Function xsm_set_target() is only invoked under XEN_DOMCTL_set_target
domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS.

Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
 xen/include/xsm/xsm.h | 6 +++++-
 xen/xsm/dummy.c       | 2 +-
 xen/xsm/flask/hooks.c | 4 ++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 1fcd945336..678cb0f346 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -59,8 +59,8 @@ struct xsm_ops {
 #ifdef CONFIG_MGMT_HYPERCALLS
     int (*domctl_scheduler_op)(struct domain *d, int op);
     int (*sysctl_scheduler_op)(int op);
-#endif
     int (*set_target)(struct domain *d, struct domain *e);
+#endif
     int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
     int (*sysctl)(int cmd);
     int (*readconsole)(uint32_t clear);
@@ -258,7 +258,11 @@ static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
 static inline int xsm_set_target(
     xsm_default_t def, struct domain *d, struct domain *e)
 {
+#ifdef CONFIG_MGMT_HYPERCALLS
     return alternative_call(xsm_ops.set_target, d, e);
+#else
+    return -EOPNOTSUPP;
+#endif
 }
 
 static inline int xsm_domctl(xsm_default_t def, struct domain *d,
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index b216894579..f6986dd2bb 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -21,8 +21,8 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
 #ifdef CONFIG_MGMT_HYPERCALLS
     .domctl_scheduler_op           = xsm_domctl_scheduler_op,
     .sysctl_scheduler_op           = xsm_sysctl_scheduler_op,
-#endif
     .set_target                    = xsm_set_target,
+#endif
     .domctl                        = xsm_domctl,
 #ifdef CONFIG_MGMT_HYPERCALLS
     .sysctl                        = xsm_sysctl,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 198053be77..ed4e466302 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -641,7 +641,6 @@ static int cf_check flask_sysctl_scheduler_op(int op)
         return avc_unknown_permission("sysctl_scheduler_op", op);
     }
 }
-#endif /* CONFIG_MGMT_HYPERCALLS */
 
 static int cf_check flask_set_target(struct domain *d, struct domain *t)
 {
@@ -666,6 +665,7 @@ static int cf_check flask_set_target(struct domain *d, struct domain *t)
                                  &dsec->target_sid);
     return rc;
 }
+#endif /* CONFIG_MGMT_HYPERCALLS */
 
 static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
                                  uint32_t ssidref)
@@ -1893,8 +1893,8 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
 #ifdef CONFIG_MGMT_HYPERCALLS
     .domctl_scheduler_op = flask_domctl_scheduler_op,
     .sysctl_scheduler_op = flask_sysctl_scheduler_op,
-#endif
     .set_target = flask_set_target,
+#endif
     .domctl = flask_domctl,
 #ifdef CONFIG_MGMT_HYPERCALLS
     .sysctl = flask_sysctl,
-- 
2.34.1

On Wed, 10 Sep 2025, Penny Zheng wrote:
> Function xsm_set_target() is only invoked under XEN_DOMCTL_set_target
> domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
> 
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> ---
>  xen/include/xsm/xsm.h | 6 +++++-
>  xen/xsm/dummy.c       | 2 +-
>  xen/xsm/flask/hooks.c | 4 ++--
>  3 files changed, 8 insertions(+), 4 deletions(-)

No change to domctl.c ?


> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index 1fcd945336..678cb0f346 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -59,8 +59,8 @@ struct xsm_ops {
>  #ifdef CONFIG_MGMT_HYPERCALLS
>      int (*domctl_scheduler_op)(struct domain *d, int op);
>      int (*sysctl_scheduler_op)(int op);
> -#endif
>      int (*set_target)(struct domain *d, struct domain *e);
> +#endif
>      int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
>      int (*sysctl)(int cmd);
>      int (*readconsole)(uint32_t clear);
> @@ -258,7 +258,11 @@ static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
>  static inline int xsm_set_target(
>      xsm_default_t def, struct domain *d, struct domain *e)
>  {
> +#ifdef CONFIG_MGMT_HYPERCALLS
>      return alternative_call(xsm_ops.set_target, d, e);
> +#else
> +    return -EOPNOTSUPP;
> +#endif
>  }
>  
>  static inline int xsm_domctl(xsm_default_t def, struct domain *d,
> diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
> index b216894579..f6986dd2bb 100644
> --- a/xen/xsm/dummy.c
> +++ b/xen/xsm/dummy.c
> @@ -21,8 +21,8 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
>  #ifdef CONFIG_MGMT_HYPERCALLS
>      .domctl_scheduler_op           = xsm_domctl_scheduler_op,
>      .sysctl_scheduler_op           = xsm_sysctl_scheduler_op,
> -#endif
>      .set_target                    = xsm_set_target,
> +#endif
>      .domctl                        = xsm_domctl,
>  #ifdef CONFIG_MGMT_HYPERCALLS
>      .sysctl                        = xsm_sysctl,
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index 198053be77..ed4e466302 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -641,7 +641,6 @@ static int cf_check flask_sysctl_scheduler_op(int op)
>          return avc_unknown_permission("sysctl_scheduler_op", op);
>      }
>  }
> -#endif /* CONFIG_MGMT_HYPERCALLS */
>  
>  static int cf_check flask_set_target(struct domain *d, struct domain *t)
>  {
> @@ -666,6 +665,7 @@ static int cf_check flask_set_target(struct domain *d, struct domain *t)
>                                   &dsec->target_sid);
>      return rc;
>  }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>  
>  static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
>                                   uint32_t ssidref)
> @@ -1893,8 +1893,8 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
>  #ifdef CONFIG_MGMT_HYPERCALLS
>      .domctl_scheduler_op = flask_domctl_scheduler_op,
>      .sysctl_scheduler_op = flask_sysctl_scheduler_op,
> -#endif
>      .set_target = flask_set_target,
> +#endif
>      .domctl = flask_domctl,
>  #ifdef CONFIG_MGMT_HYPERCALLS
>      .sysctl = flask_sysctl,
> -- 
> 2.34.1
> 
>

On 11.09.2025 04:37, Stefano Stabellini wrote:
> On Wed, 10 Sep 2025, Penny Zheng wrote:
>> Function xsm_set_target() is only invoked under XEN_DOMCTL_set_target
>> domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
>>
>> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
>> ---
>> v1 -> v2:
>> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
>> ---
>>  xen/include/xsm/xsm.h | 6 +++++-
>>  xen/xsm/dummy.c       | 2 +-
>>  xen/xsm/flask/hooks.c | 4 ++--
>>  3 files changed, 8 insertions(+), 4 deletions(-)
> 
> No change to domctl.c ?

And xsm/dummy.h ?

>> --- a/xen/include/xsm/xsm.h
>> +++ b/xen/include/xsm/xsm.h
>> @@ -59,8 +59,8 @@ struct xsm_ops {
>>  #ifdef CONFIG_MGMT_HYPERCALLS
>>      int (*domctl_scheduler_op)(struct domain *d, int op);
>>      int (*sysctl_scheduler_op)(int op);
>> -#endif
>>      int (*set_target)(struct domain *d, struct domain *e);
>> +#endif
>>      int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
>>      int (*sysctl)(int cmd);
>>      int (*readconsole)(uint32_t clear);
>> @@ -258,7 +258,11 @@ static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
>>  static inline int xsm_set_target(
>>      xsm_default_t def, struct domain *d, struct domain *e)
>>  {
>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>      return alternative_call(xsm_ops.set_target, d, e);
>> +#else
>> +    return -EOPNOTSUPP;
>> +#endif
>>  }

Again I would have expected for this inline function to be wrapped as a whole;
the title says exactly that, imo.

Jan