Function xsm_vm_event_control() is only invoked under CONFIG_VM_EVENT, so
it shall be wrapped with it, otherwiae it will become unreachable when
VM_EVENT=n and hence violating Misra rule 2.1.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v3:
- new commit
---
xen/include/xsm/dummy.h | 2 +-
xen/include/xsm/xsm.h | 4 ++--
xen/xsm/dummy.c | 2 +-
xen/xsm/flask/hooks.c | 4 ++--
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 12792c3a43..e801dbcdba 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -640,6 +640,7 @@ static XSM_INLINE int cf_check xsm_hvm_altp2mhvm_op(
}
}
+#ifdef CONFIG_VM_EVENT
static XSM_INLINE int cf_check xsm_vm_event_control(
XSM_DEFAULT_ARG struct domain *d, int mode, int op)
{
@@ -647,7 +648,6 @@ static XSM_INLINE int cf_check xsm_vm_event_control(
return xsm_default_action(action, current->domain, d);
}
-#ifdef CONFIG_VM_EVENT
static XSM_INLINE int cf_check xsm_mem_access(XSM_DEFAULT_ARG struct domain *d)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 9a23d2827c..d9e5c831f3 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -155,9 +155,9 @@ struct xsm_ops {
int (*hvm_altp2mhvm_op)(struct domain *d, uint64_t mode, uint32_t op);
int (*get_vnumainfo)(struct domain *d);
+#ifdef CONFIG_VM_EVENT
int (*vm_event_control)(struct domain *d, int mode, int op);
-#ifdef CONFIG_VM_EVENT
int (*mem_access)(struct domain *d);
#endif
@@ -649,13 +649,13 @@ static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d)
return alternative_call(xsm_ops.get_vnumainfo, d);
}
+#ifdef CONFIG_VM_EVENT
static inline int xsm_vm_event_control(
xsm_default_t def, struct domain *d, int mode, int op)
{
return alternative_call(xsm_ops.vm_event_control, d, mode, op);
}
-#ifdef CONFIG_VM_EVENT
static inline int xsm_mem_access(xsm_default_t def, struct domain *d)
{
return alternative_call(xsm_ops.mem_access, d);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 8b7e01b506..96dc82ac2e 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -115,9 +115,9 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.remove_from_physmap = xsm_remove_from_physmap,
.map_gmfn_foreign = xsm_map_gmfn_foreign,
+#ifdef CONFIG_VM_EVENT
.vm_event_control = xsm_vm_event_control,
-#ifdef CONFIG_VM_EVENT
.mem_access = xsm_mem_access,
#endif
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index b0308e1b26..9f3915617c 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1365,12 +1365,12 @@ static int cf_check flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint
return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM_OP);
}
+#ifdef CONFIG_VM_EVENT
static int cf_check flask_vm_event_control(struct domain *d, int mode, int op)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__VM_EVENT);
}
-#ifdef CONFIG_VM_EVENT
static int cf_check flask_mem_access(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_ACCESS);
@@ -1967,9 +1967,9 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.do_xsm_op = do_flask_op,
.get_vnumainfo = flask_get_vnumainfo,
+#ifdef CONFIG_VM_EVENT
.vm_event_control = flask_vm_event_control,
-#ifdef CONFIG_VM_EVENT
.mem_access = flask_mem_access,
#endif
--
2.34.1On 11/21/25 4:15 AM, Penny Zheng wrote:
> Function xsm_vm_event_control() is only invoked under CONFIG_VM_EVENT, so
> it shall be wrapped with it, otherwiae it will become unreachable when
otherwiae --> otherwise (maybe committer is willing to fix on commit?)
> VM_EVENT=n and hence violating Misra rule 2.1.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v3:
> - new commit
> ---
> xen/include/xsm/dummy.h | 2 +-
> xen/include/xsm/xsm.h | 4 ++--
> xen/xsm/dummy.c | 2 +-
> xen/xsm/flask/hooks.c | 4 ++--
> 4 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
> index 12792c3a43..e801dbcdba 100644
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -640,6 +640,7 @@ static XSM_INLINE int cf_check xsm_hvm_altp2mhvm_op(
> }
> }
>
> +#ifdef CONFIG_VM_EVENT
> static XSM_INLINE int cf_check xsm_vm_event_control(
> XSM_DEFAULT_ARG struct domain *d, int mode, int op)
> {
> @@ -647,7 +648,6 @@ static XSM_INLINE int cf_check xsm_vm_event_control(
> return xsm_default_action(action, current->domain, d);
> }
>
> -#ifdef CONFIG_VM_EVENT
> static XSM_INLINE int cf_check xsm_mem_access(XSM_DEFAULT_ARG struct domain *d)
> {
> XSM_ASSERT_ACTION(XSM_DM_PRIV);
> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index 9a23d2827c..d9e5c831f3 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -155,9 +155,9 @@ struct xsm_ops {
> int (*hvm_altp2mhvm_op)(struct domain *d, uint64_t mode, uint32_t op);
> int (*get_vnumainfo)(struct domain *d);
>
> +#ifdef CONFIG_VM_EVENT
> int (*vm_event_control)(struct domain *d, int mode, int op);
>
> -#ifdef CONFIG_VM_EVENT
> int (*mem_access)(struct domain *d);
> #endif
>
> @@ -649,13 +649,13 @@ static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d)
> return alternative_call(xsm_ops.get_vnumainfo, d);
> }
>
> +#ifdef CONFIG_VM_EVENT
> static inline int xsm_vm_event_control(
> xsm_default_t def, struct domain *d, int mode, int op)
> {
> return alternative_call(xsm_ops.vm_event_control, d, mode, op);
> }
>
> -#ifdef CONFIG_VM_EVENT
> static inline int xsm_mem_access(xsm_default_t def, struct domain *d)
> {
> return alternative_call(xsm_ops.mem_access, d);
> diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
> index 8b7e01b506..96dc82ac2e 100644
> --- a/xen/xsm/dummy.c
> +++ b/xen/xsm/dummy.c
> @@ -115,9 +115,9 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
> .remove_from_physmap = xsm_remove_from_physmap,
> .map_gmfn_foreign = xsm_map_gmfn_foreign,
>
> +#ifdef CONFIG_VM_EVENT
> .vm_event_control = xsm_vm_event_control,
>
> -#ifdef CONFIG_VM_EVENT
> .mem_access = xsm_mem_access,
> #endif
>
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index b0308e1b26..9f3915617c 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -1365,12 +1365,12 @@ static int cf_check flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint
> return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM_OP);
> }
>
> +#ifdef CONFIG_VM_EVENT
> static int cf_check flask_vm_event_control(struct domain *d, int mode, int op)
> {
> return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__VM_EVENT);
> }
>
> -#ifdef CONFIG_VM_EVENT
> static int cf_check flask_mem_access(struct domain *d)
> {
> return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_ACCESS);
> @@ -1967,9 +1967,9 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
> .do_xsm_op = do_flask_op,
> .get_vnumainfo = flask_get_vnumainfo,
>
> +#ifdef CONFIG_VM_EVENT
> .vm_event_control = flask_vm_event_control,
>
> -#ifdef CONFIG_VM_EVENT
> .mem_access = flask_mem_access,
> #endif
>
Acked-by: Daniel P. Smith <dpsmith@apertussolutions.com>
On 25.11.2025 15:57, Daniel P. Smith wrote: > On 11/21/25 4:15 AM, Penny Zheng wrote: >> Function xsm_vm_event_control() is only invoked under CONFIG_VM_EVENT, so >> it shall be wrapped with it, otherwiae it will become unreachable when > > otherwiae --> otherwise (maybe committer is willing to fix on commit?) Sure. Jan
© 2016 - 2025 Red Hat, Inc.