1. Patchew
  2. Xen
  3. [PATCH v5 00/24] Disable domctl-op via CONFIG_MGMT_HYPERCALLS
  4. View patch

[PATCH v5 01/24] xen/xsm: remove redundant flask_iomem_mapping()

Penny Zheng posted 24 patches 2 days, 1 hour ago
[PATCH v5 01/24] xen/xsm: remove redundant flask_iomem_mapping()
Posted by Penny Zheng 2 days, 1 hour ago 
xsm_iomem_mapping() in flask policy seems redundant, as it only provides
an extra call layer by calling flask_iomem_permission(). It also has benefit
of making a cf_check disappearing too.

Suggested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v2 -> v3:
- new commit
---
v4 -> v5:
- only folding redundant xsm_iomem_mapping() implementation
---
 xen/xsm/flask/hooks.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 9f3915617c..a43cd361a2 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1167,11 +1167,6 @@ static int cf_check flask_iomem_permission(
     return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
 }
 
-static int cf_check flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access)
-{
-    return flask_iomem_permission(d, start, end, access);
-}
-
 static int cf_check flask_pci_config_permission(
     struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end,
     uint8_t access)
@@ -1945,7 +1940,7 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
     .unbind_pt_irq = flask_unbind_pt_irq,
     .irq_permission = flask_irq_permission,
     .iomem_permission = flask_iomem_permission,
-    .iomem_mapping = flask_iomem_mapping,
+    .iomem_mapping = flask_iomem_permission,
     .pci_config_permission = flask_pci_config_permission,
 
     .resource_plug_core = flask_resource_plug_core,
-- 
2.34.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.