From nobody Fri Oct 31 03:56:59 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1752700962; cv=pass; d=zohomail.com; s=zohoarc; b=EuMvavUD2TbnXSwty78urYcEkrDXsxCRf2oRLmPb646dQF1CSJm4EZo7M+yJ65bqXRJ19kt2wCm7jqjNJEHhZP1XcI017VE+gN9HS5jdWUj+K4/GO49hfXgiASDNjxTNvJIq7svee1LgIKPEDToBtTA6Q9lHkVCcLYMXD1zvC3k= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752700962; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5M874AgAk3AnYllKGR1EeBj7fMWDRaQxoJ2sGMdv1/A=; b=QvI/1ssXWu+Va/zb+onwdZNbHBAXctFHPU6ECGD9dp+7WMSN+cYUgzOwYsxyXoQt0PZa9vsQb7rQ6WNIICZJFPAyp/r2i/DTXH2wWQtWRzLll5j7a12/rifmeM0MdzSJgATgqfRkgpGPgFQSw4QGjxJEUzucp57ZIDc9ztnAQgg= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1752700962484524.5374758933514; Wed, 16 Jul 2025 14:22:42 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1045773.1415985 (Exim 4.92) (envelope-from ) id 1uc9Zz-0007gw-0T; Wed, 16 Jul 2025 21:22:19 +0000 Received: by outflank-mailman (output) from mailman id 1045773.1415985; Wed, 16 Jul 2025 21:22:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uc9Zy-0007gn-TC; Wed, 16 Jul 2025 21:22:18 +0000 Received: by outflank-mailman (input) for mailman id 1045773; Wed, 16 Jul 2025 21:22:17 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uc9Zx-0007F7-CC for xen-devel@lists.xenproject.org; Wed, 16 Jul 2025 21:22:17 +0000 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2062e.outbound.protection.outlook.com [2a01:111:f403:2408::62e]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id f2b12f39-628a-11f0-a319-13f23c93f187; Wed, 16 Jul 2025 23:22:16 +0200 (CEST) Received: from BLAPR03CA0163.namprd03.prod.outlook.com (2603:10b6:208:32f::7) by BN5PR12MB9464.namprd12.prod.outlook.com (2603:10b6:408:2ab::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8922.32; Wed, 16 Jul 2025 21:22:10 +0000 Received: from MN1PEPF0000F0DF.namprd04.prod.outlook.com (2603:10b6:208:32f:cafe::c4) by BLAPR03CA0163.outlook.office365.com (2603:10b6:208:32f::7) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8943.20 via Frontend Transport; Wed, 16 Jul 2025 21:22:10 +0000 Received: from SATLEXMB03.amd.com (165.204.84.17) by MN1PEPF0000F0DF.mail.protection.outlook.com (10.167.242.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8943.21 via Frontend Transport; Wed, 16 Jul 2025 21:22:09 +0000 Received: from SATLEXMB03.amd.com (10.181.40.144) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 16 Jul 2025 16:22:05 -0500 Received: from fedora.mshome.net (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server id 15.1.2507.39 via Frontend Transport; Wed, 16 Jul 2025 16:22:04 -0500 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f2b12f39-628a-11f0-a319-13f23c93f187 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vifidIaQvvU8G/aTXp69WqBEKv3Wje5iCCBEJUHnjZiDeWAgMW4nbWwNGYY+pSzWQWnrHJDPHHwcnVp0hwHncIm1hgNk/8DOVt7tg4YFVkG9os5gfzZvUulASX5ahRV46TlRrguEXgfArZz7RakdncYhCv8t9On2F2IOttncZV8WWD7w+iC3MGgW6EkZzUdBjxQbK/1BJATkvS63OYqOo2fHbxmexr2QwFxx5SqtTDBsORfTyJXqFaTgzlVX4TI9f1+mImPXXCO/fLGGyz1jjLUlknjx5KYppgqanQygrT4D8cAEZJp/CcDUSpUg797+OIfFzbaOXpFgM4kG2ppDcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5M874AgAk3AnYllKGR1EeBj7fMWDRaQxoJ2sGMdv1/A=; b=eMf1W/c9tNCOIzWuOtmE4uoCPwX/XfGAymaCfk+CgiHZpwmIZ0g/ib1kLjyKO1MRd6YsgkTiHGX+SXWCA5J/eR+4gR2Y4ToLLMeNC6cyB8Pq0o3r2395EsM7y1EYt2qJv/d4vXPU1WdBIOXz2Yx7O1c/B28cRQtC3crnMq/PEADDVH733W2baOeiZkyK4drHaCCFZ8eU/01XfsjJyU4Wo9rPBr+GY0aWahvfnV7GE/4i7O5VnkqcYttNTOvKbgdRJnMc67Q5Ke/8I4KTPBe59huLw9xRnJVFzPS5i67Fv4kku74lPSefSZwStt0KwG3OZ4vpBCLbMQZUXqnO1u9fSA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5M874AgAk3AnYllKGR1EeBj7fMWDRaQxoJ2sGMdv1/A=; b=tttf+AsGDi2vatDnnRxfmB34DzuMp2kAQUhKN1vOj9KEH9mYFey5IhamRosRYvZA3EGXlhVLYG5RsD/i7w+AMivoAIPqWFGmqkCdGw4wRMKwUP+X7utmYL3pLcshrtj99HX91XnnIvnYOpwXJx2r/tslTVESp1a9RcjZI74Dy+s= X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C From: Jason Andryuk To: CC: Jason Andryuk , Stefano Stabellini , Julien Grall , Bertrand Marquis , Michal Orzel , "Volodymyr Babchuk" , Andrew Cooper , Anthony PERARD , "Jan Beulich" , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" Subject: [PATCH v2 01/17] xen/xsm: Add XSM_HW_PRIV Date: Wed, 16 Jul 2025 17:14:48 -0400 Message-ID: <20250716211504.291104-2-jason.andryuk@amd.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250716211504.291104-1-jason.andryuk@amd.com> References: <20250716211504.291104-1-jason.andryuk@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: None (SATLEXMB03.amd.com: jason.andryuk@amd.com does not designate permitted sender hosts) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MN1PEPF0000F0DF:EE_|BN5PR12MB9464:EE_ X-MS-Office365-Filtering-Correlation-Id: 77500afb-8347-473a-430b-08ddc4aed2f7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Xa/x30/kHcKv2z30uCAsIh8ppqTumh3e7O0turJDrRdNuUWHxbiHtXJx99O7?= =?us-ascii?Q?mrWxV12yBgOumT0XxU1iPE9kuOwZmcP+oTUik3fEkY48uQbFWwDW15j4ZWBO?= =?us-ascii?Q?/vYk7Bg9pPgHIa59gofOqBU+PYacYn6dSIl2Sh1GXrUCT98Vsi8DHVvgbUFN?= =?us-ascii?Q?GQ0MEMJfyKSFUACxuHvn9Itldg55xbfsmZyLcOfB7lk9m/iyUC4A9S/b64db?= =?us-ascii?Q?Cyp38bxwV4jP9aOrBB2TFoMP2IUKApwpBm63OWxIdWp+H6gk/blsCaWScgVH?= =?us-ascii?Q?oGsGTUFgjrty8pD1WA3HG/445HCnX+X0jN84eRTNXdR/QPEQDDbF0Ukw33RC?= =?us-ascii?Q?poMaKIpazpFBFDuTlG22+0EurXVjibOJXWbJnLEILhodAAAPciiPXzoiCtuK?= =?us-ascii?Q?THkzPjiFT8dUrrIDz9779bf+M+eaRRDNZfREUe15JlYgJfPf5OmvjJfBouhb?= =?us-ascii?Q?AoAu/CAiLprTfzzlK/qXs9b5qMggEFtHQl1k5fHVaisdHN1iTYmRjCJJKtAI?= =?us-ascii?Q?9GUXzvhKHt92249pDIawSikGeln0oEm9U5+Zjc99acJXDmmdTIfkcHN9oc/O?= =?us-ascii?Q?iNhRNYC3duPUFOW4pV3j6ruNl+tExsx99kGEoT9qtW5vjiER+p+5HLGcDrCl?= =?us-ascii?Q?M4g2GrosI9dgW3kCK9WCYlVgTSVXgt4BCXBga5pdzVhRSp8lpt/aSd69lBMP?= =?us-ascii?Q?na4+XY06Mb7Pm3YPzif51t9XRtrfnwbC4Fx7C+yhZsudJMrdzmgBRe0t6I/K?= =?us-ascii?Q?+ZhiL6Fz0vPzs96bfLg4ShONG3wjEyLc8da/iMQvZQjJ6aZ3chYeIWS5Qjk7?= =?us-ascii?Q?ZL1/2X3bOMhgH1yuq2Mz5H7WyIiZioRjtO/pRSdqgCq3CiaQX53ry1BHTV1T?= =?us-ascii?Q?wkzKewTbDEG+AkssvAMZ9A+PHxTgLCQ4hlbWR9q87ZJmWJ5rACMY8CQAREIO?= =?us-ascii?Q?+Pa4H4n1lgMa75hqbCHDVNQQpw/9AyB4qu6mtqYh+uL/Hm0iikyAl3i9Q70k?= =?us-ascii?Q?NPT8G8Wg6MniJV8dz5k0kNr6xhfQCDl7gaPnnuRunFwz6hwFBTTRYzJdZS03?= =?us-ascii?Q?tHBhO+doJZ4BN/x2M2Hx7ShUoUYVvEWvDAChJ8AXnfnMYOMhe8onL2JzEdPx?= =?us-ascii?Q?+gpr3BCFZPCe87LSc1nlQjsHvZ2mvEca08QpyIbnANj7sYfb+YUGF+IqxCR0?= =?us-ascii?Q?q27IKseYfzlVvOHHHxmjgWpbLvogPwYIdZBnfhAaONbZ0oq0Mjl0jj2K0zAb?= =?us-ascii?Q?ktTG0ab8iYjcSq8pWNUPE10sIycBNro0c8wKivoS4XRHMtqashemYBFv/GOr?= =?us-ascii?Q?dgf9KdbUMTNB8dFEvFycX6kA6ZUqjFfoc6hseIL05FFqhnxedWLbrxHlUYes?= =?us-ascii?Q?GmZQXb4CCw3Wn5Tz+Y3Rp04mkJkbxtxk/sHpoPRpVS0IUx+gfg70+21CmbLM?= =?us-ascii?Q?GubqQ3N1B9W1taQTQJOhGnA/UDrrEKBZ6ucQr2Lnm2hMrtKydg9503xltEMo?= =?us-ascii?Q?h2wIUPeekOaWFH7Le3LODgHuplqicEnQRfF5?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jul 2025 21:22:09.8820 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 77500afb-8347-473a-430b-08ddc4aed2f7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000F0DF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN5PR12MB9464 X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1752700964021116600 Content-Type: text/plain; charset="utf-8" Xen includes disctinct concepts of a control domain (privileged) and a hardware domain, but there is only a single XSM_PRIV check. For dom0 this is not an issue as they are one and the same. With hyperlaunch and its build capabilities, a non-privileged hwdom and a privileged control domain should be possible. Today the hwdom fails the XSM_PRIV checks for hardware-related hooks which it should be allowed access to. Introduce XSM_HW_PRIV, and use it to mark many of the physdev_op and platform_op. The hwdom is allowed access for XSM_HW_PRIV. Make XSM_HW_PRIV a new privilege level that is exclusive to the hardware domain A traditional dom0 will be both privileged and hardware domain, so it continues to have all accesses. Why not XSM:Flask? XSM:Flask is fine grain, and this aims to allow coarse grain. domUs are still domUs. If capabilities are meant to be a first class citizen, they should be usable by the default XSM policy. Signed-off-by: Jason Andryuk --- v2: Make XSM_HW_PRIV exclusive to hardware_domain --- xen/arch/arm/platform_hypercall.c | 2 +- xen/arch/x86/msi.c | 2 +- xen/arch/x86/physdev.c | 12 ++++++------ xen/arch/x86/platform_hypercall.c | 2 +- xen/drivers/passthrough/pci.c | 5 +++-- xen/drivers/pci/physdev.c | 2 +- xen/include/xsm/dummy.h | 20 ++++++++++++-------- xen/include/xsm/xsm.h | 1 + 8 files changed, 26 insertions(+), 20 deletions(-) diff --git a/xen/arch/arm/platform_hypercall.c b/xen/arch/arm/platform_hype= rcall.c index ac55622426..a84596ae3a 100644 --- a/xen/arch/arm/platform_hypercall.c +++ b/xen/arch/arm/platform_hypercall.c @@ -35,7 +35,7 @@ long do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_o= p_t) u_xenpf_op) if ( d =3D=3D NULL ) return -ESRCH; =20 - ret =3D xsm_platform_op(XSM_PRIV, op->cmd); + ret =3D xsm_platform_op(XSM_HW_PRIV, op->cmd); if ( ret ) return ret; =20 diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index 5389bc0867..30801d980c 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -1360,7 +1360,7 @@ int pci_restore_msi_state(struct pci_dev *pdev) if ( !use_msi ) return -EOPNOTSUPP; =20 - ret =3D xsm_resource_setup_pci(XSM_PRIV, + ret =3D xsm_resource_setup_pci(XSM_HW_PRIV, (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn); if ( ret ) diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index 4dfa1c0191..ce1ba41fa3 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -358,7 +358,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) ret =3D -EFAULT; if ( copy_from_guest(&apic, arg, 1) !=3D 0 ) break; - ret =3D xsm_apic(XSM_PRIV, currd, cmd); + ret =3D xsm_apic(XSM_HW_PRIV, currd, cmd); if ( ret ) break; ret =3D ioapic_guest_read(apic.apic_physbase, apic.reg, &apic.valu= e); @@ -372,7 +372,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) ret =3D -EFAULT; if ( copy_from_guest(&apic, arg, 1) !=3D 0 ) break; - ret =3D xsm_apic(XSM_PRIV, currd, cmd); + ret =3D xsm_apic(XSM_HW_PRIV, currd, cmd); if ( ret ) break; ret =3D ioapic_guest_write(apic.apic_physbase, apic.reg, apic.valu= e); @@ -388,7 +388,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) =20 /* Use the APIC check since this dummy hypercall should still only * be called by the domain with access to program the ioapic */ - ret =3D xsm_apic(XSM_PRIV, currd, cmd); + ret =3D xsm_apic(XSM_HW_PRIV, currd, cmd); if ( ret ) break; =20 @@ -490,7 +490,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) if ( copy_from_guest(&dev, arg, 1) ) ret =3D -EFAULT; else - ret =3D xsm_resource_setup_pci(XSM_PRIV, + ret =3D xsm_resource_setup_pci(XSM_HW_PRIV, (dev.seg << 16) | (dev.bus << 8) | dev.devfn) ?: pci_prepare_msix(dev.seg, dev.bus, dev.devfn, @@ -501,7 +501,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) case PHYSDEVOP_pci_mmcfg_reserved: { struct physdev_pci_mmcfg_reserved info; =20 - ret =3D xsm_resource_setup_misc(XSM_PRIV); + ret =3D xsm_resource_setup_misc(XSM_HW_PRIV); if ( ret ) break; =20 @@ -567,7 +567,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(voi= d) arg) if ( setup_gsi.gsi < 0 || setup_gsi.gsi >=3D nr_irqs_gsi ) break; =20 - ret =3D xsm_resource_setup_gsi(XSM_PRIV, setup_gsi.gsi); + ret =3D xsm_resource_setup_gsi(XSM_HW_PRIV, setup_gsi.gsi); if ( ret ) break; =20 diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hype= rcall.c index 90abd3197f..8efb4ad05f 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -228,7 +228,7 @@ ret_t do_platform_op( if ( op->interface_version !=3D XENPF_INTERFACE_VERSION ) return -EACCES; =20 - ret =3D xsm_platform_op(XSM_PRIV, op->cmd); + ret =3D xsm_platform_op(XSM_HW_PRIV, op->cmd); if ( ret ) return ret; =20 diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 3edcfa8a04..9de7f0d358 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -672,7 +672,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn, else type =3D "device"; =20 - ret =3D xsm_resource_plug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | dev= fn); + ret =3D xsm_resource_plug_pci(XSM_HW_PRIV, (seg << 16) | (bus << 8) | = devfn); if ( ret ) return ret; =20 @@ -824,7 +824,8 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn) struct pci_dev *pdev; int ret; =20 - ret =3D xsm_resource_unplug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | d= evfn); + ret =3D xsm_resource_unplug_pci(XSM_HW_PRIV, + (seg << 16) | (bus << 8) | devfn); if ( ret ) return ret; =20 diff --git a/xen/drivers/pci/physdev.c b/xen/drivers/pci/physdev.c index 0161a85e1e..c223611dfb 100644 --- a/xen/drivers/pci/physdev.c +++ b/xen/drivers/pci/physdev.c @@ -86,7 +86,7 @@ ret_t pci_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void= ) arg) dev_reset.dev.bus, dev_reset.dev.devfn); =20 - ret =3D xsm_resource_setup_pci(XSM_PRIV, sbdf.sbdf); + ret =3D xsm_resource_setup_pci(XSM_HW_PRIV, sbdf.sbdf); if ( ret ) break; =20 diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 9227205fcd..2b0ed25cc5 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -98,6 +98,10 @@ static always_inline int xsm_default_action( if ( is_control_domain(src) ) return 0; return -EPERM; + case XSM_HW_PRIV: + if ( is_hardware_domain(src) ) + return 0; + return -EPERM; default: LINKER_BUG_ON(1); return -EPERM; @@ -275,7 +279,7 @@ static XSM_INLINE int cf_check xsm_console_io( if ( cmd =3D=3D CONSOLEIO_write ) return xsm_default_action(XSM_HOOK, d, NULL); #endif - return xsm_default_action(XSM_PRIV, d, NULL); + return xsm_default_action(XSM_HW_PRIV, d, NULL); } =20 static XSM_INLINE int cf_check xsm_profile( @@ -455,33 +459,33 @@ static XSM_INLINE int cf_check xsm_resource_unplug_co= re(XSM_DEFAULT_VOID) static XSM_INLINE int cf_check xsm_resource_plug_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 static XSM_INLINE int cf_check xsm_resource_unplug_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 static XSM_INLINE int cf_check xsm_resource_setup_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 static XSM_INLINE int cf_check xsm_resource_setup_gsi(XSM_DEFAULT_ARG int = gsi) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 static XSM_INLINE int cf_check xsm_resource_setup_misc(XSM_DEFAULT_VOID) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 @@ -673,7 +677,7 @@ static XSM_INLINE int cf_check xsm_mem_sharing(XSM_DEFA= ULT_ARG struct domain *d) =20 static XSM_INLINE int cf_check xsm_platform_op(XSM_DEFAULT_ARG uint32_t op) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, current->domain, NULL); } =20 @@ -701,7 +705,7 @@ static XSM_INLINE int cf_check xsm_mem_sharing_op( static XSM_INLINE int cf_check xsm_apic( XSM_DEFAULT_ARG struct domain *d, int cmd) { - XSM_ASSERT_ACTION(XSM_PRIV); + XSM_ASSERT_ACTION(XSM_HW_PRIV); return xsm_default_action(action, d, NULL); } =20 diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 24acc16125..264db4d8ee 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -36,6 +36,7 @@ enum xsm_default { XSM_DM_PRIV, /* Device model can perform on its target domain */ XSM_TARGET, /* Can perform on self or your target domain */ XSM_PRIV, /* Privileged - normally restricted to dom0 */ + XSM_HW_PRIV, /* Hardware Privileged - normally restricted to dom0/hwd= om */ XSM_XS_PRIV, /* Xenstore domain - can do some privileged operations */ XSM_OTHER /* Something more complex */ }; --=20 2.50.0