The following functions are xsm-related and only invoked under arch-specific
domctl-op, so they shall all be wrapped with CONFIG_MGMT_HYPERCALLS:
- xsm_domctl
- xsm_{bind,unbind}_pt_irq
- xsm_ioport_permission
- xsm_ioport_mapping
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- new commit
---
xen/include/xsm/xsm.h | 14 ++++++++++++--
xen/xsm/dummy.c | 6 +++---
xen/xsm/flask/hooks.c | 12 ++++++------
3 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 542488bd44..0539e3bf10 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -60,8 +60,8 @@ struct xsm_ops {
int (*domctl_scheduler_op)(struct domain *d, int op);
int (*sysctl_scheduler_op)(int op);
int (*set_target)(struct domain *d, struct domain *e);
-#endif
int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
+#endif
int (*sysctl)(int cmd);
int (*readconsole)(uint32_t clear);
@@ -111,9 +111,9 @@ struct xsm_ops {
int (*map_domain_irq)(struct domain *d, int irq, const void *data);
int (*unmap_domain_pirq)(struct domain *d);
int (*unmap_domain_irq)(struct domain *d, int irq, const void *data);
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
-#ifdef CONFIG_MGMT_HYPERCALLS
int (*irq_permission)(struct domain *d, int pirq, uint8_t allow);
int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e,
uint8_t allow);
@@ -190,10 +190,12 @@ struct xsm_ops {
int (*update_va_mapping)(struct domain *d, struct domain *f,
l1_pgentry_t pte);
int (*priv_mapping)(struct domain *d, struct domain *t);
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*ioport_permission)(struct domain *d, uint32_t s, uint32_t e,
uint8_t allow);
int (*ioport_mapping)(struct domain *d, uint32_t s, uint32_t e,
uint8_t allow);
+#endif
int (*pmu_op)(struct domain *d, unsigned int op);
#endif
int (*dm_op)(struct domain *d);
@@ -272,7 +274,11 @@ static inline int xsm_set_target(
static inline int xsm_domctl(xsm_default_t def, struct domain *d,
unsigned int cmd, uint32_t ssidref)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.domctl, d, cmd, ssidref);
+#else
+ return -EOPNOTSUPP;
+#endif
}
static inline int xsm_sysctl(xsm_default_t def, int cmd)
@@ -503,6 +509,7 @@ static inline int xsm_unmap_domain_irq(
return alternative_call(xsm_ops.unmap_domain_irq, d, irq, data);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int xsm_bind_pt_irq(
xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
@@ -514,6 +521,7 @@ static inline int xsm_unbind_pt_irq(
{
return alternative_call(xsm_ops.unbind_pt_irq, d, bind);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static inline int xsm_irq_permission(
xsm_default_t def, struct domain *d, int pirq, uint8_t allow)
@@ -757,6 +765,7 @@ static inline int xsm_priv_mapping(
return alternative_call(xsm_ops.priv_mapping, d, t);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int xsm_ioport_permission(
xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow)
{
@@ -768,6 +777,7 @@ static inline int xsm_ioport_mapping(
{
return alternative_call(xsm_ops.ioport_mapping, d, s, e, allow);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static inline int xsm_pmu_op(
xsm_default_t def, struct domain *d, unsigned int op)
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 2c8e0725b6..48ed724f86 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -22,9 +22,7 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.domctl_scheduler_op = xsm_domctl_scheduler_op,
.sysctl_scheduler_op = xsm_sysctl_scheduler_op,
.set_target = xsm_set_target,
-#endif
.domctl = xsm_domctl,
-#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl = xsm_sysctl,
.readconsole = xsm_readconsole,
#endif
@@ -71,9 +69,9 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.map_domain_irq = xsm_map_domain_irq,
.unmap_domain_pirq = xsm_unmap_domain_pirq,
.unmap_domain_irq = xsm_unmap_domain_irq,
+#ifdef CONFIG_MGMT_HYPERCALLS
.bind_pt_irq = xsm_bind_pt_irq,
.unbind_pt_irq = xsm_unbind_pt_irq,
-#ifdef CONFIG_MGMT_HYPERCALLS
.irq_permission = xsm_irq_permission,
.iomem_permission = xsm_iomem_permission,
#endif
@@ -143,8 +141,10 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.mmuext_op = xsm_mmuext_op,
.update_va_mapping = xsm_update_va_mapping,
.priv_mapping = xsm_priv_mapping,
+#ifdef CONFIG_MGMT_HYPERCALLS
.ioport_permission = xsm_ioport_permission,
.ioport_mapping = xsm_ioport_mapping,
+#endif
.pmu_op = xsm_pmu_op,
#endif
.dm_op = xsm_dm_op,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 66d8bfda3a..76bf1b5240 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -665,7 +665,6 @@ static int cf_check flask_set_target(struct domain *d, struct domain *t)
&dsec->target_sid);
return rc;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
uint32_t ssidref)
@@ -858,7 +857,6 @@ static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
}
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_sysctl(int cmd)
{
switch ( cmd )
@@ -1078,6 +1076,7 @@ static int cf_check flask_unmap_domain_irq(
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_bind_pt_irq(
struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
@@ -1111,7 +1110,6 @@ static int cf_check flask_unbind_pt_irq(
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_irq_permission(
struct domain *d, int pirq, uint8_t access)
{
@@ -1634,6 +1632,7 @@ static int cf_check flask_shadow_control(struct domain *d, uint32_t op)
return current_has_perm(d, SECCLASS_SHADOW, perm);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
struct ioport_has_perm_data {
uint32_t ssid;
uint32_t dsid;
@@ -1689,6 +1688,7 @@ static int cf_check flask_ioport_mapping(
{
return flask_ioport_permission(d, start, end, access);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check flask_mem_sharing_op(
struct domain *d, struct domain *cd, int op)
@@ -1894,9 +1894,7 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.domctl_scheduler_op = flask_domctl_scheduler_op,
.sysctl_scheduler_op = flask_sysctl_scheduler_op,
.set_target = flask_set_target,
-#endif
.domctl = flask_domctl,
-#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl = flask_sysctl,
.readconsole = flask_readconsole,
#endif
@@ -1943,9 +1941,9 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.map_domain_irq = flask_map_domain_irq,
.unmap_domain_pirq = flask_unmap_domain_pirq,
.unmap_domain_irq = flask_unmap_domain_irq,
+#ifdef CONFIG_MGMT_HYPERCALLS
.bind_pt_irq = flask_bind_pt_irq,
.unbind_pt_irq = flask_unbind_pt_irq,
-#ifdef CONFIG_MGMT_HYPERCALLS
.irq_permission = flask_irq_permission,
.iomem_permission = flask_iomem_permission,
#endif
@@ -2016,8 +2014,10 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.mmuext_op = flask_mmuext_op,
.update_va_mapping = flask_update_va_mapping,
.priv_mapping = flask_priv_mapping,
+#ifdef CONFIG_MGMT_HYPERCALLS
.ioport_permission = flask_ioport_permission,
.ioport_mapping = flask_ioport_mapping,
+#endif
.pmu_op = flask_pmu_op,
#endif
.dm_op = flask_dm_op,
--
2.34.1