pt_irq, .unbind_pt_irq = flask_unbind_pt_irq, +#ifdef CONFIG_MGMT_HYPERCALLS .irq_permission = flask_irq_permission, +#endif .iomem_permission = flask_iomem_permission, .pci_config_permission = flask_pci_config_permission, -- 2.34.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.