[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS

  • To: Jan Beulich <jbeulich@xxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: "Penny, Zheng" <penny.zheng@xxxxxxx>
  • Date: Thu, 25 Sep 2025 07:43:11 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lwIPbeGfZniNvdyIZumgValRYfibb1bd9mmv50BqNpk=; b=pyPB9VFpPGqOOLh++yyi6fHOShUpttbVFGKh3cVp2x47I/UBNwIkOHlm41HhzLvg9GAJOpG+J9LO3DUcefmPztmSTYLctaWGdnZKD+uGz8vN/WKn0bbf9dn2cW0DEVnMg+cHQk3YaMmr+6XHynL/9vKQQ9zuMOuC84D5D6YFnV6lPlRBZ4EkTvFyZvNVqQ4LST/c7AzyWeis3u0rbEAhS4c296gNwkNZeDukV7GT2ia4NNt/05CAoW8KUuJ9ME4a7QjpD+9vUJ2onVj9H6w+eQy6n4qPRVPxo8W608TrXTi5Gh5747J+ObR0DpNyrjlCR2osmjYMrUhWbNyvlZELaQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=K9xZ+QjAqh6LzqoLVbmBPDKc+sJ4jEifS8x9fNvjl5pEngGoR/nIX9eEnDCc9tkzNfM3vx/Yc3lpOX1VRPRLcxQGcQzcHXFUwbNklpyJyVjmLk0ydTD8if9t62+yw+Evqyrkke00/cV0TzYiGXzo3khYFwMaybHwM2DxwQDsAg/Uvy1JzOvhp9gHTeyHWcmbU8OEX2MY3s8Mo2KxlxxgWjNwVQA0hZrKOBin85Vn0gBgSrsuxO/reiY/NBxOaIp55Fi3EAA4I8Bef84vd+mp6K5mtW4cO1uJy0Eo7hbjBFXGKQULtxPE9fMCj7P+azfRns11m1vDVMht2nZy5eAneQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;
  • Cc: "Huang, Ray" <Ray.Huang@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 25 Sep 2025 07:43:24 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Msip_labels: MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Enabled=True;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_SetDate=2025-09-25T07:42:43.0000000Z;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Name=Open Source;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_ContentBits=3;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Method=Privileged
  • Thread-index: AQHcIiYTs0Y1R/o960quInjC4q0w67SN0scAgBXIIBA=
  • Thread-topic: [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS
[Public]

> -----Original Message-----
> From: Jan Beulich <jbeulich@xxxxxxxx>
> Sent: Thursday, September 11, 2025 7:02 PM
> To: Penny, Zheng <penny.zheng@xxxxxxx>; Daniel P. Smith
> <dpsmith@xxxxxxxxxxxxxxxxxxxx>
> Cc: Huang, Ray <Ray.Huang@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [PATCH v2 15/26] xen/domctl: wrap
> xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > --- a/xen/xsm/flask/hooks.c
> > +++ b/xen/xsm/flask/hooks.c
> > @@ -1111,12 +1111,14 @@ static int cf_check flask_unbind_pt_irq(
> >      return current_has_perm(d, SECCLASS_RESOURCE,
> RESOURCE__REMOVE);
> > }
> >
> > +#ifdef CONFIG_MGMT_HYPERCALLS
> >  static int cf_check flask_irq_permission(
> >      struct domain *d, int pirq, uint8_t access)  {
> >      /* the PIRQ number is not useful; real IRQ is checked during mapping */
> >      return current_has_perm(d, SECCLASS_RESOURCE,
> > resource_to_perm(access));  }
> > +#endif /* CONFIG_MGMT_HYPERCALLS */
> >
> >  struct iomem_has_perm_data {
> >      uint32_t ssid;
> > @@ -1943,8 +1945,10 @@ static const struct xsm_ops __initconst_cf_clobber
> flask_ops = {
> >      .unmap_domain_irq = flask_unmap_domain_irq,
> >      .bind_pt_irq = flask_bind_pt_irq,
> >      .unbind_pt_irq = flask_unbind_pt_irq,
> > +#ifdef CONFIG_MGMT_HYPERCALLS
> >      .irq_permission = flask_irq_permission,
> >      .iomem_permission = flask_iomem_permission,
> > +#endif
> >      .iomem_mapping = flask_iomem_mapping,
> >      .pci_config_permission = flask_pci_config_permission,
> >
>
> It's odd that flask_iomem_permission() remains as a function, but for the 
> moment
> that looks to be necessary, as it's (oddly enough) called from
> flask_iomem_mapping(). However, for that one I again can't drive from titles 
> of
> subsequent patches where it would be taken care of.
>
> Daniel - is this layering actually helpful? Can't we either drop
> flask_iomem_mapping() (with the benefit of a cf_check disappearing), or have 
> it do
> directly what it wants done, rather than calling the other hook function?
>

If with no explicit worries, I'll create a new commit in next serie to remove 
redundant xsm_iomem_mapping(). Then here, we only shall take care of  
xsm_irq_permission()

> Having reached the bottom of the patch - what about xsm/dummy.h?
>
> Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.