Xen project Mailing List

[PATCH v5 01/24] xen/xsm: remove redundant flask_iomem_mapping()

From: Penny Zheng <Penny.Zheng@xxxxxxx>

Date: Fri, 12 Dec 2025 12:01:46 +0800

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=azldVw3LRxDX4G3fQuaEQzTV1XLt1yT4AZM75H1BB28=; b=ARNvnk9d4F9uds1dAreSI3YRxFT1IAiG8JU9eGOzazbF+zof3IAdstYFPZIVDdZH3wKA1aoTXG9DJTKnwxiZPEpiaocQKUZfuvs/wERYnLrkhAh9VFF81YPOEb4e2n5GXmXymYHcxEBtIE1AXytGGqz35mZllmKIhKuFT5wYPa1/ym+O5S4utNCCWJsOP/PbtSUSVG7bZMelm31T5csFhZEWPp9h5amPFyBB5JAqZoS/q2OZKdRrH3oQiIO8blsQpZgXtZi7u2PVBkbON1+pJ1qeqmQheMzybojI2PUt5nuwJewYXtDo5dEAFND9D2O+TT9Z2icgUtVChGSf5rWZDA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zEmg+qlR4vwHAlFTQZWsU29BYG8/cNr0ojahX31J3I3wVF+WlbPoWdn7TAkrnU1y5qEEXOyNMBD3wCO55G/KvfsJtxilFfkpJwZfZCFp8hNyCnj/8UAt99iROq7xNmi+p7cbZw43HlteW6OMHqxqeKM43+3uLeLethJ+rw8Zw6fmOz3cbsmT7v+q21Jn4ggvfcSWeqd+jfQ0arRdPsIgGsZ79M47hkjb0SjFFk6HMcGF3yOLoQPYhL7JFtyyfbRVoJN121eqGDqRjChV6Sqd7nE0eZzekdQqF1iQFTHKcgMq0onKYwO9a7EaonvBY6Xruf1kIMuSuRn/HrwZUc3D0A==

Cc: <ray.huang@xxxxxxx>, <grygorii_strashko@xxxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>

Delivery-date: Fri, 12 Dec 2025 04:06:41 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

xsm_iomem_mapping() in flask policy seems redundant, as it only provides an extra call layer by calling flask_iomem_permission(). It also has benefit of making a cf_check disappearing too. Suggested-by: Jan Beulich <jbeulich@xxxxxxxx> Signed-off-by: Penny Zheng <Penny.Zheng@xxxxxxx> --- v2 -> v3: - new commit --- v4 -> v5: - only folding redundant xsm_iomem_mapping() implementation --- xen/xsm/flask/hooks.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 9f3915617c..a43cd361a2 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1167,11 +1167,6 @@ static int cf_check flask_iomem_permission( return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data); } -static int cf_check flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access) -{ - return flask_iomem_permission(d, start, end, access); -} - static int cf_check flask_pci_config_permission( struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) @@ -1945,7 +1940,7 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = { .unbind_pt_irq = flask_unbind_pt_irq, .irq_permission = flask_irq_permission, .iomem_permission = flask_iomem_permission, - .iomem_mapping = flask_iomem_mapping, + .iomem_mapping = flask_iomem_permission, .pci_config_permission = flask_pci_config_permission, .resource_plug_core = flask_resource_plug_core, -- 2.34.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.