From: Jan Beulich <jbeulich@suse.com>
Subject: domctl/XSM: pass full struct xen_domctl to xsm_domctl()

Subsequently some sub-ops will want to inspect their sub-sub-ops. Plus
this way we don't need to pass SSIDref separately anymore for
domain_create.

This is part of XSA-492.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Daniel P. Smith <dpsmith@apertussolutions.com>

--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -767,7 +767,7 @@ long do_paging_domctl_cont(
     if ( d == NULL )
         return -ESRCH;
 
-    ret = xsm_domctl(XSM_OTHER, d, op.cmd, 0 /* SSIDref not applicable */);
+    ret = xsm_domctl(XSM_OTHER, d, &op);
     if ( !ret )
     {
         if ( domctl_lock_acquire() )
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -515,9 +515,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
         break;
     }
 
-    ret = xsm_domctl(XSM_OTHER, d, op->cmd,
-                     /* SSIDRef only applicable for cmd == createdomain */
-                     op->u.createdomain.ssidref);
+    ret = xsm_domctl(XSM_OTHER, d, op);
     if ( ret )
         goto domctl_out_unlock_domonly;
 
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -162,10 +162,10 @@ static XSM_INLINE int cf_check xsm_set_t
 }
 
 static XSM_INLINE int cf_check xsm_domctl(
-    XSM_DEFAULT_ARG struct domain *d, unsigned int cmd, uint32_t ssidref)
+    XSM_DEFAULT_ARG struct domain *d, struct xen_domctl *op)
 {
     XSM_ASSERT_ACTION(XSM_OTHER);
-    switch ( cmd )
+    switch ( op->cmd )
     {
     case XEN_DOMCTL_bind_pt_irq:
     case XEN_DOMCTL_getdomaininfo:
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -60,7 +60,7 @@ struct xsm_ops {
     int (*domctl_scheduler_op)(struct domain *d, int op);
     int (*sysctl_scheduler_op)(int op);
     int (*set_target)(struct domain *d, struct domain *e);
-    int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
+    int (*domctl)(struct domain *d, struct xen_domctl *op);
     int (*sysctl)(int cmd);
     int (*readconsole)(uint32_t clear);
 
@@ -249,9 +249,9 @@ static inline int xsm_set_target(
 }
 
 static inline int xsm_domctl(xsm_default_t def, struct domain *d,
-                             unsigned int cmd, uint32_t ssidref)
+                             struct xen_domctl *op)
 {
-    return alternative_call(xsm_ops.domctl, d, cmd, ssidref);
+    return alternative_call(xsm_ops.domctl, d, op);
 }
 
 static inline int xsm_sysctl(xsm_default_t def, int cmd)
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -663,10 +663,9 @@ static int cf_check flask_set_target(str
     return rc;
 }
 
-static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
-                                 uint32_t ssidref)
+static int cf_check flask_domctl(struct domain *d, struct xen_domctl *op)
 {
-    switch ( cmd )
+    switch ( op->cmd )
     {
     case XEN_DOMCTL_createdomain:
         /*
@@ -676,7 +675,8 @@ static int cf_check flask_domctl(struct
          * Note that d is NULL because we haven't even allocated memory for it
          * this early in XEN_DOMCTL_createdomain.
          */
-        return avc_current_has_perm(ssidref, SECCLASS_DOMAIN, DOMAIN__CREATE, NULL);
+        return avc_current_has_perm(op->u.createdomain.ssidref, SECCLASS_DOMAIN,
+                                    DOMAIN__CREATE, NULL);
 
     /* These have individual XSM hooks and don't make it here. */
     case XEN_DOMCTL_bind_pt_irq:
@@ -846,7 +846,7 @@ static int cf_check flask_domctl(struct
         return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__DT_OVERLAY);
 
     default:
-        return avc_unknown_permission("domctl", cmd);
+        return avc_unknown_permission("domctl", op->cmd);
     }
 }