From patchwork Mon Jul 12 20:32:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372269 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5FF8C07E9A for ; Mon, 12 Jul 2021 20:27:30 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7FE01611B0 for ; Mon, 12 Jul 2021 20:27:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7FE01611B0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154760.285868 (Exim 4.92) (envelope-from ) id 1m32WJ-0007my-RZ; Mon, 12 Jul 2021 20:27:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154760.285868; Mon, 12 Jul 2021 20:27:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32WJ-0007mp-OF; Mon, 12 Jul 2021 20:27:15 +0000 Received: by outflank-mailman (input) for mailman id 154760; Mon, 12 Jul 2021 20:27:14 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32WI-0007Vs-78 for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:27:14 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 8a2cacf4-e34f-11eb-8706-12813bfff9fa; Mon, 12 Jul 2021 20:27:13 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121624633615.1024060464936; Mon, 12 Jul 2021 13:27:04 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8a2cacf4-e34f-11eb-8706-12813bfff9fa ARC-Seal: i=1; a=rsa-sha256; t=1626121627; cv=none; d=zohomail.com; s=zohoarc; b=L/vL9BjiRAQyNL5o6PslUOP9aWfjW041mBBJz1L0MDilxaAByMQhYiv3FvkviZ7+dWuaTDYGGVLkXpgQQc9zrVLLQbYgxiq+nG21QITwXkEs4qAILClM7lKAbdj/snQiLNirmdUdALvvgRkL4O9m6ig/j0erSjM6zesvF2OXKr8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121627; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=jFGpZRxd7dAEvfpeCIB9cuklmVsrATB/7yKSZCVWMz4=; b=nd8KcewbpDx7kr6z9QgeK48sayquQlREsorgldErpYA0H09TuMObsgTCwvS/xsU8q079MKTRzMuylrt7NEUSFALReXJrd6lpJuSrQbk1lfoSoRn4qdNb915F7agxQYKfGUB+973wZOCULub/B+1Zr7vdtE1+CDhI3q0GyMWauI0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121627; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=jFGpZRxd7dAEvfpeCIB9cuklmVsrATB/7yKSZCVWMz4=; b=iJ9urGDK0LCfdkxTRDUByAD7np8r+mMoajgGLKeA4RExmgFruoK3BpG/FBEv1JpX v4VNf3/QKyElkqUy/XXnp77r47L3MvpwhMfMbo0QJ8gx5AVfkNN9d2e7do6zGuehVlk SDyOhyATA0/a8heLJjikwT4rHMrrw15awZocL2tY= From: "Daniel P. Smith" To: Wei Liu , xen-devel@lists.xenproject.org Cc: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , George Dunlap , Ian Jackson , Julien Grall , Stefano Stabellini Subject: [PATCH v2 01/10] xen: Implement xen/alternative-call.h for use in common code Date: Mon, 12 Jul 2021 16:32:24 -0400 Message-Id: <20210712203233.20289-2-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External From: Andrew Cooper The alternative call infrastructure is x86-only for now, but the common iommu code has a variant and more common code wants to use the infrastructure. Introduce CONFIG_ALTERNATIVE_CALL and a conditional implemetnation so common code can use the optimisation when available, without requiring all architectures to implement no-op stubs. Write some documentation, which was thus far entirely absent, covering the requirements for an architecture to implement this optimsiation, and how to use the infrastructure in general code. Signed-off-by: Andrew Cooper --- xen/arch/x86/Kconfig | 1 + xen/common/Kconfig | 3 ++ xen/include/xen/alternative-call.h | 65 ++++++++++++++++++++++++++++++ 3 files changed, 69 insertions(+) create mode 100644 xen/include/xen/alternative-call.h diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 9b164db641..c91cdd83dc 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -9,6 +9,7 @@ config X86 select ARCH_SUPPORTS_INT128 select CORE_PARKING select HAS_ALTERNATIVE + select ALTERNATIVE_CALL select HAS_COMPAT select HAS_CPUFREQ select HAS_EHCI diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 0ddd18e11a..1594ce4e73 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -25,6 +25,9 @@ config GRANT_TABLE config HAS_ALTERNATIVE bool +config ALTERNATIVE_CALL + bool + config HAS_COMPAT bool diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h new file mode 100644 index 0000000000..11d1c26068 --- /dev/null +++ b/xen/include/xen/alternative-call.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef XEN_ALTERNATIVE_CALL +#define XEN_ALTERNATIVE_CALL + +/* + * Some subsystems in Xen may have multiple implementions, which can be + * resolved to a single implementation at boot time. By default, this will + * result in the use of function pointers. + * + * Some architectures may have mechanisms for dynamically modifying .text. + * Using this mechnaism, function pointers can be converted to direct calls + * which are typically more efficient at runtime. + * + * For architectures to support: + * + * - Implement alternative_{,v}call() in asm/alternative.h. Code generation + * requirements are to emit a function pointer call at build time, and stash + * enough metadata to simplify the call at boot once the implementation has + * been resolved. + * - Select ALTERNATIVE_CALL in Kconfig. + * + * To use: + * + * Consider the following simplified example. + * + * 1) struct foo_ops __alt_call_maybe_initdata ops; + * + * 2) struct foo_ops __alt_call_maybe_initconst foo_a_ops = { ... }; + * struct foo_ops __alt_call_maybe_initconst foo_b_ops = { ... }; + * + * void foo_init(void) + * { + * ... + * if ( use_impl_a ) + * ops = *foo_a_ops; + * else if ( use_impl_b ) + * ops = *foo_b_ops; + * ... + * } + * + * 3) alternative_call(ops.bar, ...); + * + * There needs to a single ops object (1) which will eventually contain the + * function pointers. This should be populated in foo's init() function (2) + * by one of the available implementations. To call functions, use + * alternative_{,v}call() referencing the main ops object (3). + */ + +#ifdef CONFIG_ALTERNATIVE_CALL + +#include + +#define __alt_call_maybe_initdata __initdata +#define __alt_call_maybe_initconst __initconst + +#else + +#define alternative_call(func, args...) (func)(args) +#define alternative_vcall(func, args...) (func)(args) + +#define __alt_call_maybe_initdata +#define __alt_call_maybe_initconst + +#endif /* !CONFIG_ALTERNATIVE_CALL */ +#endif /* XEN_ALTERNATIVE_CALL */ From patchwork Mon Jul 12 20:32:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372271 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 582D4C07E99 for ; Mon, 12 Jul 2021 20:27:35 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DF501611B0 for ; Mon, 12 Jul 2021 20:27:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DF501611B0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154762.285879 (Exim 4.92) (envelope-from ) id 1m32WU-0008C0-49; Mon, 12 Jul 2021 20:27:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154762.285879; Mon, 12 Jul 2021 20:27:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32WU-0008Bt-0p; Mon, 12 Jul 2021 20:27:26 +0000 Received: by outflank-mailman (input) for mailman id 154762; Mon, 12 Jul 2021 20:27:24 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32WS-00089m-ID for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:27:24 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 8fbb819a-e34f-11eb-8706-12813bfff9fa; Mon, 12 Jul 2021 20:27:22 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121625956852.6416374676493; Mon, 12 Jul 2021 13:27:05 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8fbb819a-e34f-11eb-8706-12813bfff9fa ARC-Seal: i=1; a=rsa-sha256; t=1626121627; cv=none; d=zohomail.com; s=zohoarc; b=VWYjf37AA/MPBjBL565JbWtbyTaps0GHyX1sBAyrZHzk04fUMa7RG4zNSan1fgrHxI9Egv+MMh40wuQH1pkFK71ts6yIr/V1cFe8mo7741nAiRmr+jpRE89TLbKIHJOJIPkAeb/hGfGJ10uAwJJ/+mTDalnp6FpNq8sRXumJUwE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121627; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=gDu8jJ6R5Zx5yM5PugT1EdL7sMQTspIU2RFRkJquHjo=; b=FeWAeCNPQ+WfltohGZpLcbTGCLjl1dtqmQnBZy18ieBRkVDqA/c3C6h4PHppCWvl0+n2HuZsEcxk+Wh4qr0iWDojA5Z7h0CQF0ivdo919t3sevZtScVdK4vLayGOcQ/E2TBIV8UxEbzKTJinJUzZn4c5YOi/zSN73iNoeJpOgdA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121627; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=gDu8jJ6R5Zx5yM5PugT1EdL7sMQTspIU2RFRkJquHjo=; b=KKRKxsBv+p+tMstCS8kSOXECk5N/HRgMjS3p6x0fGxG3igx2PHX+kAb3Vhiu4WwF 9ftA2fJV+qkdUO45k9VGEDDz3yB4bSjQM+7KM+z6Hqb3Mh0skwxeT+LM6ODfJu3ZvDF B4ja3RSSABxtcG83KvIDJqz2qLlnoW7QsveFkKIU= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Daniel De Graaf Subject: [PATCH v2 02/10] xsm: refactor xsm_ops handling Date: Mon, 12 Jul 2021 16:32:25 -0400 Message-Id: <20210712203233.20289-3-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External This converts the global xsm_ops from being a pointer to a struct xsm_ops to being an explicit instance. It then reworks the XSM modules init function to return their xsm_ops struct which is copied in to the global xsm_ops. Signed-off-by: Daniel P. Smith --- xen/include/xsm/xsm.h | 215 ++++++++++++++++++++------------------- xen/xsm/dummy.c | 2 - xen/xsm/flask/flask_op.c | 4 +- xen/xsm/flask/hooks.c | 11 +- xen/xsm/silo.c | 5 +- xen/xsm/xsm_core.c | 72 +++++++------ 6 files changed, 158 insertions(+), 151 deletions(-) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index ad3cddbf7d..a8805f514b 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -191,295 +191,295 @@ struct xsm_operations { #ifdef CONFIG_XSM -extern struct xsm_operations *xsm_ops; +extern struct xsm_operations xsm_ops; #ifndef XSM_NO_WRAPPERS static inline void xsm_security_domaininfo (struct domain *d, struct xen_domctl_getdomaininfo *info) { - xsm_ops->security_domaininfo(d, info); + xsm_ops.security_domaininfo(d, info); } static inline int xsm_domain_create (xsm_default_t def, struct domain *d, u32 ssidref) { - return xsm_ops->domain_create(d, ssidref); + return xsm_ops.domain_create(d, ssidref); } static inline int xsm_getdomaininfo (xsm_default_t def, struct domain *d) { - return xsm_ops->getdomaininfo(d); + return xsm_ops.getdomaininfo(d); } static inline int xsm_domctl_scheduler_op (xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops->domctl_scheduler_op(d, cmd); + return xsm_ops.domctl_scheduler_op(d, cmd); } static inline int xsm_sysctl_scheduler_op (xsm_default_t def, int cmd) { - return xsm_ops->sysctl_scheduler_op(cmd); + return xsm_ops.sysctl_scheduler_op(cmd); } static inline int xsm_set_target (xsm_default_t def, struct domain *d, struct domain *e) { - return xsm_ops->set_target(d, e); + return xsm_ops.set_target(d, e); } static inline int xsm_domctl (xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops->domctl(d, cmd); + return xsm_ops.domctl(d, cmd); } static inline int xsm_sysctl (xsm_default_t def, int cmd) { - return xsm_ops->sysctl(cmd); + return xsm_ops.sysctl(cmd); } static inline int xsm_readconsole (xsm_default_t def, uint32_t clear) { - return xsm_ops->readconsole(clear); + return xsm_ops.readconsole(clear); } static inline int xsm_evtchn_unbound (xsm_default_t def, struct domain *d1, struct evtchn *chn, domid_t id2) { - return xsm_ops->evtchn_unbound(d1, chn, id2); + return xsm_ops.evtchn_unbound(d1, chn, id2); } static inline int xsm_evtchn_interdomain (xsm_default_t def, struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { - return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2); + return xsm_ops.evtchn_interdomain(d1, chan1, d2, chan2); } static inline void xsm_evtchn_close_post (struct evtchn *chn) { - xsm_ops->evtchn_close_post(chn); + xsm_ops.evtchn_close_post(chn); } static inline int xsm_evtchn_send (xsm_default_t def, struct domain *d, struct evtchn *chn) { - return xsm_ops->evtchn_send(d, chn); + return xsm_ops.evtchn_send(d, chn); } static inline int xsm_evtchn_status (xsm_default_t def, struct domain *d, struct evtchn *chn) { - return xsm_ops->evtchn_status(d, chn); + return xsm_ops.evtchn_status(d, chn); } static inline int xsm_evtchn_reset (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->evtchn_reset(d1, d2); + return xsm_ops.evtchn_reset(d1, d2); } static inline int xsm_grant_mapref (xsm_default_t def, struct domain *d1, struct domain *d2, uint32_t flags) { - return xsm_ops->grant_mapref(d1, d2, flags); + return xsm_ops.grant_mapref(d1, d2, flags); } static inline int xsm_grant_unmapref (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_unmapref(d1, d2); + return xsm_ops.grant_unmapref(d1, d2); } static inline int xsm_grant_setup (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_setup(d1, d2); + return xsm_ops.grant_setup(d1, d2); } static inline int xsm_grant_transfer (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_transfer(d1, d2); + return xsm_ops.grant_transfer(d1, d2); } static inline int xsm_grant_copy (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_copy(d1, d2); + return xsm_ops.grant_copy(d1, d2); } static inline int xsm_grant_query_size (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_query_size(d1, d2); + return xsm_ops.grant_query_size(d1, d2); } static inline int xsm_alloc_security_domain (struct domain *d) { - return xsm_ops->alloc_security_domain(d); + return xsm_ops.alloc_security_domain(d); } static inline void xsm_free_security_domain (struct domain *d) { - xsm_ops->free_security_domain(d); + xsm_ops.free_security_domain(d); } static inline int xsm_alloc_security_evtchns( struct evtchn chn[], unsigned int nr) { - return xsm_ops->alloc_security_evtchns(chn, nr); + return xsm_ops.alloc_security_evtchns(chn, nr); } static inline void xsm_free_security_evtchns( struct evtchn chn[], unsigned int nr) { - xsm_ops->free_security_evtchns(chn, nr); + xsm_ops.free_security_evtchns(chn, nr); } static inline char *xsm_show_security_evtchn (struct domain *d, const struct evtchn *chn) { - return xsm_ops->show_security_evtchn(d, chn); + return xsm_ops.show_security_evtchn(d, chn); } static inline int xsm_init_hardware_domain (xsm_default_t def, struct domain *d) { - return xsm_ops->init_hardware_domain(d); + return xsm_ops.init_hardware_domain(d); } static inline int xsm_get_pod_target (xsm_default_t def, struct domain *d) { - return xsm_ops->get_pod_target(d); + return xsm_ops.get_pod_target(d); } static inline int xsm_set_pod_target (xsm_default_t def, struct domain *d) { - return xsm_ops->set_pod_target(d); + return xsm_ops.set_pod_target(d); } static inline int xsm_memory_exchange (xsm_default_t def, struct domain *d) { - return xsm_ops->memory_exchange(d); + return xsm_ops.memory_exchange(d); } static inline int xsm_memory_adjust_reservation (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->memory_adjust_reservation(d1, d2); + return xsm_ops.memory_adjust_reservation(d1, d2); } static inline int xsm_memory_stat_reservation (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->memory_stat_reservation(d1, d2); + return xsm_ops.memory_stat_reservation(d1, d2); } static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1, struct domain *d2, struct page_info *page) { - return xsm_ops->memory_pin_page(d1, d2, page); + return xsm_ops.memory_pin_page(d1, d2, page); } static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->add_to_physmap(d1, d2); + return xsm_ops.add_to_physmap(d1, d2); } static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->remove_from_physmap(d1, d2); + return xsm_ops.remove_from_physmap(d1, d2); } static inline int xsm_map_gmfn_foreign (xsm_default_t def, struct domain *d, struct domain *t) { - return xsm_ops->map_gmfn_foreign(d, t); + return xsm_ops.map_gmfn_foreign(d, t); } static inline int xsm_claim_pages(xsm_default_t def, struct domain *d) { - return xsm_ops->claim_pages(d); + return xsm_ops.claim_pages(d); } static inline int xsm_console_io (xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops->console_io(d, cmd); + return xsm_ops.console_io(d, cmd); } static inline int xsm_profile (xsm_default_t def, struct domain *d, int op) { - return xsm_ops->profile(d, op); + return xsm_ops.profile(d, op); } static inline int xsm_kexec (xsm_default_t def) { - return xsm_ops->kexec(); + return xsm_ops.kexec(); } static inline int xsm_schedop_shutdown (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->schedop_shutdown(d1, d2); + return xsm_ops.schedop_shutdown(d1, d2); } static inline char *xsm_show_irq_sid (int irq) { - return xsm_ops->show_irq_sid(irq); + return xsm_ops.show_irq_sid(irq); } static inline int xsm_map_domain_pirq (xsm_default_t def, struct domain *d) { - return xsm_ops->map_domain_pirq(d); + return xsm_ops.map_domain_pirq(d); } static inline int xsm_map_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data) { - return xsm_ops->map_domain_irq(d, irq, data); + return xsm_ops.map_domain_irq(d, irq, data); } static inline int xsm_unmap_domain_pirq (xsm_default_t def, struct domain *d) { - return xsm_ops->unmap_domain_pirq(d); + return xsm_ops.unmap_domain_pirq(d); } static inline int xsm_unmap_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data) { - return xsm_ops->unmap_domain_irq(d, irq, data); + return xsm_ops.unmap_domain_irq(d, irq, data); } static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return xsm_ops->bind_pt_irq(d, bind); + return xsm_ops.bind_pt_irq(d, bind); } static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return xsm_ops->unbind_pt_irq(d, bind); + return xsm_ops.unbind_pt_irq(d, bind); } static inline int xsm_irq_permission (xsm_default_t def, struct domain *d, int pirq, uint8_t allow) { - return xsm_ops->irq_permission(d, pirq, allow); + return xsm_ops.irq_permission(d, pirq, allow); } static inline int xsm_iomem_permission (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return xsm_ops->iomem_permission(d, s, e, allow); + return xsm_ops.iomem_permission(d, s, e, allow); } static inline int xsm_iomem_mapping (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return xsm_ops->iomem_mapping(d, s, e, allow); + return xsm_ops.iomem_mapping(d, s, e, allow); } static inline int xsm_pci_config_permission (xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { - return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access); + return xsm_ops.pci_config_permission(d, machine_bdf, start, end, access); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops->get_device_group(machine_bdf); + return xsm_ops.get_device_group(machine_bdf); } static inline int xsm_assign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) { - return xsm_ops->assign_device(d, machine_bdf); + return xsm_ops.assign_device(d, machine_bdf); } static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) { - return xsm_ops->deassign_device(d, machine_bdf); + return xsm_ops.deassign_device(d, machine_bdf); } #endif /* HAS_PASSTHROUGH && HAS_PCI) */ @@ -487,240 +487,240 @@ static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint3 static inline int xsm_assign_dtdevice(xsm_default_t def, struct domain *d, const char *dtpath) { - return xsm_ops->assign_dtdevice(d, dtpath); + return xsm_ops.assign_dtdevice(d, dtpath); } static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d, const char *dtpath) { - return xsm_ops->deassign_dtdevice(d, dtpath); + return xsm_ops.deassign_dtdevice(d, dtpath); } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops->resource_plug_pci(machine_bdf); + return xsm_ops.resource_plug_pci(machine_bdf); } static inline int xsm_resource_unplug_pci (xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops->resource_unplug_pci(machine_bdf); + return xsm_ops.resource_unplug_pci(machine_bdf); } static inline int xsm_resource_plug_core (xsm_default_t def) { - return xsm_ops->resource_plug_core(); + return xsm_ops.resource_plug_core(); } static inline int xsm_resource_unplug_core (xsm_default_t def) { - return xsm_ops->resource_unplug_core(); + return xsm_ops.resource_unplug_core(); } static inline int xsm_resource_setup_pci (xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops->resource_setup_pci(machine_bdf); + return xsm_ops.resource_setup_pci(machine_bdf); } static inline int xsm_resource_setup_gsi (xsm_default_t def, int gsi) { - return xsm_ops->resource_setup_gsi(gsi); + return xsm_ops.resource_setup_gsi(gsi); } static inline int xsm_resource_setup_misc (xsm_default_t def) { - return xsm_ops->resource_setup_misc(); + return xsm_ops.resource_setup_misc(); } static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd) { - return xsm_ops->page_offline(cmd); + return xsm_ops.page_offline(cmd); } static inline int xsm_hypfs_op(xsm_default_t def) { - return xsm_ops->hypfs_op(); + return xsm_ops.hypfs_op(); } static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) { - return xsm_ops->do_xsm_op(op); + return xsm_ops.do_xsm_op(op); } #ifdef CONFIG_COMPAT static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) { - return xsm_ops->do_compat_op(op); + return xsm_ops.do_compat_op(op); } #endif static inline int xsm_hvm_param (xsm_default_t def, struct domain *d, unsigned long op) { - return xsm_ops->hvm_param(d, op); + return xsm_ops.hvm_param(d, op); } static inline int xsm_hvm_control(xsm_default_t def, struct domain *d, unsigned long op) { - return xsm_ops->hvm_control(d, op); + return xsm_ops.hvm_control(d, op); } static inline int xsm_hvm_param_altp2mhvm (xsm_default_t def, struct domain *d) { - return xsm_ops->hvm_param_altp2mhvm(d); + return xsm_ops.hvm_param_altp2mhvm(d); } static inline int xsm_hvm_altp2mhvm_op (xsm_default_t def, struct domain *d, uint64_t mode, uint32_t op) { - return xsm_ops->hvm_altp2mhvm_op(d, mode, op); + return xsm_ops.hvm_altp2mhvm_op(d, mode, op); } static inline int xsm_get_vnumainfo (xsm_default_t def, struct domain *d) { - return xsm_ops->get_vnumainfo(d); + return xsm_ops.get_vnumainfo(d); } static inline int xsm_vm_event_control (xsm_default_t def, struct domain *d, int mode, int op) { - return xsm_ops->vm_event_control(d, mode, op); + return xsm_ops.vm_event_control(d, mode, op); } #ifdef CONFIG_MEM_ACCESS static inline int xsm_mem_access (xsm_default_t def, struct domain *d) { - return xsm_ops->mem_access(d); + return xsm_ops.mem_access(d); } #endif #ifdef CONFIG_MEM_PAGING static inline int xsm_mem_paging (xsm_default_t def, struct domain *d) { - return xsm_ops->mem_paging(d); + return xsm_ops.mem_paging(d); } #endif #ifdef CONFIG_MEM_SHARING static inline int xsm_mem_sharing (xsm_default_t def, struct domain *d) { - return xsm_ops->mem_sharing(d); + return xsm_ops.mem_sharing(d); } #endif static inline int xsm_platform_op (xsm_default_t def, uint32_t op) { - return xsm_ops->platform_op(op); + return xsm_ops.platform_op(op); } #ifdef CONFIG_X86 static inline int xsm_do_mca(xsm_default_t def) { - return xsm_ops->do_mca(); + return xsm_ops.do_mca(); } static inline int xsm_shadow_control (xsm_default_t def, struct domain *d, uint32_t op) { - return xsm_ops->shadow_control(d, op); + return xsm_ops.shadow_control(d, op); } static inline int xsm_mem_sharing_op (xsm_default_t def, struct domain *d, struct domain *cd, int op) { - return xsm_ops->mem_sharing_op(d, cd, op); + return xsm_ops.mem_sharing_op(d, cd, op); } static inline int xsm_apic (xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops->apic(d, cmd); + return xsm_ops.apic(d, cmd); } static inline int xsm_memtype (xsm_default_t def, uint32_t access) { - return xsm_ops->memtype(access); + return xsm_ops.memtype(access); } static inline int xsm_machine_memory_map(xsm_default_t def) { - return xsm_ops->machine_memory_map(); + return xsm_ops.machine_memory_map(); } static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d) { - return xsm_ops->domain_memory_map(d); + return xsm_ops.domain_memory_map(d); } static inline int xsm_mmu_update (xsm_default_t def, struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { - return xsm_ops->mmu_update(d, t, f, flags); + return xsm_ops.mmu_update(d, t, f, flags); } static inline int xsm_mmuext_op (xsm_default_t def, struct domain *d, struct domain *f) { - return xsm_ops->mmuext_op(d, f); + return xsm_ops.mmuext_op(d, f); } static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d, struct domain *f, l1_pgentry_t pte) { - return xsm_ops->update_va_mapping(d, f, pte); + return xsm_ops.update_va_mapping(d, f, pte); } static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d, struct domain *t) { - return xsm_ops->priv_mapping(d, t); + return xsm_ops.priv_mapping(d, t); } static inline int xsm_ioport_permission (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return xsm_ops->ioport_permission(d, s, e, allow); + return xsm_ops.ioport_permission(d, s, e, allow); } static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return xsm_ops->ioport_mapping(d, s, e, allow); + return xsm_ops.ioport_mapping(d, s, e, allow); } static inline int xsm_pmu_op (xsm_default_t def, struct domain *d, unsigned int op) { - return xsm_ops->pmu_op(d, op); + return xsm_ops.pmu_op(d, op); } #endif /* CONFIG_X86 */ static inline int xsm_dm_op(xsm_default_t def, struct domain *d) { - return xsm_ops->dm_op(d); + return xsm_ops.dm_op(d); } static inline int xsm_xen_version (xsm_default_t def, uint32_t op) { - return xsm_ops->xen_version(op); + return xsm_ops.xen_version(op); } static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d) { - return xsm_ops->domain_resource_map(d); + return xsm_ops.domain_resource_map(d); } #ifdef CONFIG_ARGO static inline int xsm_argo_enable(const struct domain *d) { - return xsm_ops->argo_enable(d); + return xsm_ops.argo_enable(d); } static inline int xsm_argo_register_single_source(const struct domain *d, const struct domain *t) { - return xsm_ops->argo_register_single_source(d, t); + return xsm_ops.argo_register_single_source(d, t); } static inline int xsm_argo_register_any_source(const struct domain *d) { - return xsm_ops->argo_register_any_source(d); + return xsm_ops.argo_register_any_source(d); } static inline int xsm_argo_send(const struct domain *d, const struct domain *t) { - return xsm_ops->argo_send(d, t); + return xsm_ops.argo_send(d, t); } #endif /* CONFIG_ARGO */ @@ -747,16 +747,14 @@ extern int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size); extern bool has_xsm_magic(paddr_t); #endif -extern int register_xsm(struct xsm_operations *ops); - -extern struct xsm_operations dummy_xsm_ops; extern void xsm_fixup_ops(struct xsm_operations *ops); #ifdef CONFIG_XSM_FLASK -extern void flask_init(const void *policy_buffer, size_t policy_size); +extern struct xsm_operations *flask_init(const void *policy_buffer, size_t policy_size); #else -static inline void flask_init(const void *policy_buffer, size_t policy_size) +static inline struct xsm_operations *flask_init(const void *policy_buffer, size_t policy_size) { + return NULL; } #endif @@ -766,9 +764,12 @@ extern const unsigned int xsm_flask_init_policy_size; #endif #ifdef CONFIG_XSM_SILO -extern void silo_init(void); +extern struct xsm_operations *silo_init(void); #else -static inline void silo_init(void) {} +static inline struct xsm_operations *silo_init(void) +{ + return NULL; +} #endif #else /* CONFIG_XSM */ diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index de44b10130..066694763a 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -13,8 +13,6 @@ #define XSM_NO_WRAPPERS #include -struct xsm_operations dummy_xsm_ops; - #define set_to_dummy_if_null(ops, function) \ do { \ if ( !ops->function ) \ diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 01e52138a1..32e079d676 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -226,6 +226,7 @@ static int flask_security_sid(struct xen_flask_sid_context *arg) static int flask_disable(void) { static int flask_disabled = 0; + struct xsm_operations default_ops; if ( ss_initialized ) { @@ -244,7 +245,8 @@ static int flask_disable(void) flask_disabled = 1; /* Reset xsm_ops to the original module. */ - xsm_ops = &dummy_xsm_ops; + xsm_fixup_ops(&default_ops); + xsm_ops = default_ops; return 0; } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index f1a1217c98..a3a88aa8ed 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1883,7 +1883,8 @@ static struct xsm_operations flask_ops = { #endif }; -void __init flask_init(const void *policy_buffer, size_t policy_size) +struct xsm_operations __init *flask_init(const void *policy_buffer, + size_t policy_size) { int ret = -ENOENT; @@ -1891,7 +1892,7 @@ void __init flask_init(const void *policy_buffer, size_t policy_size) { case FLASK_BOOTPARAM_DISABLED: printk(XENLOG_INFO "Flask: Disabled at boot.\n"); - return; + return NULL; case FLASK_BOOTPARAM_PERMISSIVE: flask_enforcing = 0; @@ -1908,9 +1909,6 @@ void __init flask_init(const void *policy_buffer, size_t policy_size) avc_init(); - if ( register_xsm(&flask_ops) ) - panic("Flask: Unable to register with XSM\n"); - if ( policy_size && flask_bootparam != FLASK_BOOTPARAM_LATELOAD ) ret = security_load_policy(policy_buffer, policy_size); @@ -1923,6 +1921,9 @@ void __init flask_init(const void *policy_buffer, size_t policy_size) printk(XENLOG_INFO "Flask: Starting in enforcing mode.\n"); else printk(XENLOG_INFO "Flask: Starting in permissive mode.\n"); + + return &flask_ops; + } /* diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index fc2ca5cd2d..808350f122 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -112,12 +112,11 @@ static struct xsm_operations silo_xsm_ops = { #endif }; -void __init silo_init(void) +struct xsm_operations __init *silo_init(void) { printk("Initialising XSM SILO mode\n"); - if ( register_xsm(&silo_xsm_ops) ) - panic("SILO: Unable to register with XSM\n"); + return &silo_xsm_ops; } /* diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 5eab21e1b1..7265f742e9 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -28,9 +28,17 @@ #include #endif -#define XSM_FRAMEWORK_VERSION "1.0.0" +#define XSM_FRAMEWORK_VERSION "1.0.1" -struct xsm_operations *xsm_ops; +struct xsm_operations xsm_ops; + +enum xsm_ops_state { + XSM_OPS_UNREGISTERED, + XSM_OPS_REG_FAILED, + XSM_OPS_REGISTERED, +}; + +static enum xsm_ops_state xsm_ops_registered = XSM_OPS_UNREGISTERED; enum xsm_bootparam { XSM_BOOTPARAM_DUMMY, @@ -68,17 +76,10 @@ static int __init parse_xsm_param(const char *s) } custom_param("xsm", parse_xsm_param); -static inline int verify(struct xsm_operations *ops) -{ - /* verify the security_operations structure exists */ - if ( !ops ) - return -EINVAL; - xsm_fixup_ops(ops); - return 0; -} - static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) { + struct xsm_operations *mod_ops; + #ifdef CONFIG_XSM_FLASK_POLICY if ( policy_size == 0 ) { @@ -87,25 +88,35 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) } #endif - if ( verify(&dummy_xsm_ops) ) + if ( xsm_ops_registered != XSM_OPS_UNREGISTERED ) { - printk(XENLOG_ERR "Could not verify dummy_xsm_ops structure\n"); + printk(XENLOG_ERR + "Could not init XSM, xsm_ops register already attempted\n"); return -EIO; } - xsm_ops = &dummy_xsm_ops; - switch ( xsm_bootparam ) { case XSM_BOOTPARAM_DUMMY: + xsm_ops_registered = XSM_OPS_REGISTERED; break; case XSM_BOOTPARAM_FLASK: - flask_init(policy_buffer, policy_size); + mod_ops = flask_init(policy_buffer, policy_size); + if ( mod_ops ) + { + xsm_ops_registered = XSM_OPS_REGISTERED; + xsm_ops = *mod_ops; + } break; case XSM_BOOTPARAM_SILO: - silo_init(); + mod_ops = silo_init(); + if ( mod_ops ) + { + xsm_ops_registered = XSM_OPS_REGISTERED; + xsm_ops = *mod_ops; + } break; default: @@ -113,6 +124,17 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) break; } + /* + * This handles three cases, + * - dummy policy module was selected + * - a policy module does not provide all handlers + * - a policy module failed to init + */ + xsm_fixup_ops(&xsm_ops); + + if ( xsm_ops_registered != XSM_OPS_REGISTERED ) + xsm_ops_registered = XSM_OPS_REG_FAILED; + return 0; } @@ -195,22 +217,6 @@ bool __init has_xsm_magic(paddr_t start) } #endif -int __init register_xsm(struct xsm_operations *ops) -{ - if ( verify(ops) ) - { - printk(XENLOG_ERR "Could not verify xsm_operations structure\n"); - return -EINVAL; - } - - if ( xsm_ops != &dummy_xsm_ops ) - return -EAGAIN; - - xsm_ops = ops; - - return 0; -} - #endif long do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) From patchwork Mon Jul 12 20:32:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372273 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 460D8C07E99 for ; Mon, 12 Jul 2021 20:27:42 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1120D611C1 for ; Mon, 12 Jul 2021 20:27:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1120D611C1 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154766.285890 (Exim 4.92) (envelope-from ) id 1m32Wd-0000JF-Hu; Mon, 12 Jul 2021 20:27:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154766.285890; Mon, 12 Jul 2021 20:27:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Wd-0000J8-EB; Mon, 12 Jul 2021 20:27:35 +0000 Received: by outflank-mailman (input) for mailman id 154766; Mon, 12 Jul 2021 20:27:34 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Wc-0000G7-8D for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:27:34 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 94fe06b5-e34f-11eb-8706-12813bfff9fa; Mon, 12 Jul 2021 20:27:32 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121626885671.5433375318461; Mon, 12 Jul 2021 13:27:06 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 94fe06b5-e34f-11eb-8706-12813bfff9fa ARC-Seal: i=1; a=rsa-sha256; t=1626121629; cv=none; d=zohomail.com; s=zohoarc; b=CPvP9wgoNh6e900cWHvPfPJAqIhFY/wuJyLEBOu8t9t9WRfyXknfQETgfOIlgNPUZop5fkKHKbtaIy+QadstSZhxt7fu8art7m/Zo2ult0YPOMBWJKAEGk8yipZD2alZz9brtAhicKUfu27Ayf8uJoOnIVuzI1nPBIn9hVKnaVs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121629; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=d8fvO/Y/tL6tNfEYDxIkBWTObzNZmpuF9LQtKCVWxKw=; b=cjS+iWNY2hiV2AfL9+jkkvK8QqDbE2aZxk7TU6K7UxyJhWjq5GJobc3V5X7fREi0rcGY/bjr33dpOYI+R12eUViRrwsWL4dGsW+TRTJM1k0yhxzog9aokK+nfytrgYYcFXtP+KTjWNaz4DlRQn/9TW8zLq5AogiSO2G+7b3ATw8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121629; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=d8fvO/Y/tL6tNfEYDxIkBWTObzNZmpuF9LQtKCVWxKw=; b=qth+65wrriwEHe5ifQ45PT8aEiUOHvNw5rTEkNvGHsrz6u7y6I5MwScUdXBi/ne4 YzRXIKJInl7kMDbZz1/1RXeV3U7dzv65zW+kQ1VWIj43qvpXXbATsmLp4RQgMfvX502 nUEmnxBZHxcMkG4PN/mhr0OF+QQpSZsbc6q4ha3g= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Daniel De Graaf Subject: [PATCH v2 03/10] xsm: remove the ability to disable flask Date: Mon, 12 Jul 2021 16:32:26 -0400 Message-Id: <20210712203233.20289-4-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External The flask XSM module provided the ability to switch from flask back to the dummy XSM module during runtime. With this removal the only way to switch between XSM modules is at boot time. Signed-off-by: Daniel P. Smith --- xen/xsm/flask/flask_op.c | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 32e079d676..f41c025391 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -223,34 +223,6 @@ static int flask_security_sid(struct xen_flask_sid_context *arg) #ifndef COMPAT -static int flask_disable(void) -{ - static int flask_disabled = 0; - struct xsm_operations default_ops; - - if ( ss_initialized ) - { - /* Not permitted after initial policy load. */ - return -EINVAL; - } - - if ( flask_disabled ) - { - /* Only do this once. */ - return -EINVAL; - } - - printk("Flask: Disabled at runtime.\n"); - - flask_disabled = 1; - - /* Reset xsm_ops to the original module. */ - xsm_fixup_ops(&default_ops); - xsm_ops = default_ops; - - return 0; -} - static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *arg) { int rv = 0; @@ -700,10 +672,6 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op) rv = flask_mls_enabled; break; - case FLASK_DISABLE: - rv = flask_disable(); - break; - case FLASK_GETAVC_THRESHOLD: rv = avc_cache_threshold; break; From patchwork Mon Jul 12 20:32:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372275 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62AE7C07E99 for ; Mon, 12 Jul 2021 20:27:49 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 12D7F611C1 for ; Mon, 12 Jul 2021 20:27:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 12D7F611C1 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154768.285901 (Exim 4.92) (envelope-from ) id 1m32Wi-0000nZ-RY; Mon, 12 Jul 2021 20:27:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154768.285901; Mon, 12 Jul 2021 20:27:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Wi-0000nQ-O3; Mon, 12 Jul 2021 20:27:40 +0000 Received: by outflank-mailman (input) for mailman id 154768; Mon, 12 Jul 2021 20:27:39 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Wh-0000G7-8I for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:27:39 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 97c07288-e34f-11eb-8706-12813bfff9fa; Mon, 12 Jul 2021 20:27:35 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121627762864.2744382381806; Mon, 12 Jul 2021 13:27:07 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 97c07288-e34f-11eb-8706-12813bfff9fa ARC-Seal: i=1; a=rsa-sha256; t=1626121630; cv=none; d=zohomail.com; s=zohoarc; b=JtXw0c/QAuWlMItpCxtOcMSakPlMF5JUK6OQ86TinynIVBZg9Rdd3BwTtMh0ccfDwEKLlAI+di3mTWdbqtSyfixZo6UVdfVWTQeflKUxwYCbVpU9dJRSTvUfedrfCoiNHxa5gtZaC9MJ4ydVYJA5jFCsnzn6TswXdJRaN68smW4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121630; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=EVI3r5/NVdfiqnv6zKBaOaVGS6sc4GpYB+jbYAB3278=; b=M1fotNt3dNX7csmmnXTGV5dwbpop29L39X2/imz+4vy1CJGpG91ZfYo1Vk+KuisSy/dIaOQOheHVPwHenuLREURx6YiwcBpDKrwOGyoXMmUb3kuxOJ6wPMdu88dawRIQfh8oT8Jy2rR0t28NkJl06A8Yzw5jlAPXYbu4Xcf0d7Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121630; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=EVI3r5/NVdfiqnv6zKBaOaVGS6sc4GpYB+jbYAB3278=; b=ubqOetPqQGbufsPD7ZLy2dKTyfHbgfRklIBVrjt8pwiEjtlEMABZHYD9i1/4Y9bW +aR6rVby5WFmjcACdiae2sGzn+ge+oILk73//5Q9LRIy0KbIFBzEMZJktC92QQ0A6YW /TDq64zyAKpg5e2kq0makiJJqpCPQntugTQbPNsQ= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Daniel De Graaf Subject: [PATCH v2 04/10] xsm: convert xsm_ops hook calls to alternative call Date: Mon, 12 Jul 2021 16:32:27 -0400 Message-Id: <20210712203233.20289-5-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External To reduce retpolines convert all the pointer function calls of the xsm_ops hooks over to the alternative_call infrastructure. Signed-off-by: Daniel P. Smith --- xen/include/xsm/xsm.h | 195 +++++++++++++++++++++--------------------- 1 file changed, 99 insertions(+), 96 deletions(-) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index a8805f514b..a39b5dc42f 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -15,6 +15,9 @@ #ifndef __XSM_H__ #define __XSM_H__ +#ifdef CONFIG_XSM +#include +#endif #include #include @@ -198,288 +201,288 @@ extern struct xsm_operations xsm_ops; static inline void xsm_security_domaininfo (struct domain *d, struct xen_domctl_getdomaininfo *info) { - xsm_ops.security_domaininfo(d, info); + alternative_vcall(xsm_ops.security_domaininfo, d, info); } static inline int xsm_domain_create (xsm_default_t def, struct domain *d, u32 ssidref) { - return xsm_ops.domain_create(d, ssidref); + return alternative_call(xsm_ops.domain_create, d, ssidref); } static inline int xsm_getdomaininfo (xsm_default_t def, struct domain *d) { - return xsm_ops.getdomaininfo(d); + return alternative_call(xsm_ops.getdomaininfo, d); } static inline int xsm_domctl_scheduler_op (xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops.domctl_scheduler_op(d, cmd); + return alternative_call(xsm_ops.domctl_scheduler_op, d, cmd); } static inline int xsm_sysctl_scheduler_op (xsm_default_t def, int cmd) { - return xsm_ops.sysctl_scheduler_op(cmd); + return alternative_call(xsm_ops.sysctl_scheduler_op, cmd); } static inline int xsm_set_target (xsm_default_t def, struct domain *d, struct domain *e) { - return xsm_ops.set_target(d, e); + return alternative_call(xsm_ops.set_target, d, e); } static inline int xsm_domctl (xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops.domctl(d, cmd); + return alternative_call(xsm_ops.domctl, d, cmd); } static inline int xsm_sysctl (xsm_default_t def, int cmd) { - return xsm_ops.sysctl(cmd); + return alternative_call(xsm_ops.sysctl, cmd); } static inline int xsm_readconsole (xsm_default_t def, uint32_t clear) { - return xsm_ops.readconsole(clear); + return alternative_call(xsm_ops.readconsole, clear); } static inline int xsm_evtchn_unbound (xsm_default_t def, struct domain *d1, struct evtchn *chn, domid_t id2) { - return xsm_ops.evtchn_unbound(d1, chn, id2); + return alternative_call(xsm_ops.evtchn_unbound, d1, chn, id2); } static inline int xsm_evtchn_interdomain (xsm_default_t def, struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { - return xsm_ops.evtchn_interdomain(d1, chan1, d2, chan2); + return alternative_call(xsm_ops.evtchn_interdomain, d1, chan1, d2, chan2); } static inline void xsm_evtchn_close_post (struct evtchn *chn) { - xsm_ops.evtchn_close_post(chn); + alternative_vcall(xsm_ops.evtchn_close_post, chn); } static inline int xsm_evtchn_send (xsm_default_t def, struct domain *d, struct evtchn *chn) { - return xsm_ops.evtchn_send(d, chn); + return alternative_call(xsm_ops.evtchn_send, d, chn); } static inline int xsm_evtchn_status (xsm_default_t def, struct domain *d, struct evtchn *chn) { - return xsm_ops.evtchn_status(d, chn); + return alternative_call(xsm_ops.evtchn_status, d, chn); } static inline int xsm_evtchn_reset (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.evtchn_reset(d1, d2); + return alternative_call(xsm_ops.evtchn_reset, d1, d2); } static inline int xsm_grant_mapref (xsm_default_t def, struct domain *d1, struct domain *d2, uint32_t flags) { - return xsm_ops.grant_mapref(d1, d2, flags); + return alternative_call(xsm_ops.grant_mapref, d1, d2, flags); } static inline int xsm_grant_unmapref (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_unmapref(d1, d2); + return alternative_call(xsm_ops.grant_unmapref, d1, d2); } static inline int xsm_grant_setup (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_setup(d1, d2); + return alternative_call(xsm_ops.grant_setup, d1, d2); } static inline int xsm_grant_transfer (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_transfer(d1, d2); + return alternative_call(xsm_ops.grant_transfer, d1, d2); } static inline int xsm_grant_copy (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_copy(d1, d2); + return alternative_call(xsm_ops.grant_copy, d1, d2); } static inline int xsm_grant_query_size (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_query_size(d1, d2); + return alternative_call(xsm_ops.grant_query_size, d1, d2); } static inline int xsm_alloc_security_domain (struct domain *d) { - return xsm_ops.alloc_security_domain(d); + return alternative_call(xsm_ops.alloc_security_domain, d); } static inline void xsm_free_security_domain (struct domain *d) { - xsm_ops.free_security_domain(d); + alternative_vcall(xsm_ops.free_security_domain, d); } static inline int xsm_alloc_security_evtchns( struct evtchn chn[], unsigned int nr) { - return xsm_ops.alloc_security_evtchns(chn, nr); + return alternative_call(xsm_ops.alloc_security_evtchns, chn, nr); } static inline void xsm_free_security_evtchns( struct evtchn chn[], unsigned int nr) { - xsm_ops.free_security_evtchns(chn, nr); + alternative_vcall(xsm_ops.free_security_evtchns, chn, nr); } static inline char *xsm_show_security_evtchn (struct domain *d, const struct evtchn *chn) { - return xsm_ops.show_security_evtchn(d, chn); + return alternative_call(xsm_ops.show_security_evtchn, d, chn); } static inline int xsm_init_hardware_domain (xsm_default_t def, struct domain *d) { - return xsm_ops.init_hardware_domain(d); + return alternative_call(xsm_ops.init_hardware_domain, d); } static inline int xsm_get_pod_target (xsm_default_t def, struct domain *d) { - return xsm_ops.get_pod_target(d); + return alternative_call(xsm_ops.get_pod_target, d); } static inline int xsm_set_pod_target (xsm_default_t def, struct domain *d) { - return xsm_ops.set_pod_target(d); + return alternative_call(xsm_ops.set_pod_target, d); } static inline int xsm_memory_exchange (xsm_default_t def, struct domain *d) { - return xsm_ops.memory_exchange(d); + return alternative_call(xsm_ops.memory_exchange, d); } static inline int xsm_memory_adjust_reservation (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.memory_adjust_reservation(d1, d2); + return alternative_call(xsm_ops.memory_adjust_reservation, d1, d2); } static inline int xsm_memory_stat_reservation (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.memory_stat_reservation(d1, d2); + return alternative_call(xsm_ops.memory_stat_reservation, d1, d2); } static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1, struct domain *d2, struct page_info *page) { - return xsm_ops.memory_pin_page(d1, d2, page); + return alternative_call(xsm_ops.memory_pin_page, d1, d2, page); } static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.add_to_physmap(d1, d2); + return alternative_call(xsm_ops.add_to_physmap, d1, d2); } static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.remove_from_physmap(d1, d2); + return alternative_call(xsm_ops.remove_from_physmap, d1, d2); } static inline int xsm_map_gmfn_foreign (xsm_default_t def, struct domain *d, struct domain *t) { - return xsm_ops.map_gmfn_foreign(d, t); + return alternative_call(xsm_ops.map_gmfn_foreign, d, t); } static inline int xsm_claim_pages(xsm_default_t def, struct domain *d) { - return xsm_ops.claim_pages(d); + return alternative_call(xsm_ops.claim_pages, d); } static inline int xsm_console_io (xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops.console_io(d, cmd); + return alternative_call(xsm_ops.console_io, d, cmd); } static inline int xsm_profile (xsm_default_t def, struct domain *d, int op) { - return xsm_ops.profile(d, op); + return alternative_call(xsm_ops.profile, d, op); } static inline int xsm_kexec (xsm_default_t def) { - return xsm_ops.kexec(); + return alternative_call(xsm_ops.kexec); } static inline int xsm_schedop_shutdown (xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.schedop_shutdown(d1, d2); + return alternative_call(xsm_ops.schedop_shutdown, d1, d2); } static inline char *xsm_show_irq_sid (int irq) { - return xsm_ops.show_irq_sid(irq); + return alternative_call(xsm_ops.show_irq_sid, irq); } static inline int xsm_map_domain_pirq (xsm_default_t def, struct domain *d) { - return xsm_ops.map_domain_pirq(d); + return alternative_call(xsm_ops.map_domain_pirq, d); } static inline int xsm_map_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data) { - return xsm_ops.map_domain_irq(d, irq, data); + return alternative_call(xsm_ops.map_domain_irq, d, irq, data); } static inline int xsm_unmap_domain_pirq (xsm_default_t def, struct domain *d) { - return xsm_ops.unmap_domain_pirq(d); + return alternative_call(xsm_ops.unmap_domain_pirq, d); } static inline int xsm_unmap_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data) { - return xsm_ops.unmap_domain_irq(d, irq, data); + return alternative_call(xsm_ops.unmap_domain_irq, d, irq, data); } static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return xsm_ops.bind_pt_irq(d, bind); + return alternative_call(xsm_ops.bind_pt_irq, d, bind); } static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return xsm_ops.unbind_pt_irq(d, bind); + return alternative_call(xsm_ops.unbind_pt_irq, d, bind); } static inline int xsm_irq_permission (xsm_default_t def, struct domain *d, int pirq, uint8_t allow) { - return xsm_ops.irq_permission(d, pirq, allow); + return alternative_call(xsm_ops.irq_permission, d, pirq, allow); } static inline int xsm_iomem_permission (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return xsm_ops.iomem_permission(d, s, e, allow); + return alternative_call(xsm_ops.iomem_permission, d, s, e, allow); } static inline int xsm_iomem_mapping (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return xsm_ops.iomem_mapping(d, s, e, allow); + return alternative_call(xsm_ops.iomem_mapping, d, s, e, allow); } static inline int xsm_pci_config_permission (xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { - return xsm_ops.pci_config_permission(d, machine_bdf, start, end, access); + return alternative_call(xsm_ops.pci_config_permission, d, machine_bdf, start, end, access); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops.get_device_group(machine_bdf); + return alternative_call(xsm_ops.get_device_group, machine_bdf); } static inline int xsm_assign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) { - return xsm_ops.assign_device(d, machine_bdf); + return alternative_call(xsm_ops.assign_device, d, machine_bdf); } static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) { - return xsm_ops.deassign_device(d, machine_bdf); + return alternative_call(xsm_ops.deassign_device, d, machine_bdf); } #endif /* HAS_PASSTHROUGH && HAS_PCI) */ @@ -487,60 +490,60 @@ static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint3 static inline int xsm_assign_dtdevice(xsm_default_t def, struct domain *d, const char *dtpath) { - return xsm_ops.assign_dtdevice(d, dtpath); + return alternative_call(xsm_ops.assign_dtdevice, d, dtpath); } static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d, const char *dtpath) { - return xsm_ops.deassign_dtdevice(d, dtpath); + return alternative_call(xsm_ops.deassign_dtdevice, d, dtpath); } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops.resource_plug_pci(machine_bdf); + return alternative_call(xsm_ops.resource_plug_pci, machine_bdf); } static inline int xsm_resource_unplug_pci (xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops.resource_unplug_pci(machine_bdf); + return alternative_call(xsm_ops.resource_unplug_pci, machine_bdf); } static inline int xsm_resource_plug_core (xsm_default_t def) { - return xsm_ops.resource_plug_core(); + return alternative_call(xsm_ops.resource_plug_core); } static inline int xsm_resource_unplug_core (xsm_default_t def) { - return xsm_ops.resource_unplug_core(); + return alternative_call(xsm_ops.resource_unplug_core); } static inline int xsm_resource_setup_pci (xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops.resource_setup_pci(machine_bdf); + return alternative_call(xsm_ops.resource_setup_pci, machine_bdf); } static inline int xsm_resource_setup_gsi (xsm_default_t def, int gsi) { - return xsm_ops.resource_setup_gsi(gsi); + return alternative_call(xsm_ops.resource_setup_gsi, gsi); } static inline int xsm_resource_setup_misc (xsm_default_t def) { - return xsm_ops.resource_setup_misc(); + return alternative_call(xsm_ops.resource_setup_misc); } static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd) { - return xsm_ops.page_offline(cmd); + return alternative_call(xsm_ops.page_offline, cmd); } static inline int xsm_hypfs_op(xsm_default_t def) { - return xsm_ops.hypfs_op(); + return alternative_call(xsm_ops.hypfs_op); } static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) @@ -557,105 +560,105 @@ static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) static inline int xsm_hvm_param (xsm_default_t def, struct domain *d, unsigned long op) { - return xsm_ops.hvm_param(d, op); + return alternative_call(xsm_ops.hvm_param, d, op); } static inline int xsm_hvm_control(xsm_default_t def, struct domain *d, unsigned long op) { - return xsm_ops.hvm_control(d, op); + return alternative_call(xsm_ops.hvm_control, d, op); } static inline int xsm_hvm_param_altp2mhvm (xsm_default_t def, struct domain *d) { - return xsm_ops.hvm_param_altp2mhvm(d); + return alternative_call(xsm_ops.hvm_param_altp2mhvm, d); } static inline int xsm_hvm_altp2mhvm_op (xsm_default_t def, struct domain *d, uint64_t mode, uint32_t op) { - return xsm_ops.hvm_altp2mhvm_op(d, mode, op); + return alternative_call(xsm_ops.hvm_altp2mhvm_op, d, mode, op); } static inline int xsm_get_vnumainfo (xsm_default_t def, struct domain *d) { - return xsm_ops.get_vnumainfo(d); + return alternative_call(xsm_ops.get_vnumainfo, d); } static inline int xsm_vm_event_control (xsm_default_t def, struct domain *d, int mode, int op) { - return xsm_ops.vm_event_control(d, mode, op); + return alternative_call(xsm_ops.vm_event_control, d, mode, op); } #ifdef CONFIG_MEM_ACCESS static inline int xsm_mem_access (xsm_default_t def, struct domain *d) { - return xsm_ops.mem_access(d); + return alternative_call(xsm_ops.mem_access, d); } #endif #ifdef CONFIG_MEM_PAGING static inline int xsm_mem_paging (xsm_default_t def, struct domain *d) { - return xsm_ops.mem_paging(d); + return alternative_call(xsm_ops.mem_paging, d); } #endif #ifdef CONFIG_MEM_SHARING static inline int xsm_mem_sharing (xsm_default_t def, struct domain *d) { - return xsm_ops.mem_sharing(d); + return alternative_call(xsm_ops.mem_sharing, d); } #endif static inline int xsm_platform_op (xsm_default_t def, uint32_t op) { - return xsm_ops.platform_op(op); + return alternative_call(xsm_ops.platform_op, op); } #ifdef CONFIG_X86 static inline int xsm_do_mca(xsm_default_t def) { - return xsm_ops.do_mca(); + return alternative_call(xsm_ops.do_mca); } static inline int xsm_shadow_control (xsm_default_t def, struct domain *d, uint32_t op) { - return xsm_ops.shadow_control(d, op); + return alternative_call(xsm_ops.shadow_control, d, op); } static inline int xsm_mem_sharing_op (xsm_default_t def, struct domain *d, struct domain *cd, int op) { - return xsm_ops.mem_sharing_op(d, cd, op); + return alternative_call(xsm_ops.mem_sharing_op, d, cd, op); } static inline int xsm_apic (xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops.apic(d, cmd); + return alternative_call(xsm_ops.apic, d, cmd); } static inline int xsm_memtype (xsm_default_t def, uint32_t access) { - return xsm_ops.memtype(access); + return alternative_call(xsm_ops.memtype, access); } static inline int xsm_machine_memory_map(xsm_default_t def) { - return xsm_ops.machine_memory_map(); + return alternative_call(xsm_ops.machine_memory_map); } static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d) { - return xsm_ops.domain_memory_map(d); + return alternative_call(xsm_ops.domain_memory_map, d); } static inline int xsm_mmu_update (xsm_default_t def, struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { - return xsm_ops.mmu_update(d, t, f, flags); + return alternative_call(xsm_ops.mmu_update, d, t, f, flags); } static inline int xsm_mmuext_op (xsm_default_t def, struct domain *d, struct domain *f) { - return xsm_ops.mmuext_op(d, f); + return alternative_call(xsm_ops.mmuext_op, d, f); } static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d, struct domain *f, @@ -666,61 +669,61 @@ static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d, str static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d, struct domain *t) { - return xsm_ops.priv_mapping(d, t); + return alternative_call(xsm_ops.priv_mapping, d, t); } static inline int xsm_ioport_permission (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return xsm_ops.ioport_permission(d, s, e, allow); + return alternative_call(xsm_ops.ioport_permission, d, s, e, allow); } static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return xsm_ops.ioport_mapping(d, s, e, allow); + return alternative_call(xsm_ops.ioport_mapping, d, s, e, allow); } static inline int xsm_pmu_op (xsm_default_t def, struct domain *d, unsigned int op) { - return xsm_ops.pmu_op(d, op); + return alternative_call(xsm_ops.pmu_op, d, op); } #endif /* CONFIG_X86 */ static inline int xsm_dm_op(xsm_default_t def, struct domain *d) { - return xsm_ops.dm_op(d); + return alternative_call(xsm_ops.dm_op, d); } static inline int xsm_xen_version (xsm_default_t def, uint32_t op) { - return xsm_ops.xen_version(op); + return alternative_call(xsm_ops.xen_version, op); } static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d) { - return xsm_ops.domain_resource_map(d); + return alternative_call(xsm_ops.domain_resource_map, d); } #ifdef CONFIG_ARGO static inline int xsm_argo_enable(const struct domain *d) { - return xsm_ops.argo_enable(d); + return alternative_call(xsm_ops.argo_enable, d); } static inline int xsm_argo_register_single_source(const struct domain *d, const struct domain *t) { - return xsm_ops.argo_register_single_source(d, t); + return alternative_call(xsm_ops.argo_register_single_source, d, t); } static inline int xsm_argo_register_any_source(const struct domain *d) { - return xsm_ops.argo_register_any_source(d); + return alternative_call(xsm_ops.argo_register_any_source, d); } static inline int xsm_argo_send(const struct domain *d, const struct domain *t) { - return xsm_ops.argo_send(d, t); + return alternative_call(xsm_ops.argo_send, d, t); } #endif /* CONFIG_ARGO */ From patchwork Mon Jul 12 20:32:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372277 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3EDD6C11F66 for ; Mon, 12 Jul 2021 20:27:54 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D85D9611B0 for ; Mon, 12 Jul 2021 20:27:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D85D9611B0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154770.285912 (Exim 4.92) (envelope-from ) id 1m32Wm-00019G-5g; Mon, 12 Jul 2021 20:27:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154770.285912; Mon, 12 Jul 2021 20:27:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Wm-000193-1n; Mon, 12 Jul 2021 20:27:44 +0000 Received: by outflank-mailman (input) for mailman id 154770; Mon, 12 Jul 2021 20:27:43 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Wk-00017U-Tv for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:27:42 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 985ecf20-0016-42bb-ac26-01c09d25bdeb; Mon, 12 Jul 2021 20:27:40 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121628684837.3979961814088; Mon, 12 Jul 2021 13:27:08 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 985ecf20-0016-42bb-ac26-01c09d25bdeb ARC-Seal: i=1; a=rsa-sha256; t=1626121631; cv=none; d=zohomail.com; s=zohoarc; b=hDDRonRt/SYhncgPrsOzeA5RyJiAmaGrE/l9MaRor2PCEiiMIlSCKEaV9wc0iyu9guZVPmsLrXNCfEWIcOi1mQASAtq6rJQyHcxaelu4Q3Zc8PEVWzgpXLVJ4czfARBbrP1Aih5hnVCptmyZtYNsF2YuOPHTnzZClb32jDqlJUc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121631; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=KR8/Pq1GSk4sRI4dMypnhhBZKWMZPy2srdbMZbah3fs=; b=ZEtRN0qBQkbX+XFcVKvwxLB9DKSDbX2FoC7XX6imy7wyXkinK+nBE1MTZtHzBzIM2n8D6QOYTRt7mjAZQYjNsGSHWMSMDmpGH75cqORRdluwEuziTsAGW3SEYXe1nRQIdTjMSx0n/TUuqRiOr8uBCk3pI4Y5WTbnC+HjzZ4lbmE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121631; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=KR8/Pq1GSk4sRI4dMypnhhBZKWMZPy2srdbMZbah3fs=; b=dJIDtnYUXA0EKMosopboHdACPJxj9vp4bWSNJfUbtlgRFlF6rG05bZh3NMfTCcVO JV1ayJE+NQOCcK0LW0CHjKIlIJsx0TZ5nYv49TuBLPLO1RF6xjCmTJZBJT+pFPQeBsf wCo+2oia84FwXyBChqoLavtVzDYDvAR4/0rHudkA= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Daniel De Graaf Subject: [PATCH v2 05/10] xsm: decouple xsm header inclusion selection Date: Mon, 12 Jul 2021 16:32:28 -0400 Message-Id: <20210712203233.20289-6-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External Multiple preprocessor defines were used as a mechanism to selective include parts of the xsm.h header file. This makes it difficult to know which portion is being included at anyone time. This commit works to simplify this by separating the core structure and functions of XSM into xsm-core.h away from the wrapper functions which remain in xsm.h and dummy.h. Signed-off-by: Daniel P. Smith --- xen/include/xsm/dummy.h | 2 +- xen/include/xsm/xsm-core.h | 263 +++++++++++++++++++++++++++++++++++++ xen/include/xsm/xsm.h | 241 +-------------------------------- xen/xsm/dummy.c | 1 - xen/xsm/silo.c | 1 - 5 files changed, 265 insertions(+), 243 deletions(-) create mode 100644 xen/include/xsm/xsm-core.h diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 363c6d7798..c445c5681b 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -16,7 +16,7 @@ */ #include -#include +#include #include /* Cannot use BUILD_BUG_ON here because the expressions we check are not diff --git a/xen/include/xsm/xsm-core.h b/xen/include/xsm/xsm-core.h new file mode 100644 index 0000000000..4f5e7a7d17 --- /dev/null +++ b/xen/include/xsm/xsm-core.h @@ -0,0 +1,263 @@ +/* + * This file contains the XSM hook definitions for Xen. + * + * This work is based on the LSM implementation in Linux 2.6.13.4. + * + * Author: George Coker, + * + * Contributors: Michael LeMay, + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + */ + +#ifndef __XSM_CORE_H__ +#define __XSM_CORE_H__ + +#include +#include + +typedef void xsm_op_t; +DEFINE_XEN_GUEST_HANDLE(xsm_op_t); + +/* policy magic number (defined by XSM_MAGIC) */ +typedef u32 xsm_magic_t; + +#ifdef CONFIG_XSM_FLASK +#define XSM_MAGIC 0xf97cff8c +#else +#define XSM_MAGIC 0x0 +#endif + +/* These annotations are used by callers and in dummy.h to document the + * default actions of XSM hooks. They should be compiled out otherwise. + */ +enum xsm_default { + XSM_HOOK, /* Guests can normally access the hypercall */ + XSM_DM_PRIV, /* Device model can perform on its target domain */ + XSM_TARGET, /* Can perform on self or your target domain */ + XSM_PRIV, /* Privileged - normally restricted to dom0 */ + XSM_XS_PRIV, /* Xenstore domain - can do some privileged operations */ + XSM_OTHER /* Something more complex */ +}; +typedef enum xsm_default xsm_default_t; + +struct xsm_operations { + void (*security_domaininfo) (struct domain *d, + struct xen_domctl_getdomaininfo *info); + int (*domain_create) (struct domain *d, u32 ssidref); + int (*getdomaininfo) (struct domain *d); + int (*domctl_scheduler_op) (struct domain *d, int op); + int (*sysctl_scheduler_op) (int op); + int (*set_target) (struct domain *d, struct domain *e); + int (*domctl) (struct domain *d, int cmd); + int (*sysctl) (int cmd); + int (*readconsole) (uint32_t clear); + + int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2); + int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1, + struct domain *d2, struct evtchn *chn2); + void (*evtchn_close_post) (struct evtchn *chn); + int (*evtchn_send) (struct domain *d, struct evtchn *chn); + int (*evtchn_status) (struct domain *d, struct evtchn *chn); + int (*evtchn_reset) (struct domain *d1, struct domain *d2); + + int (*grant_mapref) (struct domain *d1, struct domain *d2, uint32_t flags); + int (*grant_unmapref) (struct domain *d1, struct domain *d2); + int (*grant_setup) (struct domain *d1, struct domain *d2); + int (*grant_transfer) (struct domain *d1, struct domain *d2); + int (*grant_copy) (struct domain *d1, struct domain *d2); + int (*grant_query_size) (struct domain *d1, struct domain *d2); + + int (*alloc_security_domain) (struct domain *d); + void (*free_security_domain) (struct domain *d); + int (*alloc_security_evtchns) (struct evtchn chn[], unsigned int nr); + void (*free_security_evtchns) (struct evtchn chn[], unsigned int nr); + char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn); + int (*init_hardware_domain) (struct domain *d); + + int (*get_pod_target) (struct domain *d); + int (*set_pod_target) (struct domain *d); + int (*memory_exchange) (struct domain *d); + int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2); + int (*memory_stat_reservation) (struct domain *d1, struct domain *d2); + int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct page_info *page); + int (*add_to_physmap) (struct domain *d1, struct domain *d2); + int (*remove_from_physmap) (struct domain *d1, struct domain *d2); + int (*map_gmfn_foreign) (struct domain *d, struct domain *t); + int (*claim_pages) (struct domain *d); + + int (*console_io) (struct domain *d, int cmd); + + int (*profile) (struct domain *d, int op); + + int (*kexec) (void); + int (*schedop_shutdown) (struct domain *d1, struct domain *d2); + + char *(*show_irq_sid) (int irq); + int (*map_domain_pirq) (struct domain *d); + int (*map_domain_irq) (struct domain *d, int irq, const void *data); + int (*unmap_domain_pirq) (struct domain *d); + int (*unmap_domain_irq) (struct domain *d, int irq, const void *data); + int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); + int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); + int (*irq_permission) (struct domain *d, int pirq, uint8_t allow); + int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow); + int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow); + int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access); + +#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) + int (*get_device_group) (uint32_t machine_bdf); + int (*assign_device) (struct domain *d, uint32_t machine_bdf); + int (*deassign_device) (struct domain *d, uint32_t machine_bdf); +#endif + +#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) + int (*assign_dtdevice) (struct domain *d, const char *dtpath); + int (*deassign_dtdevice) (struct domain *d, const char *dtpath); +#endif + + int (*resource_plug_core) (void); + int (*resource_unplug_core) (void); + int (*resource_plug_pci) (uint32_t machine_bdf); + int (*resource_unplug_pci) (uint32_t machine_bdf); + int (*resource_setup_pci) (uint32_t machine_bdf); + int (*resource_setup_gsi) (int gsi); + int (*resource_setup_misc) (void); + + int (*page_offline)(uint32_t cmd); + int (*hypfs_op)(void); + + long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op); +#ifdef CONFIG_COMPAT + int (*do_compat_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op); +#endif + + int (*hvm_param) (struct domain *d, unsigned long op); + int (*hvm_control) (struct domain *d, unsigned long op); + int (*hvm_param_altp2mhvm) (struct domain *d); + int (*hvm_altp2mhvm_op) (struct domain *d, uint64_t mode, uint32_t op); + int (*get_vnumainfo) (struct domain *d); + + int (*vm_event_control) (struct domain *d, int mode, int op); + +#ifdef CONFIG_MEM_ACCESS + int (*mem_access) (struct domain *d); +#endif + +#ifdef CONFIG_MEM_PAGING + int (*mem_paging) (struct domain *d); +#endif + +#ifdef CONFIG_MEM_SHARING + int (*mem_sharing) (struct domain *d); +#endif + + int (*platform_op) (uint32_t cmd); + +#ifdef CONFIG_X86 + int (*do_mca) (void); + int (*shadow_control) (struct domain *d, uint32_t op); + int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op); + int (*apic) (struct domain *d, int cmd); + int (*memtype) (uint32_t access); + int (*machine_memory_map) (void); + int (*domain_memory_map) (struct domain *d); +#define XSM_MMU_UPDATE_READ 1 +#define XSM_MMU_UPDATE_WRITE 2 +#define XSM_MMU_NORMAL_UPDATE 4 +#define XSM_MMU_MACHPHYS_UPDATE 8 + int (*mmu_update) (struct domain *d, struct domain *t, + struct domain *f, uint32_t flags); + int (*mmuext_op) (struct domain *d, struct domain *f); + int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t pte); + int (*priv_mapping) (struct domain *d, struct domain *t); + int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); + int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); + int (*pmu_op) (struct domain *d, unsigned int op); +#endif + int (*dm_op) (struct domain *d); + int (*xen_version) (uint32_t cmd); + int (*domain_resource_map) (struct domain *d); +#ifdef CONFIG_ARGO + int (*argo_enable) (const struct domain *d); + int (*argo_register_single_source) (const struct domain *d, + const struct domain *t); + int (*argo_register_any_source) (const struct domain *d); + int (*argo_send) (const struct domain *d, const struct domain *t); +#endif +}; + +extern void xsm_fixup_ops(struct xsm_operations *ops); + +#ifdef CONFIG_XSM + +#ifdef CONFIG_MULTIBOOT +extern int xsm_multiboot_init(unsigned long *module_map, + const multiboot_info_t *mbi); +extern int xsm_multiboot_policy_init(unsigned long *module_map, + const multiboot_info_t *mbi, + void **policy_buffer, + size_t *policy_size); +#endif + +#ifdef CONFIG_HAS_DEVICE_TREE +/* + * Initialize XSM + * + * On success, return 1 if using SILO mode else 0. + */ +extern int xsm_dt_init(void); +extern int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size); +extern bool has_xsm_magic(paddr_t); +#endif + +#ifdef CONFIG_XSM_FLASK +extern struct xsm_operations *flask_init(const void *policy_buffer, size_t policy_size); +#else +static inline struct xsm_operations *flask_init(const void *policy_buffer, size_t policy_size) +{ + return NULL; +} +#endif + +#ifdef CONFIG_XSM_FLASK_POLICY +extern const unsigned char xsm_flask_init_policy[]; +extern const unsigned int xsm_flask_init_policy_size; +#endif + +#ifdef CONFIG_XSM_SILO +extern struct xsm_operations *silo_init(void); +#else +static inline struct xsm_operations *silo_init(void) +{ + return NULL; +} +#endif + +#else /* CONFIG_XSM */ + +#ifdef CONFIG_MULTIBOOT +static inline int xsm_multiboot_init (unsigned long *module_map, + const multiboot_info_t *mbi) +{ + return 0; +} +#endif + +#ifdef CONFIG_HAS_DEVICE_TREE +static inline int xsm_dt_init(void) +{ + return 0; +} + +static inline bool has_xsm_magic(paddr_t start) +{ + return false; +} +#endif /* CONFIG_HAS_DEVICE_TREE */ + +#endif /* CONFIG_XSM */ + +#endif /* __XSM_CORE_H */ diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index a39b5dc42f..f86cea4f88 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -20,184 +20,12 @@ #endif #include #include - -typedef void xsm_op_t; -DEFINE_XEN_GUEST_HANDLE(xsm_op_t); - -/* policy magic number (defined by XSM_MAGIC) */ -typedef u32 xsm_magic_t; - -#ifdef CONFIG_XSM_FLASK -#define XSM_MAGIC 0xf97cff8c -#else -#define XSM_MAGIC 0x0 -#endif - -/* These annotations are used by callers and in dummy.h to document the - * default actions of XSM hooks. They should be compiled out otherwise. - */ -enum xsm_default { - XSM_HOOK, /* Guests can normally access the hypercall */ - XSM_DM_PRIV, /* Device model can perform on its target domain */ - XSM_TARGET, /* Can perform on self or your target domain */ - XSM_PRIV, /* Privileged - normally restricted to dom0 */ - XSM_XS_PRIV, /* Xenstore domain - can do some privileged operations */ - XSM_OTHER /* Something more complex */ -}; -typedef enum xsm_default xsm_default_t; - -struct xsm_operations { - void (*security_domaininfo) (struct domain *d, - struct xen_domctl_getdomaininfo *info); - int (*domain_create) (struct domain *d, u32 ssidref); - int (*getdomaininfo) (struct domain *d); - int (*domctl_scheduler_op) (struct domain *d, int op); - int (*sysctl_scheduler_op) (int op); - int (*set_target) (struct domain *d, struct domain *e); - int (*domctl) (struct domain *d, int cmd); - int (*sysctl) (int cmd); - int (*readconsole) (uint32_t clear); - - int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2); - int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1, - struct domain *d2, struct evtchn *chn2); - void (*evtchn_close_post) (struct evtchn *chn); - int (*evtchn_send) (struct domain *d, struct evtchn *chn); - int (*evtchn_status) (struct domain *d, struct evtchn *chn); - int (*evtchn_reset) (struct domain *d1, struct domain *d2); - - int (*grant_mapref) (struct domain *d1, struct domain *d2, uint32_t flags); - int (*grant_unmapref) (struct domain *d1, struct domain *d2); - int (*grant_setup) (struct domain *d1, struct domain *d2); - int (*grant_transfer) (struct domain *d1, struct domain *d2); - int (*grant_copy) (struct domain *d1, struct domain *d2); - int (*grant_query_size) (struct domain *d1, struct domain *d2); - - int (*alloc_security_domain) (struct domain *d); - void (*free_security_domain) (struct domain *d); - int (*alloc_security_evtchns) (struct evtchn chn[], unsigned int nr); - void (*free_security_evtchns) (struct evtchn chn[], unsigned int nr); - char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn); - int (*init_hardware_domain) (struct domain *d); - - int (*get_pod_target) (struct domain *d); - int (*set_pod_target) (struct domain *d); - int (*memory_exchange) (struct domain *d); - int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2); - int (*memory_stat_reservation) (struct domain *d1, struct domain *d2); - int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct page_info *page); - int (*add_to_physmap) (struct domain *d1, struct domain *d2); - int (*remove_from_physmap) (struct domain *d1, struct domain *d2); - int (*map_gmfn_foreign) (struct domain *d, struct domain *t); - int (*claim_pages) (struct domain *d); - - int (*console_io) (struct domain *d, int cmd); - - int (*profile) (struct domain *d, int op); - - int (*kexec) (void); - int (*schedop_shutdown) (struct domain *d1, struct domain *d2); - - char *(*show_irq_sid) (int irq); - int (*map_domain_pirq) (struct domain *d); - int (*map_domain_irq) (struct domain *d, int irq, const void *data); - int (*unmap_domain_pirq) (struct domain *d); - int (*unmap_domain_irq) (struct domain *d, int irq, const void *data); - int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); - int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); - int (*irq_permission) (struct domain *d, int pirq, uint8_t allow); - int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow); - int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow); - int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access); - -#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) - int (*get_device_group) (uint32_t machine_bdf); - int (*assign_device) (struct domain *d, uint32_t machine_bdf); - int (*deassign_device) (struct domain *d, uint32_t machine_bdf); -#endif - -#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) - int (*assign_dtdevice) (struct domain *d, const char *dtpath); - int (*deassign_dtdevice) (struct domain *d, const char *dtpath); -#endif - - int (*resource_plug_core) (void); - int (*resource_unplug_core) (void); - int (*resource_plug_pci) (uint32_t machine_bdf); - int (*resource_unplug_pci) (uint32_t machine_bdf); - int (*resource_setup_pci) (uint32_t machine_bdf); - int (*resource_setup_gsi) (int gsi); - int (*resource_setup_misc) (void); - - int (*page_offline)(uint32_t cmd); - int (*hypfs_op)(void); - - long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op); -#ifdef CONFIG_COMPAT - int (*do_compat_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op); -#endif - - int (*hvm_param) (struct domain *d, unsigned long op); - int (*hvm_control) (struct domain *d, unsigned long op); - int (*hvm_param_altp2mhvm) (struct domain *d); - int (*hvm_altp2mhvm_op) (struct domain *d, uint64_t mode, uint32_t op); - int (*get_vnumainfo) (struct domain *d); - - int (*vm_event_control) (struct domain *d, int mode, int op); - -#ifdef CONFIG_MEM_ACCESS - int (*mem_access) (struct domain *d); -#endif - -#ifdef CONFIG_MEM_PAGING - int (*mem_paging) (struct domain *d); -#endif - -#ifdef CONFIG_MEM_SHARING - int (*mem_sharing) (struct domain *d); -#endif - - int (*platform_op) (uint32_t cmd); - -#ifdef CONFIG_X86 - int (*do_mca) (void); - int (*shadow_control) (struct domain *d, uint32_t op); - int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op); - int (*apic) (struct domain *d, int cmd); - int (*memtype) (uint32_t access); - int (*machine_memory_map) (void); - int (*domain_memory_map) (struct domain *d); -#define XSM_MMU_UPDATE_READ 1 -#define XSM_MMU_UPDATE_WRITE 2 -#define XSM_MMU_NORMAL_UPDATE 4 -#define XSM_MMU_MACHPHYS_UPDATE 8 - int (*mmu_update) (struct domain *d, struct domain *t, - struct domain *f, uint32_t flags); - int (*mmuext_op) (struct domain *d, struct domain *f); - int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t pte); - int (*priv_mapping) (struct domain *d, struct domain *t); - int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); - int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); - int (*pmu_op) (struct domain *d, unsigned int op); -#endif - int (*dm_op) (struct domain *d); - int (*xen_version) (uint32_t cmd); - int (*domain_resource_map) (struct domain *d); -#ifdef CONFIG_ARGO - int (*argo_enable) (const struct domain *d); - int (*argo_register_single_source) (const struct domain *d, - const struct domain *t); - int (*argo_register_any_source) (const struct domain *d); - int (*argo_send) (const struct domain *d, const struct domain *t); -#endif -}; +#include #ifdef CONFIG_XSM extern struct xsm_operations xsm_ops; -#ifndef XSM_NO_WRAPPERS - static inline void xsm_security_domaininfo (struct domain *d, struct xen_domctl_getdomaininfo *info) { @@ -728,77 +556,10 @@ static inline int xsm_argo_send(const struct domain *d, const struct domain *t) #endif /* CONFIG_ARGO */ -#endif /* XSM_NO_WRAPPERS */ - -#ifdef CONFIG_MULTIBOOT -extern int xsm_multiboot_init(unsigned long *module_map, - const multiboot_info_t *mbi); -extern int xsm_multiboot_policy_init(unsigned long *module_map, - const multiboot_info_t *mbi, - void **policy_buffer, - size_t *policy_size); -#endif - -#ifdef CONFIG_HAS_DEVICE_TREE -/* - * Initialize XSM - * - * On success, return 1 if using SILO mode else 0. - */ -extern int xsm_dt_init(void); -extern int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size); -extern bool has_xsm_magic(paddr_t); -#endif - -extern void xsm_fixup_ops(struct xsm_operations *ops); - -#ifdef CONFIG_XSM_FLASK -extern struct xsm_operations *flask_init(const void *policy_buffer, size_t policy_size); -#else -static inline struct xsm_operations *flask_init(const void *policy_buffer, size_t policy_size) -{ - return NULL; -} -#endif - -#ifdef CONFIG_XSM_FLASK_POLICY -extern const unsigned char xsm_flask_init_policy[]; -extern const unsigned int xsm_flask_init_policy_size; -#endif - -#ifdef CONFIG_XSM_SILO -extern struct xsm_operations *silo_init(void); -#else -static inline struct xsm_operations *silo_init(void) -{ - return NULL; -} -#endif - #else /* CONFIG_XSM */ #include -#ifdef CONFIG_MULTIBOOT -static inline int xsm_multiboot_init (unsigned long *module_map, - const multiboot_info_t *mbi) -{ - return 0; -} -#endif - -#ifdef CONFIG_HAS_DEVICE_TREE -static inline int xsm_dt_init(void) -{ - return 0; -} - -static inline bool has_xsm_magic(paddr_t start) -{ - return false; -} -#endif /* CONFIG_HAS_DEVICE_TREE */ - #endif /* CONFIG_XSM */ #endif /* __XSM_H */ diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 066694763a..de4d6cf2cf 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -10,7 +10,6 @@ * as published by the Free Software Foundation. */ -#define XSM_NO_WRAPPERS #include #define set_to_dummy_if_null(ops, function) \ diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index 808350f122..754787e895 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -17,7 +17,6 @@ * You should have received a copy of the GNU General Public License along with * this program; If not, see . */ -#define XSM_NO_WRAPPERS #include /* From patchwork Mon Jul 12 20:32:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372279 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7FF6C07E99 for ; Mon, 12 Jul 2021 20:28:02 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6CB6D611C1 for ; Mon, 12 Jul 2021 20:28:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6CB6D611C1 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154776.285923 (Exim 4.92) (envelope-from ) id 1m32Wv-0001w7-LL; Mon, 12 Jul 2021 20:27:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154776.285923; Mon, 12 Jul 2021 20:27:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Wv-0001vx-I1; Mon, 12 Jul 2021 20:27:53 +0000 Received: by outflank-mailman (input) for mailman id 154776; Mon, 12 Jul 2021 20:27:53 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Wu-0001pl-SF for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:27:52 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 5e5d01e6-93c0-4ebc-9d40-2aa5879800ae; Mon, 12 Jul 2021 20:27:49 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121630315142.0329323422933; Mon, 12 Jul 2021 13:27:10 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5e5d01e6-93c0-4ebc-9d40-2aa5879800ae ARC-Seal: i=1; a=rsa-sha256; t=1626121631; cv=none; d=zohomail.com; s=zohoarc; b=eMZ2mICuKz7KK7nRBfbpxL+RCwjb+0L904DD4LwaO7ZITFVCOvt5aUJo13prRZjtarFllZtkqKCK9ZMtysd1CBAfNkB/UzaWD8KSaZauXeng6Ws/v6Xw/+wvKxPWNu4TyjXbSMeo/YpvsRdQQ/G5oZ/ciAQZOzaI/c/2lngRg3Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121631; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=YWzPA5qzQSXMCUu1twwJ0OViSWCY5jll7afwMfCQ5A0=; b=bWUsQVTvvJuooyQExDF6fEmLDMfWWbr62p0u4gK+GnRsbphxf0A7qJlzft4O7/A1OCdUk/89zVGdX/e07htE7a/sMQBZthOYP46qdUg/sF/2oQy+FFNhTYUWCsqlO8N9lu9RqN0GakoUcd4RcR8TFKJLLy6CEFjc52D4ESW/0QI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121631; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=YWzPA5qzQSXMCUu1twwJ0OViSWCY5jll7afwMfCQ5A0=; b=BsKXOKMw4lFEl1j9hrwm0E8IqZgIPM18IoW1ThHICw+dc7eYR/O/ytGuKb6NbxjU C9/zysmE8BcXfSI/NclpR9LtfYF198qQ3aq2BRoz4BV6XaGf7b6ZXjXhP3lpB3nsp+E fxFbb8cIWOr1k5nMBX0oNtQi1LUWk7cZnkZE3qnQ= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Andrew Cooper , George Dunlap , Ian Jackson , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Daniel De Graaf Subject: [PATCH v2 06/10] xsm: enable xsm to always be included Date: Mon, 12 Jul 2021 16:32:29 -0400 Message-Id: <20210712203233.20289-7-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External The only difference between !CONFIG_XSM and CONFIG_XSM when SILO and FLASK are not enabled is whether the XSM hooks in dummy.h are called as static inline functions or as function pointers to static functions. As such this commit, * eliminates CONFIG_XSM * introduces CONFIG_XSM_EVTCHN_LABELING as replacement for enabling event channel labels * makes CONFIG_XSM_SILO AND CONFIG_XSM_FLASK default to no Signed-off-by: Daniel P. Smith --- xen/common/Kconfig | 51 ++++---- xen/include/xen/sched.h | 2 +- xen/include/xsm/xsm-core.h | 26 ---- xen/include/xsm/xsm.h | 8 -- xen/xsm/Makefile | 4 +- xen/xsm/dummy.c | 4 +- xen/{include => }/xsm/dummy.h | 220 ++++++++++++++++------------------ xen/xsm/silo.c | 17 +-- xen/xsm/xsm_core.c | 4 - 9 files changed, 141 insertions(+), 195 deletions(-) rename xen/{include => }/xsm/dummy.h (63%) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 1594ce4e73..3b50391392 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -200,23 +200,20 @@ config XENOPROF If unsure, say Y. -config XSM - bool "Xen Security Modules support" - default ARM - ---help--- - Enables the security framework known as Xen Security Modules which - allows administrators fine-grained control over a Xen domain and - its capabilities by defining permissible interactions between domains, - the hypervisor itself, and related resources such as memory and - devices. +menu "Xen Security Modules" - If unsure, say N. +config XSM_EVTCHN_LABELING + bool "Enables security labeling of event channels" + default n + help + This enables an XSM module to label and enforce access control over + event channels. config XSM_FLASK - def_bool y - prompt "FLux Advanced Security Kernel support" - depends on XSM - ---help--- + bool "FLux Advanced Security Kernel support" + default n + select XSM_EVTCHN_LABELING + help Enables FLASK (FLux Advanced Security Kernel) as the access control mechanism used by the XSM framework. This provides a mandatory access control framework by which security enforcement, isolation, and @@ -226,10 +223,10 @@ config XSM_FLASK If unsure, say Y. config XSM_FLASK_AVC_STATS - def_bool y - prompt "Maintain statistics on the FLASK access vector cache" if EXPERT + bool "Maintain statistics on the FLASK access vector cache" if EXPERT + default y depends on XSM_FLASK - ---help--- + help Maintain counters on the access vector cache that can be viewed using the FLASK_AVC_CACHESTATS sub-op of the xsm_op hypercall. Disabling this will save a tiny amount of memory and time to update the stats. @@ -240,7 +237,7 @@ config XSM_FLASK_POLICY bool "Compile Xen with a built-in FLASK security policy" default y if "$(XEN_HAS_CHECKPOLICY)" = "y" depends on XSM_FLASK - ---help--- + help This includes a default XSM policy in the hypervisor so that the bootloader does not need to load a policy to get sane behavior from an XSM-enabled hypervisor. If this is disabled, a policy must be @@ -253,10 +250,10 @@ config XSM_FLASK_POLICY If unsure, say Y. config XSM_SILO - def_bool y - prompt "SILO support" - depends on XSM - ---help--- + bool "SILO support" + default y if ARM + default n + help Enables SILO as the access control mechanism used by the XSM framework. This is not the default module, add boot parameter xsm=silo to choose it. This will deny any unmediated communication channels (grant tables @@ -265,24 +262,26 @@ config XSM_SILO If unsure, say Y. choice - prompt "Default XSM implementation" - depends on XSM + prompt "Default XSM module" default XSM_SILO_DEFAULT if XSM_SILO && ARM default XSM_FLASK_DEFAULT if XSM_FLASK default XSM_SILO_DEFAULT if XSM_SILO default XSM_DUMMY_DEFAULT config XSM_DUMMY_DEFAULT - bool "Match non-XSM behavior" + bool "Classic Dom0 behavior" config XSM_FLASK_DEFAULT bool "FLux Advanced Security Kernel" if XSM_FLASK config XSM_SILO_DEFAULT bool "SILO" if XSM_SILO + endchoice +endmenu + config LATE_HWDOM bool "Dedicated hardware domain" default n - depends on XSM && X86 + depends on XSM_FLASK && X86 ---help--- Allows the creation of a dedicated hardware domain distinct from domain 0 that manages devices without needing access to other diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 28146ee404..aecf0b8424 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -120,7 +120,7 @@ struct evtchn unsigned short notify_vcpu_id; /* VCPU for local delivery notification */ uint32_t fifo_lastq; /* Data for identifying last queue. */ -#ifdef CONFIG_XSM +#ifdef CONFIG_XSM_EVTCHN_LABELING union { #ifdef XSM_NEED_GENERIC_EVTCHN_SSID /* diff --git a/xen/include/xsm/xsm-core.h b/xen/include/xsm/xsm-core.h index 4f5e7a7d17..e2eed30e90 100644 --- a/xen/include/xsm/xsm-core.h +++ b/xen/include/xsm/xsm-core.h @@ -191,8 +191,6 @@ struct xsm_operations { extern void xsm_fixup_ops(struct xsm_operations *ops); -#ifdef CONFIG_XSM - #ifdef CONFIG_MULTIBOOT extern int xsm_multiboot_init(unsigned long *module_map, const multiboot_info_t *mbi); @@ -236,28 +234,4 @@ static inline struct xsm_operations *silo_init(void) } #endif -#else /* CONFIG_XSM */ - -#ifdef CONFIG_MULTIBOOT -static inline int xsm_multiboot_init (unsigned long *module_map, - const multiboot_info_t *mbi) -{ - return 0; -} -#endif - -#ifdef CONFIG_HAS_DEVICE_TREE -static inline int xsm_dt_init(void) -{ - return 0; -} - -static inline bool has_xsm_magic(paddr_t start) -{ - return false; -} -#endif /* CONFIG_HAS_DEVICE_TREE */ - -#endif /* CONFIG_XSM */ - #endif /* __XSM_CORE_H */ diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index f86cea4f88..170eae9b25 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -22,8 +22,6 @@ #include #include -#ifdef CONFIG_XSM - extern struct xsm_operations xsm_ops; static inline void xsm_security_domaininfo (struct domain *d, @@ -556,10 +554,4 @@ static inline int xsm_argo_send(const struct domain *d, const struct domain *t) #endif /* CONFIG_ARGO */ -#else /* CONFIG_XSM */ - -#include - -#endif /* CONFIG_XSM */ - #endif /* __XSM_H */ diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile index cf0a728f1c..0059794dd5 100644 --- a/xen/xsm/Makefile +++ b/xen/xsm/Makefile @@ -1,6 +1,6 @@ obj-y += xsm_core.o -obj-$(CONFIG_XSM) += xsm_policy.o -obj-$(CONFIG_XSM) += dummy.o +obj-y += xsm_policy.o +obj-y += dummy.o obj-$(CONFIG_XSM_SILO) += silo.o obj-$(CONFIG_XSM_FLASK) += flask/ diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index de4d6cf2cf..bfd8b96f08 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -10,12 +10,12 @@ * as published by the Free Software Foundation. */ -#include +#include "dummy.h" #define set_to_dummy_if_null(ops, function) \ do { \ if ( !ops->function ) \ - ops->function = xsm_##function; \ + ops->function = dummy_##function; \ } while (0) void __init xsm_fixup_ops (struct xsm_operations *ops) diff --git a/xen/include/xsm/dummy.h b/xen/xsm/dummy.h similarity index 63% rename from xen/include/xsm/dummy.h rename to xen/xsm/dummy.h index c445c5681b..a3e698c3b5 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/xsm/dummy.h @@ -42,12 +42,10 @@ static inline void __xsm_action_mismatch_detected(void) void __xsm_action_mismatch_detected(void); #endif -#ifdef CONFIG_XSM - -/* In CONFIG_XSM builds, this header file is included from xsm/dummy.c, and - * contains static (not inline) functions compiled to the dummy XSM module. - * There is no xsm_default_t argument available, so the value from the assertion - * is used to initialize the variable. +/* This header file is included from xsm/dummy.c, and contains static (not + * inline) functions compiled to the dummy XSM module. There is no + * xsm_default_t argument available, so the value from the assertion is used to + * initialize the variable. */ #define XSM_INLINE __maybe_unused @@ -55,20 +53,6 @@ void __xsm_action_mismatch_detected(void); #define XSM_DEFAULT_VOID void #define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action -#else /* CONFIG_XSM */ - -/* In !CONFIG_XSM builds, this header file is included from xsm/xsm.h, and - * contains inline functions for each XSM hook. These functions also perform - * compile-time checks on the xsm_default_t argument to ensure that the behavior - * of the dummy XSM module is the same as the behavior with XSM disabled. - */ -#define XSM_INLINE always_inline -#define XSM_DEFAULT_ARG xsm_default_t action, -#define XSM_DEFAULT_VOID xsm_default_t action -#define XSM_ASSERT_ACTION(def) LINKER_BUG_ON(def != action) - -#endif /* CONFIG_XSM */ - static always_inline int xsm_default_action( xsm_default_t action, struct domain *src, struct domain *target) { @@ -98,43 +82,43 @@ static always_inline int xsm_default_action( } } -static XSM_INLINE void xsm_security_domaininfo(struct domain *d, +static XSM_INLINE void dummy_security_domaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) { return; } -static XSM_INLINE int xsm_domain_create(XSM_DEFAULT_ARG struct domain *d, u32 ssidref) +static XSM_INLINE int dummy_domain_create(XSM_DEFAULT_ARG struct domain *d, u32 ssidref) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_getdomaininfo(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_domctl_scheduler_op(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int dummy_domctl_scheduler_op(XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) +static XSM_INLINE int dummy_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_set_target(XSM_DEFAULT_ARG struct domain *d, struct domain *e) +static XSM_INLINE int dummy_set_target(XSM_DEFAULT_ARG struct domain *d, struct domain *e) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int dummy_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( cmd ) @@ -151,85 +135,85 @@ static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) } } -static XSM_INLINE int xsm_sysctl(XSM_DEFAULT_ARG int cmd) +static XSM_INLINE int dummy_sysctl(XSM_DEFAULT_ARG int cmd) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear) +static XSM_INLINE int dummy_readconsole(XSM_DEFAULT_ARG uint32_t clear) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_alloc_security_domain(struct domain *d) +static XSM_INLINE int dummy_alloc_security_domain(struct domain *d) { return 0; } -static XSM_INLINE void xsm_free_security_domain(struct domain *d) +static XSM_INLINE void dummy_free_security_domain(struct domain *d) { return; } -static XSM_INLINE int xsm_grant_mapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, +static XSM_INLINE int dummy_grant_mapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, uint32_t flags) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_setup(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_grant_setup(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_transfer(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_grant_transfer(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_copy(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_grant_copy(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_query_size(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_grant_query_size(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_memory_exchange(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_memory_adjust_reservation(XSM_DEFAULT_ARG struct domain *d1, +static XSM_INLINE int dummy_memory_adjust_reservation(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_stat_reservation(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_memory_stat_reservation(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int dummy_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); if ( d->is_console ) @@ -241,129 +225,129 @@ static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) return xsm_default_action(XSM_PRIV, d, NULL); } -static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op) +static XSM_INLINE int dummy_profile(XSM_DEFAULT_ARG struct domain *d, int op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID) +static XSM_INLINE int dummy_kexec(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, +static XSM_INLINE int dummy_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, struct page_info *page) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_claim_pages(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, +static XSM_INLINE int dummy_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, domid_t id2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_interdomain(XSM_DEFAULT_ARG struct domain *d1, struct evtchn +static XSM_INLINE int dummy_evtchn_interdomain(XSM_DEFAULT_ARG struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn) +static XSM_INLINE void dummy_evtchn_close_post(struct evtchn *chn) { return; } -static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) +static XSM_INLINE int dummy_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) +static XSM_INLINE int dummy_evtchn_status(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_alloc_security_evtchns( +static XSM_INLINE int dummy_alloc_security_evtchns( struct evtchn chn[], unsigned int nr) { return 0; } -static XSM_INLINE void xsm_free_security_evtchns( +static XSM_INLINE void dummy_free_security_evtchns( struct evtchn chn[], unsigned int nr) { return; } -static XSM_INLINE char *xsm_show_security_evtchn(struct domain *d, const struct evtchn *chn) +static XSM_INLINE char *dummy_show_security_evtchn(struct domain *d, const struct evtchn *chn) { return NULL; } -static XSM_INLINE int xsm_init_hardware_domain(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_init_hardware_domain(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_get_pod_target(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_get_pod_target(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_set_pod_target(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_set_pod_target(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_get_vnumainfo(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_get_vnumainfo(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) -static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int dummy_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) +static XSM_INLINE int dummy_assign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) +static XSM_INLINE int dummy_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); @@ -372,14 +356,14 @@ static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint #endif /* HAS_PASSTHROUGH && HAS_PCI */ #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) -static XSM_INLINE int xsm_assign_dtdevice(XSM_DEFAULT_ARG struct domain *d, +static XSM_INLINE int dummy_assign_dtdevice(XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_dtdevice(XSM_DEFAULT_ARG struct domain *d, +static XSM_INLINE int dummy_deassign_dtdevice(XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); @@ -388,134 +372,134 @@ static XSM_INLINE int xsm_deassign_dtdevice(XSM_DEFAULT_ARG struct domain *d, #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ -static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID) +static XSM_INLINE int dummy_resource_plug_core(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID) +static XSM_INLINE int dummy_resource_unplug_core(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_plug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int dummy_resource_plug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int dummy_resource_unplug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int dummy_resource_setup_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi) +static XSM_INLINE int dummy_resource_setup_gsi(XSM_DEFAULT_ARG int gsi) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_misc(XSM_DEFAULT_VOID) +static XSM_INLINE int dummy_resource_setup_misc(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd) +static XSM_INLINE int dummy_page_offline(XSM_DEFAULT_ARG uint32_t cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_hypfs_op(XSM_DEFAULT_VOID) +static XSM_INLINE int dummy_hypfs_op(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +static XSM_INLINE long dummy_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) { return -ENOSYS; } #ifdef CONFIG_COMPAT -static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +static XSM_INLINE int dummy_do_compat_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) { return -ENOSYS; } #endif -static XSM_INLINE char *xsm_show_irq_sid(int irq) +static XSM_INLINE char *dummy_show_irq_sid(int irq) { return NULL; } -static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_map_domain_irq(XSM_DEFAULT_ARG struct domain *d, +static XSM_INLINE int dummy_map_domain_irq(XSM_DEFAULT_ARG struct domain *d, int irq, const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static XSM_INLINE int dummy_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static XSM_INLINE int dummy_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unmap_domain_irq(XSM_DEFAULT_ARG struct domain *d, +static XSM_INLINE int dummy_unmap_domain_irq(XSM_DEFAULT_ARG struct domain *d, int irq, const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_irq_permission(XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) +static XSM_INLINE int dummy_irq_permission(XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_permission(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static XSM_INLINE int dummy_iomem_permission(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_mapping(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static XSM_INLINE int dummy_iomem_mapping(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pci_config_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, +static XSM_INLINE int dummy_pci_config_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { @@ -523,43 +507,43 @@ static XSM_INLINE int xsm_pci_config_permission(XSM_DEFAULT_ARG struct domain *d return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int dummy_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, struct domain *t) +static XSM_INLINE int dummy_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_hvm_param(XSM_DEFAULT_ARG struct domain *d, unsigned long op) +static XSM_INLINE int dummy_hvm_param(XSM_DEFAULT_ARG struct domain *d, unsigned long op) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_control(XSM_DEFAULT_ARG struct domain *d, unsigned long op) +static XSM_INLINE int dummy_hvm_control(XSM_DEFAULT_ARG struct domain *d, unsigned long op) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op) +static XSM_INLINE int dummy_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); @@ -578,14 +562,14 @@ static XSM_INLINE int xsm_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, uin } } -static XSM_INLINE int xsm_vm_event_control(XSM_DEFAULT_ARG struct domain *d, int mode, int op) +static XSM_INLINE int dummy_vm_event_control(XSM_DEFAULT_ARG struct domain *d, int mode, int op) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } #ifdef CONFIG_MEM_ACCESS -static XSM_INLINE int xsm_mem_access(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_mem_access(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -593,7 +577,7 @@ static XSM_INLINE int xsm_mem_access(XSM_DEFAULT_ARG struct domain *d) #endif #ifdef CONFIG_MEM_PAGING -static XSM_INLINE int xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_mem_paging(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -601,57 +585,57 @@ static XSM_INLINE int xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d) #endif #ifdef CONFIG_MEM_SHARING -static XSM_INLINE int xsm_mem_sharing(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_mem_sharing(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } #endif -static XSM_INLINE int xsm_platform_op(XSM_DEFAULT_ARG uint32_t op) +static XSM_INLINE int dummy_platform_op(XSM_DEFAULT_ARG uint32_t op) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } #ifdef CONFIG_X86 -static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID) +static XSM_INLINE int dummy_do_mca(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_shadow_control(XSM_DEFAULT_ARG struct domain *d, uint32_t op) +static XSM_INLINE int dummy_shadow_control(XSM_DEFAULT_ARG struct domain *d, uint32_t op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op) +static XSM_INLINE int dummy_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, cd); } -static XSM_INLINE int xsm_apic(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int dummy_apic(XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_machine_memory_map(XSM_DEFAULT_VOID) +static XSM_INLINE int dummy_machine_memory_map(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_domain_memory_map(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct domain *t, +static XSM_INLINE int dummy_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { int rc = 0; @@ -663,38 +647,38 @@ static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct do return rc; } -static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct domain *f) +static XSM_INLINE int dummy_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct domain *f) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_update_va_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *f, +static XSM_INLINE int dummy_update_va_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *f, l1_pgentry_t pte) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_priv_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *t) +static XSM_INLINE int dummy_priv_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_ioport_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static XSM_INLINE int dummy_ioport_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static XSM_INLINE int dummy_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG struct domain *d, unsigned int op) +static XSM_INLINE int dummy_pmu_op (XSM_DEFAULT_ARG struct domain *d, unsigned int op) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) @@ -711,30 +695,30 @@ static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG struct domain *d, unsigned int #endif /* CONFIG_X86 */ -static XSM_INLINE int xsm_dm_op(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_dm_op(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } #ifdef CONFIG_ARGO -static XSM_INLINE int xsm_argo_enable(const struct domain *d) +static XSM_INLINE int dummy_argo_enable(const struct domain *d) { return 0; } -static XSM_INLINE int xsm_argo_register_single_source(const struct domain *d, +static XSM_INLINE int dummy_argo_register_single_source(const struct domain *d, const struct domain *t) { return 0; } -static XSM_INLINE int xsm_argo_register_any_source(const struct domain *d) +static XSM_INLINE int dummy_argo_register_any_source(const struct domain *d) { return 0; } -static XSM_INLINE int xsm_argo_send(const struct domain *d, +static XSM_INLINE int dummy_argo_send(const struct domain *d, const struct domain *t) { return 0; @@ -743,7 +727,7 @@ static XSM_INLINE int xsm_argo_send(const struct domain *d, #endif /* CONFIG_ARGO */ #include -static XSM_INLINE int xsm_xen_version (XSM_DEFAULT_ARG uint32_t op) +static XSM_INLINE int dummy_xen_version (XSM_DEFAULT_ARG uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) @@ -767,7 +751,7 @@ static XSM_INLINE int xsm_xen_version (XSM_DEFAULT_ARG uint32_t op) } } -static XSM_INLINE int xsm_domain_resource_map(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int dummy_domain_resource_map(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index 754787e895..78dc429df7 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -17,7 +17,8 @@ * You should have received a copy of the GNU General Public License along with * this program; If not, see . */ -#include +#include +#include "dummy.h" /* * Check if inter-domain communication is allowed. @@ -43,7 +44,7 @@ static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn, else { if ( silo_mode_dom_check(d1, d2) ) - rc = xsm_evtchn_unbound(d1, chn, id2); + rc = dummy_evtchn_unbound(d1, chn, id2); rcu_unlock_domain(d2); } @@ -54,7 +55,7 @@ static int silo_evtchn_interdomain(struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { if ( silo_mode_dom_check(d1, d2) ) - return xsm_evtchn_interdomain(d1, chan1, d2, chan2); + return dummy_evtchn_interdomain(d1, chan1, d2, chan2); return -EPERM; } @@ -62,21 +63,21 @@ static int silo_grant_mapref(struct domain *d1, struct domain *d2, uint32_t flags) { if ( silo_mode_dom_check(d1, d2) ) - return xsm_grant_mapref(d1, d2, flags); + return dummy_grant_mapref(d1, d2, flags); return -EPERM; } static int silo_grant_transfer(struct domain *d1, struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) - return xsm_grant_transfer(d1, d2); + return dummy_grant_transfer(d1, d2); return -EPERM; } static int silo_grant_copy(struct domain *d1, struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) - return xsm_grant_copy(d1, d2); + return dummy_grant_copy(d1, d2); return -EPERM; } @@ -86,14 +87,14 @@ static int silo_argo_register_single_source(const struct domain *d1, const struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) - return xsm_argo_register_single_source(d1, d2); + return dummy_argo_register_single_source(d1, d2); return -EPERM; } static int silo_argo_send(const struct domain *d1, const struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) - return xsm_argo_send(d1, d2); + return dummy_argo_send(d1, d2); return -EPERM; } diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 7265f742e9..1654648961 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -18,8 +18,6 @@ #include #include -#ifdef CONFIG_XSM - #ifdef CONFIG_MULTIBOOT #include #endif @@ -217,8 +215,6 @@ bool __init has_xsm_magic(paddr_t start) } #endif -#endif - long do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) { return xsm_do_xsm_op(op); From patchwork Mon Jul 12 20:32:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372281 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 824BEC07E99 for ; Mon, 12 Jul 2021 20:28:36 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4AD03611B0 for ; Mon, 12 Jul 2021 20:28:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4AD03611B0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154794.285933 (Exim 4.92) (envelope-from ) id 1m32XV-0003Fk-5c; Mon, 12 Jul 2021 20:28:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154794.285933; Mon, 12 Jul 2021 20:28:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32XV-0003Fd-2k; Mon, 12 Jul 2021 20:28:29 +0000 Received: by outflank-mailman (input) for mailman id 154794; Mon, 12 Jul 2021 20:28:27 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32XT-0002d1-TJ for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:28:27 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id d46873e7-58be-4c02-995b-cdbd467750bd; Mon, 12 Jul 2021 20:28:20 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121631731159.05291359206763; Mon, 12 Jul 2021 13:27:11 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d46873e7-58be-4c02-995b-cdbd467750bd ARC-Seal: i=1; a=rsa-sha256; t=1626121633; cv=none; d=zohomail.com; s=zohoarc; b=kLdJdIu2B0sLjxgDl0cXV5ahlraberDEFR87mh1XZs9TlmMNaZunpWNjNq02oBNQycG5VG9+Fc3SrBKprpLIKXCFTFBie4a7FVI9VRV7UqpOPmbDh2l5I4MsvBlCm01m2MgpkJvrnmf9FbavQMIusRT0tdUICk/qW6gjPvrF+Mo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121633; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=DGzgCbEHasEIauV+Grt/GSDN45RLCvReoOth5bQGsrA=; b=nufHYMT4eSltdL2thnqcZqiN19ON6WU6lFW7sEDVzoq0+wvnOQU5NqUzaHZ5MW9jYzgmqeAc5u7VIYedev3ZF55bpZZZjtW2xwG0ithFloGci/YD0ckmH7AZjXAYDjhvLZ3lXC8SaMC45K2+F4XNeZLyaX2vsLab/rrOanzyVE8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121633; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=DGzgCbEHasEIauV+Grt/GSDN45RLCvReoOth5bQGsrA=; b=k05zMi0++lXNBT/DGe/jzY7TQLwS94Fs6aAVtZClVGJmJfTbhmHDkk/Dtqo0lw0a 14Wq27Y+gsOphTXoDcFrSx5Oh4fg0wCi9OyvjURR4t9/LiM/w52ObDewf8cJ3ftLvPX /k/mvwJEFMzF/Ad34rg0QY9BOIZSBjbk+JC7Xsqg= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Andrew Cooper , George Dunlap , Ian Jackson , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu Subject: [PATCH v2 07/10] xsm: drop generic event channel labeling Date: Mon, 12 Jul 2021 16:32:30 -0400 Message-Id: <20210712203233.20289-8-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External The generic event channel labeling has not been used by any XSM module since its introduction. This commit removes the capability leaving FLASK labeling field always present. In the future if a new XSM module needs to have its own channel label, this or a new form can be introduced. --- xen/common/Kconfig | 8 -------- xen/include/xen/sched.h | 9 --------- 2 files changed, 17 deletions(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 3b50391392..d03a991183 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -202,17 +202,9 @@ config XENOPROF menu "Xen Security Modules" -config XSM_EVTCHN_LABELING - bool "Enables security labeling of event channels" - default n - help - This enables an XSM module to label and enforce access control over - event channels. - config XSM_FLASK bool "FLux Advanced Security Kernel support" default n - select XSM_EVTCHN_LABELING help Enables FLASK (FLux Advanced Security Kernel) as the access control mechanism used by the XSM framework. This provides a mandatory access diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index aecf0b8424..ef6ba6d791 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -120,15 +120,7 @@ struct evtchn unsigned short notify_vcpu_id; /* VCPU for local delivery notification */ uint32_t fifo_lastq; /* Data for identifying last queue. */ -#ifdef CONFIG_XSM_EVTCHN_LABELING union { -#ifdef XSM_NEED_GENERIC_EVTCHN_SSID - /* - * If an XSM module needs more space for its event channel context, - * this pointer stores the necessary data for the security server. - */ - void *generic; -#endif #ifdef CONFIG_XSM_FLASK /* * Inlining the contents of the structure for FLASK avoids unneeded @@ -138,7 +130,6 @@ struct evtchn uint32_t flask_sid; #endif } ssid; -#endif } __attribute__((aligned(64))); int evtchn_init(struct domain *d, unsigned int max_port); From patchwork Mon Jul 12 20:32:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372283 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A871DC07E99 for ; Mon, 12 Jul 2021 20:30:38 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4CAD5611B0 for ; Mon, 12 Jul 2021 20:30:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4CAD5611B0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154807.285945 (Exim 4.92) (envelope-from ) id 1m32ZP-0004si-IZ; Mon, 12 Jul 2021 20:30:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154807.285945; Mon, 12 Jul 2021 20:30:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32ZP-0004sb-EU; Mon, 12 Jul 2021 20:30:27 +0000 Received: by outflank-mailman (input) for mailman id 154807; Mon, 12 Jul 2021 20:30:25 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32ZN-0004sV-R3 for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:30:25 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 9f31bf61-55c3-4e42-b684-1863e66e6827; Mon, 12 Jul 2021 20:30:21 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121634497312.6061069236812; Mon, 12 Jul 2021 13:27:14 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9f31bf61-55c3-4e42-b684-1863e66e6827 ARC-Seal: i=1; a=rsa-sha256; t=1626121637; cv=none; d=zohomail.com; s=zohoarc; b=eqjJ3+td5fkuOHmczY4OBzCD4DKRvkBPx4EnV0TJt2qAV2yV3RGbyt/qWTj9KaKFybEssBsBUv/ka9AhUB6JWGfxoQgs2ENAUOD17JeQKPyCi1QZIFaafxihygftArf0oPuIa24KB0osVTUOov0c1V6qNDjhVmpy4cDRwDI54wo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121637; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=l7iTiH1TnFmdKssJ7HyibwMjIoKF172+3QJDRd39Re0=; b=JOGL2u1zmwUhj/NyQ4LGRW826aIYw/n0kR624J65fkrWQw1NHREvjp/vnlZ/Y2OduOSELJblPUY9mD+xlC17OAcz6V3uVSMkbVpISzMKMbJITdj03azxOLMCg5XFgdpp01Yu4EBMiXSdhd7t380TOrSD25lpSLADWGnDFZf+9ek= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121637; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=l7iTiH1TnFmdKssJ7HyibwMjIoKF172+3QJDRd39Re0=; b=muJp7JkNqoiAqMKxSlc43FuuFVUfRtaAQH4UnZn7uxKccIjFSG5BmPZCtpF5YwND qNPmxOHb4JI3KkkpdJ/Sbdchuq9tvsti6K6rowu8wj7oySyQWGi4fTqGS2cJCmCiLe6 /IsMDlYfUae0l/830VGE6YU72p7x1ba4GjacnSAo= From: "Daniel P. Smith" To: Volodymyr Babchuk , Wei Liu , George Dunlap , Tim Deegan , Alexandru Isaila , Petre Pircalabu , xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Stefano Stabellini , Julien Grall , Andrew Cooper , Ian Jackson , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Tamas K Lengyel , Juergen Gross , Dario Faggioli , Paul Durrant , Daniel De Graaf Subject: [PATCH v2 08/10] xsm: remove xsm_default_t from hook definitions Date: Mon, 12 Jul 2021 16:32:31 -0400 Message-Id: <20210712203233.20289-9-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External The passing of an xsm_default_t at each of the xsm hook call sites served different functions depending on whether XSM was enabled or not. When XSM was not enabled it attempted to function as a link-time check that declared default action at the call site matched the default declared action for that hook in the dummy policy. When XSM was enabled, it would just drop the parameter. The removal of these values is two fold. They are a redundancy that provides little context, especially when the value is XSM_OTHER. A more appropriate approach is that the hook functions in the dummy policy should provide reasoning of the default value when it is not clear. Next is that with the change to make XSM always enabled is the case where the parameter is completely ignored. Thus it is logical to remove them from the hook call sites. Signed-off-by: Daniel P. Smith --- xen/arch/arm/dm.c | 2 +- xen/arch/arm/domctl.c | 6 +- xen/arch/arm/hvm.c | 2 +- xen/arch/arm/mm.c | 2 +- xen/arch/arm/platform_hypercall.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/domctl.c | 8 +- xen/arch/x86/hvm/dm.c | 2 +- xen/arch/x86/hvm/hvm.c | 12 +- xen/arch/x86/irq.c | 5 +- xen/arch/x86/mm.c | 20 +-- xen/arch/x86/mm/mem_paging.c | 2 +- xen/arch/x86/mm/mem_sharing.c | 9 +- xen/arch/x86/mm/p2m.c | 2 +- xen/arch/x86/mm/paging.c | 4 +- xen/arch/x86/mm/shadow/set.c | 2 +- xen/arch/x86/msi.c | 3 +- xen/arch/x86/pci.c | 2 +- xen/arch/x86/physdev.c | 17 ++- xen/arch/x86/platform_hypercall.c | 10 +- xen/arch/x86/pv/emul-priv-op.c | 2 +- xen/arch/x86/sysctl.c | 4 +- xen/common/domain.c | 4 +- xen/common/domctl.c | 12 +- xen/common/event_channel.c | 12 +- xen/common/grant_table.c | 16 +-- xen/common/hypfs.c | 2 +- xen/common/kernel.c | 2 +- xen/common/kexec.c | 2 +- xen/common/mem_access.c | 2 +- xen/common/memory.c | 16 +-- xen/common/monitor.c | 2 +- xen/common/sched/core.c | 6 +- xen/common/sysctl.c | 8 +- xen/common/vm_event.c | 2 +- xen/common/xenoprof.c | 2 +- xen/drivers/char/console.c | 2 +- xen/drivers/passthrough/device_tree.c | 4 +- xen/drivers/passthrough/pci.c | 12 +- xen/include/xsm/xsm.h | 172 +++++++++++++------------- 41 files changed, 197 insertions(+), 203 deletions(-) diff --git a/xen/arch/arm/dm.c b/xen/arch/arm/dm.c index 1b3fd6bc7d..c8b89c8f47 100644 --- a/xen/arch/arm/dm.c +++ b/xen/arch/arm/dm.c @@ -45,7 +45,7 @@ int dm_op(const struct dmop_args *op_args) if ( rc ) return rc; - rc = xsm_dm_op(XSM_DM_PRIV, d); + rc = xsm_dm_op(d); if ( rc ) goto out; diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c index b7d27f37df..e7202703ee 100644 --- a/xen/arch/arm/domctl.c +++ b/xen/arch/arm/domctl.c @@ -95,11 +95,11 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d, * done by the 2 hypercalls for consistency with other * architectures. */ - rc = xsm_map_domain_irq(XSM_HOOK, d, irq, NULL); + rc = xsm_map_domain_irq(d, irq, NULL); if ( rc ) return rc; - rc = xsm_bind_pt_irq(XSM_HOOK, d, bind); + rc = xsm_bind_pt_irq(d, bind); if ( rc ) return rc; @@ -130,7 +130,7 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d, if ( irq != virq ) return -EINVAL; - rc = xsm_unbind_pt_irq(XSM_HOOK, d, bind); + rc = xsm_unbind_pt_irq(d, bind); if ( rc ) return rc; diff --git a/xen/arch/arm/hvm.c b/xen/arch/arm/hvm.c index 8951b34086..cf4bd9ae09 100644 --- a/xen/arch/arm/hvm.c +++ b/xen/arch/arm/hvm.c @@ -101,7 +101,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - rc = xsm_hvm_param(XSM_TARGET, d, op); + rc = xsm_hvm_param(d, op); if ( rc ) goto param_fail; diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 0e07335291..a256c89b62 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1446,7 +1446,7 @@ int xenmem_add_to_physmap_one( return -EINVAL; } - rc = xsm_map_gmfn_foreign(XSM_TARGET, d, od); + rc = xsm_map_gmfn_foreign(d, od); if ( rc ) { put_pg_owner(od); diff --git a/xen/arch/arm/platform_hypercall.c b/xen/arch/arm/platform_hypercall.c index 8efac7ee60..52985f8a51 100644 --- a/xen/arch/arm/platform_hypercall.c +++ b/xen/arch/arm/platform_hypercall.c @@ -33,7 +33,7 @@ long do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) if ( d == NULL ) return -ESRCH; - ret = xsm_platform_op(XSM_PRIV, op->cmd); + ret = xsm_platform_op(op->cmd); if ( ret ) return ret; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 7f433343bc..58beb96663 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -1376,7 +1376,7 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) struct xen_mc_msrinject *mc_msrinject; struct xen_mc_mceinject *mc_mceinject; - ret = xsm_do_mca(XSM_PRIV); + ret = xsm_do_mca(); if ( ret ) return x86_mcerr("", ret); diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 16e91a3694..34b536417b 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -706,7 +706,7 @@ long do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) if ( !opt_vpmu_enabled || has_vlapic(current->domain) ) return -EOPNOTSUPP; - ret = xsm_pmu_op(XSM_OTHER, current->domain, op); + ret = xsm_pmu_op(current->domain, op); if ( ret ) return ret; diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 26a76d2be9..8343c59e83 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -234,7 +234,7 @@ long arch_do_domctl( if ( (fp + np) <= fp || (fp + np) > MAX_IOPORTS ) ret = -EINVAL; else if ( !ioports_access_permitted(currd, fp, fp + np - 1) || - xsm_ioport_permission(XSM_HOOK, d, fp, fp + np - 1, allow) ) + xsm_ioport_permission(d, fp, fp + np - 1, allow) ) ret = -EPERM; else if ( allow ) ret = ioports_permit_access(d, fp, fp + np - 1); @@ -534,7 +534,7 @@ long arch_do_domctl( if ( !is_hvm_domain(d) ) break; - ret = xsm_bind_pt_irq(XSM_HOOK, d, bind); + ret = xsm_bind_pt_irq(d, bind); if ( ret ) break; @@ -569,7 +569,7 @@ long arch_do_domctl( if ( irq <= 0 || !irq_access_permitted(currd, irq) ) break; - ret = xsm_unbind_pt_irq(XSM_HOOK, d, bind); + ret = xsm_unbind_pt_irq(d, bind); if ( ret ) break; @@ -616,7 +616,7 @@ long arch_do_domctl( if ( !ioports_access_permitted(currd, fmp, fmp + np - 1) ) break; - ret = xsm_ioport_mapping(XSM_HOOK, d, fmp, fmp + np - 1, add); + ret = xsm_ioport_mapping(d, fmp, fmp + np - 1, add); if ( ret ) break; diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c index b60b9f3364..6f996371b9 100644 --- a/xen/arch/x86/hvm/dm.c +++ b/xen/arch/x86/hvm/dm.c @@ -370,7 +370,7 @@ int dm_op(const struct dmop_args *op_args) if ( !is_hvm_domain(d) ) goto out; - rc = xsm_dm_op(XSM_DM_PRIV, d); + rc = xsm_dm_op(d); if ( rc ) goto out; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 5086773e5c..c1b0d6fca8 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4080,7 +4080,7 @@ static int hvm_allow_set_param(struct domain *d, uint64_t value; int rc; - rc = xsm_hvm_param(XSM_TARGET, d, HVMOP_set_param); + rc = xsm_hvm_param(d, HVMOP_set_param); if ( rc ) return rc; @@ -4227,7 +4227,7 @@ static int hvm_set_param(struct domain *d, uint32_t index, uint64_t value) rc = pmtimer_change_ioport(d, value); break; case HVM_PARAM_ALTP2M: - rc = xsm_hvm_param_altp2mhvm(XSM_PRIV, d); + rc = xsm_hvm_param_altp2mhvm(d); if ( rc ) break; if ( (value > XEN_ALTP2M_limited) || @@ -4356,7 +4356,7 @@ static int hvm_allow_get_param(struct domain *d, { int rc; - rc = xsm_hvm_param(XSM_TARGET, d, HVMOP_get_param); + rc = xsm_hvm_param(d, HVMOP_get_param); if ( rc ) return rc; @@ -4566,7 +4566,7 @@ static int do_altp2m_op( goto out; } - if ( (rc = xsm_hvm_altp2mhvm_op(XSM_OTHER, d, mode, a.cmd)) ) + if ( (rc = xsm_hvm_altp2mhvm_op(d, mode, a.cmd)) ) goto out; switch ( a.cmd ) @@ -4947,7 +4947,7 @@ static int hvmop_get_mem_type( if ( d == NULL ) return -ESRCH; - rc = xsm_hvm_param(XSM_TARGET, d, HVMOP_get_mem_type); + rc = xsm_hvm_param(d, HVMOP_get_mem_type); if ( rc ) goto out; @@ -5040,7 +5040,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( unlikely(d != current->domain) ) rc = -EOPNOTSUPP; else if ( is_hvm_domain(d) && paging_mode_shadow(d) ) - rc = xsm_hvm_param(XSM_TARGET, d, op); + rc = xsm_hvm_param(d, op); if ( !rc ) pagetable_dying(a.gpa); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index a1693f92dd..9f79ec1b86 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -2122,7 +2122,7 @@ int map_domain_pirq( return 0; } - ret = xsm_map_domain_irq(XSM_HOOK, d, irq, data); + ret = xsm_map_domain_irq(d, irq, data); if ( ret ) { dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d mapping to pirq %d\n", @@ -2342,8 +2342,7 @@ int unmap_domain_pirq(struct domain *d, int pirq) nr = msi_desc->msi.nvec; } - ret = xsm_unmap_domain_irq(XSM_HOOK, d, irq, - msi_desc ? msi_desc->dev : NULL); + ret = xsm_unmap_domain_irq(d, irq, msi_desc ? msi_desc->dev : NULL); if ( ret ) goto done; diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 4d799032dc..33d0aa8d4b 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -977,7 +977,7 @@ get_page_from_l1e( * minor hack can go away. */ if ( (real_pg_owner == NULL) || (pg_owner == l1e_owner) || - xsm_priv_mapping(XSM_TARGET, pg_owner, real_pg_owner) ) + xsm_priv_mapping(pg_owner, real_pg_owner) ) { gdprintk(XENLOG_WARNING, "pg_owner d%d l1e_owner d%d, but real_pg_owner d%d\n", @@ -3407,7 +3407,7 @@ long do_mmuext_op( return -EINVAL; } - rc = xsm_mmuext_op(XSM_TARGET, currd, pg_owner); + rc = xsm_mmuext_op(currd, pg_owner); if ( rc ) { put_pg_owner(pg_owner); @@ -3497,7 +3497,7 @@ long do_mmuext_op( break; } - rc = xsm_memory_pin_page(XSM_HOOK, currd, pg_owner, page); + rc = xsm_memory_pin_page(currd, pg_owner, page); if ( !rc && unlikely(test_and_set_bit(_PGT_pinned, &page->u.inuse.type_info)) ) { @@ -4006,7 +4006,7 @@ long do_mmu_update( } if ( xsm_needed != xsm_checked ) { - rc = xsm_mmu_update(XSM_TARGET, d, pt_owner, pg_owner, xsm_needed); + rc = xsm_mmu_update(d, pt_owner, pg_owner, xsm_needed); if ( rc ) break; xsm_checked = xsm_needed; @@ -4142,7 +4142,7 @@ long do_mmu_update( xsm_needed |= XSM_MMU_MACHPHYS_UPDATE; if ( xsm_needed != xsm_checked ) { - rc = xsm_mmu_update(XSM_TARGET, d, NULL, pg_owner, xsm_needed); + rc = xsm_mmu_update(d, NULL, pg_owner, xsm_needed); if ( rc ) break; xsm_checked = xsm_needed; @@ -4391,7 +4391,7 @@ static int __do_update_va_mapping( perfc_incr(calls_to_update_va); - rc = xsm_update_va_mapping(XSM_TARGET, d, pg_owner, val); + rc = xsm_update_va_mapping(d, pg_owner, val); if ( rc ) return rc; @@ -4630,7 +4630,7 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - rc = xsm_domain_memory_map(XSM_TARGET, d); + rc = xsm_domain_memory_map(d); if ( rc ) { rcu_unlock_domain(d); @@ -4697,7 +4697,7 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) unsigned int i; bool store; - rc = xsm_machine_memory_map(XSM_PRIV); + rc = xsm_machine_memory_map(); if ( rc ) return rc; @@ -4787,9 +4787,9 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return -ESRCH; if ( cmd == XENMEM_set_pod_target ) - rc = xsm_set_pod_target(XSM_PRIV, d); + rc = xsm_set_pod_target(d); else - rc = xsm_get_pod_target(XSM_PRIV, d); + rc = xsm_get_pod_target(d); if ( rc != 0 ) goto pod_target_out_unlock; diff --git a/xen/arch/x86/mm/mem_paging.c b/xen/arch/x86/mm/mem_paging.c index 01281f786e..073edb9499 100644 --- a/xen/arch/x86/mm/mem_paging.c +++ b/xen/arch/x86/mm/mem_paging.c @@ -452,7 +452,7 @@ int mem_paging_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_paging_op_t) arg) if ( rc ) return rc; - rc = xsm_mem_paging(XSM_DM_PRIV, d); + rc = xsm_mem_paging(d); if ( rc ) goto out; diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 98b14f7b0a..db5f5ce8b5 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1883,7 +1883,7 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg) if ( rc ) return rc; - rc = xsm_mem_sharing(XSM_DM_PRIV, d); + rc = xsm_mem_sharing(d); if ( rc ) goto out; @@ -1928,7 +1928,7 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg) if ( rc ) goto out; - rc = xsm_mem_sharing_op(XSM_DM_PRIV, d, cd, mso.op); + rc = xsm_mem_sharing_op(d, cd, mso.op); if ( rc ) { rcu_unlock_domain(cd); @@ -1994,7 +1994,7 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg) if ( rc ) goto out; - rc = xsm_mem_sharing_op(XSM_DM_PRIV, d, cd, mso.op); + rc = xsm_mem_sharing_op(d, cd, mso.op); if ( rc ) { rcu_unlock_domain(cd); @@ -2056,8 +2056,7 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg) * We reuse XENMEM_sharing_op_share XSM check here as this is * essentially the same concept repeated over multiple pages. */ - rc = xsm_mem_sharing_op(XSM_DM_PRIV, d, cd, - XENMEM_sharing_op_share); + rc = xsm_mem_sharing_op(d, cd, XENMEM_sharing_op_share); if ( rc ) { rcu_unlock_domain(cd); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index dbb1cbeb59..5cee9f5a1d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2637,7 +2637,7 @@ static int p2m_add_foreign(struct domain *tdom, unsigned long fgfn, goto out; } - rc = xsm_map_gmfn_foreign(XSM_TARGET, tdom, fdom); + rc = xsm_map_gmfn_foreign(tdom, fdom); if ( rc ) goto out; diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index c304c24526..86a1ec5b80 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -714,7 +714,7 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, return -EBUSY; } - rc = xsm_shadow_control(XSM_HOOK, d, sc->op); + rc = xsm_shadow_control(d, sc->op); if ( rc ) return rc; @@ -771,7 +771,7 @@ long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) if ( d == NULL ) return -ESRCH; - ret = xsm_domctl(XSM_OTHER, d, op.cmd); + ret = xsm_domctl(d, op.cmd); if ( !ret ) { if ( domctl_lock_acquire() ) diff --git a/xen/arch/x86/mm/shadow/set.c b/xen/arch/x86/mm/shadow/set.c index 87e9c6eeb2..e7433ac81b 100644 --- a/xen/arch/x86/mm/shadow/set.c +++ b/xen/arch/x86/mm/shadow/set.c @@ -117,7 +117,7 @@ shadow_get_page_from_l1e(shadow_l1e_t sl1e, struct domain *d, p2m_type_t type) * not own, we let it succeed anyway. */ if ( owner && (d != owner) && - !(res = xsm_priv_mapping(XSM_TARGET, d, owner)) ) + !(res = xsm_priv_mapping(d, owner)) ) { res = get_page_from_l1e(sl1e, d, owner); SHADOW_PRINTK("privileged %pd installs map of %pd's mfn %"PRI_mfn": %s\n", diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index 5febc0ea4b..f821d145e5 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -1310,8 +1310,7 @@ int pci_restore_msi_state(struct pci_dev *pdev) if ( !use_msi ) return -EOPNOTSUPP; - ret = xsm_resource_setup_pci(XSM_PRIV, - (pdev->seg << 16) | (pdev->bus << 8) | + ret = xsm_resource_setup_pci((pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn); if ( ret ) return ret; diff --git a/xen/arch/x86/pci.c b/xen/arch/x86/pci.c index a9decd4f33..d5886c59e6 100644 --- a/xen/arch/x86/pci.c +++ b/xen/arch/x86/pci.c @@ -74,7 +74,7 @@ int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, uint32_t *data) { struct pci_dev *pdev; - int rc = xsm_pci_config_permission(XSM_HOOK, current->domain, bdf, + int rc = xsm_pci_config_permission(current->domain, bdf, reg, reg + size - 1, 1); if ( rc < 0 ) diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index 23465bcd00..3f2a2035c5 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -110,7 +110,7 @@ int physdev_map_pirq(domid_t domid, int type, int *index, int *pirq_p, if ( d == NULL ) return -ESRCH; - ret = xsm_map_domain_pirq(XSM_DM_PRIV, d); + ret = xsm_map_domain_pirq(d); if ( ret ) goto free_domain; @@ -148,7 +148,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq) return -ESRCH; if ( domid != DOMID_SELF || !is_hvm_domain(d) || !has_pirq(d) ) - ret = xsm_unmap_domain_pirq(XSM_DM_PRIV, d); + ret = xsm_unmap_domain_pirq(d); if ( ret ) goto free_domain; @@ -355,7 +355,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) ret = -EFAULT; if ( copy_from_guest(&apic, arg, 1) != 0 ) break; - ret = xsm_apic(XSM_PRIV, currd, cmd); + ret = xsm_apic(currd, cmd); if ( ret ) break; ret = ioapic_guest_read(apic.apic_physbase, apic.reg, &apic.value); @@ -369,7 +369,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) ret = -EFAULT; if ( copy_from_guest(&apic, arg, 1) != 0 ) break; - ret = xsm_apic(XSM_PRIV, currd, cmd); + ret = xsm_apic(currd, cmd); if ( ret ) break; ret = ioapic_guest_write(apic.apic_physbase, apic.reg, apic.value); @@ -385,7 +385,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) /* Use the APIC check since this dummy hypercall should still only * be called by the domain with access to program the ioapic */ - ret = xsm_apic(XSM_PRIV, currd, cmd); + ret = xsm_apic(currd, cmd); if ( ret ) break; @@ -535,8 +535,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( copy_from_guest(&dev, arg, 1) ) ret = -EFAULT; else - ret = xsm_resource_setup_pci(XSM_PRIV, - (dev.seg << 16) | (dev.bus << 8) | + ret = xsm_resource_setup_pci((dev.seg << 16) | (dev.bus << 8) | dev.devfn) ?: pci_prepare_msix(dev.seg, dev.bus, dev.devfn, cmd != PHYSDEVOP_prepare_msix); @@ -546,7 +545,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) case PHYSDEVOP_pci_mmcfg_reserved: { struct physdev_pci_mmcfg_reserved info; - ret = xsm_resource_setup_misc(XSM_PRIV); + ret = xsm_resource_setup_misc(); if ( ret ) break; @@ -611,7 +610,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( setup_gsi.gsi < 0 || setup_gsi.gsi >= nr_irqs_gsi ) break; - ret = xsm_resource_setup_gsi(XSM_PRIV, setup_gsi.gsi); + ret = xsm_resource_setup_gsi(setup_gsi.gsi); if ( ret ) break; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 284c2dfb9e..40d0f81572 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -221,7 +221,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) if ( op->interface_version != XENPF_INTERFACE_VERSION ) return -EACCES; - ret = xsm_platform_op(XSM_PRIV, op->cmd); + ret = xsm_platform_op(op->cmd); if ( ret ) return ret; @@ -639,7 +639,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) { int cpu = op->u.cpu_ol.cpuid; - ret = xsm_resource_plug_core(XSM_HOOK); + ret = xsm_resource_plug_core(); if ( ret ) break; @@ -665,7 +665,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) { int cpu = op->u.cpu_ol.cpuid; - ret = xsm_resource_unplug_core(XSM_HOOK); + ret = xsm_resource_unplug_core(); if ( ret ) break; @@ -694,7 +694,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) break; case XENPF_cpu_hotadd: - ret = xsm_resource_plug_core(XSM_HOOK); + ret = xsm_resource_plug_core(); if ( ret ) break; @@ -704,7 +704,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) break; case XENPF_mem_hotadd: - ret = xsm_resource_plug_core(XSM_HOOK); + ret = xsm_resource_plug_core(); if ( ret ) break; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 11467a1e3a..3a534a168c 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -252,7 +252,7 @@ static bool pci_cfg_ok(struct domain *currd, unsigned int start, } return !write ? - xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf, + xsm_pci_config_permission(currd, machine_bdf, start, start + size - 1, 0) == 0 : pci_conf_write_intercept(0, machine_bdf, start, size, write) >= 0; } diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index aff52a13f3..975672360b 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -190,8 +190,8 @@ long arch_do_sysctl( } if ( !ret ) - ret = plug ? xsm_resource_plug_core(XSM_HOOK) - : xsm_resource_unplug_core(XSM_HOOK); + ret = plug ? xsm_resource_plug_core() + : xsm_resource_unplug_core(); if ( !ret ) ret = continue_hypercall_on_cpu(0, fn, hcpu); diff --git a/xen/common/domain.c b/xen/common/domain.c index 6b71c6d6a9..392865f0f1 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -311,7 +311,7 @@ static int late_hwdom_init(struct domain *d) if ( d != hardware_domain || d->domain_id == 0 ) return 0; - rv = xsm_init_hardware_domain(XSM_HOOK, d); + rv = xsm_init_hardware_domain(d); if ( rv ) return rv; @@ -649,7 +649,7 @@ struct domain *domain_create(domid_t domid, if ( !d->iomem_caps || !d->irq_caps ) goto fail; - if ( (err = xsm_domain_create(XSM_HOOK, d, config->ssidref)) != 0 ) + if ( (err = xsm_domain_create(d, config->ssidref)) != 0 ) goto fail; d->controller_pause_count = 1; diff --git a/xen/common/domctl.c b/xen/common/domctl.c index ef202c2b8c..de258ab7f7 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -314,7 +314,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) return -ESRCH; } - ret = xsm_domctl(XSM_OTHER, d, op->cmd); + ret = xsm_domctl(d, op->cmd); if ( ret ) goto domctl_out_unlock_domonly; @@ -553,7 +553,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) if ( d == NULL ) goto getdomaininfo_out; - ret = xsm_getdomaininfo(XSM_HOOK, d); + ret = xsm_getdomaininfo(d); if ( ret ) goto getdomaininfo_out; @@ -688,7 +688,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) break; } irq = pirq_access_permitted(current->domain, pirq); - if ( !irq || xsm_irq_permission(XSM_HOOK, d, irq, allow) ) + if ( !irq || xsm_irq_permission(d, irq, allow) ) ret = -EPERM; else if ( allow ) ret = irq_permit_access(d, irq); @@ -709,7 +709,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) if ( !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) || - xsm_iomem_permission(XSM_HOOK, d, mfn, mfn + nr_mfns - 1, allow) ) + xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) ) ret = -EPERM; else if ( allow ) ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1); @@ -746,7 +746,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) !iomem_access_permitted(d, mfn, mfn_end) ) break; - ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn_end, add); + ret = xsm_iomem_mapping(d, mfn, mfn_end, add); if ( ret ) break; @@ -804,7 +804,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) ret = -EOPNOTSUPP; if ( is_hvm_domain(e) ) - ret = xsm_set_target(XSM_HOOK, d, e); + ret = xsm_set_target(d, e); if ( ret ) { put_domain(e); diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index da88ad141a..288d8c36f2 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -301,7 +301,7 @@ static int evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc) ERROR_EXIT_DOM(port, d); chn = evtchn_from_port(d, port); - rc = xsm_evtchn_unbound(XSM_TARGET, d, chn, alloc->remote_dom); + rc = xsm_evtchn_unbound(d, chn, alloc->remote_dom); if ( rc ) goto out; @@ -376,7 +376,7 @@ static int evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind) (rchn->u.unbound.remote_domid != ld->domain_id) ) ERROR_EXIT_DOM(-EINVAL, rd); - rc = xsm_evtchn_interdomain(XSM_HOOK, ld, lchn, rd, rchn); + rc = xsm_evtchn_interdomain(ld, lchn, rd, rchn); if ( rc ) goto out; @@ -754,7 +754,7 @@ int evtchn_send(struct domain *ld, unsigned int lport) goto out; } - ret = xsm_evtchn_send(XSM_HOOK, ld, lchn); + ret = xsm_evtchn_send(ld, lchn); if ( ret ) goto out; @@ -979,7 +979,7 @@ int evtchn_status(evtchn_status_t *status) goto out; } - rc = xsm_evtchn_status(XSM_TARGET, d, chn); + rc = xsm_evtchn_status(d, chn); if ( rc ) goto out; @@ -1295,7 +1295,7 @@ long do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - rc = xsm_evtchn_reset(XSM_TARGET, current->domain, d); + rc = xsm_evtchn_reset(current->domain, d); if ( !rc ) rc = evtchn_reset(d, cmd == EVTCHNOP_reset_cont); @@ -1356,7 +1356,7 @@ int alloc_unbound_xen_event_channel( goto out; chn = evtchn_from_port(ld, port); - rc = xsm_evtchn_unbound(XSM_TARGET, ld, chn, remote_domid); + rc = xsm_evtchn_unbound(ld, chn, remote_domid); if ( rc ) goto out; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index fab77ab9cc..087b214335 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -1051,7 +1051,7 @@ map_grant_ref( return; } - rc = xsm_grant_mapref(XSM_HOOK, ld, rd, op->flags); + rc = xsm_grant_mapref(ld, rd, op->flags); if ( rc ) { rcu_unlock_domain(rd); @@ -1391,7 +1391,7 @@ unmap_common( return; } - rc = xsm_grant_unmapref(XSM_HOOK, ld, rd); + rc = xsm_grant_unmapref(ld, rd); if ( rc ) { rcu_unlock_domain(rd); @@ -2009,7 +2009,7 @@ gnttab_setup_table( goto out; } - if ( xsm_grant_setup(XSM_TARGET, curr->domain, d) ) + if ( xsm_grant_setup(curr->domain, d) ) { op.status = GNTST_permission_denied; goto out; @@ -2091,7 +2091,7 @@ gnttab_query_size( goto out; } - if ( xsm_grant_query_size(XSM_TARGET, current->domain, d) ) + if ( xsm_grant_query_size(current->domain, d) ) { op.status = GNTST_permission_denied; goto out; @@ -2262,7 +2262,7 @@ gnttab_transfer( goto put_gfn_and_copyback; } - if ( xsm_grant_transfer(XSM_HOOK, d, e) ) + if ( xsm_grant_transfer(d, e) ) { gop.status = GNTST_permission_denied; unlock_and_copyback: @@ -2800,7 +2800,7 @@ static int gnttab_copy_lock_domains(const struct gnttab_copy *op, if ( rc < 0 ) goto error; - rc = xsm_grant_copy(XSM_HOOK, src->domain, dest->domain); + rc = xsm_grant_copy(src->domain, dest->domain); if ( rc < 0 ) { rc = GNTST_permission_denied; @@ -3219,7 +3219,7 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, op.status = GNTST_bad_domain; goto out1; } - rc = xsm_grant_setup(XSM_TARGET, current->domain, d); + rc = xsm_grant_setup(current->domain, d); if ( rc ) { op.status = GNTST_permission_denied; @@ -3283,7 +3283,7 @@ gnttab_get_version(XEN_GUEST_HANDLE_PARAM(gnttab_get_version_t) uop) if ( d == NULL ) return -ESRCH; - rc = xsm_grant_query_size(XSM_TARGET, current->domain, d); + rc = xsm_grant_query_size(current->domain, d); if ( rc ) { rcu_unlock_domain(d); diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index e71f7df479..052f3d472a 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -679,7 +679,7 @@ long do_hypfs_op(unsigned int cmd, struct hypfs_entry *entry; static char path[XEN_HYPFS_MAX_PATHLEN]; - if ( xsm_hypfs_op(XSM_PRIV) ) + if ( xsm_hypfs_op() ) return -EPERM; if ( cmd == XEN_HYPFS_OP_get_version ) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index d77756a81e..89e01e908c 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -459,7 +459,7 @@ __initcall(param_init); DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { - bool_t deny = !!xsm_xen_version(XSM_OTHER, cmd); + bool_t deny = !!xsm_xen_version(cmd); switch ( cmd ) { diff --git a/xen/common/kexec.c b/xen/common/kexec.c index ebeee6405a..a0d2858cd8 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -1219,7 +1219,7 @@ static int do_kexec_op_internal(unsigned long op, { int ret = -EINVAL; - ret = xsm_kexec(XSM_PRIV); + ret = xsm_kexec(); if ( ret ) return ret; diff --git a/xen/common/mem_access.c b/xen/common/mem_access.c index 010e6f8dbf..2066510d3b 100644 --- a/xen/common/mem_access.c +++ b/xen/common/mem_access.c @@ -47,7 +47,7 @@ int mem_access_memop(unsigned long cmd, if ( !p2m_mem_access_sanity_check(d) ) goto out; - rc = xsm_mem_access(XSM_DM_PRIV, d); + rc = xsm_mem_access(d); if ( rc ) goto out; diff --git a/xen/common/memory.c b/xen/common/memory.c index 72a6b70cb5..d2621bbb47 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -609,7 +609,7 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg) goto fail_early; } - rc = xsm_memory_exchange(XSM_TARGET, d); + rc = xsm_memory_exchange(d); if ( rc ) { rcu_unlock_domain(d); @@ -1072,7 +1072,7 @@ static long xatp_permission_check(struct domain *d, unsigned int space) (!is_hardware_domain(d) || (d != current->domain)) ) return -EACCES; - return xsm_add_to_physmap(XSM_TARGET, current->domain, d); + return xsm_add_to_physmap(current->domain, d); } unsigned int ioreq_server_max_frames(const struct domain *d) @@ -1232,7 +1232,7 @@ static int acquire_resource( if ( rc ) return rc; - rc = xsm_domain_resource_map(XSM_DM_PRIV, d); + rc = xsm_domain_resource_map(d); if ( rc ) goto out; @@ -1388,7 +1388,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) && (reservation.mem_flags & XENMEMF_populate_on_demand) ) args.memflags |= MEMF_populate_on_demand; - if ( xsm_memory_adjust_reservation(XSM_TARGET, curr_d, d) ) + if ( xsm_memory_adjust_reservation(curr_d, d) ) { rcu_unlock_domain(d); return start_extent; @@ -1462,7 +1462,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - rc = xsm_memory_stat_reservation(XSM_TARGET, curr_d, d); + rc = xsm_memory_stat_reservation(curr_d, d); if ( rc ) { rcu_unlock_domain(d); @@ -1584,7 +1584,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return -ESRCH; rc = paging_mode_translate(d) - ? xsm_remove_from_physmap(XSM_TARGET, curr_d, d) + ? xsm_remove_from_physmap(curr_d, d) : -EACCES; if ( rc ) { @@ -1631,7 +1631,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -EINVAL; - rc = xsm_claim_pages(XSM_PRIV, d); + rc = xsm_claim_pages(d); if ( !rc ) rc = domain_set_outstanding_pages(d, reservation.nr_extents); @@ -1662,7 +1662,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( (d = rcu_lock_domain_by_any_id(topology.domid)) == NULL ) return -ESRCH; - rc = xsm_get_vnumainfo(XSM_TARGET, d); + rc = xsm_get_vnumainfo(d); if ( rc ) { rcu_unlock_domain(d); diff --git a/xen/common/monitor.c b/xen/common/monitor.c index d5c9ff1cbf..ff17bad733 100644 --- a/xen/common/monitor.c +++ b/xen/common/monitor.c @@ -36,7 +36,7 @@ int monitor_domctl(struct domain *d, struct xen_domctl_monitor_op *mop) if ( unlikely(current->domain == d) ) /* no domain_pause() */ return -EPERM; - rc = xsm_vm_event_control(XSM_PRIV, d, mop->op, mop->event); + rc = xsm_vm_event_control(d, mop->op, mop->event); if ( unlikely(rc) ) return rc; diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6d34764d38..e5c154fe9d 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -1944,7 +1944,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) break; - ret = xsm_schedop_shutdown(XSM_DM_PRIV, current->domain, d); + ret = xsm_schedop_shutdown(current->domain, d); if ( likely(!ret) ) domain_shutdown(d, sched_remote_shutdown.reason); @@ -2046,7 +2046,7 @@ long sched_adjust(struct domain *d, struct xen_domctl_scheduler_op *op) { long ret; - ret = xsm_domctl_scheduler_op(XSM_HOOK, d, op->cmd); + ret = xsm_domctl_scheduler_op(d, op->cmd); if ( ret ) return ret; @@ -2081,7 +2081,7 @@ long sched_adjust_global(struct xen_sysctl_scheduler_op *op) struct cpupool *pool; int rc; - rc = xsm_sysctl_scheduler_op(XSM_HOOK, op->cmd); + rc = xsm_sysctl_scheduler_op(op->cmd); if ( rc ) return rc; diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index 3558641cd9..4e25c0e499 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -41,7 +41,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) if ( op->interface_version != XEN_SYSCTL_INTERFACE_VERSION ) return -EACCES; - ret = xsm_sysctl(XSM_PRIV, op->cmd); + ret = xsm_sysctl(op->cmd); if ( ret ) return ret; @@ -58,7 +58,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) switch ( op->cmd ) { case XEN_SYSCTL_readconsole: - ret = xsm_readconsole(XSM_HOOK, op->u.readconsole.clear); + ret = xsm_readconsole(op->u.readconsole.clear); if ( ret ) break; @@ -88,7 +88,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) if ( num_domains == op->u.getdomaininfolist.max_domains ) break; - ret = xsm_getdomaininfo(XSM_HOOK, d); + ret = xsm_getdomaininfo(d); if ( ret ) continue; @@ -191,7 +191,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) if ( op->u.page_offline.end < op->u.page_offline.start ) break; - ret = xsm_page_offline(XSM_HOOK, op->u.page_offline.cmd); + ret = xsm_page_offline(op->u.page_offline.cmd); if ( ret ) break; diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index 70ab3ba406..307f99fcf0 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -584,7 +584,7 @@ int vm_event_domctl(struct domain *d, struct xen_domctl_vm_event_op *vec) return 0; } - rc = xsm_vm_event_control(XSM_PRIV, d, vec->mode, vec->op); + rc = xsm_vm_event_control(d, vec->mode, vec->op); if ( rc ) return rc; diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c index 1926a92fe4..76d8b1f807 100644 --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -737,7 +737,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) return -EPERM; } - ret = xsm_profile(XSM_HOOK, current->domain, op); + ret = xsm_profile(current->domain, op); if ( ret ) return ret; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 7d0a603d03..b5d62ea4ee 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -681,7 +681,7 @@ long do_console_io(unsigned int cmd, unsigned int count, long rc; unsigned int idx, len; - rc = xsm_console_io(XSM_OTHER, current->domain, cmd); + rc = xsm_console_io(current->domain, cmd); if ( rc ) return rc; diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c index 999b831d90..67b03fd2a9 100644 --- a/xen/drivers/passthrough/device_tree.c +++ b/xen/drivers/passthrough/device_tree.c @@ -230,7 +230,7 @@ int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d, if ( ret ) break; - ret = xsm_assign_dtdevice(XSM_HOOK, d, dt_node_full_name(dev)); + ret = xsm_assign_dtdevice(d, dt_node_full_name(dev)); if ( ret ) break; @@ -284,7 +284,7 @@ int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d, if ( ret ) break; - ret = xsm_deassign_dtdevice(XSM_HOOK, d, dt_node_full_name(dev)); + ret = xsm_deassign_dtdevice(d, dt_node_full_name(dev)); if ( d == dom_io ) return -EINVAL; diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 199ce08612..1363ef8121 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -704,7 +704,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn, else pdev_type = "device"; - ret = xsm_resource_plug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | devfn); + ret = xsm_resource_plug_pci((seg << 16) | (bus << 8) | devfn); if ( ret ) return ret; @@ -814,7 +814,7 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn) struct pci_dev *pdev; int ret; - ret = xsm_resource_unplug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | devfn); + ret = xsm_resource_unplug_pci((seg << 16) | (bus << 8) | devfn); if ( ret ) return ret; @@ -1477,7 +1477,7 @@ static int iommu_get_device_group( ((pdev->bus == bus) && (pdev->devfn == devfn)) ) continue; - if ( xsm_get_device_group(XSM_HOOK, (seg << 16) | (pdev->bus << 8) | pdev->devfn) ) + if ( xsm_get_device_group((seg << 16) | (pdev->bus << 8) | pdev->devfn) ) continue; sdev_id = ops->get_device_group_id(seg, pdev->bus, pdev->devfn); @@ -1545,7 +1545,7 @@ int iommu_do_pci_domctl( u32 max_sdevs; XEN_GUEST_HANDLE_64(uint32) sdevs; - ret = xsm_get_device_group(XSM_HOOK, domctl->u.get_device_group.machine_sbdf); + ret = xsm_get_device_group(domctl->u.get_device_group.machine_sbdf); if ( ret ) break; @@ -1596,7 +1596,7 @@ int iommu_do_pci_domctl( machine_sbdf = domctl->u.assign_device.u.pci.machine_sbdf; - ret = xsm_assign_device(XSM_HOOK, d, machine_sbdf); + ret = xsm_assign_device(d, machine_sbdf); if ( ret ) break; @@ -1641,7 +1641,7 @@ int iommu_do_pci_domctl( machine_sbdf = domctl->u.assign_device.u.pci.machine_sbdf; - ret = xsm_deassign_device(XSM_HOOK, d, machine_sbdf); + ret = xsm_deassign_device(d, machine_sbdf); if ( ret ) break; diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 170eae9b25..bab10be7a2 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -30,53 +30,53 @@ static inline void xsm_security_domaininfo (struct domain *d, alternative_vcall(xsm_ops.security_domaininfo, d, info); } -static inline int xsm_domain_create (xsm_default_t def, struct domain *d, u32 ssidref) +static inline int xsm_domain_create (struct domain *d, u32 ssidref) { return alternative_call(xsm_ops.domain_create, d, ssidref); } -static inline int xsm_getdomaininfo (xsm_default_t def, struct domain *d) +static inline int xsm_getdomaininfo (struct domain *d) { return alternative_call(xsm_ops.getdomaininfo, d); } -static inline int xsm_domctl_scheduler_op (xsm_default_t def, struct domain *d, int cmd) +static inline int xsm_domctl_scheduler_op (struct domain *d, int cmd) { return alternative_call(xsm_ops.domctl_scheduler_op, d, cmd); } -static inline int xsm_sysctl_scheduler_op (xsm_default_t def, int cmd) +static inline int xsm_sysctl_scheduler_op (int cmd) { return alternative_call(xsm_ops.sysctl_scheduler_op, cmd); } -static inline int xsm_set_target (xsm_default_t def, struct domain *d, struct domain *e) +static inline int xsm_set_target (struct domain *d, struct domain *e) { return alternative_call(xsm_ops.set_target, d, e); } -static inline int xsm_domctl (xsm_default_t def, struct domain *d, int cmd) +static inline int xsm_domctl (struct domain *d, int cmd) { return alternative_call(xsm_ops.domctl, d, cmd); } -static inline int xsm_sysctl (xsm_default_t def, int cmd) +static inline int xsm_sysctl (int cmd) { return alternative_call(xsm_ops.sysctl, cmd); } -static inline int xsm_readconsole (xsm_default_t def, uint32_t clear) +static inline int xsm_readconsole (uint32_t clear) { return alternative_call(xsm_ops.readconsole, clear); } -static inline int xsm_evtchn_unbound (xsm_default_t def, struct domain *d1, struct evtchn *chn, +static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn, domid_t id2) { return alternative_call(xsm_ops.evtchn_unbound, d1, chn, id2); } -static inline int xsm_evtchn_interdomain (xsm_default_t def, struct domain *d1, +static inline int xsm_evtchn_interdomain (struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { return alternative_call(xsm_ops.evtchn_interdomain, d1, chan1, d2, chan2); @@ -87,48 +87,48 @@ static inline void xsm_evtchn_close_post (struct evtchn *chn) alternative_vcall(xsm_ops.evtchn_close_post, chn); } -static inline int xsm_evtchn_send (xsm_default_t def, struct domain *d, struct evtchn *chn) +static inline int xsm_evtchn_send (struct domain *d, struct evtchn *chn) { return alternative_call(xsm_ops.evtchn_send, d, chn); } -static inline int xsm_evtchn_status (xsm_default_t def, struct domain *d, struct evtchn *chn) +static inline int xsm_evtchn_status (struct domain *d, struct evtchn *chn) { return alternative_call(xsm_ops.evtchn_status, d, chn); } -static inline int xsm_evtchn_reset (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_evtchn_reset (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.evtchn_reset, d1, d2); } -static inline int xsm_grant_mapref (xsm_default_t def, struct domain *d1, struct domain *d2, +static inline int xsm_grant_mapref (struct domain *d1, struct domain *d2, uint32_t flags) { return alternative_call(xsm_ops.grant_mapref, d1, d2, flags); } -static inline int xsm_grant_unmapref (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_unmapref (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.grant_unmapref, d1, d2); } -static inline int xsm_grant_setup (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_setup (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.grant_setup, d1, d2); } -static inline int xsm_grant_transfer (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_transfer (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.grant_transfer, d1, d2); } -static inline int xsm_grant_copy (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_copy (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.grant_copy, d1, d2); } -static inline int xsm_grant_query_size (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_query_size (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.grant_query_size, d1, d2); } @@ -160,80 +160,80 @@ static inline char *xsm_show_security_evtchn (struct domain *d, const struct evt return alternative_call(xsm_ops.show_security_evtchn, d, chn); } -static inline int xsm_init_hardware_domain (xsm_default_t def, struct domain *d) +static inline int xsm_init_hardware_domain (struct domain *d) { return alternative_call(xsm_ops.init_hardware_domain, d); } -static inline int xsm_get_pod_target (xsm_default_t def, struct domain *d) +static inline int xsm_get_pod_target (struct domain *d) { return alternative_call(xsm_ops.get_pod_target, d); } -static inline int xsm_set_pod_target (xsm_default_t def, struct domain *d) +static inline int xsm_set_pod_target (struct domain *d) { return alternative_call(xsm_ops.set_pod_target, d); } -static inline int xsm_memory_exchange (xsm_default_t def, struct domain *d) +static inline int xsm_memory_exchange (struct domain *d) { return alternative_call(xsm_ops.memory_exchange, d); } -static inline int xsm_memory_adjust_reservation (xsm_default_t def, struct domain *d1, struct +static inline int xsm_memory_adjust_reservation (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.memory_adjust_reservation, d1, d2); } -static inline int xsm_memory_stat_reservation (xsm_default_t def, struct domain *d1, +static inline int xsm_memory_stat_reservation (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.memory_stat_reservation, d1, d2); } -static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1, struct domain *d2, +static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2, struct page_info *page) { return alternative_call(xsm_ops.memory_pin_page, d1, d2, page); } -static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_add_to_physmap(struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.add_to_physmap, d1, d2); } -static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.remove_from_physmap, d1, d2); } -static inline int xsm_map_gmfn_foreign (xsm_default_t def, struct domain *d, struct domain *t) +static inline int xsm_map_gmfn_foreign (struct domain *d, struct domain *t) { return alternative_call(xsm_ops.map_gmfn_foreign, d, t); } -static inline int xsm_claim_pages(xsm_default_t def, struct domain *d) +static inline int xsm_claim_pages(struct domain *d) { return alternative_call(xsm_ops.claim_pages, d); } -static inline int xsm_console_io (xsm_default_t def, struct domain *d, int cmd) +static inline int xsm_console_io (struct domain *d, int cmd) { return alternative_call(xsm_ops.console_io, d, cmd); } -static inline int xsm_profile (xsm_default_t def, struct domain *d, int op) +static inline int xsm_profile (struct domain *d, int op) { return alternative_call(xsm_ops.profile, d, op); } -static inline int xsm_kexec (xsm_default_t def) +static inline int xsm_kexec (void) { return alternative_call(xsm_ops.kexec); } -static inline int xsm_schedop_shutdown (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_schedop_shutdown (struct domain *d1, struct domain *d2) { return alternative_call(xsm_ops.schedop_shutdown, d1, d2); } @@ -243,131 +243,129 @@ static inline char *xsm_show_irq_sid (int irq) return alternative_call(xsm_ops.show_irq_sid, irq); } -static inline int xsm_map_domain_pirq (xsm_default_t def, struct domain *d) +static inline int xsm_map_domain_pirq (struct domain *d) { return alternative_call(xsm_ops.map_domain_pirq, d); } -static inline int xsm_map_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data) +static inline int xsm_map_domain_irq (struct domain *d, int irq, void *data) { return alternative_call(xsm_ops.map_domain_irq, d, irq, data); } -static inline int xsm_unmap_domain_pirq (xsm_default_t def, struct domain *d) +static inline int xsm_unmap_domain_pirq (struct domain *d) { return alternative_call(xsm_ops.unmap_domain_pirq, d); } -static inline int xsm_unmap_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data) +static inline int xsm_unmap_domain_irq (struct domain *d, int irq, void *data) { return alternative_call(xsm_ops.unmap_domain_irq, d, irq, data); } -static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d, +static inline int xsm_bind_pt_irq(struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return alternative_call(xsm_ops.bind_pt_irq, d, bind); } -static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d, +static inline int xsm_unbind_pt_irq(struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return alternative_call(xsm_ops.unbind_pt_irq, d, bind); } -static inline int xsm_irq_permission (xsm_default_t def, struct domain *d, int pirq, uint8_t allow) +static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t allow) { return alternative_call(xsm_ops.irq_permission, d, pirq, allow); } -static inline int xsm_iomem_permission (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static inline int xsm_iomem_permission (struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { return alternative_call(xsm_ops.iomem_permission, d, s, e, allow); } -static inline int xsm_iomem_mapping (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static inline int xsm_iomem_mapping (struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { return alternative_call(xsm_ops.iomem_mapping, d, s, e, allow); } -static inline int xsm_pci_config_permission (xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) +static inline int xsm_pci_config_permission (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { return alternative_call(xsm_ops.pci_config_permission, d, machine_bdf, start, end, access); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) -static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf) +static inline int xsm_get_device_group(uint32_t machine_bdf) { return alternative_call(xsm_ops.get_device_group, machine_bdf); } -static inline int xsm_assign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) +static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf) { return alternative_call(xsm_ops.assign_device, d, machine_bdf); } -static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) +static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf) { return alternative_call(xsm_ops.deassign_device, d, machine_bdf); } #endif /* HAS_PASSTHROUGH && HAS_PCI) */ #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) -static inline int xsm_assign_dtdevice(xsm_default_t def, struct domain *d, - const char *dtpath) +static inline int xsm_assign_dtdevice(struct domain *d, const char *dtpath) { return alternative_call(xsm_ops.assign_dtdevice, d, dtpath); } -static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d, - const char *dtpath) +static inline int xsm_deassign_dtdevice(struct domain *d, const char *dtpath) { return alternative_call(xsm_ops.deassign_dtdevice, d, dtpath); } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ -static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t machine_bdf) +static inline int xsm_resource_plug_pci (uint32_t machine_bdf) { return alternative_call(xsm_ops.resource_plug_pci, machine_bdf); } -static inline int xsm_resource_unplug_pci (xsm_default_t def, uint32_t machine_bdf) +static inline int xsm_resource_unplug_pci (uint32_t machine_bdf) { return alternative_call(xsm_ops.resource_unplug_pci, machine_bdf); } -static inline int xsm_resource_plug_core (xsm_default_t def) +static inline int xsm_resource_plug_core (void) { return alternative_call(xsm_ops.resource_plug_core); } -static inline int xsm_resource_unplug_core (xsm_default_t def) +static inline int xsm_resource_unplug_core (void) { return alternative_call(xsm_ops.resource_unplug_core); } -static inline int xsm_resource_setup_pci (xsm_default_t def, uint32_t machine_bdf) +static inline int xsm_resource_setup_pci (uint32_t machine_bdf) { return alternative_call(xsm_ops.resource_setup_pci, machine_bdf); } -static inline int xsm_resource_setup_gsi (xsm_default_t def, int gsi) +static inline int xsm_resource_setup_gsi (int gsi) { return alternative_call(xsm_ops.resource_setup_gsi, gsi); } -static inline int xsm_resource_setup_misc (xsm_default_t def) +static inline int xsm_resource_setup_misc (void) { return alternative_call(xsm_ops.resource_setup_misc); } -static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd) +static inline int xsm_page_offline(uint32_t cmd) { return alternative_call(xsm_ops.page_offline, cmd); } -static inline int xsm_hypfs_op(xsm_default_t def) +static inline int xsm_hypfs_op(void) { return alternative_call(xsm_ops.hypfs_op); } @@ -384,148 +382,148 @@ static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) } #endif -static inline int xsm_hvm_param (xsm_default_t def, struct domain *d, unsigned long op) +static inline int xsm_hvm_param (struct domain *d, unsigned long op) { return alternative_call(xsm_ops.hvm_param, d, op); } -static inline int xsm_hvm_control(xsm_default_t def, struct domain *d, unsigned long op) +static inline int xsm_hvm_control(struct domain *d, unsigned long op) { return alternative_call(xsm_ops.hvm_control, d, op); } -static inline int xsm_hvm_param_altp2mhvm (xsm_default_t def, struct domain *d) +static inline int xsm_hvm_param_altp2mhvm (struct domain *d) { return alternative_call(xsm_ops.hvm_param_altp2mhvm, d); } -static inline int xsm_hvm_altp2mhvm_op (xsm_default_t def, struct domain *d, uint64_t mode, uint32_t op) +static inline int xsm_hvm_altp2mhvm_op (struct domain *d, uint64_t mode, uint32_t op) { return alternative_call(xsm_ops.hvm_altp2mhvm_op, d, mode, op); } -static inline int xsm_get_vnumainfo (xsm_default_t def, struct domain *d) +static inline int xsm_get_vnumainfo (struct domain *d) { return alternative_call(xsm_ops.get_vnumainfo, d); } -static inline int xsm_vm_event_control (xsm_default_t def, struct domain *d, int mode, int op) +static inline int xsm_vm_event_control (struct domain *d, int mode, int op) { return alternative_call(xsm_ops.vm_event_control, d, mode, op); } #ifdef CONFIG_MEM_ACCESS -static inline int xsm_mem_access (xsm_default_t def, struct domain *d) +static inline int xsm_mem_access (struct domain *d) { return alternative_call(xsm_ops.mem_access, d); } #endif #ifdef CONFIG_MEM_PAGING -static inline int xsm_mem_paging (xsm_default_t def, struct domain *d) +static inline int xsm_mem_paging (struct domain *d) { return alternative_call(xsm_ops.mem_paging, d); } #endif #ifdef CONFIG_MEM_SHARING -static inline int xsm_mem_sharing (xsm_default_t def, struct domain *d) +static inline int xsm_mem_sharing (struct domain *d) { return alternative_call(xsm_ops.mem_sharing, d); } #endif -static inline int xsm_platform_op (xsm_default_t def, uint32_t op) +static inline int xsm_platform_op (uint32_t op) { return alternative_call(xsm_ops.platform_op, op); } #ifdef CONFIG_X86 -static inline int xsm_do_mca(xsm_default_t def) +static inline int xsm_do_mca(void) { return alternative_call(xsm_ops.do_mca); } -static inline int xsm_shadow_control (xsm_default_t def, struct domain *d, uint32_t op) +static inline int xsm_shadow_control (struct domain *d, uint32_t op) { return alternative_call(xsm_ops.shadow_control, d, op); } -static inline int xsm_mem_sharing_op (xsm_default_t def, struct domain *d, struct domain *cd, int op) +static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int op) { return alternative_call(xsm_ops.mem_sharing_op, d, cd, op); } -static inline int xsm_apic (xsm_default_t def, struct domain *d, int cmd) +static inline int xsm_apic (struct domain *d, int cmd) { return alternative_call(xsm_ops.apic, d, cmd); } -static inline int xsm_memtype (xsm_default_t def, uint32_t access) +static inline int xsm_memtype (uint32_t access) { return alternative_call(xsm_ops.memtype, access); } -static inline int xsm_machine_memory_map(xsm_default_t def) +static inline int xsm_machine_memory_map(void) { return alternative_call(xsm_ops.machine_memory_map); } -static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d) +static inline int xsm_domain_memory_map(struct domain *d) { return alternative_call(xsm_ops.domain_memory_map, d); } -static inline int xsm_mmu_update (xsm_default_t def, struct domain *d, struct domain *t, +static inline int xsm_mmu_update (struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { return alternative_call(xsm_ops.mmu_update, d, t, f, flags); } -static inline int xsm_mmuext_op (xsm_default_t def, struct domain *d, struct domain *f) +static inline int xsm_mmuext_op (struct domain *d, struct domain *f) { return alternative_call(xsm_ops.mmuext_op, d, f); } -static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d, struct domain *f, +static inline int xsm_update_va_mapping(struct domain *d, struct domain *f, l1_pgentry_t pte) { return xsm_ops.update_va_mapping(d, f, pte); } -static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d, struct domain *t) +static inline int xsm_priv_mapping(struct domain *d, struct domain *t) { return alternative_call(xsm_ops.priv_mapping, d, t); } -static inline int xsm_ioport_permission (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static inline int xsm_ioport_permission (struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { return alternative_call(xsm_ops.ioport_permission, d, s, e, allow); } -static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static inline int xsm_ioport_mapping (struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { return alternative_call(xsm_ops.ioport_mapping, d, s, e, allow); } -static inline int xsm_pmu_op (xsm_default_t def, struct domain *d, unsigned int op) +static inline int xsm_pmu_op (struct domain *d, unsigned int op) { return alternative_call(xsm_ops.pmu_op, d, op); } #endif /* CONFIG_X86 */ -static inline int xsm_dm_op(xsm_default_t def, struct domain *d) +static inline int xsm_dm_op(struct domain *d) { return alternative_call(xsm_ops.dm_op, d); } -static inline int xsm_xen_version (xsm_default_t def, uint32_t op) +static inline int xsm_xen_version (uint32_t op) { return alternative_call(xsm_ops.xen_version, op); } -static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d) +static inline int xsm_domain_resource_map(struct domain *d) { return alternative_call(xsm_ops.domain_resource_map, d); } From patchwork Mon Jul 12 20:32:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372285 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05D28C07E99 for ; Mon, 12 Jul 2021 20:31:08 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9F144611B0 for ; Mon, 12 Jul 2021 20:31:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9F144611B0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154812.285956 (Exim 4.92) (envelope-from ) id 1m32Zt-0005Uz-W6; Mon, 12 Jul 2021 20:30:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154812.285956; Mon, 12 Jul 2021 20:30:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Zt-0005Uo-So; Mon, 12 Jul 2021 20:30:57 +0000 Received: by outflank-mailman (input) for mailman id 154812; Mon, 12 Jul 2021 20:30:57 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32Zt-0005Ue-Hy for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:30:57 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 0e9cbae2-e350-11eb-8707-12813bfff9fa; Mon, 12 Jul 2021 20:30:55 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121635730192.9107776027231; Mon, 12 Jul 2021 13:27:15 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0e9cbae2-e350-11eb-8707-12813bfff9fa ARC-Seal: i=1; a=rsa-sha256; t=1626121638; cv=none; d=zohomail.com; s=zohoarc; b=YrYVzIKMcTMGlbgqJB+S9HNtfVtX4ekH5BqpjjFSEN6xVIcA/GT/m+HaQPKXGbSAAFc2G3UdddmJLm+pE1Oh0iejlyeqln8cOcOV4S8DM7ZOTdEEXuCQec35byTqvLya0zDs2xxqd4hrda2DKgDqzrX1bci81t+Qxa4V69iDlyY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121638; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=kh0KMg27tKSsDe22tQu9Z3PZUDHTMTDEO+ctwo3vIpI=; b=UgdMcdkezq33hhMsXjiiPyJ4fUTg3Yi4txRK+8Ox6cvLuhsWBV8ramAlQa8BVjt6WRX6AlC9mP+7v7njxqJR5Ozv+qPoIaNQshN15j/BAn/jGV5doGqwcOM6SQtBHGmVbE9b3a4O6jr/HGl5B26DKwXgjKnWDIHhwQhWCe+eXxI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121638; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=kh0KMg27tKSsDe22tQu9Z3PZUDHTMTDEO+ctwo3vIpI=; b=FmHXmhgqmTa9DXPsIKDmVAWB34r97SN4kLMvEhKkKEj4lPDUY+toUL3yTpKs1zJr n2ob+Hh8QJ1/iJF1oQ7e89rHobmPZbZuVjLlDm7HX7YPKEeNRtikx/49bNHWVDSos5m BjKUDnRHA/KZapIDhQm6CW6g9nRqvcWNaOPs0pdY= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Daniel De Graaf Subject: [PATCH v2 09/10] xsm: expand the function related macros in dummy.h Date: Mon, 12 Jul 2021 16:32:32 -0400 Message-Id: <20210712203233.20289-10-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External With the elimination of switching how dummy.h gets included, the function declaration macros are no longer necessary. This commit expands them out to the only value for which they will ever be set. This results in function declaration lengths changing and since some definitions did not even follow the 80 column wrapping style, all function definitions were aligned with the predominate style found in core hypervisor code. Signed-off-by: Daniel P. Smith --- xen/xsm/dummy.h | 275 +++++++++++++++++++++++++++--------------------- 1 file changed, 153 insertions(+), 122 deletions(-) diff --git a/xen/xsm/dummy.h b/xen/xsm/dummy.h index a3e698c3b5..1cb26e4146 100644 --- a/xen/xsm/dummy.h +++ b/xen/xsm/dummy.h @@ -9,7 +9,7 @@ * * * Each XSM hook implementing an access check should have its first parameter - * preceded by XSM_DEFAULT_ARG (or use XSM_DEFAULT_VOID if it has no + * preceded by (or use XSM_DEFAULT_VOID if it has no * arguments). The first non-declaration statement shold be XSM_ASSERT_ACTION * with the expected type of the hook, which will either define or check the * value of action. @@ -47,14 +47,11 @@ void __xsm_action_mismatch_detected(void); * xsm_default_t argument available, so the value from the assertion is used to * initialize the variable. */ -#define XSM_INLINE __maybe_unused - -#define XSM_DEFAULT_ARG /* */ -#define XSM_DEFAULT_VOID void #define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action -static always_inline int xsm_default_action( - xsm_default_t action, struct domain *src, struct domain *target) +static always_inline int xsm_default_action(xsm_default_t action, + struct domain *src, + struct domain *target) { switch ( action ) { case XSM_HOOK: @@ -82,43 +79,43 @@ static always_inline int xsm_default_action( } } -static XSM_INLINE void dummy_security_domaininfo(struct domain *d, +static inline void dummy_security_domaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) { return; } -static XSM_INLINE int dummy_domain_create(XSM_DEFAULT_ARG struct domain *d, u32 ssidref) +static inline int dummy_domain_create(struct domain *d, u32 ssidref) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_getdomaininfo(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_getdomaininfo(struct domain *d) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_domctl_scheduler_op(XSM_DEFAULT_ARG struct domain *d, int cmd) +static inline int dummy_domctl_scheduler_op(struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) +static inline int dummy_sysctl_scheduler_op(int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_set_target(XSM_DEFAULT_ARG struct domain *d, struct domain *e) +static inline int dummy_set_target(struct domain *d, struct domain *e) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) +static inline int dummy_domctl(struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( cmd ) @@ -135,85 +132,91 @@ static XSM_INLINE int dummy_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) } } -static XSM_INLINE int dummy_sysctl(XSM_DEFAULT_ARG int cmd) +static inline int dummy_sysctl(int cmd) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_readconsole(XSM_DEFAULT_ARG uint32_t clear) +static inline int dummy_readconsole(uint32_t clear) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_alloc_security_domain(struct domain *d) +static inline int dummy_alloc_security_domain(struct domain *d) { return 0; } -static XSM_INLINE void dummy_free_security_domain(struct domain *d) +static inline void dummy_free_security_domain(struct domain *d) { return; } -static XSM_INLINE int dummy_grant_mapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, - uint32_t flags) +static inline int dummy_grant_mapref(struct domain *d1, + struct domain *d2, + uint32_t flags) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_grant_unmapref(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_grant_setup(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_grant_setup(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_grant_transfer(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_grant_transfer(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_grant_copy(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_grant_copy(struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_grant_query_size(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_grant_query_size(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_memory_exchange(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_memory_exchange(struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_memory_adjust_reservation(XSM_DEFAULT_ARG struct domain *d1, - struct domain *d2) +static inline int dummy_memory_adjust_reservation(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_memory_stat_reservation(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_memory_stat_reservation(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) +static inline int dummy_console_io(struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); if ( d->is_console ) @@ -225,129 +228,140 @@ static XSM_INLINE int dummy_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd return xsm_default_action(XSM_PRIV, d, NULL); } -static XSM_INLINE int dummy_profile(XSM_DEFAULT_ARG struct domain *d, int op) +static inline int dummy_profile(struct domain *d, int op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int dummy_kexec(XSM_DEFAULT_VOID) +static inline int dummy_kexec(void) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_schedop_shutdown(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, - struct page_info *page) +static inline int dummy_memory_pin_page(struct domain *d1, + struct domain *d2, + struct page_info *page) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_claim_pages(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_claim_pages(struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, - domid_t id2) +static inline int dummy_evtchn_unbound(struct domain *d, + struct evtchn *chn, + domid_t id2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_evtchn_interdomain(XSM_DEFAULT_ARG struct domain *d1, struct evtchn - *chan1, struct domain *d2, struct evtchn *chan2) +static inline int dummy_evtchn_interdomain(struct domain *d1, + struct evtchn *chan1, + struct domain *d2, + struct evtchn *chan2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE void dummy_evtchn_close_post(struct evtchn *chn) +static inline void dummy_evtchn_close_post(struct evtchn *chn) { return; } -static XSM_INLINE int dummy_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) +static inline int dummy_evtchn_send(struct domain *d, + struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int dummy_evtchn_status(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) +static inline int dummy_evtchn_status(struct domain *d, + struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_evtchn_reset(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_alloc_security_evtchns( - struct evtchn chn[], unsigned int nr) +static inline int dummy_alloc_security_evtchns(struct evtchn chn[], + unsigned int nr) { return 0; } -static XSM_INLINE void dummy_free_security_evtchns( - struct evtchn chn[], unsigned int nr) +static inline void dummy_free_security_evtchns(struct evtchn chn[], + unsigned int nr) { return; } -static XSM_INLINE char *dummy_show_security_evtchn(struct domain *d, const struct evtchn *chn) +static inline char *dummy_show_security_evtchn(struct domain *d, + const struct evtchn *chn) { return NULL; } -static XSM_INLINE int dummy_init_hardware_domain(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_init_hardware_domain(struct domain *d) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_get_pod_target(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_get_pod_target(struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_set_pod_target(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_set_pod_target(struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_get_vnumainfo(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_get_vnumainfo(struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) -static XSM_INLINE int dummy_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf) +static inline int dummy_get_device_group(uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_assign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) +static inline int dummy_assign_device(struct domain *d, + uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) +static inline int dummy_deassign_device(struct domain *d, + uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); @@ -356,15 +370,15 @@ static XSM_INLINE int dummy_deassign_device(XSM_DEFAULT_ARG struct domain *d, ui #endif /* HAS_PASSTHROUGH && HAS_PCI */ #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) -static XSM_INLINE int dummy_assign_dtdevice(XSM_DEFAULT_ARG struct domain *d, - const char *dtpath) +static inline int dummy_assign_dtdevice(struct domain *d, + const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_deassign_dtdevice(XSM_DEFAULT_ARG struct domain *d, - const char *dtpath) +static inline int dummy_deassign_dtdevice(struct domain *d, + const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); @@ -372,178 +386,190 @@ static XSM_INLINE int dummy_deassign_dtdevice(XSM_DEFAULT_ARG struct domain *d, #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ -static XSM_INLINE int dummy_resource_plug_core(XSM_DEFAULT_VOID) +static inline int dummy_resource_plug_core(void) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_resource_unplug_core(XSM_DEFAULT_VOID) +static inline int dummy_resource_unplug_core(void) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_resource_plug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static inline int dummy_resource_plug_pci(uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_resource_unplug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static inline int dummy_resource_unplug_pci(uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_resource_setup_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static inline int dummy_resource_setup_pci(uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_resource_setup_gsi(XSM_DEFAULT_ARG int gsi) +static inline int dummy_resource_setup_gsi(int gsi) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_resource_setup_misc(XSM_DEFAULT_VOID) +static inline int dummy_resource_setup_misc(void) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_page_offline(XSM_DEFAULT_ARG uint32_t cmd) +static inline int dummy_page_offline(uint32_t cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_hypfs_op(XSM_DEFAULT_VOID) +static inline int dummy_hypfs_op(void) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE long dummy_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +static inline long dummy_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) { return -ENOSYS; } #ifdef CONFIG_COMPAT -static XSM_INLINE int dummy_do_compat_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +static inline int dummy_do_compat_op( + XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) { return -ENOSYS; } #endif -static XSM_INLINE char *dummy_show_irq_sid(int irq) +static inline char *dummy_show_irq_sid(int irq) { return NULL; } -static XSM_INLINE int dummy_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_map_domain_pirq(struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_map_domain_irq(XSM_DEFAULT_ARG struct domain *d, - int irq, const void *data) +static inline int dummy_map_domain_irq(struct domain *d, int irq, + const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_unmap_domain_pirq(struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static inline int dummy_bind_pt_irq(struct domain *d, + struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static inline int dummy_unbind_pt_irq(struct domain *d, + struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_unmap_domain_irq(XSM_DEFAULT_ARG struct domain *d, - int irq, const void *data) +static inline int dummy_unmap_domain_irq(struct domain *d, int irq, + const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_irq_permission(XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) +static inline int dummy_irq_permission(struct domain *d, int pirq, + uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_iomem_permission(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static inline int dummy_iomem_permission(struct domain *d, uint64_t s, + uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_iomem_mapping(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static inline int dummy_iomem_mapping(struct domain *d, uint64_t s, + uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_pci_config_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, - uint16_t start, uint16_t end, - uint8_t access) +static inline int dummy_pci_config_permission(struct domain *d, + uint32_t machine_bdf, + uint16_t start, + uint16_t end, + uint8_t access) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_add_to_physmap(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static inline int dummy_remove_from_physmap(struct domain *d1, + struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int dummy_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, struct domain *t) +static inline int dummy_map_gmfn_foreign(struct domain *d, + struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int dummy_hvm_param(XSM_DEFAULT_ARG struct domain *d, unsigned long op) +static inline int dummy_hvm_param(struct domain *d, unsigned long op) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_hvm_control(XSM_DEFAULT_ARG struct domain *d, unsigned long op) +static inline int dummy_hvm_control(struct domain *d, unsigned long op) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_hvm_param_altp2mhvm(struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op) +static inline int dummy_hvm_altp2mhvm_op(struct domain *d, + uint64_t mode, uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); @@ -562,14 +588,15 @@ static XSM_INLINE int dummy_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, u } } -static XSM_INLINE int dummy_vm_event_control(XSM_DEFAULT_ARG struct domain *d, int mode, int op) +static inline int dummy_vm_event_control(struct domain *d, int mode, + int op) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } #ifdef CONFIG_MEM_ACCESS -static XSM_INLINE int dummy_mem_access(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_mem_access(struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -577,7 +604,7 @@ static XSM_INLINE int dummy_mem_access(XSM_DEFAULT_ARG struct domain *d) #endif #ifdef CONFIG_MEM_PAGING -static XSM_INLINE int dummy_mem_paging(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_mem_paging(struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -585,58 +612,59 @@ static XSM_INLINE int dummy_mem_paging(XSM_DEFAULT_ARG struct domain *d) #endif #ifdef CONFIG_MEM_SHARING -static XSM_INLINE int dummy_mem_sharing(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_mem_sharing(struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } #endif -static XSM_INLINE int dummy_platform_op(XSM_DEFAULT_ARG uint32_t op) +static inline int dummy_platform_op(uint32_t op) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } #ifdef CONFIG_X86 -static XSM_INLINE int dummy_do_mca(XSM_DEFAULT_VOID) +static inline int dummy_do_mca(void) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_shadow_control(XSM_DEFAULT_ARG struct domain *d, uint32_t op) +static inline int dummy_shadow_control(struct domain *d, uint32_t op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op) +static inline int dummy_mem_sharing_op(struct domain *d, + struct domain *cd, int op) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, cd); } -static XSM_INLINE int dummy_apic(XSM_DEFAULT_ARG struct domain *d, int cmd) +static inline int dummy_apic(struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int dummy_machine_memory_map(XSM_DEFAULT_VOID) +static inline int dummy_machine_memory_map(void) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int dummy_domain_memory_map(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_domain_memory_map(struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct domain *t, - struct domain *f, uint32_t flags) +static inline int dummy_mmu_update(struct domain *d, struct domain *t, + struct domain *f, uint32_t flags) { int rc = 0; XSM_ASSERT_ACTION(XSM_TARGET); @@ -647,38 +675,41 @@ static XSM_INLINE int dummy_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct return rc; } -static XSM_INLINE int dummy_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct domain *f) +static inline int dummy_mmuext_op(struct domain *d, struct domain *f) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int dummy_update_va_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *f, - l1_pgentry_t pte) +static inline int dummy_update_va_mapping(struct domain *d, + struct domain *f, + l1_pgentry_t pte) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int dummy_priv_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *t) +static inline int dummy_priv_mapping(struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int dummy_ioport_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static inline int dummy_ioport_permission(struct domain *d, uint32_t s, + uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static inline int dummy_ioport_mapping(struct domain *d, uint32_t s, + uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int dummy_pmu_op (XSM_DEFAULT_ARG struct domain *d, unsigned int op) +static inline int dummy_pmu_op (struct domain *d, unsigned int op) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) @@ -695,31 +726,31 @@ static XSM_INLINE int dummy_pmu_op (XSM_DEFAULT_ARG struct domain *d, unsigned i #endif /* CONFIG_X86 */ -static XSM_INLINE int dummy_dm_op(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_dm_op(struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } #ifdef CONFIG_ARGO -static XSM_INLINE int dummy_argo_enable(const struct domain *d) +static inline int dummy_argo_enable(const struct domain *d) { return 0; } -static XSM_INLINE int dummy_argo_register_single_source(const struct domain *d, - const struct domain *t) +static inline int dummy_argo_register_single_source(const struct domain *d, + const struct domain *t) { return 0; } -static XSM_INLINE int dummy_argo_register_any_source(const struct domain *d) +static inline int dummy_argo_register_any_source(const struct domain *d) { return 0; } -static XSM_INLINE int dummy_argo_send(const struct domain *d, - const struct domain *t) +static inline int dummy_argo_send(const struct domain *d, + const struct domain *t) { return 0; } @@ -727,7 +758,7 @@ static XSM_INLINE int dummy_argo_send(const struct domain *d, #endif /* CONFIG_ARGO */ #include -static XSM_INLINE int dummy_xen_version (XSM_DEFAULT_ARG uint32_t op) +static inline int dummy_xen_version(uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) @@ -751,7 +782,7 @@ static XSM_INLINE int dummy_xen_version (XSM_DEFAULT_ARG uint32_t op) } } -static XSM_INLINE int dummy_domain_resource_map(XSM_DEFAULT_ARG struct domain *d) +static inline int dummy_domain_resource_map(struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); From patchwork Mon Jul 12 20:32:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel P. Smith" X-Patchwork-Id: 12372287 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50A8DC07E99 for ; Mon, 12 Jul 2021 20:31:14 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E2F82611C1 for ; Mon, 12 Jul 2021 20:31:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E2F82611C1 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=apertussolutions.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.154816.285967 (Exim 4.92) (envelope-from ) id 1m32a2-0005pi-B3; Mon, 12 Jul 2021 20:31:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 154816.285967; Mon, 12 Jul 2021 20:31:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32a2-0005pb-7w; Mon, 12 Jul 2021 20:31:06 +0000 Received: by outflank-mailman (input) for mailman id 154816; Mon, 12 Jul 2021 20:31:04 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m32a0-0005oi-Kk for xen-devel@lists.xenproject.org; Mon, 12 Jul 2021 20:31:04 +0000 Received: from sender4-of-o51.zoho.com (unknown [136.143.188.51]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 12d70888-e350-11eb-8707-12813bfff9fa; Mon, 12 Jul 2021 20:31:02 +0000 (UTC) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1626121636585297.66257063713635; Mon, 12 Jul 2021 13:27:16 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 12d70888-e350-11eb-8707-12813bfff9fa ARC-Seal: i=1; a=rsa-sha256; t=1626121639; cv=none; d=zohomail.com; s=zohoarc; b=Alb+MINzXH+bQwKwNkaPrm1Y3kEhpIOnIzAgo3/YrC8a1ZbWIe7BKWBaMTT0t0O2chgy8DjkbmPUPYvb0khfBlacBVK5w6x5k+PuvEGbVpx/HlWQBfYdk16fPqHTMGQZdiFURIsoUcwGx7/fw6KbN7+3JWX9zVIiywOk2/NZmDQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626121639; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=LV+3c7OanjF9V/QSRwZgTnYolGtu8qd9oivP6z0k1EE=; b=OhicGuXe/BWiSJwWf39s4lJIHqF3Ba29tBPrSXXzmpOEuh/FQzRXUGQ41JmAdbbaA3xCbPtIXVCmsGYVTSjqewF3/9xOgNQzfGwslJ38m4oJTPhoiYrhhzeTuOh22i+PN54a4pxtf98gidfvPT1lzpw/inNO5AD6l9Cp+M2jbJY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1626121639; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=LV+3c7OanjF9V/QSRwZgTnYolGtu8qd9oivP6z0k1EE=; b=mvk07+6QLusJqFycMyiJAwbxkogNP6tWALXFamy9d8+q6yrZKBPhfd6Yl/D2BODu tZKzZOMHSMFeqDV5kCMc6Oj0FK8LEOFeNJGPNWKcUQSWRHxjc8YiSZ0c+f5ux7aNHxS VoGTGlSOS9vtj1EZheZKxr4joTugtTQJvSp57Mbc= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Daniel De Graaf Subject: [PATCH v2 10/10] xsm: removing the XSM_ASSERT_ACTION macro Date: Mon, 12 Jul 2021 16:32:33 -0400 Message-Id: <20210712203233.20289-11-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210712203233.20289-1-dpsmith@apertussolutions.com> References: <20210712203233.20289-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 X-ZohoMailClient: External With the eliminations of default priv from all the XSM hook call sites, this renders the XSM_ASSERT_ACTION macro unneeded. This commit cleans up all the dummy hooks, removing the macro. Signed-off-by: Daniel P. Smith --- xen/xsm/dummy.h | 253 +++++++++++++++--------------------------------- 1 file changed, 80 insertions(+), 173 deletions(-) diff --git a/xen/xsm/dummy.h b/xen/xsm/dummy.h index 1cb26e4146..1aaec86b05 100644 --- a/xen/xsm/dummy.h +++ b/xen/xsm/dummy.h @@ -6,13 +6,6 @@ * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. - * - * - * Each XSM hook implementing an access check should have its first parameter - * preceded by (or use XSM_DEFAULT_VOID if it has no - * arguments). The first non-declaration statement shold be XSM_ASSERT_ACTION - * with the expected type of the hook, which will either define or check the - * value of action. */ #include @@ -47,7 +40,6 @@ void __xsm_action_mismatch_detected(void); * xsm_default_t argument available, so the value from the assertion is used to * initialize the variable. */ -#define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action static always_inline int xsm_default_action(xsm_default_t action, struct domain *src, @@ -87,37 +79,31 @@ static inline void dummy_security_domaininfo(struct domain *d, static inline int dummy_domain_create(struct domain *d, u32 ssidref) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_getdomaininfo(struct domain *d) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_domctl_scheduler_op(struct domain *d, int cmd) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_sysctl_scheduler_op(int cmd) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_HOOK, current->domain, NULL); } static inline int dummy_set_target(struct domain *d, struct domain *e) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_HOOK, current->domain, NULL); } static inline int dummy_domctl(struct domain *d, int cmd) { - XSM_ASSERT_ACTION(XSM_OTHER); switch ( cmd ) { case XEN_DOMCTL_ioport_mapping: @@ -134,14 +120,12 @@ static inline int dummy_domctl(struct domain *d, int cmd) static inline int dummy_sysctl(int cmd) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_readconsole(uint32_t clear) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_HOOK, current->domain, NULL); } static inline int dummy_alloc_security_domain(struct domain *d) @@ -158,67 +142,57 @@ static inline int dummy_grant_mapref(struct domain *d1, struct domain *d2, uint32_t flags) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_HOOK, d1, d2); } static inline int dummy_grant_unmapref(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_HOOK, d1, d2); } static inline int dummy_grant_setup(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_TARGET, d1, d2); } static inline int dummy_grant_transfer(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_HOOK, d1, d2); } static inline int dummy_grant_copy(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_HOOK, d1, d2); } static inline int dummy_grant_query_size(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_TARGET, d1, d2); } static inline int dummy_memory_exchange(struct domain *d) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_TARGET, current->domain, d); } static inline int dummy_memory_adjust_reservation(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_TARGET, d1, d2); } static inline int dummy_memory_stat_reservation(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_TARGET, d1, d2); } static inline int dummy_console_io(struct domain *d, int cmd) { - XSM_ASSERT_ACTION(XSM_OTHER); if ( d->is_console ) return xsm_default_action(XSM_HOOK, d, NULL); #ifdef CONFIG_VERBOSE_DEBUG @@ -230,43 +204,37 @@ static inline int dummy_console_io(struct domain *d, int cmd) static inline int dummy_profile(struct domain *d, int op) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, d, NULL); + return xsm_default_action(XSM_HOOK, d, NULL); } static inline int dummy_kexec(void) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_schedop_shutdown(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_PRIV, d1, d2); } static inline int dummy_memory_pin_page(struct domain *d1, struct domain *d2, struct page_info *page) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_HOOK, d1, d2); } static inline int dummy_claim_pages(struct domain *d) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_PRIV, current->domain, d); } static inline int dummy_evtchn_unbound(struct domain *d, struct evtchn *chn, domid_t id2) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_TARGET, current->domain, d); } static inline int dummy_evtchn_interdomain(struct domain *d1, @@ -274,8 +242,7 @@ static inline int dummy_evtchn_interdomain(struct domain *d1, struct domain *d2, struct evtchn *chan2) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_HOOK, d1, d2); } static inline void dummy_evtchn_close_post(struct evtchn *chn) @@ -286,22 +253,19 @@ static inline void dummy_evtchn_close_post(struct evtchn *chn) static inline int dummy_evtchn_send(struct domain *d, struct evtchn *chn) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, d, NULL); + return xsm_default_action(XSM_HOOK, d, NULL); } static inline int dummy_evtchn_status(struct domain *d, struct evtchn *chn) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_TARGET, current->domain, d); } static inline int dummy_evtchn_reset(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_TARGET, d1, d2); } static inline int dummy_alloc_security_evtchns(struct evtchn chn[], @@ -324,47 +288,40 @@ static inline char *dummy_show_security_evtchn(struct domain *d, static inline int dummy_init_hardware_domain(struct domain *d) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_get_pod_target(struct domain *d) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_PRIV, current->domain, d); } static inline int dummy_set_pod_target(struct domain *d) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_PRIV, current->domain, d); } static inline int dummy_get_vnumainfo(struct domain *d) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_TARGET, current->domain, d); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) static inline int dummy_get_device_group(uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_HOOK, current->domain, NULL); } static inline int dummy_assign_device(struct domain *d, uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_deassign_device(struct domain *d, uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } #endif /* HAS_PASSTHROUGH && HAS_PCI */ @@ -373,71 +330,60 @@ static inline int dummy_deassign_device(struct domain *d, static inline int dummy_assign_dtdevice(struct domain *d, const char *dtpath) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_deassign_dtdevice(struct domain *d, const char *dtpath) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ static inline int dummy_resource_plug_core(void) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_HOOK, current->domain, NULL); } static inline int dummy_resource_unplug_core(void) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_HOOK, current->domain, NULL); } static inline int dummy_resource_plug_pci(uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_resource_unplug_pci(uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_resource_setup_pci(uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_resource_setup_gsi(int gsi) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_resource_setup_misc(void) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_page_offline(uint32_t cmd) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_HOOK, current->domain, NULL); } static inline int dummy_hypfs_op(void) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline long dummy_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) @@ -460,63 +406,54 @@ static inline char *dummy_show_irq_sid(int irq) static inline int dummy_map_domain_pirq(struct domain *d) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_DM_PRIV, current->domain, d); } static inline int dummy_map_domain_irq(struct domain *d, int irq, const void *data) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_unmap_domain_pirq(struct domain *d) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_DM_PRIV, current->domain, d); } static inline int dummy_bind_pt_irq(struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_unbind_pt_irq(struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_unmap_domain_irq(struct domain *d, int irq, const void *data) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_irq_permission(struct domain *d, int pirq, uint8_t allow) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_iomem_permission(struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_iomem_mapping(struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_pci_config_permission(struct domain *d, @@ -525,54 +462,45 @@ static inline int dummy_pci_config_permission(struct domain *d, uint16_t end, uint8_t access) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_add_to_physmap(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_TARGET, d1, d2); } static inline int dummy_remove_from_physmap(struct domain *d1, struct domain *d2) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d1, d2); + return xsm_default_action(XSM_TARGET, d1, d2); } static inline int dummy_map_gmfn_foreign(struct domain *d, struct domain *t) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d, t); + return xsm_default_action(XSM_TARGET, d, t); } static inline int dummy_hvm_param(struct domain *d, unsigned long op) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_TARGET, current->domain, d); } static inline int dummy_hvm_control(struct domain *d, unsigned long op) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_DM_PRIV, current->domain, d); } static inline int dummy_hvm_param_altp2mhvm(struct domain *d) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_PRIV, current->domain, d); } static inline int dummy_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op) { - XSM_ASSERT_ACTION(XSM_OTHER); - switch ( mode ) { case XEN_ALTP2M_mixed: @@ -591,127 +519,109 @@ static inline int dummy_hvm_altp2mhvm_op(struct domain *d, static inline int dummy_vm_event_control(struct domain *d, int mode, int op) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_PRIV, current->domain, d); } #ifdef CONFIG_MEM_ACCESS static inline int dummy_mem_access(struct domain *d) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_DM_PRIV, current->domain, d); } #endif #ifdef CONFIG_MEM_PAGING static inline int dummy_mem_paging(struct domain *d) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_DM_PRIV, current->domain, d); } #endif #ifdef CONFIG_MEM_SHARING static inline int dummy_mem_sharing(struct domain *d) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_DM_PRIV, current->domain, d); } #endif static inline int dummy_platform_op(uint32_t op) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } #ifdef CONFIG_X86 static inline int dummy_do_mca(void) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_shadow_control(struct domain *d, uint32_t op) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_mem_sharing_op(struct domain *d, struct domain *cd, int op) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, cd); + return xsm_default_action(XSM_DM_PRIV, current->domain, cd); } static inline int dummy_apic(struct domain *d, int cmd) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, d, NULL); + return xsm_default_action(XSM_PRIV, d, NULL); } static inline int dummy_machine_memory_map(void) { - XSM_ASSERT_ACTION(XSM_PRIV); - return xsm_default_action(action, current->domain, NULL); + return xsm_default_action(XSM_PRIV, current->domain, NULL); } static inline int dummy_domain_memory_map(struct domain *d) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_TARGET, current->domain, d); } static inline int dummy_mmu_update(struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { int rc = 0; - XSM_ASSERT_ACTION(XSM_TARGET); if ( f != dom_io ) - rc = xsm_default_action(action, d, f); + rc = xsm_default_action(XSM_TARGET, d, f); if ( evaluate_nospec(t) && !rc ) - rc = xsm_default_action(action, d, t); + rc = xsm_default_action(XSM_TARGET, d, t); return rc; } static inline int dummy_mmuext_op(struct domain *d, struct domain *f) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d, f); + return xsm_default_action(XSM_TARGET, d, f); } static inline int dummy_update_va_mapping(struct domain *d, struct domain *f, l1_pgentry_t pte) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d, f); + return xsm_default_action(XSM_TARGET, d, f); } static inline int dummy_priv_mapping(struct domain *d, struct domain *t) { - XSM_ASSERT_ACTION(XSM_TARGET); - return xsm_default_action(action, d, t); + return xsm_default_action(XSM_TARGET, d, t); } static inline int dummy_ioport_permission(struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_ioport_mapping(struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_HOOK, current->domain, d); } static inline int dummy_pmu_op (struct domain *d, unsigned int op) { - XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) { case XENPMU_init: @@ -728,8 +638,7 @@ static inline int dummy_pmu_op (struct domain *d, unsigned int op) static inline int dummy_dm_op(struct domain *d) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_DM_PRIV, current->domain, d); } #ifdef CONFIG_ARGO @@ -760,7 +669,6 @@ static inline int dummy_argo_send(const struct domain *d, #include static inline int dummy_xen_version(uint32_t op) { - XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) { case XENVER_version: @@ -784,6 +692,5 @@ static inline int dummy_xen_version(uint32_t op) static inline int dummy_domain_resource_map(struct domain *d) { - XSM_ASSERT_ACTION(XSM_DM_PRIV); - return xsm_default_action(action, current->domain, d); + return xsm_default_action(XSM_DM_PRIV, current->domain, d); }