* [PATCH v4 00/11] xsm: refactoring xsm hooks
@ 2021-09-03 19:06 Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code Daniel P. Smith
` (10 more replies)
0 siblings, 11 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: xen-devel; +Cc: Daniel P. Smith
Based on feedback from 2021 Xen Developers Summit the xsm-roles RFC patch set
is being split into two separate patch sets. This is the first patch set and is
focused purely on the clean up and refactoring of the XSM hooks.
This patch set refactors the xsm_ops wrapper hooks to use the alternative_call
infrastructure. Then proceeds to move and realign the headers to simplify the
unnecessarily complicated header inclusions, remove the facad of being able to
enable/disable XSM, and simplify the XSM hooks down to a single interface and
implementation. The remainder of the changes are clean up and removing no
longer necessary abstractions.
v2:
- restructured the patches, breaking them up as needed
- incorporate Andrew Cooper's alternative call common code
- change XSM module registration, removing register_xsm
- incoporate KConfig recommendations
- reworded commit messages
- incorporate macro expansion recommendations
- misc clean-up fallout from recommendations
v3:
- renamed struct xsm_operations to struct xsm_ops
- flask and silo ops structs made __initconst
- fixed misplacement of __init on flask/silo_init
- lots of coding style alignment
- further clean up from FLASK_DISABLE removal
- addressed commit message comments
- removed missed guard around alternative-call include
- reworked approach to XSM hooks, merging the two interfaces instead of
dropping one
v4:
- make __alt_call_maybe_initdata resolve to __read_mostly when
CONFIG_ALTERNATIVE_CALL is not set
- removed the masking of void with xsm_op_t
- moved all the coding style conformity to an early commit
- fixed declaration on real and stub declarations in xsm.h
- corrected to __initconstrel
- made the xsm_ops global __read_mostly
- adjusted blank lines in xsm_ops struct to provide consistent grouping
- moved extern references to built in policy to where they are used
- Added back in the #ifdef CONFIG_XSM into struct evtchn
- split the patch removing the duplicate interface up further
Andrew Cooper (1):
xen: Implement xen/alternative-call.h for use in common code
Daniel P. Smith (10):
xsm: remove the ability to disable flask
xsm: drop dubious xsm_op_t type
xsm: apply coding style
xsm: refactor xsm_ops handling
xsm: convert xsm_ops hook calls to alternative call
xsm: decouple xsm header inclusion selection
xsm: drop generic event channel labeling exclusion
silo: remove circular xsm hook call
kconfig: update xsm config to reflect reality
xsm: remove alternate xsm hook interface
xen/arch/x86/Kconfig | 1 +
xen/common/Kconfig | 52 +-
xen/include/public/xsm/flask_op.h | 2 +-
xen/include/xen/alternative-call.h | 63 +++
xen/include/xen/hypercall.h | 4 +-
xen/include/xen/sched.h | 4 +-
xen/include/xsm/dummy.h | 774 ---------------------------
xen/include/xsm/xsm-core.h | 273 ++++++++++
xen/include/xsm/xsm.h | 804 +++++++++++++----------------
xen/xsm/Makefile | 4 +-
xen/xsm/dummy.c | 7 +-
xen/xsm/dummy.h | 739 ++++++++++++++++++++++++++
xen/xsm/flask/flask_op.c | 32 +-
xen/xsm/flask/hooks.c | 16 +-
xen/xsm/silo.c | 25 +-
xen/xsm/xsm_core.c | 94 ++--
16 files changed, 1535 insertions(+), 1359 deletions(-)
create mode 100644 xen/include/xen/alternative-call.h
delete mode 100644 xen/include/xsm/dummy.h
create mode 100644 xen/include/xsm/xsm-core.h
create mode 100644 xen/xsm/dummy.h
--
2.20.1
^ permalink raw reply [flat|nested] 37+ messages in thread
* [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-06 15:52 ` Jan Beulich
2021-09-03 19:06 ` [PATCH v4 02/11] xsm: remove the ability to disable flask Daniel P. Smith
` (9 subsequent siblings)
10 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Wei Liu, xen-devel
Cc: Andrew Cooper, Jan Beulich, Roger Pau Monné,
Stefano Stabellini, Julien Grall, Volodymyr Babchuk,
Bob Eshleman, Alistair Francis, Connor Davis, Daniel P . Smith,
Jan Beulich, George Dunlap, Ian Jackson
From: Andrew Cooper <andrew.cooper3@citrix.com>
The alternative call infrastructure is x86-only for now, but the common iommu
code has a variant and more common code wants to use the infrastructure.
Introduce CONFIG_ALTERNATIVE_CALL and a conditional implemetnation so common
code can use the optimisation when available, without requiring all
architectures to implement no-op stubs.
Write some documentation, which was thus far entirely absent, covering the
requirements for an architecture to implement this optimsiation, and how to
use the infrastructure in general code.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Julien Grall <julien@xen.org>
CC: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
CC: Bob Eshleman <bobbyeshleman@gmail.com>
CC: Alistair Francis <alistair.francis@wdc.com>
CC: Connor Davis <connojdavis@gmail.com>
CC: Daniel P. Smith <dpsmith@apertussolutions.com>
v3:
* Drop __alt_call_maybe_initconst
This is a pre-requisite to "xsm: refactor xsm_ops handling" to avoid breaking
the ARM build.
Build test for the XSM code:
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 5eab21e1b168..592074e8f41c 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -195,6 +195,16 @@ bool __init has_xsm_magic(paddr_t start)
}
#endif
+#include <xen/alternative-call.h>
+struct foo {
+ int (*bar)(void *);
+} foo __alt_call_maybe_initdata;
+
+int test_alternative_call(void)
+{
+ return alternative_call(foo.bar, NULL);
+}
+
int __init register_xsm(struct xsm_operations *ops)
{
if ( verify(ops) )
---
xen/arch/x86/Kconfig | 1 +
xen/common/Kconfig | 3 ++
xen/include/xen/alternative-call.h | 63 ++++++++++++++++++++++++++++++
3 files changed, 67 insertions(+)
create mode 100644 xen/include/xen/alternative-call.h
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 9b164db641..1f83518ee0 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -6,6 +6,7 @@ config X86
def_bool y
select ACPI
select ACPI_LEGACY_TABLES_LOOKUP
+ select ALTERNATIVE_CALL
select ARCH_SUPPORTS_INT128
select CORE_PARKING
select HAS_ALTERNATIVE
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 0ddd18e11a..ac5491b1cc 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -22,6 +22,9 @@ config GRANT_TABLE
If unsure, say Y.
+config ALTERNATIVE_CALL
+ bool
+
config HAS_ALTERNATIVE
bool
diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h
new file mode 100644
index 0000000000..d10af90b1b
--- /dev/null
+++ b/xen/include/xen/alternative-call.h
@@ -0,0 +1,63 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef XEN_ALTERNATIVE_CALL
+#define XEN_ALTERNATIVE_CALL
+
+/*
+ * Some subsystems in Xen may have multiple implementions, which can be
+ * resolved to a single implementation at boot time. By default, this will
+ * result in the use of function pointers.
+ *
+ * Some architectures may have mechanisms for dynamically modifying .text.
+ * Using this mechnaism, function pointers can be converted to direct calls
+ * which are typically more efficient at runtime.
+ *
+ * For architectures to support:
+ *
+ * - Implement alternative_{,v}call() in asm/alternative.h. Code generation
+ * requirements are to emit a function pointer call at build time, and stash
+ * enough metadata to simplify the call at boot once the implementation has
+ * been resolved.
+ * - Select ALTERNATIVE_CALL in Kconfig.
+ *
+ * To use:
+ *
+ * Consider the following simplified example.
+ *
+ * 1) struct foo_ops __alt_call_maybe_initdata ops;
+ *
+ * 2) const struct foo_ops __initconst foo_a_ops = { ... };
+ * const struct foo_ops __initconst foo_b_ops = { ... };
+ *
+ * void foo_init(void)
+ * {
+ * ...
+ * if ( use_impl_a )
+ * ops = *foo_a_ops;
+ * else if ( use_impl_b )
+ * ops = *foo_b_ops;
+ * ...
+ * }
+ *
+ * 3) alternative_call(ops.bar, ...);
+ *
+ * There needs to a single ops object (1) which will eventually contain the
+ * function pointers. This should be populated in foo's init() function (2)
+ * by one of the available implementations. To call functions, use
+ * alternative_{,v}call() referencing the main ops object (3).
+ */
+
+#ifdef CONFIG_ALTERNATIVE_CALL
+
+#include <asm/alternative.h>
+
+#define __alt_call_maybe_initdata __initdata
+
+#else
+
+#define alternative_call(func, args...) (func)(args)
+#define alternative_vcall(func, args...) (func)(args)
+
+#define __alt_call_maybe_initdata __read_mostly
+
+#endif /* !CONFIG_ALTERNATIVE_CALL */
+#endif /* XEN_ALTERNATIVE_CALL */
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 02/11] xsm: remove the ability to disable flask
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-06 17:56 ` Andrew Cooper
2021-09-03 19:06 ` [PATCH v4 03/11] xsm: drop dubious xsm_op_t type Daniel P. Smith
` (8 subsequent siblings)
10 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel
Cc: Andrew Cooper, George Dunlap, Ian Jackson, Jan Beulich,
Julien Grall, Stefano Stabellini, Wei Liu, Daniel De Graaf
On Linux when SELinux is put into permissive mode the descretionary access
controls are still in place. Whereas for Xen when the enforcing state of flask
is set to permissive, all operations for all domains would succeed, i.e. it
does not fall back to the default access controls. To provide a means to mimic
a similar but not equivalent behavior, a flask op is present to allow a
one-time switch back to the default access controls, aka the "dummy policy".
While this may be desirable for an OS, Xen is a hypervisor and should not allow
the switching of which security policy framework is being enforced after boot.
This patch removes the flask op to enforce the desired XSM usage model
requiring a reboot of Xen to change the XSM policy module in use.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/include/public/xsm/flask_op.h | 2 +-
xen/xsm/flask/flask_op.c | 30 ------------------------------
2 files changed, 1 insertion(+), 31 deletions(-)
diff --git a/xen/include/public/xsm/flask_op.h b/xen/include/public/xsm/flask_op.h
index 16af7bc22f..b41dd6dac8 100644
--- a/xen/include/public/xsm/flask_op.h
+++ b/xen/include/public/xsm/flask_op.h
@@ -188,7 +188,7 @@ struct xen_flask_op {
#define FLASK_SETBOOL 12
#define FLASK_COMMITBOOLS 13
#define FLASK_MLS 14
-#define FLASK_DISABLE 15
+#define FLASK_DISABLE 15 /* No longer implemented */
#define FLASK_GETAVC_THRESHOLD 16
#define FLASK_SETAVC_THRESHOLD 17
#define FLASK_AVC_HASHSTATS 18
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 01e52138a1..f41c025391 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -223,32 +223,6 @@ static int flask_security_sid(struct xen_flask_sid_context *arg)
#ifndef COMPAT
-static int flask_disable(void)
-{
- static int flask_disabled = 0;
-
- if ( ss_initialized )
- {
- /* Not permitted after initial policy load. */
- return -EINVAL;
- }
-
- if ( flask_disabled )
- {
- /* Only do this once. */
- return -EINVAL;
- }
-
- printk("Flask: Disabled at runtime.\n");
-
- flask_disabled = 1;
-
- /* Reset xsm_ops to the original module. */
- xsm_ops = &dummy_xsm_ops;
-
- return 0;
-}
-
static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *arg)
{
int rv = 0;
@@ -698,10 +672,6 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op)
rv = flask_mls_enabled;
break;
- case FLASK_DISABLE:
- rv = flask_disable();
- break;
-
case FLASK_GETAVC_THRESHOLD:
rv = avc_cache_threshold;
break;
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 03/11] xsm: drop dubious xsm_op_t type
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 02/11] xsm: remove the ability to disable flask Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-06 18:00 ` Andrew Cooper
2021-09-03 19:06 ` [PATCH v4 04/11] xsm: apply coding style Daniel P. Smith
` (7 subsequent siblings)
10 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel
Cc: Andrew Cooper, George Dunlap, Ian Jackson, Jan Beulich,
Julien Grall, Stefano Stabellini, Wei Liu, Daniel De Graaf
The type xsm_op_t masks the use of void pointers. This commit drops the xsm_op_t type and
replaces it and all its uses with an explicit void.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/include/xen/hypercall.h | 4 ++--
xen/include/xsm/dummy.h | 4 ++--
xen/include/xsm/xsm.h | 11 ++++-------
xen/xsm/flask/flask_op.c | 2 +-
xen/xsm/flask/hooks.c | 4 ++--
xen/xsm/xsm_core.c | 4 ++--
6 files changed, 13 insertions(+), 16 deletions(-)
diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h
index 34b7f1fed6..3771487a30 100644
--- a/xen/include/xen/hypercall.h
+++ b/xen/include/xen/hypercall.h
@@ -127,7 +127,7 @@ do_kexec_op(
extern long
do_xsm_op(
- XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_xsm_op);
+ XEN_GUEST_HANDLE_PARAM(void) u_xsm_op);
#ifdef CONFIG_ARGO
extern long do_argo_op(
@@ -198,7 +198,7 @@ compat_set_timer_op(
s32 hi);
extern int compat_xsm_op(
- XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
+ XEN_GUEST_HANDLE_PARAM(void) op);
extern int compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg);
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 363c6d7798..214b5408b1 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -442,13 +442,13 @@ static XSM_INLINE int xsm_hypfs_op(XSM_DEFAULT_VOID)
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return -ENOSYS;
}
#ifdef CONFIG_COMPAT
-static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return -ENOSYS;
}
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index ad3cddbf7d..9872bae502 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -18,9 +18,6 @@
#include <xen/sched.h>
#include <xen/multiboot.h>
-typedef void xsm_op_t;
-DEFINE_XEN_GUEST_HANDLE(xsm_op_t);
-
/* policy magic number (defined by XSM_MAGIC) */
typedef u32 xsm_magic_t;
@@ -129,9 +126,9 @@ struct xsm_operations {
int (*page_offline)(uint32_t cmd);
int (*hypfs_op)(void);
- long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
+ long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(void) op);
#ifdef CONFIG_COMPAT
- int (*do_compat_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
+ int (*do_compat_op) (XEN_GUEST_HANDLE_PARAM(void) op);
#endif
int (*hvm_param) (struct domain *d, unsigned long op);
@@ -543,13 +540,13 @@ static inline int xsm_hypfs_op(xsm_default_t def)
return xsm_ops->hypfs_op();
}
-static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(void) op)
{
return xsm_ops->do_xsm_op(op);
}
#ifdef CONFIG_COMPAT
-static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(void) op)
{
return xsm_ops->do_compat_op(op);
}
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index f41c025391..221ff00fd3 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -607,7 +607,7 @@ static int flask_relabel_domain(struct xen_flask_relabel *arg)
#endif /* !COMPAT */
-ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op)
+ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op)
{
xen_flask_op_t op;
int rv;
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index f1a1217c98..1465db125a 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1742,8 +1742,8 @@ static int flask_argo_send(const struct domain *d, const struct domain *t)
#endif
-long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
-int compat_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
+long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
+int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
static struct xsm_operations flask_ops = {
.security_domaininfo = flask_security_domaininfo,
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 5eab21e1b1..ac553f9c0d 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -213,13 +213,13 @@ int __init register_xsm(struct xsm_operations *ops)
#endif
-long do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return xsm_do_xsm_op(op);
}
#ifdef CONFIG_COMPAT
-int compat_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+int compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return xsm_do_compat_op(op);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 04/11] xsm: apply coding style
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
` (2 preceding siblings ...)
2021-09-03 19:06 ` [PATCH v4 03/11] xsm: drop dubious xsm_op_t type Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-06 18:17 ` Andrew Cooper
2021-09-03 19:06 ` [PATCH v4 05/11] xsm: refactor xsm_ops handling Daniel P. Smith
` (6 subsequent siblings)
10 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
Instead of intermixing coding style changes with code changes as they
are come upon in this patch set, moving all coding style changes
into a single commit. The focus of coding style changes here are,
- move trailing comments to line above
- ensuring line length does not exceed 80 chars
- ensuring proper indentation for 80 char wrapping
- covert u32 type statements to uint32_t
- remove space between closing and opening parens
- drop extern on function declarations
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/include/xsm/dummy.h | 173 +++++++++-----
xen/include/xsm/xsm.h | 494 ++++++++++++++++++++++------------------
xen/xsm/xsm_core.c | 4 +-
3 files changed, 389 insertions(+), 282 deletions(-)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 214b5408b1..deaf23035e 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -69,8 +69,9 @@ void __xsm_action_mismatch_detected(void);
#endif /* CONFIG_XSM */
-static always_inline int xsm_default_action(
- xsm_default_t action, struct domain *src, struct domain *target)
+static always_inline int xsm_default_action(xsm_default_t action,
+ struct domain *src,
+ struct domain *target)
{
switch ( action ) {
case XSM_HOOK:
@@ -99,12 +100,13 @@ static always_inline int xsm_default_action(
}
static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
- struct xen_domctl_getdomaininfo *info)
+ struct xen_domctl_getdomaininfo *info)
{
return;
}
-static XSM_INLINE int xsm_domain_create(XSM_DEFAULT_ARG struct domain *d, u32 ssidref)
+static XSM_INLINE int xsm_domain_create(XSM_DEFAULT_ARG struct domain *d,
+ uint32_t ssidref)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
@@ -116,7 +118,8 @@ static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d)
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_domctl_scheduler_op(XSM_DEFAULT_ARG struct domain *d, int cmd)
+static XSM_INLINE int xsm_domctl_scheduler_op(XSM_DEFAULT_ARG struct domain *d,
+ int cmd)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
@@ -128,7 +131,8 @@ static XSM_INLINE int xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd)
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_set_target(XSM_DEFAULT_ARG struct domain *d, struct domain *e)
+static XSM_INLINE int xsm_set_target(XSM_DEFAULT_ARG struct domain *d,
+ struct domain *e)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, NULL);
@@ -173,38 +177,43 @@ static XSM_INLINE void xsm_free_security_domain(struct domain *d)
return;
}
-static XSM_INLINE int xsm_grant_mapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2,
- uint32_t flags)
+static XSM_INLINE int xsm_grant_mapref(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2, uint32_t flags)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_setup(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_setup(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_transfer(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_transfer(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_copy(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_copy(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_grant_query_size(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_query_size(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
@@ -216,14 +225,17 @@ static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d)
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_memory_adjust_reservation(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
+static XSM_INLINE int xsm_memory_adjust_reservation(XSM_DEFAULT_ARG
+ struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_memory_stat_reservation(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_memory_stat_reservation(XSM_DEFAULT_ARG
+ struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
@@ -253,13 +265,15 @@ static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID)
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2,
struct page_info *page)
{
XSM_ASSERT_ACTION(XSM_HOOK);
@@ -272,15 +286,17 @@ static XSM_INLINE int xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d)
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn,
- domid_t id2)
+static XSM_INLINE int xsm_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d,
+ struct evtchn *chn, domid_t id2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_evtchn_interdomain(XSM_DEFAULT_ARG struct domain *d1, struct evtchn
- *chan1, struct domain *d2, struct evtchn *chan2)
+static XSM_INLINE int xsm_evtchn_interdomain(XSM_DEFAULT_ARG struct domain *d1,
+ struct evtchn *chan1,
+ struct domain *d2,
+ struct evtchn *chan2)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d1, d2);
@@ -291,37 +307,41 @@ static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
return;
}
-static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d,
+ struct evtchn *chn)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, d, NULL);
}
-static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d,
+ struct evtchn *chn)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_alloc_security_evtchns(
- struct evtchn chn[], unsigned int nr)
+static XSM_INLINE int xsm_alloc_security_evtchns(struct evtchn chn[],
+ unsigned int nr)
{
return 0;
}
-static XSM_INLINE void xsm_free_security_evtchns(
- struct evtchn chn[], unsigned int nr)
+static XSM_INLINE void xsm_free_security_evtchns(struct evtchn chn[],
+ unsigned int nr)
{
return;
}
-static XSM_INLINE char *xsm_show_security_evtchn(struct domain *d, const struct evtchn *chn)
+static XSM_INLINE char *xsm_show_security_evtchn(struct domain *d,
+ const struct evtchn *chn)
{
return NULL;
}
@@ -357,13 +377,15 @@ static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf)
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf)
+static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d,
+ uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf)
+static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d,
+ uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
@@ -400,19 +422,22 @@ static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID)
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_plug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_plug_pci(XSM_DEFAULT_ARG
+ uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_unplug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_unplug_pci(XSM_DEFAULT_ARG
+ uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_resource_setup_pci(XSM_DEFAULT_ARG uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_setup_pci(XSM_DEFAULT_ARG
+ uint32_t machine_bdf)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, NULL);
@@ -478,13 +503,15 @@ static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d)
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d,
+ struct xen_domctl_bind_pt_irq *bind)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d,
+ struct xen_domctl_bind_pt_irq *bind)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
@@ -497,57 +524,68 @@ static XSM_INLINE int xsm_unmap_domain_irq(XSM_DEFAULT_ARG struct domain *d,
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_irq_permission(XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow)
+static XSM_INLINE int xsm_irq_permission(XSM_DEFAULT_ARG struct domain *d,
+ int pirq, uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_iomem_permission(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
+static XSM_INLINE int xsm_iomem_permission(XSM_DEFAULT_ARG struct domain *d,
+ uint64_t s, uint64_t e,
+ uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_iomem_mapping(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
+static XSM_INLINE int xsm_iomem_mapping(XSM_DEFAULT_ARG struct domain *d,
+ uint64_t s, uint64_t e, uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_pci_config_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf,
- uint16_t start, uint16_t end,
- uint8_t access)
+static XSM_INLINE int xsm_pci_config_permission(XSM_DEFAULT_ARG
+ struct domain *d,
+ uint32_t machine_bdf,
+ uint16_t start, uint16_t end,
+ uint8_t access)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1,
+ struct domain *d2)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d1, d2);
}
-static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, struct domain *t)
+static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d,
+ struct domain *t)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d, t);
}
-static XSM_INLINE int xsm_hvm_param(XSM_DEFAULT_ARG struct domain *d, unsigned long op)
+static XSM_INLINE int xsm_hvm_param(XSM_DEFAULT_ARG struct domain *d,
+ unsigned long op)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_hvm_control(XSM_DEFAULT_ARG struct domain *d, unsigned long op)
+static XSM_INLINE int xsm_hvm_control(XSM_DEFAULT_ARG struct domain *d,
+ unsigned long op)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, d);
@@ -559,7 +597,8 @@ static XSM_INLINE int xsm_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d)
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op)
+static XSM_INLINE int xsm_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d,
+ uint64_t mode, uint32_t op)
{
XSM_ASSERT_ACTION(XSM_OTHER);
@@ -578,7 +617,8 @@ static XSM_INLINE int xsm_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, uin
}
}
-static XSM_INLINE int xsm_vm_event_control(XSM_DEFAULT_ARG struct domain *d, int mode, int op)
+static XSM_INLINE int xsm_vm_event_control(XSM_DEFAULT_ARG struct domain *d,
+ int mode, int op)
{
XSM_ASSERT_ACTION(XSM_PRIV);
return xsm_default_action(action, current->domain, d);
@@ -621,13 +661,15 @@ static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID)
return xsm_default_action(action, current->domain, NULL);
}
-static XSM_INLINE int xsm_shadow_control(XSM_DEFAULT_ARG struct domain *d, uint32_t op)
+static XSM_INLINE int xsm_shadow_control(XSM_DEFAULT_ARG struct domain *d,
+ uint32_t op)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op)
+static XSM_INLINE int xsm_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d,
+ struct domain *cd, int op)
{
XSM_ASSERT_ACTION(XSM_DM_PRIV);
return xsm_default_action(action, current->domain, cd);
@@ -651,8 +693,9 @@ static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d)
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct domain *t,
- struct domain *f, uint32_t flags)
+static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d,
+ struct domain *t, struct domain *f,
+ uint32_t flags)
{
int rc = 0;
XSM_ASSERT_ACTION(XSM_TARGET);
@@ -663,38 +706,44 @@ static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct do
return rc;
}
-static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct domain *f)
+static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d,
+ struct domain *f)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d, f);
}
-static XSM_INLINE int xsm_update_va_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *f,
- l1_pgentry_t pte)
+static XSM_INLINE int xsm_update_va_mapping(XSM_DEFAULT_ARG struct domain *d,
+ struct domain *f, l1_pgentry_t pte)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d, f);
}
-static XSM_INLINE int xsm_priv_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *t)
+static XSM_INLINE int xsm_priv_mapping(XSM_DEFAULT_ARG struct domain *d,
+ struct domain *t)
{
XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_default_action(action, d, t);
}
-static XSM_INLINE int xsm_ioport_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_ioport_permission(XSM_DEFAULT_ARG struct domain *d,
+ uint32_t s, uint32_t e,
+ uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d,
+ uint32_t s, uint32_t e, uint8_t allow)
{
XSM_ASSERT_ACTION(XSM_HOOK);
return xsm_default_action(action, current->domain, d);
}
-static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG struct domain *d, unsigned int op)
+static XSM_INLINE int xsm_pmu_op(XSM_DEFAULT_ARG struct domain *d,
+ unsigned int op)
{
XSM_ASSERT_ACTION(XSM_OTHER);
switch ( op )
@@ -743,7 +792,7 @@ static XSM_INLINE int xsm_argo_send(const struct domain *d,
#endif /* CONFIG_ARGO */
#include <public/version.h>
-static XSM_INLINE int xsm_xen_version (XSM_DEFAULT_ARG uint32_t op)
+static XSM_INLINE int xsm_xen_version(XSM_DEFAULT_ARG uint32_t op)
{
XSM_ASSERT_ACTION(XSM_OTHER);
switch ( op )
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 9872bae502..8878281eae 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -19,7 +19,7 @@
#include <xen/multiboot.h>
/* policy magic number (defined by XSM_MAGIC) */
-typedef u32 xsm_magic_t;
+typedef uint32_t xsm_magic_t;
#ifdef CONFIG_XSM_FLASK
#define XSM_MAGIC 0xf97cff8c
@@ -31,158 +31,171 @@ typedef u32 xsm_magic_t;
* default actions of XSM hooks. They should be compiled out otherwise.
*/
enum xsm_default {
- XSM_HOOK, /* Guests can normally access the hypercall */
- XSM_DM_PRIV, /* Device model can perform on its target domain */
- XSM_TARGET, /* Can perform on self or your target domain */
- XSM_PRIV, /* Privileged - normally restricted to dom0 */
- XSM_XS_PRIV, /* Xenstore domain - can do some privileged operations */
- XSM_OTHER /* Something more complex */
+ /* Guests can normally access the hypercall */
+ XSM_HOOK,
+ /* Device model can perform on its target domain */
+ XSM_DM_PRIV,
+ /* Can perform on self or your target domain */
+ XSM_TARGET,
+ /* Privileged - normally restricted to dom0 */
+ XSM_PRIV,
+ /* Xenstore domain - can do some privileged operations */
+ XSM_XS_PRIV,
+ /* Something more complex */
+ XSM_OTHER
};
typedef enum xsm_default xsm_default_t;
struct xsm_operations {
- void (*security_domaininfo) (struct domain *d,
- struct xen_domctl_getdomaininfo *info);
- int (*domain_create) (struct domain *d, u32 ssidref);
- int (*getdomaininfo) (struct domain *d);
- int (*domctl_scheduler_op) (struct domain *d, int op);
- int (*sysctl_scheduler_op) (int op);
- int (*set_target) (struct domain *d, struct domain *e);
- int (*domctl) (struct domain *d, int cmd);
- int (*sysctl) (int cmd);
- int (*readconsole) (uint32_t clear);
-
- int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
- int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
- struct domain *d2, struct evtchn *chn2);
- void (*evtchn_close_post) (struct evtchn *chn);
- int (*evtchn_send) (struct domain *d, struct evtchn *chn);
- int (*evtchn_status) (struct domain *d, struct evtchn *chn);
- int (*evtchn_reset) (struct domain *d1, struct domain *d2);
-
- int (*grant_mapref) (struct domain *d1, struct domain *d2, uint32_t flags);
- int (*grant_unmapref) (struct domain *d1, struct domain *d2);
- int (*grant_setup) (struct domain *d1, struct domain *d2);
- int (*grant_transfer) (struct domain *d1, struct domain *d2);
- int (*grant_copy) (struct domain *d1, struct domain *d2);
- int (*grant_query_size) (struct domain *d1, struct domain *d2);
-
- int (*alloc_security_domain) (struct domain *d);
- void (*free_security_domain) (struct domain *d);
- int (*alloc_security_evtchns) (struct evtchn chn[], unsigned int nr);
- void (*free_security_evtchns) (struct evtchn chn[], unsigned int nr);
- char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn);
- int (*init_hardware_domain) (struct domain *d);
-
- int (*get_pod_target) (struct domain *d);
- int (*set_pod_target) (struct domain *d);
- int (*memory_exchange) (struct domain *d);
- int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2);
- int (*memory_stat_reservation) (struct domain *d1, struct domain *d2);
- int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct page_info *page);
- int (*add_to_physmap) (struct domain *d1, struct domain *d2);
- int (*remove_from_physmap) (struct domain *d1, struct domain *d2);
- int (*map_gmfn_foreign) (struct domain *d, struct domain *t);
- int (*claim_pages) (struct domain *d);
-
- int (*console_io) (struct domain *d, int cmd);
-
- int (*profile) (struct domain *d, int op);
-
- int (*kexec) (void);
- int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
-
- char *(*show_irq_sid) (int irq);
- int (*map_domain_pirq) (struct domain *d);
- int (*map_domain_irq) (struct domain *d, int irq, const void *data);
- int (*unmap_domain_pirq) (struct domain *d);
- int (*unmap_domain_irq) (struct domain *d, int irq, const void *data);
- int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
- int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
- int (*irq_permission) (struct domain *d, int pirq, uint8_t allow);
- int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow);
- int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow);
- int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access);
+ void (*security_domaininfo)(struct domain *d,
+ struct xen_domctl_getdomaininfo *info);
+ int (*domain_create)(struct domain *d, uint32_t ssidref);
+ int (*getdomaininfo)(struct domain *d);
+ int (*domctl_scheduler_op)(struct domain *d, int op);
+ int (*sysctl_scheduler_op)(int op);
+ int (*set_target)(struct domain *d, struct domain *e);
+ int (*domctl)(struct domain *d, int cmd);
+ int (*sysctl)(int cmd);
+ int (*readconsole)(uint32_t clear);
+
+ int (*evtchn_unbound)(struct domain *d, struct evtchn *chn, domid_t id2);
+ int (*evtchn_interdomain)(struct domain *d1, struct evtchn *chn1,
+ struct domain *d2, struct evtchn *chn2);
+ void (*evtchn_close_post)(struct evtchn *chn);
+ int (*evtchn_send)(struct domain *d, struct evtchn *chn);
+ int (*evtchn_status)(struct domain *d, struct evtchn *chn);
+ int (*evtchn_reset)(struct domain *d1, struct domain *d2);
+
+ int (*grant_mapref)(struct domain *d1, struct domain *d2, uint32_t flags);
+ int (*grant_unmapref)(struct domain *d1, struct domain *d2);
+ int (*grant_setup)(struct domain *d1, struct domain *d2);
+ int (*grant_transfer)(struct domain *d1, struct domain *d2);
+ int (*grant_copy)(struct domain *d1, struct domain *d2);
+ int (*grant_query_size)(struct domain *d1, struct domain *d2);
+
+ int (*alloc_security_domain)(struct domain *d);
+ void (*free_security_domain)(struct domain *d);
+ int (*alloc_security_evtchns)(struct evtchn chn[], unsigned int nr);
+ void (*free_security_evtchns)(struct evtchn chn[], unsigned int nr);
+ char *(*show_security_evtchn)(struct domain *d, const struct evtchn *chn);
+ int (*init_hardware_domain)(struct domain *d);
+
+ int (*get_pod_target)(struct domain *d);
+ int (*set_pod_target)(struct domain *d);
+ int (*memory_exchange)(struct domain *d);
+ int (*memory_adjust_reservation)(struct domain *d1, struct domain *d2);
+ int (*memory_stat_reservation)(struct domain *d1, struct domain *d2);
+ int (*memory_pin_page)(struct domain *d1, struct domain *d2,
+ struct page_info *page);
+ int (*add_to_physmap)(struct domain *d1, struct domain *d2);
+ int (*remove_from_physmap)(struct domain *d1, struct domain *d2);
+ int (*map_gmfn_foreign)(struct domain *d, struct domain *t);
+ int (*claim_pages)(struct domain *d);
+
+ int (*console_io)(struct domain *d, int cmd);
+
+ int (*profile)(struct domain *d, int op);
+
+ int (*kexec)(void);
+ int (*schedop_shutdown)(struct domain *d1, struct domain *d2);
+
+ char *(*show_irq_sid)(int irq);
+ int (*map_domain_pirq)(struct domain *d);
+ int (*map_domain_irq)(struct domain *d, int irq, const void *data);
+ int (*unmap_domain_pirq)(struct domain *d);
+ int (*unmap_domain_irq)(struct domain *d, int irq, const void *data);
+ int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
+ int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
+ int (*irq_permission)(struct domain *d, int pirq, uint8_t allow);
+ int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e,
+ uint8_t allow);
+ int (*iomem_mapping)(struct domain *d, uint64_t s, uint64_t e,
+ uint8_t allow);
+ int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
+ uint16_t start, uint16_t end, uint8_t access);
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
- int (*get_device_group) (uint32_t machine_bdf);
- int (*assign_device) (struct domain *d, uint32_t machine_bdf);
- int (*deassign_device) (struct domain *d, uint32_t machine_bdf);
+ int (*get_device_group)(uint32_t machine_bdf);
+ int (*assign_device)(struct domain *d, uint32_t machine_bdf);
+ int (*deassign_device)(struct domain *d, uint32_t machine_bdf);
#endif
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE)
- int (*assign_dtdevice) (struct domain *d, const char *dtpath);
- int (*deassign_dtdevice) (struct domain *d, const char *dtpath);
+ int (*assign_dtdevice)(struct domain *d, const char *dtpath);
+ int (*deassign_dtdevice)(struct domain *d, const char *dtpath);
#endif
- int (*resource_plug_core) (void);
- int (*resource_unplug_core) (void);
- int (*resource_plug_pci) (uint32_t machine_bdf);
- int (*resource_unplug_pci) (uint32_t machine_bdf);
- int (*resource_setup_pci) (uint32_t machine_bdf);
- int (*resource_setup_gsi) (int gsi);
- int (*resource_setup_misc) (void);
+ int (*resource_plug_core)(void);
+ int (*resource_unplug_core)(void);
+ int (*resource_plug_pci)(uint32_t machine_bdf);
+ int (*resource_unplug_pci)(uint32_t machine_bdf);
+ int (*resource_setup_pci)(uint32_t machine_bdf);
+ int (*resource_setup_gsi)(int gsi);
+ int (*resource_setup_misc)(void);
int (*page_offline)(uint32_t cmd);
int (*hypfs_op)(void);
- long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(void) op);
+ long (*do_xsm_op)(XEN_GUEST_HANDLE_PARAM(void) op);
#ifdef CONFIG_COMPAT
- int (*do_compat_op) (XEN_GUEST_HANDLE_PARAM(void) op);
+ int (*do_compat_op)(XEN_GUEST_HANDLE_PARAM(void) op);
#endif
- int (*hvm_param) (struct domain *d, unsigned long op);
- int (*hvm_control) (struct domain *d, unsigned long op);
- int (*hvm_param_altp2mhvm) (struct domain *d);
- int (*hvm_altp2mhvm_op) (struct domain *d, uint64_t mode, uint32_t op);
- int (*get_vnumainfo) (struct domain *d);
+ int (*hvm_param)(struct domain *d, unsigned long op);
+ int (*hvm_control)(struct domain *d, unsigned long op);
+ int (*hvm_param_altp2mhvm)(struct domain *d);
+ int (*hvm_altp2mhvm_op)(struct domain *d, uint64_t mode, uint32_t op);
+ int (*get_vnumainfo)(struct domain *d);
- int (*vm_event_control) (struct domain *d, int mode, int op);
+ int (*vm_event_control)(struct domain *d, int mode, int op);
#ifdef CONFIG_MEM_ACCESS
- int (*mem_access) (struct domain *d);
+ int (*mem_access)(struct domain *d);
#endif
#ifdef CONFIG_MEM_PAGING
- int (*mem_paging) (struct domain *d);
+ int (*mem_paging)(struct domain *d);
#endif
#ifdef CONFIG_MEM_SHARING
- int (*mem_sharing) (struct domain *d);
+ int (*mem_sharing)(struct domain *d);
#endif
- int (*platform_op) (uint32_t cmd);
+ int (*platform_op)(uint32_t cmd);
#ifdef CONFIG_X86
- int (*do_mca) (void);
- int (*shadow_control) (struct domain *d, uint32_t op);
- int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
- int (*apic) (struct domain *d, int cmd);
- int (*memtype) (uint32_t access);
- int (*machine_memory_map) (void);
- int (*domain_memory_map) (struct domain *d);
+ int (*do_mca)(void);
+ int (*shadow_control)(struct domain *d, uint32_t op);
+ int (*mem_sharing_op)(struct domain *d, struct domain *cd, int op);
+ int (*apic)(struct domain *d, int cmd);
+ int (*memtype)(uint32_t access);
+ int (*machine_memory_map)(void);
+ int (*domain_memory_map)(struct domain *d);
#define XSM_MMU_UPDATE_READ 1
#define XSM_MMU_UPDATE_WRITE 2
#define XSM_MMU_NORMAL_UPDATE 4
#define XSM_MMU_MACHPHYS_UPDATE 8
- int (*mmu_update) (struct domain *d, struct domain *t,
- struct domain *f, uint32_t flags);
- int (*mmuext_op) (struct domain *d, struct domain *f);
- int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t pte);
- int (*priv_mapping) (struct domain *d, struct domain *t);
- int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow);
- int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow);
- int (*pmu_op) (struct domain *d, unsigned int op);
+ int (*mmu_update)(struct domain *d, struct domain *t,
+ struct domain *f, uint32_t flags);
+ int (*mmuext_op)(struct domain *d, struct domain *f);
+ int (*update_va_mapping)(struct domain *d, struct domain *f,
+ l1_pgentry_t pte);
+ int (*priv_mapping)(struct domain *d, struct domain *t);
+ int (*ioport_permission)(struct domain *d, uint32_t s, uint32_t e,
+ uint8_t allow);
+ int (*ioport_mapping)(struct domain *d, uint32_t s, uint32_t e,
+ uint8_t allow);
+ int (*pmu_op)(struct domain *d, unsigned int op);
#endif
- int (*dm_op) (struct domain *d);
- int (*xen_version) (uint32_t cmd);
- int (*domain_resource_map) (struct domain *d);
+ int (*dm_op)(struct domain *d);
+ int (*xen_version)(uint32_t cmd);
+ int (*domain_resource_map)(struct domain *d);
#ifdef CONFIG_ARGO
- int (*argo_enable) (const struct domain *d);
- int (*argo_register_single_source) (const struct domain *d,
- const struct domain *t);
- int (*argo_register_any_source) (const struct domain *d);
- int (*argo_send) (const struct domain *d, const struct domain *t);
+ int (*argo_enable)(const struct domain *d);
+ int (*argo_register_single_source)(const struct domain *d,
+ const struct domain *t);
+ int (*argo_register_any_source)(const struct domain *d);
+ int (*argo_send)(const struct domain *d, const struct domain *t);
#endif
};
@@ -192,191 +205,210 @@ extern struct xsm_operations *xsm_ops;
#ifndef XSM_NO_WRAPPERS
-static inline void xsm_security_domaininfo (struct domain *d,
- struct xen_domctl_getdomaininfo *info)
+static inline void xsm_security_domaininfo(struct domain *d,
+ struct xen_domctl_getdomaininfo *info)
{
xsm_ops->security_domaininfo(d, info);
}
-static inline int xsm_domain_create (xsm_default_t def, struct domain *d, u32 ssidref)
+static inline int xsm_domain_create(xsm_default_t def, struct domain *d,
+ uint32_t ssidref)
{
return xsm_ops->domain_create(d, ssidref);
}
-static inline int xsm_getdomaininfo (xsm_default_t def, struct domain *d)
+static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d)
{
return xsm_ops->getdomaininfo(d);
}
-static inline int xsm_domctl_scheduler_op (xsm_default_t def, struct domain *d, int cmd)
+static inline int xsm_domctl_scheduler_op(xsm_default_t def, struct domain *d,
+ int cmd)
{
return xsm_ops->domctl_scheduler_op(d, cmd);
}
-static inline int xsm_sysctl_scheduler_op (xsm_default_t def, int cmd)
+static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
{
return xsm_ops->sysctl_scheduler_op(cmd);
}
-static inline int xsm_set_target (xsm_default_t def, struct domain *d, struct domain *e)
+static inline int xsm_set_target(xsm_default_t def, struct domain *d,
+ struct domain *e)
{
return xsm_ops->set_target(d, e);
}
-static inline int xsm_domctl (xsm_default_t def, struct domain *d, int cmd)
+static inline int xsm_domctl(xsm_default_t def, struct domain *d, int cmd)
{
return xsm_ops->domctl(d, cmd);
}
-static inline int xsm_sysctl (xsm_default_t def, int cmd)
+static inline int xsm_sysctl(xsm_default_t def, int cmd)
{
return xsm_ops->sysctl(cmd);
}
-static inline int xsm_readconsole (xsm_default_t def, uint32_t clear)
+static inline int xsm_readconsole(xsm_default_t def, uint32_t clear)
{
return xsm_ops->readconsole(clear);
}
-static inline int xsm_evtchn_unbound (xsm_default_t def, struct domain *d1, struct evtchn *chn,
- domid_t id2)
+static inline int xsm_evtchn_unbound(xsm_default_t def, struct domain *d1,
+ struct evtchn *chn, domid_t id2)
{
return xsm_ops->evtchn_unbound(d1, chn, id2);
}
-static inline int xsm_evtchn_interdomain (xsm_default_t def, struct domain *d1,
- struct evtchn *chan1, struct domain *d2, struct evtchn *chan2)
+static inline int xsm_evtchn_interdomain(xsm_default_t def, struct domain *d1,
+ struct evtchn *chan1,
+ struct domain *d2,
+ struct evtchn *chan2)
{
return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2);
}
-static inline void xsm_evtchn_close_post (struct evtchn *chn)
+static inline void xsm_evtchn_close_post(struct evtchn *chn)
{
xsm_ops->evtchn_close_post(chn);
}
-static inline int xsm_evtchn_send (xsm_default_t def, struct domain *d, struct evtchn *chn)
+static inline int xsm_evtchn_send(xsm_default_t def, struct domain *d,
+ struct evtchn *chn)
{
return xsm_ops->evtchn_send(d, chn);
}
-static inline int xsm_evtchn_status (xsm_default_t def, struct domain *d, struct evtchn *chn)
+static inline int xsm_evtchn_status(xsm_default_t def, struct domain *d,
+ struct evtchn *chn)
{
return xsm_ops->evtchn_status(d, chn);
}
-static inline int xsm_evtchn_reset (xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_evtchn_reset(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->evtchn_reset(d1, d2);
}
-static inline int xsm_grant_mapref (xsm_default_t def, struct domain *d1, struct domain *d2,
- uint32_t flags)
+static inline int xsm_grant_mapref(xsm_default_t def, struct domain *d1,
+ struct domain *d2, uint32_t flags)
{
return xsm_ops->grant_mapref(d1, d2, flags);
}
-static inline int xsm_grant_unmapref (xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_grant_unmapref(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->grant_unmapref(d1, d2);
}
-static inline int xsm_grant_setup (xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_grant_setup(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->grant_setup(d1, d2);
}
-static inline int xsm_grant_transfer (xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_grant_transfer(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->grant_transfer(d1, d2);
}
-static inline int xsm_grant_copy (xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_grant_copy(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->grant_copy(d1, d2);
}
-static inline int xsm_grant_query_size (xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_grant_query_size(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->grant_query_size(d1, d2);
}
-static inline int xsm_alloc_security_domain (struct domain *d)
+static inline int xsm_alloc_security_domain(struct domain *d)
{
return xsm_ops->alloc_security_domain(d);
}
-static inline void xsm_free_security_domain (struct domain *d)
+static inline void xsm_free_security_domain(struct domain *d)
{
xsm_ops->free_security_domain(d);
}
-static inline int xsm_alloc_security_evtchns(
- struct evtchn chn[], unsigned int nr)
+static inline int xsm_alloc_security_evtchns(struct evtchn chn[],
+ unsigned int nr)
{
return xsm_ops->alloc_security_evtchns(chn, nr);
}
-static inline void xsm_free_security_evtchns(
- struct evtchn chn[], unsigned int nr)
+static inline void xsm_free_security_evtchns(struct evtchn chn[],
+ unsigned int nr)
{
xsm_ops->free_security_evtchns(chn, nr);
}
-static inline char *xsm_show_security_evtchn (struct domain *d, const struct evtchn *chn)
+static inline char *xsm_show_security_evtchn(struct domain *d,
+ const struct evtchn *chn)
{
return xsm_ops->show_security_evtchn(d, chn);
}
-static inline int xsm_init_hardware_domain (xsm_default_t def, struct domain *d)
+static inline int xsm_init_hardware_domain(xsm_default_t def, struct domain *d)
{
return xsm_ops->init_hardware_domain(d);
}
-static inline int xsm_get_pod_target (xsm_default_t def, struct domain *d)
+static inline int xsm_get_pod_target(xsm_default_t def, struct domain *d)
{
return xsm_ops->get_pod_target(d);
}
-static inline int xsm_set_pod_target (xsm_default_t def, struct domain *d)
+static inline int xsm_set_pod_target(xsm_default_t def, struct domain *d)
{
return xsm_ops->set_pod_target(d);
}
-static inline int xsm_memory_exchange (xsm_default_t def, struct domain *d)
+static inline int xsm_memory_exchange(xsm_default_t def, struct domain *d)
{
return xsm_ops->memory_exchange(d);
}
-static inline int xsm_memory_adjust_reservation (xsm_default_t def, struct domain *d1, struct
- domain *d2)
+static inline int xsm_memory_adjust_reservation(xsm_default_t def,
+ struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->memory_adjust_reservation(d1, d2);
}
-static inline int xsm_memory_stat_reservation (xsm_default_t def, struct domain *d1,
- struct domain *d2)
+static inline int xsm_memory_stat_reservation(xsm_default_t def,
+ struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->memory_stat_reservation(d1, d2);
}
-static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1, struct domain *d2,
- struct page_info *page)
+static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1,
+ struct domain *d2, struct page_info *page)
{
return xsm_ops->memory_pin_page(d1, d2, page);
}
-static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->add_to_physmap(d1, d2);
}
-static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->remove_from_physmap(d1, d2);
}
-static inline int xsm_map_gmfn_foreign (xsm_default_t def, struct domain *d, struct domain *t)
+static inline int xsm_map_gmfn_foreign(xsm_default_t def, struct domain *d,
+ struct domain *t)
{
return xsm_ops->map_gmfn_foreign(d, t);
}
@@ -386,47 +418,50 @@ static inline int xsm_claim_pages(xsm_default_t def, struct domain *d)
return xsm_ops->claim_pages(d);
}
-static inline int xsm_console_io (xsm_default_t def, struct domain *d, int cmd)
+static inline int xsm_console_io(xsm_default_t def, struct domain *d, int cmd)
{
return xsm_ops->console_io(d, cmd);
}
-static inline int xsm_profile (xsm_default_t def, struct domain *d, int op)
+static inline int xsm_profile(xsm_default_t def, struct domain *d, int op)
{
return xsm_ops->profile(d, op);
}
-static inline int xsm_kexec (xsm_default_t def)
+static inline int xsm_kexec(xsm_default_t def)
{
return xsm_ops->kexec();
}
-static inline int xsm_schedop_shutdown (xsm_default_t def, struct domain *d1, struct domain *d2)
+static inline int xsm_schedop_shutdown(xsm_default_t def, struct domain *d1,
+ struct domain *d2)
{
return xsm_ops->schedop_shutdown(d1, d2);
}
-static inline char *xsm_show_irq_sid (int irq)
+static inline char *xsm_show_irq_sid(int irq)
{
return xsm_ops->show_irq_sid(irq);
}
-static inline int xsm_map_domain_pirq (xsm_default_t def, struct domain *d)
+static inline int xsm_map_domain_pirq(xsm_default_t def, struct domain *d)
{
return xsm_ops->map_domain_pirq(d);
}
-static inline int xsm_map_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data)
+static inline int xsm_map_domain_irq(xsm_default_t def, struct domain *d,
+ int irq, void *data)
{
return xsm_ops->map_domain_irq(d, irq, data);
}
-static inline int xsm_unmap_domain_pirq (xsm_default_t def, struct domain *d)
+static inline int xsm_unmap_domain_pirq(xsm_default_t def, struct domain *d)
{
return xsm_ops->unmap_domain_pirq(d);
}
-static inline int xsm_unmap_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data)
+static inline int xsm_unmap_domain_irq(xsm_default_t def, struct domain *d,
+ int irq, void *data)
{
return xsm_ops->unmap_domain_irq(d, irq, data);
}
@@ -443,22 +478,28 @@ static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d,
return xsm_ops->unbind_pt_irq(d, bind);
}
-static inline int xsm_irq_permission (xsm_default_t def, struct domain *d, int pirq, uint8_t allow)
+static inline int xsm_irq_permission(xsm_default_t def, struct domain *d,
+ int pirq, uint8_t allow)
{
return xsm_ops->irq_permission(d, pirq, allow);
}
-static inline int xsm_iomem_permission (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
+static inline int xsm_iomem_permission(xsm_default_t def, struct domain *d,
+ uint64_t s, uint64_t e, uint8_t allow)
{
return xsm_ops->iomem_permission(d, s, e, allow);
}
-static inline int xsm_iomem_mapping (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
+static inline int xsm_iomem_mapping(xsm_default_t def, struct domain *d,
+ uint64_t s, uint64_t e, uint8_t allow)
{
return xsm_ops->iomem_mapping(d, s, e, allow);
}
-static inline int xsm_pci_config_permission (xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access)
+static inline int xsm_pci_config_permission(xsm_default_t def, struct domain *d,
+ uint32_t machine_bdf,
+ uint16_t start, uint16_t end,
+ uint8_t access)
{
return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access);
}
@@ -469,12 +510,14 @@ static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf)
return xsm_ops->get_device_group(machine_bdf);
}
-static inline int xsm_assign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf)
+static inline int xsm_assign_device(xsm_default_t def, struct domain *d,
+ uint32_t machine_bdf)
{
return xsm_ops->assign_device(d, machine_bdf);
}
-static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf)
+static inline int xsm_deassign_device(xsm_default_t def, struct domain *d,
+ uint32_t machine_bdf)
{
return xsm_ops->deassign_device(d, machine_bdf);
}
@@ -495,37 +538,39 @@ static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d,
#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
-static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t machine_bdf)
+static inline int xsm_resource_plug_pci(xsm_default_t def, uint32_t machine_bdf)
{
return xsm_ops->resource_plug_pci(machine_bdf);
}
-static inline int xsm_resource_unplug_pci (xsm_default_t def, uint32_t machine_bdf)
+static inline int xsm_resource_unplug_pci(xsm_default_t def,
+ uint32_t machine_bdf)
{
return xsm_ops->resource_unplug_pci(machine_bdf);
}
-static inline int xsm_resource_plug_core (xsm_default_t def)
+static inline int xsm_resource_plug_core(xsm_default_t def)
{
return xsm_ops->resource_plug_core();
}
-static inline int xsm_resource_unplug_core (xsm_default_t def)
+static inline int xsm_resource_unplug_core(xsm_default_t def)
{
return xsm_ops->resource_unplug_core();
}
-static inline int xsm_resource_setup_pci (xsm_default_t def, uint32_t machine_bdf)
+static inline int xsm_resource_setup_pci(xsm_default_t def,
+ uint32_t machine_bdf)
{
return xsm_ops->resource_setup_pci(machine_bdf);
}
-static inline int xsm_resource_setup_gsi (xsm_default_t def, int gsi)
+static inline int xsm_resource_setup_gsi(xsm_default_t def, int gsi)
{
return xsm_ops->resource_setup_gsi(gsi);
}
-static inline int xsm_resource_setup_misc (xsm_default_t def)
+static inline int xsm_resource_setup_misc(xsm_default_t def)
{
return xsm_ops->resource_setup_misc();
}
@@ -540,70 +585,74 @@ static inline int xsm_hypfs_op(xsm_default_t def)
return xsm_ops->hypfs_op();
}
-static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(void) op)
+static inline long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return xsm_ops->do_xsm_op(op);
}
#ifdef CONFIG_COMPAT
-static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(void) op)
+static inline int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return xsm_ops->do_compat_op(op);
}
#endif
-static inline int xsm_hvm_param (xsm_default_t def, struct domain *d, unsigned long op)
+static inline int xsm_hvm_param(xsm_default_t def, struct domain *d,
+ unsigned long op)
{
return xsm_ops->hvm_param(d, op);
}
-static inline int xsm_hvm_control(xsm_default_t def, struct domain *d, unsigned long op)
+static inline int xsm_hvm_control(xsm_default_t def, struct domain *d,
+ unsigned long op)
{
return xsm_ops->hvm_control(d, op);
}
-static inline int xsm_hvm_param_altp2mhvm (xsm_default_t def, struct domain *d)
+static inline int xsm_hvm_param_altp2mhvm(xsm_default_t def, struct domain *d)
{
return xsm_ops->hvm_param_altp2mhvm(d);
}
-static inline int xsm_hvm_altp2mhvm_op (xsm_default_t def, struct domain *d, uint64_t mode, uint32_t op)
+static inline int xsm_hvm_altp2mhvm_op(xsm_default_t def, struct domain *d,
+ uint64_t mode, uint32_t op)
{
return xsm_ops->hvm_altp2mhvm_op(d, mode, op);
}
-static inline int xsm_get_vnumainfo (xsm_default_t def, struct domain *d)
+static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d)
{
return xsm_ops->get_vnumainfo(d);
}
-static inline int xsm_vm_event_control (xsm_default_t def, struct domain *d, int mode, int op)
+static inline int xsm_vm_event_control(xsm_default_t def, struct domain *d,
+ int mode, int op)
{
return xsm_ops->vm_event_control(d, mode, op);
}
#ifdef CONFIG_MEM_ACCESS
-static inline int xsm_mem_access (xsm_default_t def, struct domain *d)
+static inline int xsm_mem_access(xsm_default_t def, struct domain *d)
{
return xsm_ops->mem_access(d);
}
#endif
#ifdef CONFIG_MEM_PAGING
-static inline int xsm_mem_paging (xsm_default_t def, struct domain *d)
+static inline int xsm_mem_paging(xsm_default_t def, struct domain *d)
{
return xsm_ops->mem_paging(d);
}
#endif
#ifdef CONFIG_MEM_SHARING
-static inline int xsm_mem_sharing (xsm_default_t def, struct domain *d)
+static inline int xsm_mem_sharing(xsm_default_t def, struct domain *d)
{
return xsm_ops->mem_sharing(d);
}
#endif
-static inline int xsm_platform_op (xsm_default_t def, uint32_t op)
+static inline int xsm_platform_op(xsm_default_t def, uint32_t op)
{
return xsm_ops->platform_op(op);
}
@@ -614,22 +663,24 @@ static inline int xsm_do_mca(xsm_default_t def)
return xsm_ops->do_mca();
}
-static inline int xsm_shadow_control (xsm_default_t def, struct domain *d, uint32_t op)
+static inline int xsm_shadow_control(xsm_default_t def, struct domain *d,
+ uint32_t op)
{
return xsm_ops->shadow_control(d, op);
}
-static inline int xsm_mem_sharing_op (xsm_default_t def, struct domain *d, struct domain *cd, int op)
+static inline int xsm_mem_sharing_op(xsm_default_t def, struct domain *d,
+ struct domain *cd, int op)
{
return xsm_ops->mem_sharing_op(d, cd, op);
}
-static inline int xsm_apic (xsm_default_t def, struct domain *d, int cmd)
+static inline int xsm_apic(xsm_default_t def, struct domain *d, int cmd)
{
return xsm_ops->apic(d, cmd);
}
-static inline int xsm_memtype (xsm_default_t def, uint32_t access)
+static inline int xsm_memtype(xsm_default_t def, uint32_t access)
{
return xsm_ops->memtype(access);
}
@@ -644,39 +695,45 @@ static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d)
return xsm_ops->domain_memory_map(d);
}
-static inline int xsm_mmu_update (xsm_default_t def, struct domain *d, struct domain *t,
- struct domain *f, uint32_t flags)
+static inline int xsm_mmu_update(xsm_default_t def, struct domain *d,
+ struct domain *t, struct domain *f,
+ uint32_t flags)
{
return xsm_ops->mmu_update(d, t, f, flags);
}
-static inline int xsm_mmuext_op (xsm_default_t def, struct domain *d, struct domain *f)
+static inline int xsm_mmuext_op(xsm_default_t def, struct domain *d,
+ struct domain *f)
{
return xsm_ops->mmuext_op(d, f);
}
-static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d, struct domain *f,
- l1_pgentry_t pte)
+static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d,
+ struct domain *f, l1_pgentry_t pte)
{
return xsm_ops->update_va_mapping(d, f, pte);
}
-static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d, struct domain *t)
+static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d,
+ struct domain *t)
{
return xsm_ops->priv_mapping(d, t);
}
-static inline int xsm_ioport_permission (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow)
+static inline int xsm_ioport_permission(xsm_default_t def, struct domain *d,
+ uint32_t s, uint32_t e, uint8_t allow)
{
return xsm_ops->ioport_permission(d, s, e, allow);
}
-static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow)
+static inline int xsm_ioport_mapping(xsm_default_t def, struct domain *d,
+ uint32_t s, uint32_t e, uint8_t allow)
{
return xsm_ops->ioport_mapping(d, s, e, allow);
}
-static inline int xsm_pmu_op (xsm_default_t def, struct domain *d, unsigned int op)
+static inline int xsm_pmu_op(xsm_default_t def, struct domain *d,
+ unsigned int op)
{
return xsm_ops->pmu_op(d, op);
}
@@ -688,7 +745,7 @@ static inline int xsm_dm_op(xsm_default_t def, struct domain *d)
return xsm_ops->dm_op(d);
}
-static inline int xsm_xen_version (xsm_default_t def, uint32_t op)
+static inline int xsm_xen_version(xsm_default_t def, uint32_t op)
{
return xsm_ops->xen_version(op);
}
@@ -725,9 +782,9 @@ static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
#endif /* XSM_NO_WRAPPERS */
#ifdef CONFIG_MULTIBOOT
-extern int xsm_multiboot_init(unsigned long *module_map,
+int xsm_multiboot_init(unsigned long *module_map,
const multiboot_info_t *mbi);
-extern int xsm_multiboot_policy_init(unsigned long *module_map,
+int xsm_multiboot_policy_init(unsigned long *module_map,
const multiboot_info_t *mbi,
void **policy_buffer,
size_t *policy_size);
@@ -739,18 +796,19 @@ extern int xsm_multiboot_policy_init(unsigned long *module_map,
*
* On success, return 1 if using SILO mode else 0.
*/
-extern int xsm_dt_init(void);
-extern int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size);
-extern bool has_xsm_magic(paddr_t);
+int xsm_dt_init(void);
+int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size);
+bool has_xsm_magic(paddr_t);
#endif
-extern int register_xsm(struct xsm_operations *ops);
+int register_xsm(struct xsm_operations *ops);
extern struct xsm_operations dummy_xsm_ops;
-extern void xsm_fixup_ops(struct xsm_operations *ops);
+
+void xsm_fixup_ops(struct xsm_operations *ops);
#ifdef CONFIG_XSM_FLASK
-extern void flask_init(const void *policy_buffer, size_t policy_size);
+void flask_init(const void *policy_buffer, size_t policy_size);
#else
static inline void flask_init(const void *policy_buffer, size_t policy_size)
{
@@ -763,7 +821,7 @@ extern const unsigned int xsm_flask_init_policy_size;
#endif
#ifdef CONFIG_XSM_SILO
-extern void silo_init(void);
+void silo_init(void);
#else
static inline void silo_init(void) {}
#endif
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index ac553f9c0d..55483292c5 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -128,8 +128,8 @@ int __init xsm_multiboot_init(unsigned long *module_map,
if ( XSM_MAGIC )
{
- ret = xsm_multiboot_policy_init(module_map, mbi,
- &policy_buffer, &policy_size);
+ ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer,
+ &policy_size);
if ( ret )
{
bootstrap_map(NULL);
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 05/11] xsm: refactor xsm_ops handling
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
` (3 preceding siblings ...)
2021-09-03 19:06 ` [PATCH v4 04/11] xsm: apply coding style Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-06 18:31 ` Andrew Cooper
2021-09-03 19:06 ` [PATCH v4 06/11] xsm: convert xsm_ops hook calls to alternative call Daniel P. Smith
` (5 subsequent siblings)
10 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
This renames the `struct xsm_operations` to the shorter `struct xsm_ops` and
converts the global xsm_ops from being a pointer to an explicit instance. As
part of this conversion, it reworks the XSM modules init function to return
their xsm_ops struct which is copied in to the global xsm_ops instance.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/include/xsm/xsm.h | 222 +++++++++++++++++++++---------------------
xen/xsm/dummy.c | 4 +-
xen/xsm/flask/hooks.c | 12 +--
xen/xsm/silo.c | 7 +-
xen/xsm/xsm_core.c | 77 ++++++++-------
5 files changed, 167 insertions(+), 155 deletions(-)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 8878281eae..3888172045 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -46,7 +46,7 @@ enum xsm_default {
};
typedef enum xsm_default xsm_default_t;
-struct xsm_operations {
+struct xsm_ops {
void (*security_domaininfo)(struct domain *d,
struct xen_domctl_getdomaininfo *info);
int (*domain_create)(struct domain *d, uint32_t ssidref);
@@ -201,63 +201,63 @@ struct xsm_operations {
#ifdef CONFIG_XSM
-extern struct xsm_operations *xsm_ops;
+extern struct xsm_ops xsm_ops;
#ifndef XSM_NO_WRAPPERS
static inline void xsm_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
- xsm_ops->security_domaininfo(d, info);
+ xsm_ops.security_domaininfo(d, info);
}
static inline int xsm_domain_create(xsm_default_t def, struct domain *d,
uint32_t ssidref)
{
- return xsm_ops->domain_create(d, ssidref);
+ return xsm_ops.domain_create(d, ssidref);
}
static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d)
{
- return xsm_ops->getdomaininfo(d);
+ return xsm_ops.getdomaininfo(d);
}
static inline int xsm_domctl_scheduler_op(xsm_default_t def, struct domain *d,
int cmd)
{
- return xsm_ops->domctl_scheduler_op(d, cmd);
+ return xsm_ops.domctl_scheduler_op(d, cmd);
}
static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
{
- return xsm_ops->sysctl_scheduler_op(cmd);
+ return xsm_ops.sysctl_scheduler_op(cmd);
}
static inline int xsm_set_target(xsm_default_t def, struct domain *d,
struct domain *e)
{
- return xsm_ops->set_target(d, e);
+ return xsm_ops.set_target(d, e);
}
static inline int xsm_domctl(xsm_default_t def, struct domain *d, int cmd)
{
- return xsm_ops->domctl(d, cmd);
+ return xsm_ops.domctl(d, cmd);
}
static inline int xsm_sysctl(xsm_default_t def, int cmd)
{
- return xsm_ops->sysctl(cmd);
+ return xsm_ops.sysctl(cmd);
}
static inline int xsm_readconsole(xsm_default_t def, uint32_t clear)
{
- return xsm_ops->readconsole(clear);
+ return xsm_ops.readconsole(clear);
}
static inline int xsm_evtchn_unbound(xsm_default_t def, struct domain *d1,
struct evtchn *chn, domid_t id2)
{
- return xsm_ops->evtchn_unbound(d1, chn, id2);
+ return xsm_ops.evtchn_unbound(d1, chn, id2);
}
static inline int xsm_evtchn_interdomain(xsm_default_t def, struct domain *d1,
@@ -265,235 +265,235 @@ static inline int xsm_evtchn_interdomain(xsm_default_t def, struct domain *d1,
struct domain *d2,
struct evtchn *chan2)
{
- return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2);
+ return xsm_ops.evtchn_interdomain(d1, chan1, d2, chan2);
}
static inline void xsm_evtchn_close_post(struct evtchn *chn)
{
- xsm_ops->evtchn_close_post(chn);
+ xsm_ops.evtchn_close_post(chn);
}
static inline int xsm_evtchn_send(xsm_default_t def, struct domain *d,
struct evtchn *chn)
{
- return xsm_ops->evtchn_send(d, chn);
+ return xsm_ops.evtchn_send(d, chn);
}
static inline int xsm_evtchn_status(xsm_default_t def, struct domain *d,
struct evtchn *chn)
{
- return xsm_ops->evtchn_status(d, chn);
+ return xsm_ops.evtchn_status(d, chn);
}
static inline int xsm_evtchn_reset(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->evtchn_reset(d1, d2);
+ return xsm_ops.evtchn_reset(d1, d2);
}
static inline int xsm_grant_mapref(xsm_default_t def, struct domain *d1,
struct domain *d2, uint32_t flags)
{
- return xsm_ops->grant_mapref(d1, d2, flags);
+ return xsm_ops.grant_mapref(d1, d2, flags);
}
static inline int xsm_grant_unmapref(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->grant_unmapref(d1, d2);
+ return xsm_ops.grant_unmapref(d1, d2);
}
static inline int xsm_grant_setup(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->grant_setup(d1, d2);
+ return xsm_ops.grant_setup(d1, d2);
}
static inline int xsm_grant_transfer(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->grant_transfer(d1, d2);
+ return xsm_ops.grant_transfer(d1, d2);
}
static inline int xsm_grant_copy(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->grant_copy(d1, d2);
+ return xsm_ops.grant_copy(d1, d2);
}
static inline int xsm_grant_query_size(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->grant_query_size(d1, d2);
+ return xsm_ops.grant_query_size(d1, d2);
}
static inline int xsm_alloc_security_domain(struct domain *d)
{
- return xsm_ops->alloc_security_domain(d);
+ return xsm_ops.alloc_security_domain(d);
}
static inline void xsm_free_security_domain(struct domain *d)
{
- xsm_ops->free_security_domain(d);
+ xsm_ops.free_security_domain(d);
}
static inline int xsm_alloc_security_evtchns(struct evtchn chn[],
unsigned int nr)
{
- return xsm_ops->alloc_security_evtchns(chn, nr);
+ return xsm_ops.alloc_security_evtchns(chn, nr);
}
static inline void xsm_free_security_evtchns(struct evtchn chn[],
unsigned int nr)
{
- xsm_ops->free_security_evtchns(chn, nr);
+ xsm_ops.free_security_evtchns(chn, nr);
}
static inline char *xsm_show_security_evtchn(struct domain *d,
const struct evtchn *chn)
{
- return xsm_ops->show_security_evtchn(d, chn);
+ return xsm_ops.show_security_evtchn(d, chn);
}
static inline int xsm_init_hardware_domain(xsm_default_t def, struct domain *d)
{
- return xsm_ops->init_hardware_domain(d);
+ return xsm_ops.init_hardware_domain(d);
}
static inline int xsm_get_pod_target(xsm_default_t def, struct domain *d)
{
- return xsm_ops->get_pod_target(d);
+ return xsm_ops.get_pod_target(d);
}
static inline int xsm_set_pod_target(xsm_default_t def, struct domain *d)
{
- return xsm_ops->set_pod_target(d);
+ return xsm_ops.set_pod_target(d);
}
static inline int xsm_memory_exchange(xsm_default_t def, struct domain *d)
{
- return xsm_ops->memory_exchange(d);
+ return xsm_ops.memory_exchange(d);
}
static inline int xsm_memory_adjust_reservation(xsm_default_t def,
struct domain *d1,
struct domain *d2)
{
- return xsm_ops->memory_adjust_reservation(d1, d2);
+ return xsm_ops.memory_adjust_reservation(d1, d2);
}
static inline int xsm_memory_stat_reservation(xsm_default_t def,
struct domain *d1,
struct domain *d2)
{
- return xsm_ops->memory_stat_reservation(d1, d2);
+ return xsm_ops.memory_stat_reservation(d1, d2);
}
static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1,
struct domain *d2, struct page_info *page)
{
- return xsm_ops->memory_pin_page(d1, d2, page);
+ return xsm_ops.memory_pin_page(d1, d2, page);
}
static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->add_to_physmap(d1, d2);
+ return xsm_ops.add_to_physmap(d1, d2);
}
static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->remove_from_physmap(d1, d2);
+ return xsm_ops.remove_from_physmap(d1, d2);
}
static inline int xsm_map_gmfn_foreign(xsm_default_t def, struct domain *d,
struct domain *t)
{
- return xsm_ops->map_gmfn_foreign(d, t);
+ return xsm_ops.map_gmfn_foreign(d, t);
}
static inline int xsm_claim_pages(xsm_default_t def, struct domain *d)
{
- return xsm_ops->claim_pages(d);
+ return xsm_ops.claim_pages(d);
}
static inline int xsm_console_io(xsm_default_t def, struct domain *d, int cmd)
{
- return xsm_ops->console_io(d, cmd);
+ return xsm_ops.console_io(d, cmd);
}
static inline int xsm_profile(xsm_default_t def, struct domain *d, int op)
{
- return xsm_ops->profile(d, op);
+ return xsm_ops.profile(d, op);
}
static inline int xsm_kexec(xsm_default_t def)
{
- return xsm_ops->kexec();
+ return xsm_ops.kexec();
}
static inline int xsm_schedop_shutdown(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops->schedop_shutdown(d1, d2);
+ return xsm_ops.schedop_shutdown(d1, d2);
}
static inline char *xsm_show_irq_sid(int irq)
{
- return xsm_ops->show_irq_sid(irq);
+ return xsm_ops.show_irq_sid(irq);
}
static inline int xsm_map_domain_pirq(xsm_default_t def, struct domain *d)
{
- return xsm_ops->map_domain_pirq(d);
+ return xsm_ops.map_domain_pirq(d);
}
static inline int xsm_map_domain_irq(xsm_default_t def, struct domain *d,
int irq, void *data)
{
- return xsm_ops->map_domain_irq(d, irq, data);
+ return xsm_ops.map_domain_irq(d, irq, data);
}
static inline int xsm_unmap_domain_pirq(xsm_default_t def, struct domain *d)
{
- return xsm_ops->unmap_domain_pirq(d);
+ return xsm_ops.unmap_domain_pirq(d);
}
static inline int xsm_unmap_domain_irq(xsm_default_t def, struct domain *d,
int irq, void *data)
{
- return xsm_ops->unmap_domain_irq(d, irq, data);
+ return xsm_ops.unmap_domain_irq(d, irq, data);
}
static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d,
struct xen_domctl_bind_pt_irq *bind)
{
- return xsm_ops->bind_pt_irq(d, bind);
+ return xsm_ops.bind_pt_irq(d, bind);
}
static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d,
struct xen_domctl_bind_pt_irq *bind)
{
- return xsm_ops->unbind_pt_irq(d, bind);
+ return xsm_ops.unbind_pt_irq(d, bind);
}
static inline int xsm_irq_permission(xsm_default_t def, struct domain *d,
int pirq, uint8_t allow)
{
- return xsm_ops->irq_permission(d, pirq, allow);
+ return xsm_ops.irq_permission(d, pirq, allow);
}
static inline int xsm_iomem_permission(xsm_default_t def, struct domain *d,
uint64_t s, uint64_t e, uint8_t allow)
{
- return xsm_ops->iomem_permission(d, s, e, allow);
+ return xsm_ops.iomem_permission(d, s, e, allow);
}
static inline int xsm_iomem_mapping(xsm_default_t def, struct domain *d,
uint64_t s, uint64_t e, uint8_t allow)
{
- return xsm_ops->iomem_mapping(d, s, e, allow);
+ return xsm_ops.iomem_mapping(d, s, e, allow);
}
static inline int xsm_pci_config_permission(xsm_default_t def, struct domain *d,
@@ -501,25 +501,25 @@ static inline int xsm_pci_config_permission(xsm_default_t def, struct domain *d,
uint16_t start, uint16_t end,
uint8_t access)
{
- return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access);
+ return xsm_ops.pci_config_permission(d, machine_bdf, start, end, access);
}
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf)
{
- return xsm_ops->get_device_group(machine_bdf);
+ return xsm_ops.get_device_group(machine_bdf);
}
static inline int xsm_assign_device(xsm_default_t def, struct domain *d,
uint32_t machine_bdf)
{
- return xsm_ops->assign_device(d, machine_bdf);
+ return xsm_ops.assign_device(d, machine_bdf);
}
static inline int xsm_deassign_device(xsm_default_t def, struct domain *d,
uint32_t machine_bdf)
{
- return xsm_ops->deassign_device(d, machine_bdf);
+ return xsm_ops.deassign_device(d, machine_bdf);
}
#endif /* HAS_PASSTHROUGH && HAS_PCI) */
@@ -527,254 +527,254 @@ static inline int xsm_deassign_device(xsm_default_t def, struct domain *d,
static inline int xsm_assign_dtdevice(xsm_default_t def, struct domain *d,
const char *dtpath)
{
- return xsm_ops->assign_dtdevice(d, dtpath);
+ return xsm_ops.assign_dtdevice(d, dtpath);
}
static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d,
const char *dtpath)
{
- return xsm_ops->deassign_dtdevice(d, dtpath);
+ return xsm_ops.deassign_dtdevice(d, dtpath);
}
#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
static inline int xsm_resource_plug_pci(xsm_default_t def, uint32_t machine_bdf)
{
- return xsm_ops->resource_plug_pci(machine_bdf);
+ return xsm_ops.resource_plug_pci(machine_bdf);
}
static inline int xsm_resource_unplug_pci(xsm_default_t def,
uint32_t machine_bdf)
{
- return xsm_ops->resource_unplug_pci(machine_bdf);
+ return xsm_ops.resource_unplug_pci(machine_bdf);
}
static inline int xsm_resource_plug_core(xsm_default_t def)
{
- return xsm_ops->resource_plug_core();
+ return xsm_ops.resource_plug_core();
}
static inline int xsm_resource_unplug_core(xsm_default_t def)
{
- return xsm_ops->resource_unplug_core();
+ return xsm_ops.resource_unplug_core();
}
static inline int xsm_resource_setup_pci(xsm_default_t def,
uint32_t machine_bdf)
{
- return xsm_ops->resource_setup_pci(machine_bdf);
+ return xsm_ops.resource_setup_pci(machine_bdf);
}
static inline int xsm_resource_setup_gsi(xsm_default_t def, int gsi)
{
- return xsm_ops->resource_setup_gsi(gsi);
+ return xsm_ops.resource_setup_gsi(gsi);
}
static inline int xsm_resource_setup_misc(xsm_default_t def)
{
- return xsm_ops->resource_setup_misc();
+ return xsm_ops.resource_setup_misc();
}
static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd)
{
- return xsm_ops->page_offline(cmd);
+ return xsm_ops.page_offline(cmd);
}
static inline int xsm_hypfs_op(xsm_default_t def)
{
- return xsm_ops->hypfs_op();
+ return xsm_ops.hypfs_op();
}
static inline long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
- return xsm_ops->do_xsm_op(op);
+ return xsm_ops.do_xsm_op(op);
}
#ifdef CONFIG_COMPAT
static inline int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
- return xsm_ops->do_compat_op(op);
+ return xsm_ops.do_compat_op(op);
}
#endif
static inline int xsm_hvm_param(xsm_default_t def, struct domain *d,
unsigned long op)
{
- return xsm_ops->hvm_param(d, op);
+ return xsm_ops.hvm_param(d, op);
}
static inline int xsm_hvm_control(xsm_default_t def, struct domain *d,
unsigned long op)
{
- return xsm_ops->hvm_control(d, op);
+ return xsm_ops.hvm_control(d, op);
}
static inline int xsm_hvm_param_altp2mhvm(xsm_default_t def, struct domain *d)
{
- return xsm_ops->hvm_param_altp2mhvm(d);
+ return xsm_ops.hvm_param_altp2mhvm(d);
}
static inline int xsm_hvm_altp2mhvm_op(xsm_default_t def, struct domain *d,
uint64_t mode, uint32_t op)
{
- return xsm_ops->hvm_altp2mhvm_op(d, mode, op);
+ return xsm_ops.hvm_altp2mhvm_op(d, mode, op);
}
static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d)
{
- return xsm_ops->get_vnumainfo(d);
+ return xsm_ops.get_vnumainfo(d);
}
static inline int xsm_vm_event_control(xsm_default_t def, struct domain *d,
int mode, int op)
{
- return xsm_ops->vm_event_control(d, mode, op);
+ return xsm_ops.vm_event_control(d, mode, op);
}
#ifdef CONFIG_MEM_ACCESS
static inline int xsm_mem_access(xsm_default_t def, struct domain *d)
{
- return xsm_ops->mem_access(d);
+ return xsm_ops.mem_access(d);
}
#endif
#ifdef CONFIG_MEM_PAGING
static inline int xsm_mem_paging(xsm_default_t def, struct domain *d)
{
- return xsm_ops->mem_paging(d);
+ return xsm_ops.mem_paging(d);
}
#endif
#ifdef CONFIG_MEM_SHARING
static inline int xsm_mem_sharing(xsm_default_t def, struct domain *d)
{
- return xsm_ops->mem_sharing(d);
+ return xsm_ops.mem_sharing(d);
}
#endif
static inline int xsm_platform_op(xsm_default_t def, uint32_t op)
{
- return xsm_ops->platform_op(op);
+ return xsm_ops.platform_op(op);
}
#ifdef CONFIG_X86
static inline int xsm_do_mca(xsm_default_t def)
{
- return xsm_ops->do_mca();
+ return xsm_ops.do_mca();
}
static inline int xsm_shadow_control(xsm_default_t def, struct domain *d,
uint32_t op)
{
- return xsm_ops->shadow_control(d, op);
+ return xsm_ops.shadow_control(d, op);
}
static inline int xsm_mem_sharing_op(xsm_default_t def, struct domain *d,
struct domain *cd, int op)
{
- return xsm_ops->mem_sharing_op(d, cd, op);
+ return xsm_ops.mem_sharing_op(d, cd, op);
}
static inline int xsm_apic(xsm_default_t def, struct domain *d, int cmd)
{
- return xsm_ops->apic(d, cmd);
+ return xsm_ops.apic(d, cmd);
}
static inline int xsm_memtype(xsm_default_t def, uint32_t access)
{
- return xsm_ops->memtype(access);
+ return xsm_ops.memtype(access);
}
static inline int xsm_machine_memory_map(xsm_default_t def)
{
- return xsm_ops->machine_memory_map();
+ return xsm_ops.machine_memory_map();
}
static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d)
{
- return xsm_ops->domain_memory_map(d);
+ return xsm_ops.domain_memory_map(d);
}
static inline int xsm_mmu_update(xsm_default_t def, struct domain *d,
struct domain *t, struct domain *f,
uint32_t flags)
{
- return xsm_ops->mmu_update(d, t, f, flags);
+ return xsm_ops.mmu_update(d, t, f, flags);
}
static inline int xsm_mmuext_op(xsm_default_t def, struct domain *d,
struct domain *f)
{
- return xsm_ops->mmuext_op(d, f);
+ return xsm_ops.mmuext_op(d, f);
}
static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d,
struct domain *f, l1_pgentry_t pte)
{
- return xsm_ops->update_va_mapping(d, f, pte);
+ return xsm_ops.update_va_mapping(d, f, pte);
}
static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d,
struct domain *t)
{
- return xsm_ops->priv_mapping(d, t);
+ return xsm_ops.priv_mapping(d, t);
}
static inline int xsm_ioport_permission(xsm_default_t def, struct domain *d,
uint32_t s, uint32_t e, uint8_t allow)
{
- return xsm_ops->ioport_permission(d, s, e, allow);
+ return xsm_ops.ioport_permission(d, s, e, allow);
}
static inline int xsm_ioport_mapping(xsm_default_t def, struct domain *d,
uint32_t s, uint32_t e, uint8_t allow)
{
- return xsm_ops->ioport_mapping(d, s, e, allow);
+ return xsm_ops.ioport_mapping(d, s, e, allow);
}
static inline int xsm_pmu_op(xsm_default_t def, struct domain *d,
unsigned int op)
{
- return xsm_ops->pmu_op(d, op);
+ return xsm_ops.pmu_op(d, op);
}
#endif /* CONFIG_X86 */
static inline int xsm_dm_op(xsm_default_t def, struct domain *d)
{
- return xsm_ops->dm_op(d);
+ return xsm_ops.dm_op(d);
}
static inline int xsm_xen_version(xsm_default_t def, uint32_t op)
{
- return xsm_ops->xen_version(op);
+ return xsm_ops.xen_version(op);
}
static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d)
{
- return xsm_ops->domain_resource_map(d);
+ return xsm_ops.domain_resource_map(d);
}
#ifdef CONFIG_ARGO
static inline int xsm_argo_enable(const struct domain *d)
{
- return xsm_ops->argo_enable(d);
+ return xsm_ops.argo_enable(d);
}
static inline int xsm_argo_register_single_source(const struct domain *d,
const struct domain *t)
{
- return xsm_ops->argo_register_single_source(d, t);
+ return xsm_ops.argo_register_single_source(d, t);
}
static inline int xsm_argo_register_any_source(const struct domain *d)
{
- return xsm_ops->argo_register_any_source(d);
+ return xsm_ops.argo_register_any_source(d);
}
static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
{
- return xsm_ops->argo_send(d, t);
+ return xsm_ops.argo_send(d, t);
}
#endif /* CONFIG_ARGO */
@@ -801,17 +801,18 @@ int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size);
bool has_xsm_magic(paddr_t);
#endif
-int register_xsm(struct xsm_operations *ops);
+extern struct xsm_ops dummy_xsm_ops;
-extern struct xsm_operations dummy_xsm_ops;
-
-void xsm_fixup_ops(struct xsm_operations *ops);
+void xsm_fixup_ops(struct xsm_ops *ops);
#ifdef CONFIG_XSM_FLASK
-void flask_init(const void *policy_buffer, size_t policy_size);
+extern const struct xsm_ops *flask_init(const void *policy_buffer,
+ size_t policy_size);
#else
-static inline void flask_init(const void *policy_buffer, size_t policy_size)
+static const inline struct xsm_ops *flask_init(const void *policy_buffer,
+ size_t policy_size)
{
+ return NULL;
}
#endif
@@ -821,9 +822,12 @@ extern const unsigned int xsm_flask_init_policy_size;
#endif
#ifdef CONFIG_XSM_SILO
-void silo_init(void);
+extern const struct xsm_ops *silo_init(void);
#else
-static inline void silo_init(void) {}
+static const inline struct xsm_ops *silo_init(void)
+{
+ return NULL;
+}
#endif
#else /* CONFIG_XSM */
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index de44b10130..d8c935328e 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -13,15 +13,13 @@
#define XSM_NO_WRAPPERS
#include <xsm/dummy.h>
-struct xsm_operations dummy_xsm_ops;
-
#define set_to_dummy_if_null(ops, function) \
do { \
if ( !ops->function ) \
ops->function = xsm_##function; \
} while (0)
-void __init xsm_fixup_ops (struct xsm_operations *ops)
+void __init xsm_fixup_ops (struct xsm_ops *ops)
{
set_to_dummy_if_null(ops, security_domaininfo);
set_to_dummy_if_null(ops, domain_create);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 1465db125a..25e87180b4 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1745,7 +1745,7 @@ static int flask_argo_send(const struct domain *d, const struct domain *t)
long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op);
-static struct xsm_operations flask_ops = {
+static const struct xsm_ops __initconstrel flask_ops = {
.security_domaininfo = flask_security_domaininfo,
.domain_create = flask_domain_create,
.getdomaininfo = flask_getdomaininfo,
@@ -1883,7 +1883,8 @@ static struct xsm_operations flask_ops = {
#endif
};
-void __init flask_init(const void *policy_buffer, size_t policy_size)
+const struct xsm_ops *__init flask_init(const void *policy_buffer,
+ size_t policy_size)
{
int ret = -ENOENT;
@@ -1891,7 +1892,7 @@ void __init flask_init(const void *policy_buffer, size_t policy_size)
{
case FLASK_BOOTPARAM_DISABLED:
printk(XENLOG_INFO "Flask: Disabled at boot.\n");
- return;
+ return NULL;
case FLASK_BOOTPARAM_PERMISSIVE:
flask_enforcing = 0;
@@ -1908,9 +1909,6 @@ void __init flask_init(const void *policy_buffer, size_t policy_size)
avc_init();
- if ( register_xsm(&flask_ops) )
- panic("Flask: Unable to register with XSM\n");
-
if ( policy_size && flask_bootparam != FLASK_BOOTPARAM_LATELOAD )
ret = security_load_policy(policy_buffer, policy_size);
@@ -1923,6 +1921,8 @@ void __init flask_init(const void *policy_buffer, size_t policy_size)
printk(XENLOG_INFO "Flask: Starting in enforcing mode.\n");
else
printk(XENLOG_INFO "Flask: Starting in permissive mode.\n");
+
+ return &flask_ops;
}
/*
diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c
index fc2ca5cd2d..3550dded7b 100644
--- a/xen/xsm/silo.c
+++ b/xen/xsm/silo.c
@@ -100,7 +100,7 @@ static int silo_argo_send(const struct domain *d1, const struct domain *d2)
#endif
-static struct xsm_operations silo_xsm_ops = {
+static const struct xsm_ops __initconstrel silo_xsm_ops = {
.evtchn_unbound = silo_evtchn_unbound,
.evtchn_interdomain = silo_evtchn_interdomain,
.grant_mapref = silo_grant_mapref,
@@ -112,12 +112,11 @@ static struct xsm_operations silo_xsm_ops = {
#endif
};
-void __init silo_init(void)
+const struct xsm_ops *__init silo_init(void)
{
printk("Initialising XSM SILO mode\n");
- if ( register_xsm(&silo_xsm_ops) )
- panic("SILO: Unable to register with XSM\n");
+ return &silo_xsm_ops;
}
/*
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 55483292c5..859af3fe9a 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -28,9 +28,17 @@
#include <asm/setup.h>
#endif
-#define XSM_FRAMEWORK_VERSION "1.0.0"
+#define XSM_FRAMEWORK_VERSION "1.0.1"
-struct xsm_operations *xsm_ops;
+struct xsm_ops __read_mostly xsm_ops;
+
+enum xsm_ops_state {
+ XSM_OPS_UNREGISTERED,
+ XSM_OPS_REG_FAILED,
+ XSM_OPS_REGISTERED,
+};
+
+static enum xsm_ops_state xsm_ops_registered = XSM_OPS_UNREGISTERED;
enum xsm_bootparam {
XSM_BOOTPARAM_DUMMY,
@@ -68,17 +76,10 @@ static int __init parse_xsm_param(const char *s)
}
custom_param("xsm", parse_xsm_param);
-static inline int verify(struct xsm_operations *ops)
-{
- /* verify the security_operations structure exists */
- if ( !ops )
- return -EINVAL;
- xsm_fixup_ops(ops);
- return 0;
-}
-
static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
{
+ const struct xsm_ops *ops = NULL;
+
#ifdef CONFIG_XSM_FLASK_POLICY
if ( policy_size == 0 )
{
@@ -87,25 +88,35 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
}
#endif
- if ( verify(&dummy_xsm_ops) )
+ if ( xsm_ops_registered != XSM_OPS_UNREGISTERED )
{
- printk(XENLOG_ERR "Could not verify dummy_xsm_ops structure\n");
+ printk(XENLOG_ERR
+ "Could not init XSM, xsm_ops register already attempted\n");
return -EIO;
}
- xsm_ops = &dummy_xsm_ops;
-
switch ( xsm_bootparam )
{
case XSM_BOOTPARAM_DUMMY:
+ xsm_ops_registered = XSM_OPS_REGISTERED;
break;
case XSM_BOOTPARAM_FLASK:
- flask_init(policy_buffer, policy_size);
+ ops = flask_init(policy_buffer, policy_size);
+ if ( ops )
+ {
+ xsm_ops_registered = XSM_OPS_REGISTERED;
+ xsm_ops = *ops;
+ }
break;
case XSM_BOOTPARAM_SILO:
- silo_init();
+ ops = silo_init();
+ if ( ops )
+ {
+ xsm_ops_registered = XSM_OPS_REGISTERED;
+ xsm_ops = *ops;
+ }
break;
default:
@@ -113,6 +124,22 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
break;
}
+ /*
+ * This handles three cases,
+ * - dummy policy module was selected
+ * - a policy module does not provide all handlers
+ * - a policy module failed to init
+ */
+ xsm_fixup_ops(&xsm_ops);
+
+ if ( xsm_ops_registered != XSM_OPS_REGISTERED )
+ {
+ xsm_ops_registered = XSM_OPS_REG_FAILED;
+ printk(XENLOG_ERR
+ "Could not init XSM, xsm_ops register failed\n");
+ return -EFAULT;
+ }
+
return 0;
}
@@ -195,22 +222,6 @@ bool __init has_xsm_magic(paddr_t start)
}
#endif
-int __init register_xsm(struct xsm_operations *ops)
-{
- if ( verify(ops) )
- {
- printk(XENLOG_ERR "Could not verify xsm_operations structure\n");
- return -EINVAL;
- }
-
- if ( xsm_ops != &dummy_xsm_ops )
- return -EAGAIN;
-
- xsm_ops = ops;
-
- return 0;
-}
-
#endif
long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 06/11] xsm: convert xsm_ops hook calls to alternative call
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
` (4 preceding siblings ...)
2021-09-03 19:06 ` [PATCH v4 05/11] xsm: refactor xsm_ops handling Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 07/11] xsm: decouple xsm header inclusion selection Daniel P. Smith
` (4 subsequent siblings)
10 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Andrew Cooper, Daniel De Graaf
To reduce retpolines convert all the pointer function calls of the
xsm_ops hooks over to the alternative_call infrastructure.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
xen/include/xsm/xsm.h | 193 +++++++++++++++++++++---------------------
1 file changed, 97 insertions(+), 96 deletions(-)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 3888172045..d7ef412874 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -15,6 +15,7 @@
#ifndef __XSM_H__
#define __XSM_H__
+#include <xen/alternative-call.h>
#include <xen/sched.h>
#include <xen/multiboot.h>
@@ -208,56 +209,56 @@ extern struct xsm_ops xsm_ops;
static inline void xsm_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
- xsm_ops.security_domaininfo(d, info);
+ alternative_vcall(xsm_ops.security_domaininfo, d, info);
}
static inline int xsm_domain_create(xsm_default_t def, struct domain *d,
uint32_t ssidref)
{
- return xsm_ops.domain_create(d, ssidref);
+ return alternative_call(xsm_ops.domain_create, d, ssidref);
}
static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d)
{
- return xsm_ops.getdomaininfo(d);
+ return alternative_call(xsm_ops.getdomaininfo, d);
}
static inline int xsm_domctl_scheduler_op(xsm_default_t def, struct domain *d,
int cmd)
{
- return xsm_ops.domctl_scheduler_op(d, cmd);
+ return alternative_call(xsm_ops.domctl_scheduler_op, d, cmd);
}
static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
{
- return xsm_ops.sysctl_scheduler_op(cmd);
+ return alternative_call(xsm_ops.sysctl_scheduler_op, cmd);
}
static inline int xsm_set_target(xsm_default_t def, struct domain *d,
struct domain *e)
{
- return xsm_ops.set_target(d, e);
+ return alternative_call(xsm_ops.set_target, d, e);
}
static inline int xsm_domctl(xsm_default_t def, struct domain *d, int cmd)
{
- return xsm_ops.domctl(d, cmd);
+ return alternative_call(xsm_ops.domctl, d, cmd);
}
static inline int xsm_sysctl(xsm_default_t def, int cmd)
{
- return xsm_ops.sysctl(cmd);
+ return alternative_call(xsm_ops.sysctl, cmd);
}
static inline int xsm_readconsole(xsm_default_t def, uint32_t clear)
{
- return xsm_ops.readconsole(clear);
+ return alternative_call(xsm_ops.readconsole, clear);
}
static inline int xsm_evtchn_unbound(xsm_default_t def, struct domain *d1,
struct evtchn *chn, domid_t id2)
{
- return xsm_ops.evtchn_unbound(d1, chn, id2);
+ return alternative_call(xsm_ops.evtchn_unbound, d1, chn, id2);
}
static inline int xsm_evtchn_interdomain(xsm_default_t def, struct domain *d1,
@@ -265,235 +266,235 @@ static inline int xsm_evtchn_interdomain(xsm_default_t def, struct domain *d1,
struct domain *d2,
struct evtchn *chan2)
{
- return xsm_ops.evtchn_interdomain(d1, chan1, d2, chan2);
+ return alternative_call(xsm_ops.evtchn_interdomain, d1, chan1, d2, chan2);
}
static inline void xsm_evtchn_close_post(struct evtchn *chn)
{
- xsm_ops.evtchn_close_post(chn);
+ alternative_vcall(xsm_ops.evtchn_close_post, chn);
}
static inline int xsm_evtchn_send(xsm_default_t def, struct domain *d,
struct evtchn *chn)
{
- return xsm_ops.evtchn_send(d, chn);
+ return alternative_call(xsm_ops.evtchn_send, d, chn);
}
static inline int xsm_evtchn_status(xsm_default_t def, struct domain *d,
struct evtchn *chn)
{
- return xsm_ops.evtchn_status(d, chn);
+ return alternative_call(xsm_ops.evtchn_status, d, chn);
}
static inline int xsm_evtchn_reset(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.evtchn_reset(d1, d2);
+ return alternative_call(xsm_ops.evtchn_reset, d1, d2);
}
static inline int xsm_grant_mapref(xsm_default_t def, struct domain *d1,
struct domain *d2, uint32_t flags)
{
- return xsm_ops.grant_mapref(d1, d2, flags);
+ return alternative_call(xsm_ops.grant_mapref, d1, d2, flags);
}
static inline int xsm_grant_unmapref(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.grant_unmapref(d1, d2);
+ return alternative_call(xsm_ops.grant_unmapref, d1, d2);
}
static inline int xsm_grant_setup(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.grant_setup(d1, d2);
+ return alternative_call(xsm_ops.grant_setup, d1, d2);
}
static inline int xsm_grant_transfer(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.grant_transfer(d1, d2);
+ return alternative_call(xsm_ops.grant_transfer, d1, d2);
}
static inline int xsm_grant_copy(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.grant_copy(d1, d2);
+ return alternative_call(xsm_ops.grant_copy, d1, d2);
}
static inline int xsm_grant_query_size(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.grant_query_size(d1, d2);
+ return alternative_call(xsm_ops.grant_query_size, d1, d2);
}
static inline int xsm_alloc_security_domain(struct domain *d)
{
- return xsm_ops.alloc_security_domain(d);
+ return alternative_call(xsm_ops.alloc_security_domain, d);
}
static inline void xsm_free_security_domain(struct domain *d)
{
- xsm_ops.free_security_domain(d);
+ alternative_vcall(xsm_ops.free_security_domain, d);
}
static inline int xsm_alloc_security_evtchns(struct evtchn chn[],
unsigned int nr)
{
- return xsm_ops.alloc_security_evtchns(chn, nr);
+ return alternative_call(xsm_ops.alloc_security_evtchns, chn, nr);
}
static inline void xsm_free_security_evtchns(struct evtchn chn[],
unsigned int nr)
{
- xsm_ops.free_security_evtchns(chn, nr);
+ alternative_vcall(xsm_ops.free_security_evtchns, chn, nr);
}
static inline char *xsm_show_security_evtchn(struct domain *d,
const struct evtchn *chn)
{
- return xsm_ops.show_security_evtchn(d, chn);
+ return alternative_call(xsm_ops.show_security_evtchn, d, chn);
}
static inline int xsm_init_hardware_domain(xsm_default_t def, struct domain *d)
{
- return xsm_ops.init_hardware_domain(d);
+ return alternative_call(xsm_ops.init_hardware_domain, d);
}
static inline int xsm_get_pod_target(xsm_default_t def, struct domain *d)
{
- return xsm_ops.get_pod_target(d);
+ return alternative_call(xsm_ops.get_pod_target, d);
}
static inline int xsm_set_pod_target(xsm_default_t def, struct domain *d)
{
- return xsm_ops.set_pod_target(d);
+ return alternative_call(xsm_ops.set_pod_target, d);
}
static inline int xsm_memory_exchange(xsm_default_t def, struct domain *d)
{
- return xsm_ops.memory_exchange(d);
+ return alternative_call(xsm_ops.memory_exchange, d);
}
static inline int xsm_memory_adjust_reservation(xsm_default_t def,
struct domain *d1,
struct domain *d2)
{
- return xsm_ops.memory_adjust_reservation(d1, d2);
+ return alternative_call(xsm_ops.memory_adjust_reservation, d1, d2);
}
static inline int xsm_memory_stat_reservation(xsm_default_t def,
struct domain *d1,
struct domain *d2)
{
- return xsm_ops.memory_stat_reservation(d1, d2);
+ return alternative_call(xsm_ops.memory_stat_reservation, d1, d2);
}
static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1,
struct domain *d2, struct page_info *page)
{
- return xsm_ops.memory_pin_page(d1, d2, page);
+ return alternative_call(xsm_ops.memory_pin_page, d1, d2, page);
}
static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.add_to_physmap(d1, d2);
+ return alternative_call(xsm_ops.add_to_physmap, d1, d2);
}
static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.remove_from_physmap(d1, d2);
+ return alternative_call(xsm_ops.remove_from_physmap, d1, d2);
}
static inline int xsm_map_gmfn_foreign(xsm_default_t def, struct domain *d,
struct domain *t)
{
- return xsm_ops.map_gmfn_foreign(d, t);
+ return alternative_call(xsm_ops.map_gmfn_foreign, d, t);
}
static inline int xsm_claim_pages(xsm_default_t def, struct domain *d)
{
- return xsm_ops.claim_pages(d);
+ return alternative_call(xsm_ops.claim_pages, d);
}
static inline int xsm_console_io(xsm_default_t def, struct domain *d, int cmd)
{
- return xsm_ops.console_io(d, cmd);
+ return alternative_call(xsm_ops.console_io, d, cmd);
}
static inline int xsm_profile(xsm_default_t def, struct domain *d, int op)
{
- return xsm_ops.profile(d, op);
+ return alternative_call(xsm_ops.profile, d, op);
}
static inline int xsm_kexec(xsm_default_t def)
{
- return xsm_ops.kexec();
+ return alternative_call(xsm_ops.kexec);
}
static inline int xsm_schedop_shutdown(xsm_default_t def, struct domain *d1,
struct domain *d2)
{
- return xsm_ops.schedop_shutdown(d1, d2);
+ return alternative_call(xsm_ops.schedop_shutdown, d1, d2);
}
static inline char *xsm_show_irq_sid(int irq)
{
- return xsm_ops.show_irq_sid(irq);
+ return alternative_call(xsm_ops.show_irq_sid, irq);
}
static inline int xsm_map_domain_pirq(xsm_default_t def, struct domain *d)
{
- return xsm_ops.map_domain_pirq(d);
+ return alternative_call(xsm_ops.map_domain_pirq, d);
}
static inline int xsm_map_domain_irq(xsm_default_t def, struct domain *d,
int irq, void *data)
{
- return xsm_ops.map_domain_irq(d, irq, data);
+ return alternative_call(xsm_ops.map_domain_irq, d, irq, data);
}
static inline int xsm_unmap_domain_pirq(xsm_default_t def, struct domain *d)
{
- return xsm_ops.unmap_domain_pirq(d);
+ return alternative_call(xsm_ops.unmap_domain_pirq, d);
}
static inline int xsm_unmap_domain_irq(xsm_default_t def, struct domain *d,
int irq, void *data)
{
- return xsm_ops.unmap_domain_irq(d, irq, data);
+ return alternative_call(xsm_ops.unmap_domain_irq, d, irq, data);
}
static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d,
struct xen_domctl_bind_pt_irq *bind)
{
- return xsm_ops.bind_pt_irq(d, bind);
+ return alternative_call(xsm_ops.bind_pt_irq, d, bind);
}
static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d,
struct xen_domctl_bind_pt_irq *bind)
{
- return xsm_ops.unbind_pt_irq(d, bind);
+ return alternative_call(xsm_ops.unbind_pt_irq, d, bind);
}
static inline int xsm_irq_permission(xsm_default_t def, struct domain *d,
int pirq, uint8_t allow)
{
- return xsm_ops.irq_permission(d, pirq, allow);
+ return alternative_call(xsm_ops.irq_permission, d, pirq, allow);
}
static inline int xsm_iomem_permission(xsm_default_t def, struct domain *d,
uint64_t s, uint64_t e, uint8_t allow)
{
- return xsm_ops.iomem_permission(d, s, e, allow);
+ return alternative_call(xsm_ops.iomem_permission, d, s, e, allow);
}
static inline int xsm_iomem_mapping(xsm_default_t def, struct domain *d,
uint64_t s, uint64_t e, uint8_t allow)
{
- return xsm_ops.iomem_mapping(d, s, e, allow);
+ return alternative_call(xsm_ops.iomem_mapping, d, s, e, allow);
}
static inline int xsm_pci_config_permission(xsm_default_t def, struct domain *d,
@@ -501,25 +502,25 @@ static inline int xsm_pci_config_permission(xsm_default_t def, struct domain *d,
uint16_t start, uint16_t end,
uint8_t access)
{
- return xsm_ops.pci_config_permission(d, machine_bdf, start, end, access);
+ return alternative_call(xsm_ops.pci_config_permission, d, machine_bdf, start, end, access);
}
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf)
{
- return xsm_ops.get_device_group(machine_bdf);
+ return alternative_call(xsm_ops.get_device_group, machine_bdf);
}
static inline int xsm_assign_device(xsm_default_t def, struct domain *d,
uint32_t machine_bdf)
{
- return xsm_ops.assign_device(d, machine_bdf);
+ return alternative_call(xsm_ops.assign_device, d, machine_bdf);
}
static inline int xsm_deassign_device(xsm_default_t def, struct domain *d,
uint32_t machine_bdf)
{
- return xsm_ops.deassign_device(d, machine_bdf);
+ return alternative_call(xsm_ops.deassign_device, d, machine_bdf);
}
#endif /* HAS_PASSTHROUGH && HAS_PCI) */
@@ -527,62 +528,62 @@ static inline int xsm_deassign_device(xsm_default_t def, struct domain *d,
static inline int xsm_assign_dtdevice(xsm_default_t def, struct domain *d,
const char *dtpath)
{
- return xsm_ops.assign_dtdevice(d, dtpath);
+ return alternative_call(xsm_ops.assign_dtdevice, d, dtpath);
}
static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d,
const char *dtpath)
{
- return xsm_ops.deassign_dtdevice(d, dtpath);
+ return alternative_call(xsm_ops.deassign_dtdevice, d, dtpath);
}
#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
static inline int xsm_resource_plug_pci(xsm_default_t def, uint32_t machine_bdf)
{
- return xsm_ops.resource_plug_pci(machine_bdf);
+ return alternative_call(xsm_ops.resource_plug_pci, machine_bdf);
}
static inline int xsm_resource_unplug_pci(xsm_default_t def,
uint32_t machine_bdf)
{
- return xsm_ops.resource_unplug_pci(machine_bdf);
+ return alternative_call(xsm_ops.resource_unplug_pci, machine_bdf);
}
static inline int xsm_resource_plug_core(xsm_default_t def)
{
- return xsm_ops.resource_plug_core();
+ return alternative_call(xsm_ops.resource_plug_core);
}
static inline int xsm_resource_unplug_core(xsm_default_t def)
{
- return xsm_ops.resource_unplug_core();
+ return alternative_call(xsm_ops.resource_unplug_core);
}
static inline int xsm_resource_setup_pci(xsm_default_t def,
uint32_t machine_bdf)
{
- return xsm_ops.resource_setup_pci(machine_bdf);
+ return alternative_call(xsm_ops.resource_setup_pci, machine_bdf);
}
static inline int xsm_resource_setup_gsi(xsm_default_t def, int gsi)
{
- return xsm_ops.resource_setup_gsi(gsi);
+ return alternative_call(xsm_ops.resource_setup_gsi, gsi);
}
static inline int xsm_resource_setup_misc(xsm_default_t def)
{
- return xsm_ops.resource_setup_misc();
+ return alternative_call(xsm_ops.resource_setup_misc);
}
static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd)
{
- return xsm_ops.page_offline(cmd);
+ return alternative_call(xsm_ops.page_offline, cmd);
}
static inline int xsm_hypfs_op(xsm_default_t def)
{
- return xsm_ops.hypfs_op();
+ return alternative_call(xsm_ops.hypfs_op);
}
static inline long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
@@ -600,112 +601,112 @@ static inline int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
static inline int xsm_hvm_param(xsm_default_t def, struct domain *d,
unsigned long op)
{
- return xsm_ops.hvm_param(d, op);
+ return alternative_call(xsm_ops.hvm_param, d, op);
}
static inline int xsm_hvm_control(xsm_default_t def, struct domain *d,
unsigned long op)
{
- return xsm_ops.hvm_control(d, op);
+ return alternative_call(xsm_ops.hvm_control, d, op);
}
static inline int xsm_hvm_param_altp2mhvm(xsm_default_t def, struct domain *d)
{
- return xsm_ops.hvm_param_altp2mhvm(d);
+ return alternative_call(xsm_ops.hvm_param_altp2mhvm, d);
}
static inline int xsm_hvm_altp2mhvm_op(xsm_default_t def, struct domain *d,
uint64_t mode, uint32_t op)
{
- return xsm_ops.hvm_altp2mhvm_op(d, mode, op);
+ return alternative_call(xsm_ops.hvm_altp2mhvm_op, d, mode, op);
}
static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d)
{
- return xsm_ops.get_vnumainfo(d);
+ return alternative_call(xsm_ops.get_vnumainfo, d);
}
static inline int xsm_vm_event_control(xsm_default_t def, struct domain *d,
int mode, int op)
{
- return xsm_ops.vm_event_control(d, mode, op);
+ return alternative_call(xsm_ops.vm_event_control, d, mode, op);
}
#ifdef CONFIG_MEM_ACCESS
static inline int xsm_mem_access(xsm_default_t def, struct domain *d)
{
- return xsm_ops.mem_access(d);
+ return alternative_call(xsm_ops.mem_access, d);
}
#endif
#ifdef CONFIG_MEM_PAGING
static inline int xsm_mem_paging(xsm_default_t def, struct domain *d)
{
- return xsm_ops.mem_paging(d);
+ return alternative_call(xsm_ops.mem_paging, d);
}
#endif
#ifdef CONFIG_MEM_SHARING
static inline int xsm_mem_sharing(xsm_default_t def, struct domain *d)
{
- return xsm_ops.mem_sharing(d);
+ return alternative_call(xsm_ops.mem_sharing, d);
}
#endif
static inline int xsm_platform_op(xsm_default_t def, uint32_t op)
{
- return xsm_ops.platform_op(op);
+ return alternative_call(xsm_ops.platform_op, op);
}
#ifdef CONFIG_X86
static inline int xsm_do_mca(xsm_default_t def)
{
- return xsm_ops.do_mca();
+ return alternative_call(xsm_ops.do_mca);
}
static inline int xsm_shadow_control(xsm_default_t def, struct domain *d,
uint32_t op)
{
- return xsm_ops.shadow_control(d, op);
+ return alternative_call(xsm_ops.shadow_control, d, op);
}
static inline int xsm_mem_sharing_op(xsm_default_t def, struct domain *d,
struct domain *cd, int op)
{
- return xsm_ops.mem_sharing_op(d, cd, op);
+ return alternative_call(xsm_ops.mem_sharing_op, d, cd, op);
}
static inline int xsm_apic(xsm_default_t def, struct domain *d, int cmd)
{
- return xsm_ops.apic(d, cmd);
+ return alternative_call(xsm_ops.apic, d, cmd);
}
static inline int xsm_memtype(xsm_default_t def, uint32_t access)
{
- return xsm_ops.memtype(access);
+ return alternative_call(xsm_ops.memtype, access);
}
static inline int xsm_machine_memory_map(xsm_default_t def)
{
- return xsm_ops.machine_memory_map();
+ return alternative_call(xsm_ops.machine_memory_map);
}
static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d)
{
- return xsm_ops.domain_memory_map(d);
+ return alternative_call(xsm_ops.domain_memory_map, d);
}
static inline int xsm_mmu_update(xsm_default_t def, struct domain *d,
struct domain *t, struct domain *f,
uint32_t flags)
{
- return xsm_ops.mmu_update(d, t, f, flags);
+ return alternative_call(xsm_ops.mmu_update, d, t, f, flags);
}
static inline int xsm_mmuext_op(xsm_default_t def, struct domain *d,
struct domain *f)
{
- return xsm_ops.mmuext_op(d, f);
+ return alternative_call(xsm_ops.mmuext_op, d, f);
}
static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d,
@@ -717,64 +718,64 @@ static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d,
static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d,
struct domain *t)
{
- return xsm_ops.priv_mapping(d, t);
+ return alternative_call(xsm_ops.priv_mapping, d, t);
}
static inline int xsm_ioport_permission(xsm_default_t def, struct domain *d,
uint32_t s, uint32_t e, uint8_t allow)
{
- return xsm_ops.ioport_permission(d, s, e, allow);
+ return alternative_call(xsm_ops.ioport_permission, d, s, e, allow);
}
static inline int xsm_ioport_mapping(xsm_default_t def, struct domain *d,
uint32_t s, uint32_t e, uint8_t allow)
{
- return xsm_ops.ioport_mapping(d, s, e, allow);
+ return alternative_call(xsm_ops.ioport_mapping, d, s, e, allow);
}
static inline int xsm_pmu_op(xsm_default_t def, struct domain *d,
unsigned int op)
{
- return xsm_ops.pmu_op(d, op);
+ return alternative_call(xsm_ops.pmu_op, d, op);
}
#endif /* CONFIG_X86 */
static inline int xsm_dm_op(xsm_default_t def, struct domain *d)
{
- return xsm_ops.dm_op(d);
+ return alternative_call(xsm_ops.dm_op, d);
}
static inline int xsm_xen_version(xsm_default_t def, uint32_t op)
{
- return xsm_ops.xen_version(op);
+ return alternative_call(xsm_ops.xen_version, op);
}
static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d)
{
- return xsm_ops.domain_resource_map(d);
+ return alternative_call(xsm_ops.domain_resource_map, d);
}
#ifdef CONFIG_ARGO
static inline int xsm_argo_enable(const struct domain *d)
{
- return xsm_ops.argo_enable(d);
+ return alternative_call(xsm_ops.argo_enable, d);
}
static inline int xsm_argo_register_single_source(const struct domain *d,
const struct domain *t)
{
- return xsm_ops.argo_register_single_source(d, t);
+ return alternative_call(xsm_ops.argo_register_single_source, d, t);
}
static inline int xsm_argo_register_any_source(const struct domain *d)
{
- return xsm_ops.argo_register_any_source(d);
+ return alternative_call(xsm_ops.argo_register_any_source, d);
}
static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
{
- return xsm_ops.argo_send(d, t);
+ return alternative_call(xsm_ops.argo_send, d, t);
}
#endif /* CONFIG_ARGO */
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 07/11] xsm: decouple xsm header inclusion selection
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
` (5 preceding siblings ...)
2021-09-03 19:06 ` [PATCH v4 06/11] xsm: convert xsm_ops hook calls to alternative call Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-06 18:47 ` Andrew Cooper
2021-09-03 19:06 ` [PATCH v4 08/11] xsm: drop generic event channel labeling exclusion Daniel P. Smith
` (3 subsequent siblings)
10 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
Multiple preprocessor defines were used as a mechanism to selective include
parts of the xsm.h header file. This makes it difficult to know which portion
is being included at any one time. This commit works to simplify this by
separating the core structures and functions of XSM into xsm-core.h away from
the wrapper functions which remain in xsm.h and dummy.h.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/include/xsm/dummy.h | 2 +-
xen/include/xsm/xsm-core.h | 274 +++++++++++++++++++++++++++++++++++++
xen/include/xsm/xsm.h | 255 +---------------------------------
xen/xsm/dummy.c | 1 -
xen/xsm/silo.c | 1 -
xen/xsm/xsm_core.c | 5 +
6 files changed, 281 insertions(+), 257 deletions(-)
create mode 100644 xen/include/xsm/xsm-core.h
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index deaf23035e..78d0b7d07a 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -16,7 +16,7 @@
*/
#include <xen/sched.h>
-#include <xsm/xsm.h>
+#include <xsm/xsm-core.h>
#include <public/hvm/params.h>
/* Cannot use BUILD_BUG_ON here because the expressions we check are not
diff --git a/xen/include/xsm/xsm-core.h b/xen/include/xsm/xsm-core.h
new file mode 100644
index 0000000000..4555e111dc
--- /dev/null
+++ b/xen/include/xsm/xsm-core.h
@@ -0,0 +1,274 @@
+/*
+ * This file contains the XSM hook definitions for Xen.
+ *
+ * This work is based on the LSM implementation in Linux 2.6.13.4.
+ *
+ * Author: George Coker, <gscoker@alpha.ncsc.mil>
+ *
+ * Contributors: Michael LeMay, <mdlemay@epoch.ncsc.mil>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+
+#ifndef __XSM_CORE_H__
+#define __XSM_CORE_H__
+
+#include <xen/sched.h>
+#include <xen/multiboot.h>
+
+/* policy magic number (defined by XSM_MAGIC) */
+typedef uint32_t xsm_magic_t;
+
+#ifdef CONFIG_XSM_FLASK
+#define XSM_MAGIC 0xf97cff8c
+#else
+#define XSM_MAGIC 0x0
+#endif
+
+/* These annotations are used by callers and in dummy.h to document the
+ * default actions of XSM hooks. They should be compiled out otherwise.
+ */
+enum xsm_default {
+ /* Guests can normally access the hypercall */
+ XSM_HOOK,
+ /* Device model can perform on its target domain */
+ XSM_DM_PRIV,
+ /* Can perform on self or your target domain */
+ XSM_TARGET,
+ /* Privileged - normally restricted to dom0 */
+ XSM_PRIV,
+ /* Xenstore domain - can do some privileged operations */
+ XSM_XS_PRIV,
+ /* Something more complex */
+ XSM_OTHER
+};
+typedef enum xsm_default xsm_default_t;
+
+struct xsm_ops {
+ void (*security_domaininfo)(struct domain *d,
+ struct xen_domctl_getdomaininfo *info);
+ int (*domain_create)(struct domain *d, uint32_t ssidref);
+ int (*getdomaininfo)(struct domain *d);
+ int (*domctl_scheduler_op)(struct domain *d, int op);
+ int (*sysctl_scheduler_op)(int op);
+ int (*set_target)(struct domain *d, struct domain *e);
+ int (*domctl)(struct domain *d, int cmd);
+ int (*sysctl)(int cmd);
+ int (*readconsole)(uint32_t clear);
+
+ int (*evtchn_unbound)(struct domain *d, struct evtchn *chn, domid_t id2);
+ int (*evtchn_interdomain)(struct domain *d1, struct evtchn *chn1,
+ struct domain *d2, struct evtchn *chn2);
+ void (*evtchn_close_post)(struct evtchn *chn);
+ int (*evtchn_send)(struct domain *d, struct evtchn *chn);
+ int (*evtchn_status)(struct domain *d, struct evtchn *chn);
+ int (*evtchn_reset)(struct domain *d1, struct domain *d2);
+
+ int (*grant_mapref)(struct domain *d1, struct domain *d2, uint32_t flags);
+ int (*grant_unmapref)(struct domain *d1, struct domain *d2);
+ int (*grant_setup)(struct domain *d1, struct domain *d2);
+ int (*grant_transfer)(struct domain *d1, struct domain *d2);
+ int (*grant_copy)(struct domain *d1, struct domain *d2);
+ int (*grant_query_size)(struct domain *d1, struct domain *d2);
+
+ int (*alloc_security_domain)(struct domain *d);
+ void (*free_security_domain)(struct domain *d);
+ int (*alloc_security_evtchns)(struct evtchn chn[], unsigned int nr);
+ void (*free_security_evtchns)(struct evtchn chn[], unsigned int nr);
+ char *(*show_security_evtchn)(struct domain *d, const struct evtchn *chn);
+ int (*init_hardware_domain)(struct domain *d);
+
+ int (*get_pod_target)(struct domain *d);
+ int (*set_pod_target)(struct domain *d);
+ int (*memory_exchange)(struct domain *d);
+ int (*memory_adjust_reservation)(struct domain *d1, struct domain *d2);
+ int (*memory_stat_reservation)(struct domain *d1, struct domain *d2);
+ int (*memory_pin_page)(struct domain *d1, struct domain *d2,
+ struct page_info *page);
+ int (*add_to_physmap)(struct domain *d1, struct domain *d2);
+ int (*remove_from_physmap)(struct domain *d1, struct domain *d2);
+ int (*map_gmfn_foreign)(struct domain *d, struct domain *t);
+ int (*claim_pages)(struct domain *d);
+
+ int (*console_io)(struct domain *d, int cmd);
+
+ int (*profile)(struct domain *d, int op);
+
+ int (*kexec)(void);
+ int (*schedop_shutdown)(struct domain *d1, struct domain *d2);
+
+ char *(*show_irq_sid)(int irq);
+ int (*map_domain_pirq)(struct domain *d);
+ int (*map_domain_irq)(struct domain *d, int irq, const void *data);
+ int (*unmap_domain_pirq)(struct domain *d);
+ int (*unmap_domain_irq)(struct domain *d, int irq, const void *data);
+ int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
+ int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
+ int (*irq_permission)(struct domain *d, int pirq, uint8_t allow);
+ int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e,
+ uint8_t allow);
+ int (*iomem_mapping)(struct domain *d, uint64_t s, uint64_t e,
+ uint8_t allow);
+ int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
+ uint16_t start, uint16_t end, uint8_t access);
+
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
+ int (*get_device_group)(uint32_t machine_bdf);
+ int (*assign_device)(struct domain *d, uint32_t machine_bdf);
+ int (*deassign_device)(struct domain *d, uint32_t machine_bdf);
+#endif
+
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE)
+ int (*assign_dtdevice)(struct domain *d, const char *dtpath);
+ int (*deassign_dtdevice)(struct domain *d, const char *dtpath);
+#endif
+
+ int (*resource_plug_core)(void);
+ int (*resource_unplug_core)(void);
+ int (*resource_plug_pci)(uint32_t machine_bdf);
+ int (*resource_unplug_pci)(uint32_t machine_bdf);
+ int (*resource_setup_pci)(uint32_t machine_bdf);
+ int (*resource_setup_gsi)(int gsi);
+ int (*resource_setup_misc)(void);
+
+ int (*page_offline)(uint32_t cmd);
+ int (*hypfs_op)(void);
+
+ long (*do_xsm_op)(XEN_GUEST_HANDLE_PARAM(void) op);
+#ifdef CONFIG_COMPAT
+ int (*do_compat_op)(XEN_GUEST_HANDLE_PARAM(void) op);
+#endif
+
+ int (*hvm_param)(struct domain *d, unsigned long op);
+ int (*hvm_control)(struct domain *d, unsigned long op);
+ int (*hvm_param_altp2mhvm)(struct domain *d);
+ int (*hvm_altp2mhvm_op)(struct domain *d, uint64_t mode, uint32_t op);
+ int (*get_vnumainfo)(struct domain *d);
+
+ int (*vm_event_control)(struct domain *d, int mode, int op);
+
+#ifdef CONFIG_MEM_ACCESS
+ int (*mem_access)(struct domain *d);
+#endif
+
+#ifdef CONFIG_MEM_PAGING
+ int (*mem_paging)(struct domain *d);
+#endif
+
+#ifdef CONFIG_MEM_SHARING
+ int (*mem_sharing)(struct domain *d);
+#endif
+
+ int (*platform_op)(uint32_t cmd);
+
+#ifdef CONFIG_X86
+ int (*do_mca)(void);
+ int (*shadow_control)(struct domain *d, uint32_t op);
+ int (*mem_sharing_op)(struct domain *d, struct domain *cd, int op);
+ int (*apic)(struct domain *d, int cmd);
+ int (*memtype)(uint32_t access);
+ int (*machine_memory_map)(void);
+ int (*domain_memory_map)(struct domain *d);
+#define XSM_MMU_UPDATE_READ 1
+#define XSM_MMU_UPDATE_WRITE 2
+#define XSM_MMU_NORMAL_UPDATE 4
+#define XSM_MMU_MACHPHYS_UPDATE 8
+ int (*mmu_update)(struct domain *d, struct domain *t,
+ struct domain *f, uint32_t flags);
+ int (*mmuext_op)(struct domain *d, struct domain *f);
+ int (*update_va_mapping)(struct domain *d, struct domain *f,
+ l1_pgentry_t pte);
+ int (*priv_mapping)(struct domain *d, struct domain *t);
+ int (*ioport_permission)(struct domain *d, uint32_t s, uint32_t e,
+ uint8_t allow);
+ int (*ioport_mapping)(struct domain *d, uint32_t s, uint32_t e,
+ uint8_t allow);
+ int (*pmu_op)(struct domain *d, unsigned int op);
+#endif
+
+ int (*dm_op)(struct domain *d);
+
+ int (*xen_version)(uint32_t cmd);
+
+ int (*domain_resource_map)(struct domain *d);
+
+#ifdef CONFIG_ARGO
+ int (*argo_enable)(const struct domain *d);
+ int (*argo_register_single_source)(const struct domain *d,
+ const struct domain *t);
+ int (*argo_register_any_source)(const struct domain *d);
+ int (*argo_send)(const struct domain *d, const struct domain *t);
+#endif
+};
+
+void xsm_fixup_ops(struct xsm_ops *ops);
+
+#ifdef CONFIG_XSM
+
+#ifdef CONFIG_MULTIBOOT
+int xsm_multiboot_init(unsigned long *module_map,
+ const multiboot_info_t *mbi);
+int xsm_multiboot_policy_init(unsigned long *module_map,
+ const multiboot_info_t *mbi,
+ void **policy_buffer,
+ size_t *policy_size);
+#endif
+
+#ifdef CONFIG_HAS_DEVICE_TREE
+/*
+ * Initialize XSM
+ *
+ * On success, return 1 if using SILO mode else 0.
+ */
+int xsm_dt_init(void);
+int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size);
+bool has_xsm_magic(paddr_t);
+#endif
+
+#ifdef CONFIG_XSM_FLASK
+const struct xsm_ops *flask_init(const void *policy_buffer,
+ size_t policy_size);
+#else
+static inline const struct xsm_ops *flask_init(const void *policy_buffer,
+ size_t policy_size)
+{
+ return NULL;
+}
+#endif
+
+#ifdef CONFIG_XSM_SILO
+const struct xsm_ops *silo_init(void);
+#else
+static const inline struct xsm_ops *silo_init(void)
+{
+ return NULL;
+}
+#endif
+
+#else /* CONFIG_XSM */
+
+#ifdef CONFIG_MULTIBOOT
+static inline int xsm_multiboot_init(unsigned long *module_map,
+ const multiboot_info_t *mbi)
+{
+ return 0;
+}
+#endif
+
+#ifdef CONFIG_HAS_DEVICE_TREE
+static inline int xsm_dt_init(void)
+{
+ return 0;
+}
+
+static inline bool has_xsm_magic(paddr_t start)
+{
+ return false;
+}
+#endif /* CONFIG_HAS_DEVICE_TREE */
+
+#endif /* CONFIG_XSM */
+
+#endif /* __XSM_CORE_H */
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index d7ef412874..1517443173 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -18,194 +18,12 @@
#include <xen/alternative-call.h>
#include <xen/sched.h>
#include <xen/multiboot.h>
-
-/* policy magic number (defined by XSM_MAGIC) */
-typedef uint32_t xsm_magic_t;
-
-#ifdef CONFIG_XSM_FLASK
-#define XSM_MAGIC 0xf97cff8c
-#else
-#define XSM_MAGIC 0x0
-#endif
-
-/* These annotations are used by callers and in dummy.h to document the
- * default actions of XSM hooks. They should be compiled out otherwise.
- */
-enum xsm_default {
- /* Guests can normally access the hypercall */
- XSM_HOOK,
- /* Device model can perform on its target domain */
- XSM_DM_PRIV,
- /* Can perform on self or your target domain */
- XSM_TARGET,
- /* Privileged - normally restricted to dom0 */
- XSM_PRIV,
- /* Xenstore domain - can do some privileged operations */
- XSM_XS_PRIV,
- /* Something more complex */
- XSM_OTHER
-};
-typedef enum xsm_default xsm_default_t;
-
-struct xsm_ops {
- void (*security_domaininfo)(struct domain *d,
- struct xen_domctl_getdomaininfo *info);
- int (*domain_create)(struct domain *d, uint32_t ssidref);
- int (*getdomaininfo)(struct domain *d);
- int (*domctl_scheduler_op)(struct domain *d, int op);
- int (*sysctl_scheduler_op)(int op);
- int (*set_target)(struct domain *d, struct domain *e);
- int (*domctl)(struct domain *d, int cmd);
- int (*sysctl)(int cmd);
- int (*readconsole)(uint32_t clear);
-
- int (*evtchn_unbound)(struct domain *d, struct evtchn *chn, domid_t id2);
- int (*evtchn_interdomain)(struct domain *d1, struct evtchn *chn1,
- struct domain *d2, struct evtchn *chn2);
- void (*evtchn_close_post)(struct evtchn *chn);
- int (*evtchn_send)(struct domain *d, struct evtchn *chn);
- int (*evtchn_status)(struct domain *d, struct evtchn *chn);
- int (*evtchn_reset)(struct domain *d1, struct domain *d2);
-
- int (*grant_mapref)(struct domain *d1, struct domain *d2, uint32_t flags);
- int (*grant_unmapref)(struct domain *d1, struct domain *d2);
- int (*grant_setup)(struct domain *d1, struct domain *d2);
- int (*grant_transfer)(struct domain *d1, struct domain *d2);
- int (*grant_copy)(struct domain *d1, struct domain *d2);
- int (*grant_query_size)(struct domain *d1, struct domain *d2);
-
- int (*alloc_security_domain)(struct domain *d);
- void (*free_security_domain)(struct domain *d);
- int (*alloc_security_evtchns)(struct evtchn chn[], unsigned int nr);
- void (*free_security_evtchns)(struct evtchn chn[], unsigned int nr);
- char *(*show_security_evtchn)(struct domain *d, const struct evtchn *chn);
- int (*init_hardware_domain)(struct domain *d);
-
- int (*get_pod_target)(struct domain *d);
- int (*set_pod_target)(struct domain *d);
- int (*memory_exchange)(struct domain *d);
- int (*memory_adjust_reservation)(struct domain *d1, struct domain *d2);
- int (*memory_stat_reservation)(struct domain *d1, struct domain *d2);
- int (*memory_pin_page)(struct domain *d1, struct domain *d2,
- struct page_info *page);
- int (*add_to_physmap)(struct domain *d1, struct domain *d2);
- int (*remove_from_physmap)(struct domain *d1, struct domain *d2);
- int (*map_gmfn_foreign)(struct domain *d, struct domain *t);
- int (*claim_pages)(struct domain *d);
-
- int (*console_io)(struct domain *d, int cmd);
-
- int (*profile)(struct domain *d, int op);
-
- int (*kexec)(void);
- int (*schedop_shutdown)(struct domain *d1, struct domain *d2);
-
- char *(*show_irq_sid)(int irq);
- int (*map_domain_pirq)(struct domain *d);
- int (*map_domain_irq)(struct domain *d, int irq, const void *data);
- int (*unmap_domain_pirq)(struct domain *d);
- int (*unmap_domain_irq)(struct domain *d, int irq, const void *data);
- int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
- int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
- int (*irq_permission)(struct domain *d, int pirq, uint8_t allow);
- int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e,
- uint8_t allow);
- int (*iomem_mapping)(struct domain *d, uint64_t s, uint64_t e,
- uint8_t allow);
- int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
- uint16_t start, uint16_t end, uint8_t access);
-
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
- int (*get_device_group)(uint32_t machine_bdf);
- int (*assign_device)(struct domain *d, uint32_t machine_bdf);
- int (*deassign_device)(struct domain *d, uint32_t machine_bdf);
-#endif
-
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE)
- int (*assign_dtdevice)(struct domain *d, const char *dtpath);
- int (*deassign_dtdevice)(struct domain *d, const char *dtpath);
-#endif
-
- int (*resource_plug_core)(void);
- int (*resource_unplug_core)(void);
- int (*resource_plug_pci)(uint32_t machine_bdf);
- int (*resource_unplug_pci)(uint32_t machine_bdf);
- int (*resource_setup_pci)(uint32_t machine_bdf);
- int (*resource_setup_gsi)(int gsi);
- int (*resource_setup_misc)(void);
-
- int (*page_offline)(uint32_t cmd);
- int (*hypfs_op)(void);
-
- long (*do_xsm_op)(XEN_GUEST_HANDLE_PARAM(void) op);
-#ifdef CONFIG_COMPAT
- int (*do_compat_op)(XEN_GUEST_HANDLE_PARAM(void) op);
-#endif
-
- int (*hvm_param)(struct domain *d, unsigned long op);
- int (*hvm_control)(struct domain *d, unsigned long op);
- int (*hvm_param_altp2mhvm)(struct domain *d);
- int (*hvm_altp2mhvm_op)(struct domain *d, uint64_t mode, uint32_t op);
- int (*get_vnumainfo)(struct domain *d);
-
- int (*vm_event_control)(struct domain *d, int mode, int op);
-
-#ifdef CONFIG_MEM_ACCESS
- int (*mem_access)(struct domain *d);
-#endif
-
-#ifdef CONFIG_MEM_PAGING
- int (*mem_paging)(struct domain *d);
-#endif
-
-#ifdef CONFIG_MEM_SHARING
- int (*mem_sharing)(struct domain *d);
-#endif
-
- int (*platform_op)(uint32_t cmd);
-
-#ifdef CONFIG_X86
- int (*do_mca)(void);
- int (*shadow_control)(struct domain *d, uint32_t op);
- int (*mem_sharing_op)(struct domain *d, struct domain *cd, int op);
- int (*apic)(struct domain *d, int cmd);
- int (*memtype)(uint32_t access);
- int (*machine_memory_map)(void);
- int (*domain_memory_map)(struct domain *d);
-#define XSM_MMU_UPDATE_READ 1
-#define XSM_MMU_UPDATE_WRITE 2
-#define XSM_MMU_NORMAL_UPDATE 4
-#define XSM_MMU_MACHPHYS_UPDATE 8
- int (*mmu_update)(struct domain *d, struct domain *t,
- struct domain *f, uint32_t flags);
- int (*mmuext_op)(struct domain *d, struct domain *f);
- int (*update_va_mapping)(struct domain *d, struct domain *f,
- l1_pgentry_t pte);
- int (*priv_mapping)(struct domain *d, struct domain *t);
- int (*ioport_permission)(struct domain *d, uint32_t s, uint32_t e,
- uint8_t allow);
- int (*ioport_mapping)(struct domain *d, uint32_t s, uint32_t e,
- uint8_t allow);
- int (*pmu_op)(struct domain *d, unsigned int op);
-#endif
- int (*dm_op)(struct domain *d);
- int (*xen_version)(uint32_t cmd);
- int (*domain_resource_map)(struct domain *d);
-#ifdef CONFIG_ARGO
- int (*argo_enable)(const struct domain *d);
- int (*argo_register_single_source)(const struct domain *d,
- const struct domain *t);
- int (*argo_register_any_source)(const struct domain *d);
- int (*argo_send)(const struct domain *d, const struct domain *t);
-#endif
-};
+#include <xsm/xsm-core.h>
#ifdef CONFIG_XSM
extern struct xsm_ops xsm_ops;
-#ifndef XSM_NO_WRAPPERS
-
static inline void xsm_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
@@ -780,81 +598,10 @@ static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
#endif /* CONFIG_ARGO */
-#endif /* XSM_NO_WRAPPERS */
-
-#ifdef CONFIG_MULTIBOOT
-int xsm_multiboot_init(unsigned long *module_map,
- const multiboot_info_t *mbi);
-int xsm_multiboot_policy_init(unsigned long *module_map,
- const multiboot_info_t *mbi,
- void **policy_buffer,
- size_t *policy_size);
-#endif
-
-#ifdef CONFIG_HAS_DEVICE_TREE
-/*
- * Initialize XSM
- *
- * On success, return 1 if using SILO mode else 0.
- */
-int xsm_dt_init(void);
-int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size);
-bool has_xsm_magic(paddr_t);
-#endif
-
-extern struct xsm_ops dummy_xsm_ops;
-
-void xsm_fixup_ops(struct xsm_ops *ops);
-
-#ifdef CONFIG_XSM_FLASK
-extern const struct xsm_ops *flask_init(const void *policy_buffer,
- size_t policy_size);
-#else
-static const inline struct xsm_ops *flask_init(const void *policy_buffer,
- size_t policy_size)
-{
- return NULL;
-}
-#endif
-
-#ifdef CONFIG_XSM_FLASK_POLICY
-extern const unsigned char xsm_flask_init_policy[];
-extern const unsigned int xsm_flask_init_policy_size;
-#endif
-
-#ifdef CONFIG_XSM_SILO
-extern const struct xsm_ops *silo_init(void);
-#else
-static const inline struct xsm_ops *silo_init(void)
-{
- return NULL;
-}
-#endif
-
#else /* CONFIG_XSM */
#include <xsm/dummy.h>
-#ifdef CONFIG_MULTIBOOT
-static inline int xsm_multiboot_init (unsigned long *module_map,
- const multiboot_info_t *mbi)
-{
- return 0;
-}
-#endif
-
-#ifdef CONFIG_HAS_DEVICE_TREE
-static inline int xsm_dt_init(void)
-{
- return 0;
-}
-
-static inline bool has_xsm_magic(paddr_t start)
-{
- return false;
-}
-#endif /* CONFIG_HAS_DEVICE_TREE */
-
#endif /* CONFIG_XSM */
#endif /* __XSM_H */
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index d8c935328e..b848580eaa 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -10,7 +10,6 @@
* as published by the Free Software Foundation.
*/
-#define XSM_NO_WRAPPERS
#include <xsm/dummy.h>
#define set_to_dummy_if_null(ops, function) \
diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c
index 3550dded7b..6db793f35c 100644
--- a/xen/xsm/silo.c
+++ b/xen/xsm/silo.c
@@ -17,7 +17,6 @@
* You should have received a copy of the GNU General Public License along with
* this program; If not, see <http://www.gnu.org/licenses/>.
*/
-#define XSM_NO_WRAPPERS
#include <xsm/dummy.h>
/*
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 859af3fe9a..112d11fa6a 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -32,6 +32,11 @@
struct xsm_ops __read_mostly xsm_ops;
+#ifdef CONFIG_XSM_FLASK_POLICY
+extern const unsigned char xsm_flask_init_policy[];
+extern const unsigned int xsm_flask_init_policy_size;
+#endif
+
enum xsm_ops_state {
XSM_OPS_UNREGISTERED,
XSM_OPS_REG_FAILED,
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 08/11] xsm: drop generic event channel labeling exclusion
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
` (6 preceding siblings ...)
2021-09-03 19:06 ` [PATCH v4 07/11] xsm: decouple xsm header inclusion selection Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-09 15:35 ` Jan Beulich
2021-09-03 19:06 ` [PATCH v4 09/11] silo: remove circular xsm hook call Daniel P. Smith
` (2 subsequent siblings)
10 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: xen-devel
Cc: Daniel P. Smith, Andrew Cooper, George Dunlap, Ian Jackson,
Jan Beulich, Julien Grall, Stefano Stabellini, Wei Liu
The internal define flag is not used by any XSM module, removing the #ifdef
leaving the generic event channel labeling as always present.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/include/xen/sched.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 28146ee404..e56690cd2b 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -122,13 +122,11 @@ struct evtchn
#ifdef CONFIG_XSM
union {
-#ifdef XSM_NEED_GENERIC_EVTCHN_SSID
/*
* If an XSM module needs more space for its event channel context,
* this pointer stores the necessary data for the security server.
*/
void *generic;
-#endif
#ifdef CONFIG_XSM_FLASK
/*
* Inlining the contents of the structure for FLASK avoids unneeded
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 09/11] silo: remove circular xsm hook call
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
` (7 preceding siblings ...)
2021-09-03 19:06 ` [PATCH v4 08/11] xsm: drop generic event channel labeling exclusion Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-06 18:55 ` Andrew Cooper
2021-09-09 15:45 ` Jan Beulich
2021-09-03 19:06 ` [PATCH v4 10/11] kconfig: update xsm config to reflect reality Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 11/11] xsm: remove alternate xsm hook interface Daniel P. Smith
10 siblings, 2 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
SILO implements a few XSM hooks to extended the decision logic beyond
what is defined in the dummy/default policy. For each of the hooks, it
falls back to the dummy/default policy. The fall back is done a slight
round-about way. This commit makes the direct call to the default policy's
logic, xsm_default_action().
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/xsm/silo.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c
index 6db793f35c..56a330a831 100644
--- a/xen/xsm/silo.c
+++ b/xen/xsm/silo.c
@@ -17,6 +17,7 @@
* You should have received a copy of the GNU General Public License along with
* this program; If not, see <http://www.gnu.org/licenses/>.
*/
+#include <xsm/xsm-core.h>
#include <xsm/dummy.h>
/*
@@ -43,7 +44,7 @@ static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn,
else
{
if ( silo_mode_dom_check(d1, d2) )
- rc = xsm_evtchn_unbound(d1, chn, id2);
+ rc = xsm_default_action(XSM_TARGET, current->domain, d1);
rcu_unlock_domain(d2);
}
@@ -54,7 +55,7 @@ static int silo_evtchn_interdomain(struct domain *d1, struct evtchn *chan1,
struct domain *d2, struct evtchn *chan2)
{
if ( silo_mode_dom_check(d1, d2) )
- return xsm_evtchn_interdomain(d1, chan1, d2, chan2);
+ return xsm_default_action(XSM_HOOK, d1, d2);
return -EPERM;
}
@@ -62,21 +63,21 @@ static int silo_grant_mapref(struct domain *d1, struct domain *d2,
uint32_t flags)
{
if ( silo_mode_dom_check(d1, d2) )
- return xsm_grant_mapref(d1, d2, flags);
+ return xsm_default_action(XSM_HOOK, d1, d2);
return -EPERM;
}
static int silo_grant_transfer(struct domain *d1, struct domain *d2)
{
if ( silo_mode_dom_check(d1, d2) )
- return xsm_grant_transfer(d1, d2);
+ return xsm_default_action(XSM_HOOK, d1, d2);
return -EPERM;
}
static int silo_grant_copy(struct domain *d1, struct domain *d2)
{
if ( silo_mode_dom_check(d1, d2) )
- return xsm_grant_copy(d1, d2);
+ return xsm_default_action(XSM_HOOK, d1, d2);
return -EPERM;
}
@@ -86,14 +87,14 @@ static int silo_argo_register_single_source(const struct domain *d1,
const struct domain *d2)
{
if ( silo_mode_dom_check(d1, d2) )
- return xsm_argo_register_single_source(d1, d2);
+ return 0;
return -EPERM;
}
static int silo_argo_send(const struct domain *d1, const struct domain *d2)
{
if ( silo_mode_dom_check(d1, d2) )
- return xsm_argo_send(d1, d2);
+ return 0;
return -EPERM;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 10/11] kconfig: update xsm config to reflect reality
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
` (8 preceding siblings ...)
2021-09-03 19:06 ` [PATCH v4 09/11] silo: remove circular xsm hook call Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 11/11] xsm: remove alternate xsm hook interface Daniel P. Smith
10 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel
Cc: Andrew Cooper, George Dunlap, Ian Jackson, Jan Beulich,
Julien Grall, Stefano Stabellini, Wei Liu, Daniel De Graaf
It has been a very long time since XSM Flask was the only XSM module, yet the
concenpt of turning XSM on/off continues to be synonymous with enabling and
disabling XSM Flask. Even when XSM Flask was the only module, turning XSM
on/off did not disable or remove the XSM hooks but simply controlled whether
they were implemented as direct inline functions or dispatch calls.
This commit updates XSM kconfig to ensure that it is clear in the code as well
to the user, via the help messages, that the option is about configuring which
XSM policy module(s) are available and which is the default.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/common/Kconfig | 49 ++++++++++++++++++--------------------
xen/include/xen/sched.h | 2 +-
xen/include/xsm/dummy.h | 23 +++++++++---------
xen/include/xsm/xsm-core.h | 6 ++---
xen/include/xsm/xsm.h | 6 ++---
xen/xsm/Makefile | 4 ++--
xen/xsm/xsm_core.c | 4 ++--
7 files changed, 46 insertions(+), 48 deletions(-)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index ac5491b1cc..2f85538920 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -200,23 +200,20 @@ config XENOPROF
If unsure, say Y.
-config XSM
- bool "Xen Security Modules support"
+config XSM_CONFIGURABLE
+ bool "Configure Xen Security Modules"
default ARM
- ---help---
- Enables the security framework known as Xen Security Modules which
- allows administrators fine-grained control over a Xen domain and
- its capabilities by defining permissible interactions between domains,
- the hypervisor itself, and related resources such as memory and
- devices.
+ help
+ Allows for configuring the Xen Security Modules (XSM) policy or policies
+ modules that will be availble and which will be the default.
If unsure, say N.
config XSM_FLASK
- def_bool y
- prompt "FLux Advanced Security Kernel support"
- depends on XSM
- ---help---
+ bool "FLux Advanced Security Kernel support"
+ depends on XSM_CONFIGURABLE
+ select XSM_EVTCHN_LABELING
+ help
Enables FLASK (FLux Advanced Security Kernel) as the access control
mechanism used by the XSM framework. This provides a mandatory access
control framework by which security enforcement, isolation, and
@@ -226,10 +223,10 @@ config XSM_FLASK
If unsure, say Y.
config XSM_FLASK_AVC_STATS
- def_bool y
- prompt "Maintain statistics on the FLASK access vector cache" if EXPERT
+ bool "Maintain statistics on the FLASK access vector cache" if EXPERT
+ default y
depends on XSM_FLASK
- ---help---
+ help
Maintain counters on the access vector cache that can be viewed using
the FLASK_AVC_CACHESTATS sub-op of the xsm_op hypercall. Disabling
this will save a tiny amount of memory and time to update the stats.
@@ -240,7 +237,7 @@ config XSM_FLASK_POLICY
bool "Compile Xen with a built-in FLASK security policy"
default y if "$(XEN_HAS_CHECKPOLICY)" = "y"
depends on XSM_FLASK
- ---help---
+ help
This includes a default XSM policy in the hypervisor so that the
bootloader does not need to load a policy to get sane behavior from an
XSM-enabled hypervisor. If this is disabled, a policy must be
@@ -253,10 +250,10 @@ config XSM_FLASK_POLICY
If unsure, say Y.
config XSM_SILO
- def_bool y
- prompt "SILO support"
- depends on XSM
- ---help---
+ bool "SILO support"
+ default y if ARM
+ depends on XSM_CONFIGURABLE
+ help
Enables SILO as the access control mechanism used by the XSM framework.
This is not the default module, add boot parameter xsm=silo to choose
it. This will deny any unmediated communication channels (grant tables
@@ -265,14 +262,14 @@ config XSM_SILO
If unsure, say Y.
choice
- prompt "Default XSM implementation"
- depends on XSM
+ prompt "Default XSM module"
+ depends on XSM_CONFIGURABLE
default XSM_SILO_DEFAULT if XSM_SILO && ARM
default XSM_FLASK_DEFAULT if XSM_FLASK
default XSM_SILO_DEFAULT if XSM_SILO
default XSM_DUMMY_DEFAULT
config XSM_DUMMY_DEFAULT
- bool "Match non-XSM behavior"
+ bool "Classic Dom0 behavior"
config XSM_FLASK_DEFAULT
bool "FLux Advanced Security Kernel" if XSM_FLASK
config XSM_SILO_DEFAULT
@@ -282,15 +279,15 @@ endchoice
config LATE_HWDOM
bool "Dedicated hardware domain"
default n
- depends on XSM && X86
- ---help---
+ depends on XSM_FLASK && X86
+ help
Allows the creation of a dedicated hardware domain distinct from
domain 0 that manages devices without needing access to other
privileged functionality such as the ability to manage domains.
This requires that the actual domain 0 be a stub domain that
constructs the actual hardware domain instead of initializing the
hardware itself. Because the hardware domain needs access to
- hypercalls not available to unprivileged guests, an XSM policy
+ hypercalls not available to unprivileged guests, an XSM Flask policy
is required to properly define the privilege of these domains.
This feature does nothing if the "hardware_dom" boot parameter is
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index e56690cd2b..a61586d8b6 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -120,7 +120,7 @@ struct evtchn
unsigned short notify_vcpu_id; /* VCPU for local delivery notification */
uint32_t fifo_lastq; /* Data for identifying last queue. */
-#ifdef CONFIG_XSM
+#ifdef CONFIG_XSM_CONFIGURABLE
union {
/*
* If an XSM module needs more space for its event channel context,
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 78d0b7d07a..d2a005c521 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -42,12 +42,12 @@ static inline void __xsm_action_mismatch_detected(void)
void __xsm_action_mismatch_detected(void);
#endif
-#ifdef CONFIG_XSM
+#ifdef CONFIG_XSM_CONFIGURABLE
-/* In CONFIG_XSM builds, this header file is included from xsm/dummy.c, and
- * contains static (not inline) functions compiled to the dummy XSM module.
- * There is no xsm_default_t argument available, so the value from the assertion
- * is used to initialize the variable.
+/* In CONFIG_XSM_CONFIGURABLE builds, this header file is included from
+ * xsm/dummy.c, and contains static (not inline) functions compiled to the
+ * dummy XSM module. There is no xsm_default_t argument available, so the
+ * value from the assertion is used to initialize the variable.
*/
#define XSM_INLINE __maybe_unused
@@ -55,19 +55,20 @@ void __xsm_action_mismatch_detected(void);
#define XSM_DEFAULT_VOID void
#define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action
-#else /* CONFIG_XSM */
+#else /* CONFIG_XSM_CONFIGURABLE */
-/* In !CONFIG_XSM builds, this header file is included from xsm/xsm.h, and
- * contains inline functions for each XSM hook. These functions also perform
- * compile-time checks on the xsm_default_t argument to ensure that the behavior
- * of the dummy XSM module is the same as the behavior with XSM disabled.
+/* In !CONFIG_XSM_CONFIGURABLE builds, this header file is included from
+ * xsm/xsm.h, and contains inline functions for each XSM hook. These functions
+ * also perform compile-time checks on the xsm_default_t argument to ensure
+ * that the behavior of the dummy XSM module is the same as the behavior with
+ * XSM disabled.
*/
#define XSM_INLINE always_inline
#define XSM_DEFAULT_ARG xsm_default_t action,
#define XSM_DEFAULT_VOID xsm_default_t action
#define XSM_ASSERT_ACTION(def) LINKER_BUG_ON(def != action)
-#endif /* CONFIG_XSM */
+#endif /* CONFIG_XSM_CONFIGURABLE */
static always_inline int xsm_default_action(xsm_default_t action,
struct domain *src,
diff --git a/xen/include/xsm/xsm-core.h b/xen/include/xsm/xsm-core.h
index 4555e111dc..a80d6a981f 100644
--- a/xen/include/xsm/xsm-core.h
+++ b/xen/include/xsm/xsm-core.h
@@ -205,7 +205,7 @@ struct xsm_ops {
void xsm_fixup_ops(struct xsm_ops *ops);
-#ifdef CONFIG_XSM
+#ifdef CONFIG_XSM_CONFIGURABLE
#ifdef CONFIG_MULTIBOOT
int xsm_multiboot_init(unsigned long *module_map,
@@ -247,7 +247,7 @@ static const inline struct xsm_ops *silo_init(void)
}
#endif
-#else /* CONFIG_XSM */
+#else /* CONFIG_XSM_CONFIGURABLE */
#ifdef CONFIG_MULTIBOOT
static inline int xsm_multiboot_init(unsigned long *module_map,
@@ -269,6 +269,6 @@ static inline bool has_xsm_magic(paddr_t start)
}
#endif /* CONFIG_HAS_DEVICE_TREE */
-#endif /* CONFIG_XSM */
+#endif /* CONFIG_XSM_CONFIGURABLE */
#endif /* __XSM_CORE_H */
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 1517443173..4d5f441935 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -20,7 +20,7 @@
#include <xen/multiboot.h>
#include <xsm/xsm-core.h>
-#ifdef CONFIG_XSM
+#ifdef CONFIG_XSM_CONFIGURABLE
extern struct xsm_ops xsm_ops;
@@ -598,10 +598,10 @@ static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
#endif /* CONFIG_ARGO */
-#else /* CONFIG_XSM */
+#else /* CONFIG_XSM_CONFIGURABLE */
#include <xsm/dummy.h>
-#endif /* CONFIG_XSM */
+#endif /* CONFIG_XSM_CONFIGURABLE */
#endif /* __XSM_H */
diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile
index cf0a728f1c..09b9311b1d 100644
--- a/xen/xsm/Makefile
+++ b/xen/xsm/Makefile
@@ -1,6 +1,6 @@
obj-y += xsm_core.o
-obj-$(CONFIG_XSM) += xsm_policy.o
-obj-$(CONFIG_XSM) += dummy.o
+obj-$(CONFIG_XSM_CONFIGURABLE) += xsm_policy.o
+obj-$(CONFIG_XSM_CONFIGURABLE) += dummy.o
obj-$(CONFIG_XSM_SILO) += silo.o
obj-$(CONFIG_XSM_FLASK) += flask/
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 112d11fa6a..87c2980459 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -18,7 +18,7 @@
#include <xen/hypercall.h>
#include <xsm/xsm.h>
-#ifdef CONFIG_XSM
+#ifdef CONFIG_XSM_CONFIGURABLE
#ifdef CONFIG_MULTIBOOT
#include <asm/setup.h>
@@ -227,7 +227,7 @@ bool __init has_xsm_magic(paddr_t start)
}
#endif
-#endif
+#endif /* CONFIG_XSM_CONFIGURABLE */
long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [PATCH v4 11/11] xsm: remove alternate xsm hook interface
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
` (9 preceding siblings ...)
2021-09-03 19:06 ` [PATCH v4 10/11] kconfig: update xsm config to reflect reality Daniel P. Smith
@ 2021-09-03 19:06 ` Daniel P. Smith
2021-09-06 19:18 ` Andrew Cooper
10 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-03 19:06 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
Hidden behind macro magic is an alternative xsm hook interface dedicated for
use when the dummy/default policy is the only one built. This alternative
interface increases code complexity and code size in the core security
framework of Xen. This results in code requiring additional maintanence and
additional risk for securit-relevant bugs.
This patch removes this additional interface, making Xen's security framework
have a single, consistent interface that works in a single and consistent
manner regardless of which XSM policy is in use.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/include/xsm/dummy.h | 824 -------------------------------------
xen/include/xsm/xsm-core.h | 51 ++-
xen/include/xsm/xsm.h | 279 ++++++++-----
xen/xsm/Makefile | 2 +-
xen/xsm/dummy.c | 2 +-
xen/xsm/dummy.h | 739 +++++++++++++++++++++++++++++++++
xen/xsm/silo.c | 2 +-
xen/xsm/xsm_core.c | 4 -
8 files changed, 952 insertions(+), 951 deletions(-)
delete mode 100644 xen/include/xsm/dummy.h
create mode 100644 xen/xsm/dummy.h
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
deleted file mode 100644
index d2a005c521..0000000000
--- a/xen/include/xsm/dummy.h
+++ /dev/null
@@ -1,824 +0,0 @@
-/*
- * Default XSM hooks - IS_PRIV and IS_PRIV_FOR checks
- *
- * Author: Daniel De Graaf <dgdegra@tyhco.nsa.gov>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2,
- * as published by the Free Software Foundation.
- *
- *
- * Each XSM hook implementing an access check should have its first parameter
- * preceded by XSM_DEFAULT_ARG (or use XSM_DEFAULT_VOID if it has no
- * arguments). The first non-declaration statement shold be XSM_ASSERT_ACTION
- * with the expected type of the hook, which will either define or check the
- * value of action.
- */
-
-#include <xen/sched.h>
-#include <xsm/xsm-core.h>
-#include <public/hvm/params.h>
-
-/* Cannot use BUILD_BUG_ON here because the expressions we check are not
- * considered constant at compile time. Instead, rely on constant propagation to
- * inline out the calls to this invalid function, which will cause linker errors
- * if references remain at link time.
- */
-#define LINKER_BUG_ON(x) do { if (x) __xsm_action_mismatch_detected(); } while (0)
-
-#if defined(CONFIG_COVERAGE) && defined(__clang__)
-/*
- * LLVM coverage support seems to disable some of the optimizations needed in
- * order for XSM to compile. Since coverage should not be used in production
- * provide an implementation of __xsm_action_mismatch_detected to satisfy the
- * linker.
- */
-static inline void __xsm_action_mismatch_detected(void)
-{
- ASSERT_UNREACHABLE();
-}
-#else
-/* DO NOT implement this function; it is supposed to trigger link errors */
-void __xsm_action_mismatch_detected(void);
-#endif
-
-#ifdef CONFIG_XSM_CONFIGURABLE
-
-/* In CONFIG_XSM_CONFIGURABLE builds, this header file is included from
- * xsm/dummy.c, and contains static (not inline) functions compiled to the
- * dummy XSM module. There is no xsm_default_t argument available, so the
- * value from the assertion is used to initialize the variable.
- */
-#define XSM_INLINE __maybe_unused
-
-#define XSM_DEFAULT_ARG /* */
-#define XSM_DEFAULT_VOID void
-#define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action
-
-#else /* CONFIG_XSM_CONFIGURABLE */
-
-/* In !CONFIG_XSM_CONFIGURABLE builds, this header file is included from
- * xsm/xsm.h, and contains inline functions for each XSM hook. These functions
- * also perform compile-time checks on the xsm_default_t argument to ensure
- * that the behavior of the dummy XSM module is the same as the behavior with
- * XSM disabled.
- */
-#define XSM_INLINE always_inline
-#define XSM_DEFAULT_ARG xsm_default_t action,
-#define XSM_DEFAULT_VOID xsm_default_t action
-#define XSM_ASSERT_ACTION(def) LINKER_BUG_ON(def != action)
-
-#endif /* CONFIG_XSM_CONFIGURABLE */
-
-static always_inline int xsm_default_action(xsm_default_t action,
- struct domain *src,
- struct domain *target)
-{
- switch ( action ) {
- case XSM_HOOK:
- return 0;
- case XSM_TARGET:
- if ( evaluate_nospec(src == target) )
- {
- return 0;
- case XSM_XS_PRIV:
- if ( evaluate_nospec(is_xenstore_domain(src)) )
- return 0;
- }
- /* fall through */
- case XSM_DM_PRIV:
- if ( target && evaluate_nospec(src->target == target) )
- return 0;
- /* fall through */
- case XSM_PRIV:
- if ( is_control_domain(src) )
- return 0;
- return -EPERM;
- default:
- LINKER_BUG_ON(1);
- return -EPERM;
- }
-}
-
-static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
- struct xen_domctl_getdomaininfo *info)
-{
- return;
-}
-
-static XSM_INLINE int xsm_domain_create(XSM_DEFAULT_ARG struct domain *d,
- uint32_t ssidref)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_domctl_scheduler_op(XSM_DEFAULT_ARG struct domain *d,
- int cmd)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_set_target(XSM_DEFAULT_ARG struct domain *d,
- struct domain *e)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd)
-{
- XSM_ASSERT_ACTION(XSM_OTHER);
- switch ( cmd )
- {
- case XEN_DOMCTL_ioport_mapping:
- case XEN_DOMCTL_memory_mapping:
- case XEN_DOMCTL_bind_pt_irq:
- case XEN_DOMCTL_unbind_pt_irq:
- return xsm_default_action(XSM_DM_PRIV, current->domain, d);
- case XEN_DOMCTL_getdomaininfo:
- return xsm_default_action(XSM_XS_PRIV, current->domain, d);
- default:
- return xsm_default_action(XSM_PRIV, current->domain, d);
- }
-}
-
-static XSM_INLINE int xsm_sysctl(XSM_DEFAULT_ARG int cmd)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_alloc_security_domain(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE void xsm_free_security_domain(struct domain *d)
-{
- return;
-}
-
-static XSM_INLINE int xsm_grant_mapref(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2, uint32_t flags)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_grant_setup(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_grant_transfer(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_grant_copy(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_grant_query_size(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_memory_adjust_reservation(XSM_DEFAULT_ARG
- struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_memory_stat_reservation(XSM_DEFAULT_ARG
- struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd)
-{
- XSM_ASSERT_ACTION(XSM_OTHER);
- if ( d->is_console )
- return xsm_default_action(XSM_HOOK, d, NULL);
-#ifdef CONFIG_VERBOSE_DEBUG
- if ( cmd == CONSOLEIO_write )
- return xsm_default_action(XSM_HOOK, d, NULL);
-#endif
- return xsm_default_action(XSM_PRIV, d, NULL);
-}
-
-static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, d, NULL);
-}
-
-static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2,
- struct page_info *page)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d,
- struct evtchn *chn, domid_t id2)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_evtchn_interdomain(XSM_DEFAULT_ARG struct domain *d1,
- struct evtchn *chan1,
- struct domain *d2,
- struct evtchn *chan2)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
-{
- return;
-}
-
-static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d,
- struct evtchn *chn)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, d, NULL);
-}
-
-static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d,
- struct evtchn *chn)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_alloc_security_evtchns(struct evtchn chn[],
- unsigned int nr)
-{
- return 0;
-}
-
-static XSM_INLINE void xsm_free_security_evtchns(struct evtchn chn[],
- unsigned int nr)
-{
- return;
-}
-
-static XSM_INLINE char *xsm_show_security_evtchn(struct domain *d,
- const struct evtchn *chn)
-{
- return NULL;
-}
-
-static XSM_INLINE int xsm_init_hardware_domain(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_get_pod_target(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_set_pod_target(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_get_vnumainfo(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, current->domain, d);
-}
-
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
-static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d,
- uint32_t machine_bdf)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d,
- uint32_t machine_bdf)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-#endif /* HAS_PASSTHROUGH && HAS_PCI */
-
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE)
-static XSM_INLINE int xsm_assign_dtdevice(XSM_DEFAULT_ARG struct domain *d,
- const char *dtpath)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_deassign_dtdevice(XSM_DEFAULT_ARG struct domain *d,
- const char *dtpath)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
-
-static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_resource_plug_pci(XSM_DEFAULT_ARG
- uint32_t machine_bdf)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_resource_unplug_pci(XSM_DEFAULT_ARG
- uint32_t machine_bdf)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_resource_setup_pci(XSM_DEFAULT_ARG
- uint32_t machine_bdf)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_resource_setup_misc(XSM_DEFAULT_VOID)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_hypfs_op(XSM_DEFAULT_VOID)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
-{
- return -ENOSYS;
-}
-
-#ifdef CONFIG_COMPAT
-static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
-{
- return -ENOSYS;
-}
-#endif
-
-static XSM_INLINE char *xsm_show_irq_sid(int irq)
-{
- return NULL;
-}
-
-static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_map_domain_irq(XSM_DEFAULT_ARG struct domain *d,
- int irq, const void *data)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d,
- struct xen_domctl_bind_pt_irq *bind)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d,
- struct xen_domctl_bind_pt_irq *bind)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_unmap_domain_irq(XSM_DEFAULT_ARG struct domain *d,
- int irq, const void *data)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_irq_permission(XSM_DEFAULT_ARG struct domain *d,
- int pirq, uint8_t allow)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_iomem_permission(XSM_DEFAULT_ARG struct domain *d,
- uint64_t s, uint64_t e,
- uint8_t allow)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_iomem_mapping(XSM_DEFAULT_ARG struct domain *d,
- uint64_t s, uint64_t e, uint8_t allow)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_pci_config_permission(XSM_DEFAULT_ARG
- struct domain *d,
- uint32_t machine_bdf,
- uint16_t start, uint16_t end,
- uint8_t access)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1,
- struct domain *d2)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d1, d2);
-}
-
-static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d,
- struct domain *t)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d, t);
-}
-
-static XSM_INLINE int xsm_hvm_param(XSM_DEFAULT_ARG struct domain *d,
- unsigned long op)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_hvm_control(XSM_DEFAULT_ARG struct domain *d,
- unsigned long op)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d,
- uint64_t mode, uint32_t op)
-{
- XSM_ASSERT_ACTION(XSM_OTHER);
-
- switch ( mode )
- {
- case XEN_ALTP2M_mixed:
- return xsm_default_action(XSM_TARGET, current->domain, d);
- case XEN_ALTP2M_external:
- return xsm_default_action(XSM_DM_PRIV, current->domain, d);
- case XEN_ALTP2M_limited:
- if ( HVMOP_altp2m_vcpu_enable_notify == op )
- return xsm_default_action(XSM_TARGET, current->domain, d);
- return xsm_default_action(XSM_DM_PRIV, current->domain, d);
- default:
- return -EPERM;
- }
-}
-
-static XSM_INLINE int xsm_vm_event_control(XSM_DEFAULT_ARG struct domain *d,
- int mode, int op)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-#ifdef CONFIG_MEM_ACCESS
-static XSM_INLINE int xsm_mem_access(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-#endif
-
-#ifdef CONFIG_MEM_PAGING
-static XSM_INLINE int xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-#endif
-
-#ifdef CONFIG_MEM_SHARING
-static XSM_INLINE int xsm_mem_sharing(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-#endif
-
-static XSM_INLINE int xsm_platform_op(XSM_DEFAULT_ARG uint32_t op)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-#ifdef CONFIG_X86
-static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_shadow_control(XSM_DEFAULT_ARG struct domain *d,
- uint32_t op)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d,
- struct domain *cd, int op)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, cd);
-}
-
-static XSM_INLINE int xsm_apic(XSM_DEFAULT_ARG struct domain *d, int cmd)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, d, NULL);
-}
-
-static XSM_INLINE int xsm_machine_memory_map(XSM_DEFAULT_VOID)
-{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
-}
-
-static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d,
- struct domain *t, struct domain *f,
- uint32_t flags)
-{
- int rc = 0;
- XSM_ASSERT_ACTION(XSM_TARGET);
- if ( f != dom_io )
- rc = xsm_default_action(action, d, f);
- if ( evaluate_nospec(t) && !rc )
- rc = xsm_default_action(action, d, t);
- return rc;
-}
-
-static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d,
- struct domain *f)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d, f);
-}
-
-static XSM_INLINE int xsm_update_va_mapping(XSM_DEFAULT_ARG struct domain *d,
- struct domain *f, l1_pgentry_t pte)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d, f);
-}
-
-static XSM_INLINE int xsm_priv_mapping(XSM_DEFAULT_ARG struct domain *d,
- struct domain *t)
-{
- XSM_ASSERT_ACTION(XSM_TARGET);
- return xsm_default_action(action, d, t);
-}
-
-static XSM_INLINE int xsm_ioport_permission(XSM_DEFAULT_ARG struct domain *d,
- uint32_t s, uint32_t e,
- uint8_t allow)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d,
- uint32_t s, uint32_t e, uint8_t allow)
-{
- XSM_ASSERT_ACTION(XSM_HOOK);
- return xsm_default_action(action, current->domain, d);
-}
-
-static XSM_INLINE int xsm_pmu_op(XSM_DEFAULT_ARG struct domain *d,
- unsigned int op)
-{
- XSM_ASSERT_ACTION(XSM_OTHER);
- switch ( op )
- {
- case XENPMU_init:
- case XENPMU_finish:
- case XENPMU_lvtpc_set:
- case XENPMU_flush:
- return xsm_default_action(XSM_HOOK, d, current->domain);
- default:
- return xsm_default_action(XSM_PRIV, d, current->domain);
- }
-}
-
-#endif /* CONFIG_X86 */
-
-static XSM_INLINE int xsm_dm_op(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
-
-#ifdef CONFIG_ARGO
-static XSM_INLINE int xsm_argo_enable(const struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_argo_register_single_source(const struct domain *d,
- const struct domain *t)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_argo_register_any_source(const struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_argo_send(const struct domain *d,
- const struct domain *t)
-{
- return 0;
-}
-
-#endif /* CONFIG_ARGO */
-
-#include <public/version.h>
-static XSM_INLINE int xsm_xen_version(XSM_DEFAULT_ARG uint32_t op)
-{
- XSM_ASSERT_ACTION(XSM_OTHER);
- switch ( op )
- {
- case XENVER_version:
- case XENVER_platform_parameters:
- case XENVER_get_features:
- /* These sub-ops ignore the permission checks and return data. */
- block_speculation();
- return 0;
- case XENVER_extraversion:
- case XENVER_compile_info:
- case XENVER_capabilities:
- case XENVER_changeset:
- case XENVER_pagesize:
- case XENVER_guest_handle:
- /* These MUST always be accessible to any guest by default. */
- return xsm_default_action(XSM_HOOK, current->domain, NULL);
- default:
- return xsm_default_action(XSM_PRIV, current->domain, NULL);
- }
-}
-
-static XSM_INLINE int xsm_domain_resource_map(XSM_DEFAULT_ARG struct domain *d)
-{
- XSM_ASSERT_ACTION(XSM_DM_PRIV);
- return xsm_default_action(action, current->domain, d);
-}
diff --git a/xen/include/xsm/xsm-core.h b/xen/include/xsm/xsm-core.h
index a80d6a981f..0da625317e 100644
--- a/xen/include/xsm/xsm-core.h
+++ b/xen/include/xsm/xsm-core.h
@@ -18,6 +18,31 @@
#include <xen/sched.h>
#include <xen/multiboot.h>
+/* Cannot use BUILD_BUG_ON here because the expressions we check are not
+ * considered constant at compile time. Instead, rely on constant propagation to
+ * inline out the calls to this invalid function, which will cause linker errors
+ * if references remain at link time.
+ */
+#define XSM_LINKER_BUG_ON(x) do { if (x) __xsm_action_mismatch_detected(); } while (0)
+
+#if defined(CONFIG_COVERAGE) && defined(__clang__)
+/*
+ * LLVM coverage support seems to disable some of the optimizations needed in
+ * order for XSM to compile. Since coverage should not be used in production
+ * provide an implementation of __xsm_action_mismatch_detected to satisfy the
+ * linker.
+ */
+static inline void __xsm_action_mismatch_detected(void)
+{
+ ASSERT_UNREACHABLE();
+}
+#else
+/* DO NOT implement this function; it is supposed to trigger link errors */
+void __xsm_action_mismatch_detected(void);
+#endif
+
+#define XSM_ASSERT_ACTION(def) XSM_LINKER_BUG_ON(def != action)
+
/* policy magic number (defined by XSM_MAGIC) */
typedef uint32_t xsm_magic_t;
@@ -205,8 +230,6 @@ struct xsm_ops {
void xsm_fixup_ops(struct xsm_ops *ops);
-#ifdef CONFIG_XSM_CONFIGURABLE
-
#ifdef CONFIG_MULTIBOOT
int xsm_multiboot_init(unsigned long *module_map,
const multiboot_info_t *mbi);
@@ -247,28 +270,4 @@ static const inline struct xsm_ops *silo_init(void)
}
#endif
-#else /* CONFIG_XSM_CONFIGURABLE */
-
-#ifdef CONFIG_MULTIBOOT
-static inline int xsm_multiboot_init(unsigned long *module_map,
- const multiboot_info_t *mbi)
-{
- return 0;
-}
-#endif
-
-#ifdef CONFIG_HAS_DEVICE_TREE
-static inline int xsm_dt_init(void)
-{
- return 0;
-}
-
-static inline bool has_xsm_magic(paddr_t start)
-{
- return false;
-}
-#endif /* CONFIG_HAS_DEVICE_TREE */
-
-#endif /* CONFIG_XSM_CONFIGURABLE */
-
#endif /* __XSM_CORE_H */
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4d5f441935..33bc2570bf 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -20,8 +20,6 @@
#include <xen/multiboot.h>
#include <xsm/xsm-core.h>
-#ifdef CONFIG_XSM_CONFIGURABLE
-
extern struct xsm_ops xsm_ops;
static inline void xsm_security_domaininfo(struct domain *d,
@@ -30,60 +28,72 @@ static inline void xsm_security_domaininfo(struct domain *d,
alternative_vcall(xsm_ops.security_domaininfo, d, info);
}
-static inline int xsm_domain_create(xsm_default_t def, struct domain *d,
+static inline int xsm_domain_create(xsm_default_t action, struct domain *d,
uint32_t ssidref)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.domain_create, d, ssidref);
}
-static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d)
+static inline int xsm_getdomaininfo(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.getdomaininfo, d);
}
-static inline int xsm_domctl_scheduler_op(xsm_default_t def, struct domain *d,
+static inline int xsm_domctl_scheduler_op(xsm_default_t action,
+ struct domain *d,
int cmd)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.domctl_scheduler_op, d, cmd);
}
-static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
+static inline int xsm_sysctl_scheduler_op(xsm_default_t action, int cmd)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.sysctl_scheduler_op, cmd);
}
-static inline int xsm_set_target(xsm_default_t def, struct domain *d,
+static inline int xsm_set_target(xsm_default_t action, struct domain *d,
struct domain *e)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.set_target, d, e);
}
-static inline int xsm_domctl(xsm_default_t def, struct domain *d, int cmd)
+static inline int xsm_domctl(xsm_default_t action, struct domain *d, int cmd)
{
+ XSM_ASSERT_ACTION(XSM_OTHER);
return alternative_call(xsm_ops.domctl, d, cmd);
}
-static inline int xsm_sysctl(xsm_default_t def, int cmd)
+static inline int xsm_sysctl(xsm_default_t action, int cmd)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.sysctl, cmd);
}
-static inline int xsm_readconsole(xsm_default_t def, uint32_t clear)
+static inline int xsm_readconsole(xsm_default_t action, uint32_t clear)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.readconsole, clear);
}
-static inline int xsm_evtchn_unbound(xsm_default_t def, struct domain *d1,
+static inline int xsm_evtchn_unbound(xsm_default_t action, struct domain *d1,
struct evtchn *chn, domid_t id2)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.evtchn_unbound, d1, chn, id2);
}
-static inline int xsm_evtchn_interdomain(xsm_default_t def, struct domain *d1,
+static inline int xsm_evtchn_interdomain(xsm_default_t action,
+ struct domain *d1,
struct evtchn *chan1,
struct domain *d2,
struct evtchn *chan2)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.evtchn_interdomain, d1, chan1, d2, chan2);
}
@@ -92,57 +102,66 @@ static inline void xsm_evtchn_close_post(struct evtchn *chn)
alternative_vcall(xsm_ops.evtchn_close_post, chn);
}
-static inline int xsm_evtchn_send(xsm_default_t def, struct domain *d,
+static inline int xsm_evtchn_send(xsm_default_t action, struct domain *d,
struct evtchn *chn)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.evtchn_send, d, chn);
}
-static inline int xsm_evtchn_status(xsm_default_t def, struct domain *d,
+static inline int xsm_evtchn_status(xsm_default_t action, struct domain *d,
struct evtchn *chn)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.evtchn_status, d, chn);
}
-static inline int xsm_evtchn_reset(xsm_default_t def, struct domain *d1,
+static inline int xsm_evtchn_reset(xsm_default_t action, struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.evtchn_reset, d1, d2);
}
-static inline int xsm_grant_mapref(xsm_default_t def, struct domain *d1,
+static inline int xsm_grant_mapref(xsm_default_t action, struct domain *d1,
struct domain *d2, uint32_t flags)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.grant_mapref, d1, d2, flags);
}
-static inline int xsm_grant_unmapref(xsm_default_t def, struct domain *d1,
+static inline int xsm_grant_unmapref(xsm_default_t action, struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.grant_unmapref, d1, d2);
}
-static inline int xsm_grant_setup(xsm_default_t def, struct domain *d1,
+static inline int xsm_grant_setup(xsm_default_t action, struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.grant_setup, d1, d2);
}
-static inline int xsm_grant_transfer(xsm_default_t def, struct domain *d1,
+static inline int xsm_grant_transfer(xsm_default_t action, struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.grant_transfer, d1, d2);
}
-static inline int xsm_grant_copy(xsm_default_t def, struct domain *d1,
+static inline int xsm_grant_copy(xsm_default_t action, struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.grant_copy, d1, d2);
}
-static inline int xsm_grant_query_size(xsm_default_t def, struct domain *d1,
+static inline int xsm_grant_query_size(xsm_default_t action, struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.grant_query_size, d1, d2);
}
@@ -174,87 +193,106 @@ static inline char *xsm_show_security_evtchn(struct domain *d,
return alternative_call(xsm_ops.show_security_evtchn, d, chn);
}
-static inline int xsm_init_hardware_domain(xsm_default_t def, struct domain *d)
+static inline int xsm_init_hardware_domain(xsm_default_t action,
+ struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.init_hardware_domain, d);
}
-static inline int xsm_get_pod_target(xsm_default_t def, struct domain *d)
+static inline int xsm_get_pod_target(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.get_pod_target, d);
}
-static inline int xsm_set_pod_target(xsm_default_t def, struct domain *d)
+static inline int xsm_set_pod_target(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.set_pod_target, d);
}
-static inline int xsm_memory_exchange(xsm_default_t def, struct domain *d)
+static inline int xsm_memory_exchange(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.memory_exchange, d);
}
-static inline int xsm_memory_adjust_reservation(xsm_default_t def,
+static inline int xsm_memory_adjust_reservation(xsm_default_t action,
struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.memory_adjust_reservation, d1, d2);
}
-static inline int xsm_memory_stat_reservation(xsm_default_t def,
+static inline int xsm_memory_stat_reservation(xsm_default_t action,
struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.memory_stat_reservation, d1, d2);
}
-static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1,
+static inline int xsm_memory_pin_page(xsm_default_t action, struct domain *d1,
struct domain *d2, struct page_info *page)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.memory_pin_page, d1, d2, page);
}
-static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1,
+static inline int xsm_add_to_physmap(xsm_default_t action, struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.add_to_physmap, d1, d2);
}
-static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1,
+static inline int xsm_remove_from_physmap(xsm_default_t action,
+ struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.remove_from_physmap, d1, d2);
}
-static inline int xsm_map_gmfn_foreign(xsm_default_t def, struct domain *d,
+static inline int xsm_map_gmfn_foreign(xsm_default_t action, struct domain *d,
struct domain *t)
+
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.map_gmfn_foreign, d, t);
}
-static inline int xsm_claim_pages(xsm_default_t def, struct domain *d)
+static inline int xsm_claim_pages(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.claim_pages, d);
}
-static inline int xsm_console_io(xsm_default_t def, struct domain *d, int cmd)
+static inline int xsm_console_io(xsm_default_t action, struct domain *d,
+ int cmd)
{
+ XSM_ASSERT_ACTION(XSM_OTHER);
return alternative_call(xsm_ops.console_io, d, cmd);
}
-static inline int xsm_profile(xsm_default_t def, struct domain *d, int op)
+static inline int xsm_profile(xsm_default_t action, struct domain *d, int op)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.profile, d, op);
}
-static inline int xsm_kexec(xsm_default_t def)
+static inline int xsm_kexec(xsm_default_t action)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.kexec);
}
-static inline int xsm_schedop_shutdown(xsm_default_t def, struct domain *d1,
+static inline int xsm_schedop_shutdown(xsm_default_t action, struct domain *d1,
struct domain *d2)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.schedop_shutdown, d1, d2);
}
@@ -263,144 +301,172 @@ static inline char *xsm_show_irq_sid(int irq)
return alternative_call(xsm_ops.show_irq_sid, irq);
}
-static inline int xsm_map_domain_pirq(xsm_default_t def, struct domain *d)
+static inline int xsm_map_domain_pirq(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.map_domain_pirq, d);
}
-static inline int xsm_map_domain_irq(xsm_default_t def, struct domain *d,
+static inline int xsm_map_domain_irq(xsm_default_t action, struct domain *d,
int irq, void *data)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.map_domain_irq, d, irq, data);
}
-static inline int xsm_unmap_domain_pirq(xsm_default_t def, struct domain *d)
+static inline int xsm_unmap_domain_pirq(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.unmap_domain_pirq, d);
}
-static inline int xsm_unmap_domain_irq(xsm_default_t def, struct domain *d,
+static inline int xsm_unmap_domain_irq(xsm_default_t action, struct domain *d,
int irq, void *data)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.unmap_domain_irq, d, irq, data);
}
-static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d,
+static inline int xsm_bind_pt_irq(xsm_default_t action, struct domain *d,
struct xen_domctl_bind_pt_irq *bind)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.bind_pt_irq, d, bind);
}
-static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d,
+static inline int xsm_unbind_pt_irq(xsm_default_t action, struct domain *d,
struct xen_domctl_bind_pt_irq *bind)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.unbind_pt_irq, d, bind);
}
-static inline int xsm_irq_permission(xsm_default_t def, struct domain *d,
+static inline int xsm_irq_permission(xsm_default_t action, struct domain *d,
int pirq, uint8_t allow)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.irq_permission, d, pirq, allow);
}
-static inline int xsm_iomem_permission(xsm_default_t def, struct domain *d,
+static inline int xsm_iomem_permission(xsm_default_t action, struct domain *d,
uint64_t s, uint64_t e, uint8_t allow)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.iomem_permission, d, s, e, allow);
}
-static inline int xsm_iomem_mapping(xsm_default_t def, struct domain *d,
+static inline int xsm_iomem_mapping(xsm_default_t action, struct domain *d,
uint64_t s, uint64_t e, uint8_t allow)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.iomem_mapping, d, s, e, allow);
}
-static inline int xsm_pci_config_permission(xsm_default_t def, struct domain *d,
+static inline int xsm_pci_config_permission(xsm_default_t action,
+ struct domain *d,
uint32_t machine_bdf,
uint16_t start, uint16_t end,
uint8_t access)
{
- return alternative_call(xsm_ops.pci_config_permission, d, machine_bdf, start, end, access);
+ XSM_ASSERT_ACTION(XSM_HOOK);
+ return alternative_call(xsm_ops.pci_config_permission, d, machine_bdf,
+ start, end, access);
}
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
-static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf)
+static inline int xsm_get_device_group(xsm_default_t action,
+ uint32_t machine_bdf)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.get_device_group, machine_bdf);
}
-static inline int xsm_assign_device(xsm_default_t def, struct domain *d,
+static inline int xsm_assign_device(xsm_default_t action, struct domain *d,
uint32_t machine_bdf)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.assign_device, d, machine_bdf);
}
-static inline int xsm_deassign_device(xsm_default_t def, struct domain *d,
+static inline int xsm_deassign_device(xsm_default_t action, struct domain *d,
uint32_t machine_bdf)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.deassign_device, d, machine_bdf);
}
#endif /* HAS_PASSTHROUGH && HAS_PCI) */
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE)
-static inline int xsm_assign_dtdevice(xsm_default_t def, struct domain *d,
+static inline int xsm_assign_dtdevice(xsm_default_t action, struct domain *d,
const char *dtpath)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.assign_dtdevice, d, dtpath);
}
-static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d,
+static inline int xsm_deassign_dtdevice(xsm_default_t action, struct domain *d,
const char *dtpath)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.deassign_dtdevice, d, dtpath);
}
#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
-static inline int xsm_resource_plug_pci(xsm_default_t def, uint32_t machine_bdf)
+static inline int xsm_resource_plug_pci(xsm_default_t action,
+ uint32_t machine_bdf)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.resource_plug_pci, machine_bdf);
}
-static inline int xsm_resource_unplug_pci(xsm_default_t def,
+static inline int xsm_resource_unplug_pci(xsm_default_t action,
uint32_t machine_bdf)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.resource_unplug_pci, machine_bdf);
}
-static inline int xsm_resource_plug_core(xsm_default_t def)
+static inline int xsm_resource_plug_core(xsm_default_t action)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.resource_plug_core);
}
-static inline int xsm_resource_unplug_core(xsm_default_t def)
+static inline int xsm_resource_unplug_core(xsm_default_t action)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.resource_unplug_core);
}
-static inline int xsm_resource_setup_pci(xsm_default_t def,
+static inline int xsm_resource_setup_pci(xsm_default_t action,
uint32_t machine_bdf)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.resource_setup_pci, machine_bdf);
}
-static inline int xsm_resource_setup_gsi(xsm_default_t def, int gsi)
+static inline int xsm_resource_setup_gsi(xsm_default_t action, int gsi)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.resource_setup_gsi, gsi);
}
-static inline int xsm_resource_setup_misc(xsm_default_t def)
+static inline int xsm_resource_setup_misc(xsm_default_t action)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.resource_setup_misc);
}
-static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd)
+static inline int xsm_page_offline(xsm_default_t action, uint32_t cmd)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.page_offline, cmd);
}
-static inline int xsm_hypfs_op(xsm_default_t def)
+static inline int xsm_hypfs_op(xsm_default_t action)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.hypfs_op);
}
@@ -416,161 +482,192 @@ static inline int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
}
#endif
-static inline int xsm_hvm_param(xsm_default_t def, struct domain *d,
+static inline int xsm_hvm_param(xsm_default_t action, struct domain *d,
unsigned long op)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.hvm_param, d, op);
}
-static inline int xsm_hvm_control(xsm_default_t def, struct domain *d,
+static inline int xsm_hvm_control(xsm_default_t action, struct domain *d,
unsigned long op)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.hvm_control, d, op);
}
-static inline int xsm_hvm_param_altp2mhvm(xsm_default_t def, struct domain *d)
+static inline int xsm_hvm_param_altp2mhvm(xsm_default_t action,
+ struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.hvm_param_altp2mhvm, d);
}
-static inline int xsm_hvm_altp2mhvm_op(xsm_default_t def, struct domain *d,
+static inline int xsm_hvm_altp2mhvm_op(xsm_default_t action, struct domain *d,
uint64_t mode, uint32_t op)
{
+ XSM_ASSERT_ACTION(XSM_OTHER);
return alternative_call(xsm_ops.hvm_altp2mhvm_op, d, mode, op);
}
-static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d)
+static inline int xsm_get_vnumainfo(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.get_vnumainfo, d);
}
-static inline int xsm_vm_event_control(xsm_default_t def, struct domain *d,
+static inline int xsm_vm_event_control(xsm_default_t action, struct domain *d,
int mode, int op)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.vm_event_control, d, mode, op);
}
#ifdef CONFIG_MEM_ACCESS
-static inline int xsm_mem_access(xsm_default_t def, struct domain *d)
+static inline int xsm_mem_access(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.mem_access, d);
}
#endif
#ifdef CONFIG_MEM_PAGING
-static inline int xsm_mem_paging(xsm_default_t def, struct domain *d)
+static inline int xsm_mem_paging(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.mem_paging, d);
}
#endif
#ifdef CONFIG_MEM_SHARING
-static inline int xsm_mem_sharing(xsm_default_t def, struct domain *d)
+static inline int xsm_mem_sharing(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.mem_sharing, d);
}
#endif
-static inline int xsm_platform_op(xsm_default_t def, uint32_t op)
+static inline int xsm_platform_op(xsm_default_t action, uint32_t op)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.platform_op, op);
}
#ifdef CONFIG_X86
-static inline int xsm_do_mca(xsm_default_t def)
+static inline int xsm_do_mca(xsm_default_t action)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.do_mca);
}
-static inline int xsm_shadow_control(xsm_default_t def, struct domain *d,
+static inline int xsm_shadow_control(xsm_default_t action, struct domain *d,
uint32_t op)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.shadow_control, d, op);
}
-static inline int xsm_mem_sharing_op(xsm_default_t def, struct domain *d,
+static inline int xsm_mem_sharing_op(xsm_default_t action, struct domain *d,
struct domain *cd, int op)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.mem_sharing_op, d, cd, op);
}
-static inline int xsm_apic(xsm_default_t def, struct domain *d, int cmd)
+static inline int xsm_apic(xsm_default_t action, struct domain *d, int cmd)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.apic, d, cmd);
}
-static inline int xsm_memtype(xsm_default_t def, uint32_t access)
+#if 0
+/* Could not find any usages */
+static inline int xsm_memtype(xsm_default_t action, uint32_t access)
{
return alternative_call(xsm_ops.memtype, access);
}
+#endif
-static inline int xsm_machine_memory_map(xsm_default_t def)
+static inline int xsm_machine_memory_map(xsm_default_t action)
{
+ XSM_ASSERT_ACTION(XSM_PRIV);
return alternative_call(xsm_ops.machine_memory_map);
}
-static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d)
+static inline int xsm_domain_memory_map(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.domain_memory_map, d);
}
-static inline int xsm_mmu_update(xsm_default_t def, struct domain *d,
+static inline int xsm_mmu_update(xsm_default_t action, struct domain *d,
struct domain *t, struct domain *f,
uint32_t flags)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.mmu_update, d, t, f, flags);
}
-static inline int xsm_mmuext_op(xsm_default_t def, struct domain *d,
+static inline int xsm_mmuext_op(xsm_default_t action, struct domain *d,
struct domain *f)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.mmuext_op, d, f);
}
-static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d,
+static inline int xsm_update_va_mapping(xsm_default_t action, struct domain *d,
struct domain *f, l1_pgentry_t pte)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return xsm_ops.update_va_mapping(d, f, pte);
}
-static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d,
+static inline int xsm_priv_mapping(xsm_default_t action, struct domain *d,
struct domain *t)
{
+ XSM_ASSERT_ACTION(XSM_TARGET);
return alternative_call(xsm_ops.priv_mapping, d, t);
}
-static inline int xsm_ioport_permission(xsm_default_t def, struct domain *d,
+static inline int xsm_ioport_permission(xsm_default_t action, struct domain *d,
uint32_t s, uint32_t e, uint8_t allow)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.ioport_permission, d, s, e, allow);
}
-static inline int xsm_ioport_mapping(xsm_default_t def, struct domain *d,
+static inline int xsm_ioport_mapping(xsm_default_t action, struct domain *d,
uint32_t s, uint32_t e, uint8_t allow)
{
+ XSM_ASSERT_ACTION(XSM_HOOK);
return alternative_call(xsm_ops.ioport_mapping, d, s, e, allow);
}
-static inline int xsm_pmu_op(xsm_default_t def, struct domain *d,
+static inline int xsm_pmu_op(xsm_default_t action, struct domain *d,
unsigned int op)
{
+ XSM_ASSERT_ACTION(XSM_OTHER);
return alternative_call(xsm_ops.pmu_op, d, op);
}
#endif /* CONFIG_X86 */
-static inline int xsm_dm_op(xsm_default_t def, struct domain *d)
+static inline int xsm_dm_op(xsm_default_t action, struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.dm_op, d);
}
-static inline int xsm_xen_version(xsm_default_t def, uint32_t op)
+static inline int xsm_xen_version(xsm_default_t action, uint32_t op)
{
+ XSM_ASSERT_ACTION(XSM_OTHER);
return alternative_call(xsm_ops.xen_version, op);
}
-static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d)
+static inline int xsm_domain_resource_map(xsm_default_t action,
+ struct domain *d)
{
+ XSM_ASSERT_ACTION(XSM_DM_PRIV);
return alternative_call(xsm_ops.domain_resource_map, d);
}
@@ -598,10 +695,4 @@ static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
#endif /* CONFIG_ARGO */
-#else /* CONFIG_XSM_CONFIGURABLE */
-
-#include <xsm/dummy.h>
-
-#endif /* CONFIG_XSM_CONFIGURABLE */
-
#endif /* __XSM_H */
diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile
index 09b9311b1d..121a0eda7d 100644
--- a/xen/xsm/Makefile
+++ b/xen/xsm/Makefile
@@ -1,6 +1,6 @@
obj-y += xsm_core.o
+obj-y += dummy.o
obj-$(CONFIG_XSM_CONFIGURABLE) += xsm_policy.o
-obj-$(CONFIG_XSM_CONFIGURABLE) += dummy.o
obj-$(CONFIG_XSM_SILO) += silo.o
obj-$(CONFIG_XSM_FLASK) += flask/
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index b848580eaa..e18afe0673 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -10,7 +10,7 @@
* as published by the Free Software Foundation.
*/
-#include <xsm/dummy.h>
+#include "dummy.h"
#define set_to_dummy_if_null(ops, function) \
do { \
diff --git a/xen/xsm/dummy.h b/xen/xsm/dummy.h
new file mode 100644
index 0000000000..b9a7e8c40f
--- /dev/null
+++ b/xen/xsm/dummy.h
@@ -0,0 +1,739 @@
+/*
+ * Default XSM hooks - IS_PRIV and IS_PRIV_FOR checks
+ *
+ * Author: Daniel De Graaf <dgdegra@tyhco.nsa.gov>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ *
+ * Dummy XSM hooks implementing the default access check. Each hook should
+ * have as its first line XSM_DEFAULT_ACTION declaring the privilege level
+ * required for this access.
+ */
+
+#ifndef __XSM_DUMMY_H__
+#define __XSM_DUMMY_H__
+
+#include <xen/sched.h>
+#include <xsm/xsm-core.h>
+#include <public/hvm/params.h>
+
+#define XSM_DEFAULT_ACTION(def) xsm_default_t action = def; (void)action
+
+static always_inline int xsm_default_action(
+ xsm_default_t action, struct domain *src, struct domain *target)
+{
+ switch ( action ) {
+ case XSM_HOOK:
+ return 0;
+ case XSM_TARGET:
+ if ( evaluate_nospec(src == target) )
+ {
+ return 0;
+ case XSM_XS_PRIV:
+ if ( evaluate_nospec(is_xenstore_domain(src)) )
+ return 0;
+ }
+ /* fall through */
+ case XSM_DM_PRIV:
+ if ( target && evaluate_nospec(src->target == target) )
+ return 0;
+ /* fall through */
+ case XSM_PRIV:
+ if ( is_control_domain(src) )
+ return 0;
+ return -EPERM;
+ default:
+ XSM_LINKER_BUG_ON(1);
+ return -EPERM;
+ }
+}
+
+static inline void xsm_security_domaininfo(struct domain *d,
+ struct xen_domctl_getdomaininfo *info)
+{
+ return;
+}
+
+static inline int xsm_domain_create(struct domain *d, uint32_t ssidref)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_getdomaininfo(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_domctl_scheduler_op(struct domain *d, int cmd)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_sysctl_scheduler_op(int cmd)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_set_target(struct domain *d, struct domain *e)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_domctl(struct domain *d, int cmd)
+{
+ XSM_DEFAULT_ACTION(XSM_OTHER);
+ switch ( cmd )
+ {
+ case XEN_DOMCTL_ioport_mapping:
+ case XEN_DOMCTL_memory_mapping:
+ case XEN_DOMCTL_bind_pt_irq:
+ case XEN_DOMCTL_unbind_pt_irq:
+ return xsm_default_action(XSM_DM_PRIV, current->domain, d);
+ case XEN_DOMCTL_getdomaininfo:
+ return xsm_default_action(XSM_XS_PRIV, current->domain, d);
+ default:
+ return xsm_default_action(XSM_PRIV, current->domain, d);
+ }
+}
+
+static inline int xsm_sysctl(int cmd)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_readconsole(uint32_t clear)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_alloc_security_domain(struct domain *d)
+{
+ return 0;
+}
+
+static inline void xsm_free_security_domain(struct domain *d)
+{
+ return;
+}
+
+static inline int xsm_grant_mapref(struct domain *d1, struct domain *d2,
+ uint32_t flags)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_grant_unmapref(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_grant_setup(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_grant_transfer(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_grant_copy(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_grant_query_size(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_memory_exchange(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_memory_adjust_reservation(struct domain *d1,
+ struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_memory_stat_reservation(struct domain *d1,
+ struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_console_io(struct domain *d, int cmd)
+{
+ XSM_DEFAULT_ACTION(XSM_OTHER);
+ if ( d->is_console )
+ return xsm_default_action(XSM_HOOK, d, NULL);
+#ifdef CONFIG_VERBOSE_DEBUG
+ if ( cmd == CONSOLEIO_write )
+ return xsm_default_action(XSM_HOOK, d, NULL);
+#endif
+ return xsm_default_action(XSM_PRIV, d, NULL);
+}
+
+static inline int xsm_profile(struct domain *d, int op)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, d, NULL);
+}
+
+static inline int xsm_kexec(void)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_schedop_shutdown(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+ struct page_info *page)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_claim_pages(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_evtchn_unbound(struct domain *d, struct evtchn *chn,
+ domid_t id2)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_evtchn_interdomain(struct domain *d1,
+ struct evtchn *chan1,
+ struct domain *d2,
+ struct evtchn *chan2)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline void xsm_evtchn_close_post(struct evtchn *chn)
+{
+ return;
+}
+
+static inline int xsm_evtchn_send(struct domain *d, struct evtchn *chn)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, d, NULL);
+}
+
+static inline int xsm_evtchn_status(struct domain *d, struct evtchn *chn)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_evtchn_reset(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_alloc_security_evtchns(struct evtchn chn[],
+ unsigned int nr)
+{
+ return 0;
+}
+
+static inline void xsm_free_security_evtchns(struct evtchn chn[],
+ unsigned int nr)
+{
+ return;
+}
+
+static inline char *xsm_show_security_evtchn(struct domain *d,
+ const struct evtchn *chn)
+{
+ return NULL;
+}
+
+static inline int xsm_init_hardware_domain(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_get_pod_target(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_set_pod_target(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_get_vnumainfo(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, current->domain, d);
+}
+
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
+static inline int xsm_get_device_group(uint32_t machine_bdf)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+#endif /* HAS_PASSTHROUGH && HAS_PCI */
+
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE)
+static inline int xsm_assign_dtdevice(struct domain *d, const char *dtpath)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_deassign_dtdevice(struct domain *d, const char *dtpath)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */
+
+static inline int xsm_resource_plug_core(void)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_resource_unplug_core(void)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_resource_plug_pci(uint32_t machine_bdf)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_resource_unplug_pci(uint32_t machine_bdf)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_resource_setup_pci(uint32_t machine_bdf)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_resource_setup_gsi(int gsi)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_resource_setup_misc(void)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_page_offline(uint32_t cmd)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_hypfs_op(void)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
+{
+ return -ENOSYS;
+}
+
+#ifdef CONFIG_COMPAT
+static inline int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op)
+{
+ return -ENOSYS;
+}
+#endif
+
+static inline char *xsm_show_irq_sid(int irq)
+{
+ return NULL;
+}
+
+static inline int xsm_map_domain_pirq(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_map_domain_irq(struct domain *d, int irq,
+ const void *data)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_unmap_domain_pirq(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_bind_pt_irq(struct domain *d,
+ struct xen_domctl_bind_pt_irq *bind)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_unbind_pt_irq(struct domain *d,
+ struct xen_domctl_bind_pt_irq *bind)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_unmap_domain_irq(struct domain *d, int irq,
+ const void *data)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_irq_permission(struct domain *d, int pirq, uint8_t allow)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_iomem_permission(struct domain *d, uint64_t s, uint64_t e,
+ uint8_t allow)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_iomem_mapping(struct domain *d, uint64_t s, uint64_t e,
+ uint8_t allow)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_pci_config_permission(struct domain *d,
+ uint32_t machine_bdf,
+ uint16_t start, uint16_t end,
+ uint8_t access)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d1, d2);
+}
+
+static inline int xsm_map_gmfn_foreign(struct domain *d, struct domain *t)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d, t);
+}
+
+static inline int xsm_hvm_param(struct domain *d, unsigned long op)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_hvm_control(struct domain *d, unsigned long op)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_hvm_param_altp2mhvm(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_hvm_altp2mhvm_op(struct domain *d, uint64_t mode,
+ uint32_t op)
+{
+ XSM_DEFAULT_ACTION(XSM_OTHER);
+
+ switch ( mode )
+ {
+ case XEN_ALTP2M_mixed:
+ return xsm_default_action(XSM_TARGET, current->domain, d);
+ case XEN_ALTP2M_external:
+ return xsm_default_action(XSM_DM_PRIV, current->domain, d);
+ case XEN_ALTP2M_limited:
+ if ( HVMOP_altp2m_vcpu_enable_notify == op )
+ return xsm_default_action(XSM_TARGET, current->domain, d);
+ return xsm_default_action(XSM_DM_PRIV, current->domain, d);
+ default:
+ return -EPERM;
+ }
+}
+
+static inline int xsm_vm_event_control(struct domain *d, int mode, int op)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+#ifdef CONFIG_MEM_ACCESS
+static inline int xsm_mem_access(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+#endif
+
+#ifdef CONFIG_MEM_PAGING
+static inline int xsm_mem_paging(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+#endif
+
+#ifdef CONFIG_MEM_SHARING
+static inline int xsm_mem_sharing(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+#endif
+
+static inline int xsm_platform_op(uint32_t op)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+#ifdef CONFIG_X86
+static inline int xsm_do_mca(void)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_shadow_control(struct domain *d, uint32_t op)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_mem_sharing_op(struct domain *d, struct domain *cd,
+ int op)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, cd);
+}
+
+static inline int xsm_apic(struct domain *d, int cmd)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, d, NULL);
+}
+
+static inline int xsm_machine_memory_map(void)
+{
+ XSM_DEFAULT_ACTION(XSM_PRIV);
+ return xsm_default_action(action, current->domain, NULL);
+}
+
+static inline int xsm_domain_memory_map(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_mmu_update(struct domain *d, struct domain *t,
+ struct domain *f, uint32_t flags)
+{
+ int rc = 0;
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ if ( f != dom_io )
+ rc = xsm_default_action(action, d, f);
+ if ( evaluate_nospec(t) && !rc )
+ rc = xsm_default_action(action, d, t);
+ return rc;
+}
+
+static inline int xsm_mmuext_op(struct domain *d, struct domain *f)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d, f);
+}
+
+static inline int xsm_update_va_mapping(struct domain *d, struct domain *f,
+ l1_pgentry_t pte)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d, f);
+}
+
+static inline int xsm_priv_mapping(struct domain *d, struct domain *t)
+{
+ XSM_DEFAULT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d, t);
+}
+
+static inline int xsm_ioport_permission(struct domain *d, uint32_t s,
+ uint32_t e, uint8_t allow)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_ioport_mapping(struct domain *d, uint32_t s, uint32_t e,
+ uint8_t allow)
+{
+ XSM_DEFAULT_ACTION(XSM_HOOK);
+ return xsm_default_action(action, current->domain, d);
+}
+
+static inline int xsm_pmu_op(struct domain *d, unsigned int op)
+{
+ XSM_DEFAULT_ACTION(XSM_OTHER);
+ switch ( op )
+ {
+ case XENPMU_init:
+ case XENPMU_finish:
+ case XENPMU_lvtpc_set:
+ case XENPMU_flush:
+ return xsm_default_action(XSM_HOOK, d, current->domain);
+ default:
+ return xsm_default_action(XSM_PRIV, d, current->domain);
+ }
+}
+
+#endif /* CONFIG_X86 */
+
+static inline int xsm_dm_op(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+#ifdef CONFIG_ARGO
+static inline int xsm_argo_enable(const struct domain *d)
+{
+ return 0;
+}
+
+static inline int xsm_argo_register_single_source(const struct domain *d,
+ const struct domain *t)
+{
+ return 0;
+}
+
+static inline int xsm_argo_register_any_source(const struct domain *d)
+{
+ return 0;
+}
+
+static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
+{
+ return 0;
+}
+
+#endif /* CONFIG_ARGO */
+
+#include <public/version.h>
+static inline int xsm_xen_version(uint32_t op)
+{
+ XSM_DEFAULT_ACTION(XSM_OTHER);
+ switch ( op )
+ {
+ case XENVER_version:
+ case XENVER_platform_parameters:
+ case XENVER_get_features:
+ /* These sub-ops ignore the permission checks and return data. */
+ block_speculation();
+ return 0;
+ case XENVER_extraversion:
+ case XENVER_compile_info:
+ case XENVER_capabilities:
+ case XENVER_changeset:
+ case XENVER_pagesize:
+ case XENVER_guest_handle:
+ /* These MUST always be accessible to any guest by default. */
+ return xsm_default_action(XSM_HOOK, current->domain, NULL);
+ default:
+ return xsm_default_action(XSM_PRIV, current->domain, NULL);
+ }
+}
+
+static inline int xsm_domain_resource_map(struct domain *d)
+{
+ XSM_DEFAULT_ACTION(XSM_DM_PRIV);
+ return xsm_default_action(action, current->domain, d);
+}
+
+#endif /* __XSM_DUMMY_H__ */
diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c
index 56a330a831..1bc8277b85 100644
--- a/xen/xsm/silo.c
+++ b/xen/xsm/silo.c
@@ -18,7 +18,7 @@
* this program; If not, see <http://www.gnu.org/licenses/>.
*/
#include <xsm/xsm-core.h>
-#include <xsm/dummy.h>
+#include "dummy.h"
/*
* Check if inter-domain communication is allowed.
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 87c2980459..f899950d67 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -18,8 +18,6 @@
#include <xen/hypercall.h>
#include <xsm/xsm.h>
-#ifdef CONFIG_XSM_CONFIGURABLE
-
#ifdef CONFIG_MULTIBOOT
#include <asm/setup.h>
#endif
@@ -227,8 +225,6 @@ bool __init has_xsm_magic(paddr_t start)
}
#endif
-#endif /* CONFIG_XSM_CONFIGURABLE */
-
long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op)
{
return xsm_do_xsm_op(op);
--
2.20.1
^ permalink raw reply related [flat|nested] 37+ messages in thread
* Re: [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code
2021-09-03 19:06 ` [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code Daniel P. Smith
@ 2021-09-06 15:52 ` Jan Beulich
2021-09-06 16:22 ` Andrew Cooper
0 siblings, 1 reply; 37+ messages in thread
From: Jan Beulich @ 2021-09-06 15:52 UTC (permalink / raw)
To: Daniel P. Smith
Cc: Andrew Cooper, Roger Pau Monné,
Stefano Stabellini, Julien Grall, Volodymyr Babchuk,
Bob Eshleman, Alistair Francis, Connor Davis, George Dunlap,
Ian Jackson, Wei Liu, xen-devel
On 03.09.2021 21:06, Daniel P. Smith wrote:
> --- /dev/null
> +++ b/xen/include/xen/alternative-call.h
> @@ -0,0 +1,63 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef XEN_ALTERNATIVE_CALL
> +#define XEN_ALTERNATIVE_CALL
> +
> +/*
> + * Some subsystems in Xen may have multiple implementions, which can be
> + * resolved to a single implementation at boot time. By default, this will
> + * result in the use of function pointers.
> + *
> + * Some architectures may have mechanisms for dynamically modifying .text.
> + * Using this mechnaism, function pointers can be converted to direct calls
> + * which are typically more efficient at runtime.
> + *
> + * For architectures to support:
> + *
> + * - Implement alternative_{,v}call() in asm/alternative.h. Code generation
> + * requirements are to emit a function pointer call at build time, and stash
> + * enough metadata to simplify the call at boot once the implementation has
> + * been resolved.
> + * - Select ALTERNATIVE_CALL in Kconfig.
> + *
> + * To use:
> + *
> + * Consider the following simplified example.
> + *
> + * 1) struct foo_ops __alt_call_maybe_initdata ops;
> + *
> + * 2) const struct foo_ops __initconst foo_a_ops = { ... };
> + * const struct foo_ops __initconst foo_b_ops = { ... };
> + *
> + * void foo_init(void)
> + * {
> + * ...
> + * if ( use_impl_a )
> + * ops = *foo_a_ops;
> + * else if ( use_impl_b )
> + * ops = *foo_b_ops;
> + * ...
> + * }
> + *
> + * 3) alternative_call(ops.bar, ...);
> + *
> + * There needs to a single ops object (1) which will eventually contain the
> + * function pointers. This should be populated in foo's init() function (2)
> + * by one of the available implementations. To call functions, use
> + * alternative_{,v}call() referencing the main ops object (3).
> + */
> +
> +#ifdef CONFIG_ALTERNATIVE_CALL
> +
> +#include <asm/alternative.h>
> +
> +#define __alt_call_maybe_initdata __initdata
My v3 comment here was:
"I think it wants (needs) clarifying that this may only be used if
the ops object is used exclusively in alternative_{,v}call()
instances (besides the original assignments to it, of course)."
I realize this was slightly too strict, as other uses from .init.*
are of course also okay, but I continue to think that - in
particular with the example using it - there should be a warning
about this possible pitfall. Or am I merely unable to spot the
wording change somewhere in the comment?
Jan
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code
2021-09-06 15:52 ` Jan Beulich
@ 2021-09-06 16:22 ` Andrew Cooper
2021-09-07 6:00 ` Jan Beulich
0 siblings, 1 reply; 37+ messages in thread
From: Andrew Cooper @ 2021-09-06 16:22 UTC (permalink / raw)
To: Jan Beulich, Daniel P. Smith
Cc: Roger Pau Monné,
Stefano Stabellini, Julien Grall, Volodymyr Babchuk,
Bob Eshleman, Alistair Francis, Connor Davis, George Dunlap,
Ian Jackson, Wei Liu, xen-devel
On 06/09/2021 16:52, Jan Beulich wrote:
> On 03.09.2021 21:06, Daniel P. Smith wrote:
>> --- /dev/null
>> +++ b/xen/include/xen/alternative-call.h
>> @@ -0,0 +1,63 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +#ifndef XEN_ALTERNATIVE_CALL
>> +#define XEN_ALTERNATIVE_CALL
>> +
>> +/*
>> + * Some subsystems in Xen may have multiple implementions, which can be
>> + * resolved to a single implementation at boot time. By default, this will
>> + * result in the use of function pointers.
>> + *
>> + * Some architectures may have mechanisms for dynamically modifying .text.
>> + * Using this mechnaism, function pointers can be converted to direct calls
>> + * which are typically more efficient at runtime.
>> + *
>> + * For architectures to support:
>> + *
>> + * - Implement alternative_{,v}call() in asm/alternative.h. Code generation
>> + * requirements are to emit a function pointer call at build time, and stash
>> + * enough metadata to simplify the call at boot once the implementation has
>> + * been resolved.
>> + * - Select ALTERNATIVE_CALL in Kconfig.
>> + *
>> + * To use:
>> + *
>> + * Consider the following simplified example.
>> + *
>> + * 1) struct foo_ops __alt_call_maybe_initdata ops;
>> + *
>> + * 2) const struct foo_ops __initconst foo_a_ops = { ... };
>> + * const struct foo_ops __initconst foo_b_ops = { ... };
>> + *
>> + * void foo_init(void)
>> + * {
>> + * ...
>> + * if ( use_impl_a )
>> + * ops = *foo_a_ops;
>> + * else if ( use_impl_b )
>> + * ops = *foo_b_ops;
>> + * ...
>> + * }
>> + *
>> + * 3) alternative_call(ops.bar, ...);
>> + *
>> + * There needs to a single ops object (1) which will eventually contain the
>> + * function pointers. This should be populated in foo's init() function (2)
>> + * by one of the available implementations. To call functions, use
>> + * alternative_{,v}call() referencing the main ops object (3).
>> + */
>> +
>> +#ifdef CONFIG_ALTERNATIVE_CALL
>> +
>> +#include <asm/alternative.h>
>> +
>> +#define __alt_call_maybe_initdata __initdata
> My v3 comment here was:
>
> "I think it wants (needs) clarifying that this may only be used if
> the ops object is used exclusively in alternative_{,v}call()
> instances (besides the original assignments to it, of course)."
>
> I realize this was slightly too strict, as other uses from .init.*
> are of course also okay, but I continue to think that - in
> particular with the example using it - there should be a warning
> about this possible pitfall. Or am I merely unable to spot the
> wording change somewhere in the comment?
Such a comment is utterly pointless. initdata has a well known meaning,
and a comment warning about the effects of it is just teaching
developers to suck eggs[1]
~Andrew
[1] For the non-english speakers,
https://en.wikipedia.org/wiki/Teaching_grandmother_to_suck_eggs
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 02/11] xsm: remove the ability to disable flask
2021-09-03 19:06 ` [PATCH v4 02/11] xsm: remove the ability to disable flask Daniel P. Smith
@ 2021-09-06 17:56 ` Andrew Cooper
0 siblings, 0 replies; 37+ messages in thread
From: Andrew Cooper @ 2021-09-06 17:56 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel
Cc: George Dunlap, Ian Jackson, Jan Beulich, Julien Grall,
Stefano Stabellini, Wei Liu, Daniel De Graaf
On 03/09/2021 20:06, Daniel P. Smith wrote:
> On Linux when SELinux is put into permissive mode the descretionary access
> controls are still in place. Whereas for Xen when the enforcing state of flask
> is set to permissive, all operations for all domains would succeed, i.e. it
> does not fall back to the default access controls. To provide a means to mimic
> a similar but not equivalent behavior, a flask op is present to allow a
> one-time switch back to the default access controls, aka the "dummy policy".
>
> While this may be desirable for an OS, Xen is a hypervisor and should not allow
> the switching of which security policy framework is being enforced after boot.
> This patch removes the flask op to enforce the desired XSM usage model
> requiring a reboot of Xen to change the XSM policy module in use.
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 03/11] xsm: drop dubious xsm_op_t type
2021-09-03 19:06 ` [PATCH v4 03/11] xsm: drop dubious xsm_op_t type Daniel P. Smith
@ 2021-09-06 18:00 ` Andrew Cooper
0 siblings, 0 replies; 37+ messages in thread
From: Andrew Cooper @ 2021-09-06 18:00 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel
Cc: George Dunlap, Ian Jackson, Jan Beulich, Julien Grall,
Stefano Stabellini, Wei Liu, Daniel De Graaf
On 03/09/2021 20:06, Daniel P. Smith wrote:
> The type xsm_op_t masks the use of void pointers. This commit drops the xsm_op_t type and
> replaces it and all its uses with an explicit void.
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
HYPERCALL_xsm_op really ought to be renamed to reflect the reality that
it is "flask op" and we cannot possibly reuse it for other XSM modules,
but that can be added to the todo list.
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 04/11] xsm: apply coding style
2021-09-03 19:06 ` [PATCH v4 04/11] xsm: apply coding style Daniel P. Smith
@ 2021-09-06 18:17 ` Andrew Cooper
2021-09-07 13:41 ` Daniel P. Smith
0 siblings, 1 reply; 37+ messages in thread
From: Andrew Cooper @ 2021-09-06 18:17 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
On 03/09/2021 20:06, Daniel P. Smith wrote:
> Instead of intermixing coding style changes with code changes as they
> are come upon in this patch set, moving all coding style changes
> into a single commit. The focus of coding style changes here are,
>
> - move trailing comments to line above
> - ensuring line length does not exceed 80 chars
> - ensuring proper indentation for 80 char wrapping
> - covert u32 type statements to uint32_t
> - remove space between closing and opening parens
> - drop extern on function declarations
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> ---
> xen/include/xsm/dummy.h | 173 +++++++++-----
> xen/include/xsm/xsm.h | 494 ++++++++++++++++++++++------------------
> xen/xsm/xsm_core.c | 4 +-
> 3 files changed, 389 insertions(+), 282 deletions(-)
>
> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
> index 214b5408b1..deaf23035e 100644
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -69,8 +69,9 @@ void __xsm_action_mismatch_detected(void);
>
> #endif /* CONFIG_XSM */
>
> -static always_inline int xsm_default_action(
> - xsm_default_t action, struct domain *src, struct domain *target)
> +static always_inline int xsm_default_action(xsm_default_t action,
> + struct domain *src,
> + struct domain *target)
The old code is correct. We have plenty of examples of this in Xen, and
I have been adding new ones when appropriate.
It avoids squashing everything on the RHS and ballooning the line count
to compensate. (This isn't a particularly bad example, but we've had
worse cases in the past).
> {
> switch ( action ) {
> case XSM_HOOK:
> @@ -99,12 +100,13 @@ static always_inline int xsm_default_action(
> }
>
> static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
> - struct xen_domctl_getdomaininfo *info)
> + struct xen_domctl_getdomaininfo *info)
This doesn't match any styles I'm aware of. Either struct domain on the
new line, or the two structs vertically aligned.
It more obviously highlights why squashing all parameters on the RHS is
a bad move.
> @@ -291,37 +307,41 @@ static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
> return;
> }
>
> -static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn)
> +static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d,
> + struct evtchn *chn)
> {
> XSM_ASSERT_ACTION(XSM_HOOK);
> return xsm_default_action(action, d, NULL);
> }
>
> -static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn)
> +static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d,
> + struct evtchn *chn)
> {
> XSM_ASSERT_ACTION(XSM_TARGET);
> return xsm_default_action(action, current->domain, d);
> }
>
> -static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
> +static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1,
> + struct domain *d2)
> {
> XSM_ASSERT_ACTION(XSM_TARGET);
> return xsm_default_action(action, d1, d2);
> }
>
> -static XSM_INLINE int xsm_alloc_security_evtchns(
> - struct evtchn chn[], unsigned int nr)
> +static XSM_INLINE int xsm_alloc_security_evtchns(struct evtchn chn[],
> + unsigned int nr)
I maintain that this was correct before.
> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index 9872bae502..8878281eae 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -19,7 +19,7 @@
> #include <xen/multiboot.h>
>
> /* policy magic number (defined by XSM_MAGIC) */
> -typedef u32 xsm_magic_t;
> +typedef uint32_t xsm_magic_t;
>
> #ifdef CONFIG_XSM_FLASK
> #define XSM_MAGIC 0xf97cff8c
> @@ -31,158 +31,171 @@ typedef u32 xsm_magic_t;
> * default actions of XSM hooks. They should be compiled out otherwise.
> */
> enum xsm_default {
> - XSM_HOOK, /* Guests can normally access the hypercall */
> - XSM_DM_PRIV, /* Device model can perform on its target domain */
> - XSM_TARGET, /* Can perform on self or your target domain */
> - XSM_PRIV, /* Privileged - normally restricted to dom0 */
> - XSM_XS_PRIV, /* Xenstore domain - can do some privileged operations */
> - XSM_OTHER /* Something more complex */
> + /* Guests can normally access the hypercall */
> + XSM_HOOK,
> + /* Device model can perform on its target domain */
> + XSM_DM_PRIV,
> + /* Can perform on self or your target domain */
> + XSM_TARGET,
> + /* Privileged - normally restricted to dom0 */
> + XSM_PRIV,
> + /* Xenstore domain - can do some privileged operations */
> + XSM_XS_PRIV,
> + /* Something more complex */
> + XSM_OTHER
> };
Why? This takes a table which was unambiguous to read, and makes it
ambiguous at a glance. You want either no change at all, or blank lines
between comment/constant pairs so you don't need to read to either end
to figure out how to parse the comments.
~Andrew
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 05/11] xsm: refactor xsm_ops handling
2021-09-03 19:06 ` [PATCH v4 05/11] xsm: refactor xsm_ops handling Daniel P. Smith
@ 2021-09-06 18:31 ` Andrew Cooper
2021-09-07 13:44 ` Daniel P. Smith
0 siblings, 1 reply; 37+ messages in thread
From: Andrew Cooper @ 2021-09-06 18:31 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
On 03/09/2021 20:06, Daniel P. Smith wrote:
> This renames the `struct xsm_operations` to the shorter `struct xsm_ops` and
> converts the global xsm_ops from being a pointer to an explicit instance. As
> part of this conversion, it reworks the XSM modules init function to return
> their xsm_ops struct which is copied in to the global xsm_ops instance.
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
However, some suggestions...
> diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
> index 55483292c5..859af3fe9a 100644
> --- a/xen/xsm/xsm_core.c
> +++ b/xen/xsm/xsm_core.c
> @@ -28,9 +28,17 @@
> #include <asm/setup.h>
> #endif
>
> -#define XSM_FRAMEWORK_VERSION "1.0.0"
> +#define XSM_FRAMEWORK_VERSION "1.0.1"
>
> -struct xsm_operations *xsm_ops;
> +struct xsm_ops __read_mostly xsm_ops;
> +
> +enum xsm_ops_state {
> + XSM_OPS_UNREGISTERED,
> + XSM_OPS_REG_FAILED,
> + XSM_OPS_REGISTERED,
> +};
> +
> +static enum xsm_ops_state xsm_ops_registered = XSM_OPS_UNREGISTERED;
__read_mostly, or can this be __initdata ?
> @@ -87,25 +88,35 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
> }
> #endif
>
> - if ( verify(&dummy_xsm_ops) )
> + if ( xsm_ops_registered != XSM_OPS_UNREGISTERED )
> {
> - printk(XENLOG_ERR "Could not verify dummy_xsm_ops structure\n");
> + printk(XENLOG_ERR
> + "Could not init XSM, xsm_ops register already attempted\n");
> return -EIO;
> }
>
> - xsm_ops = &dummy_xsm_ops;
> -
> switch ( xsm_bootparam )
> {
> case XSM_BOOTPARAM_DUMMY:
> + xsm_ops_registered = XSM_OPS_REGISTERED;
> break;
>
> case XSM_BOOTPARAM_FLASK:
> - flask_init(policy_buffer, policy_size);
> + ops = flask_init(policy_buffer, policy_size);
> + if ( ops )
> + {
> + xsm_ops_registered = XSM_OPS_REGISTERED;
> + xsm_ops = *ops;
> + }
> break;
>
> case XSM_BOOTPARAM_SILO:
> - silo_init();
> + ops = silo_init();
> + if ( ops )
> + {
> + xsm_ops_registered = XSM_OPS_REGISTERED;
> + xsm_ops = *ops;
> + }
This if ( ops ) block can be deduplicated by moving after the switch()
statement. It's going to be common to all everything except dummy.
~Andrew
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 07/11] xsm: decouple xsm header inclusion selection
2021-09-03 19:06 ` [PATCH v4 07/11] xsm: decouple xsm header inclusion selection Daniel P. Smith
@ 2021-09-06 18:47 ` Andrew Cooper
2021-09-07 13:52 ` Daniel P. Smith
0 siblings, 1 reply; 37+ messages in thread
From: Andrew Cooper @ 2021-09-06 18:47 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
On 03/09/2021 20:06, Daniel P. Smith wrote:
> diff --git a/xen/include/xsm/xsm-core.h b/xen/include/xsm/xsm-core.h
> new file mode 100644
> index 0000000000..4555e111dc
> --- /dev/null
> +++ b/xen/include/xsm/xsm-core.h
> @@ -0,0 +1,274 @@
> +/*
> + * This file contains the XSM hook definitions for Xen.
> + *
> + * This work is based on the LSM implementation in Linux 2.6.13.4.
> + *
> + * Author: George Coker, <gscoker@alpha.ncsc.mil>
> + *
> + * Contributors: Michael LeMay, <mdlemay@epoch.ncsc.mil>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2,
> + * as published by the Free Software Foundation.
> + */
> +
> +#ifndef __XSM_CORE_H__
> +#define __XSM_CORE_H__
> +
> +#include <xen/sched.h>
> +#include <xen/multiboot.h>
> +
> +/* policy magic number (defined by XSM_MAGIC) */
> +typedef uint32_t xsm_magic_t;
> +
> +#ifdef CONFIG_XSM_FLASK
> +#define XSM_MAGIC 0xf97cff8c
> +#else
> +#define XSM_MAGIC 0x0
> +#endif
Eww. I know you're only moving code, but this construct is broken
(right from XSM's introduction in c/s d046f361dc937), and creates a
fairly-severe bug.
It causes xsm_multiboot_policy_init() to malfunction and accept a module
which starts with 4 zeroes, rather than the flask magic number. The one
caller is suitably guarded so this is only a latent bug right now, but I
don't think we could credibly security support the code without this
being fixed. (Again - fine to add to the todo list. I know there's
loads to do)
> +
> +/* These annotations are used by callers and in dummy.h to document the
> + * default actions of XSM hooks. They should be compiled out otherwise.
> + */
For the coding style patch, this should be
/*
* These ...
> +#ifdef CONFIG_XSM
> +
> +#ifdef CONFIG_MULTIBOOT
> +int xsm_multiboot_init(unsigned long *module_map,
> + const multiboot_info_t *mbi);
> +int xsm_multiboot_policy_init(unsigned long *module_map,
> + const multiboot_info_t *mbi,
> + void **policy_buffer,
> + size_t *policy_size);
> +#endif
> +
> +#ifdef CONFIG_HAS_DEVICE_TREE
> +/*
> + * Initialize XSM
> + *
> + * On success, return 1 if using SILO mode else 0.
> + */
> +int xsm_dt_init(void);
> +int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size);
> +bool has_xsm_magic(paddr_t);
> +#endif
> +
> +#ifdef CONFIG_XSM_FLASK
> +const struct xsm_ops *flask_init(const void *policy_buffer,
> + size_t policy_size);
> +#else
> +static inline const struct xsm_ops *flask_init(const void *policy_buffer,
> + size_t policy_size)
> +{
> + return NULL;
> +}
> +#endif
> +
> +#ifdef CONFIG_XSM_SILO
> +const struct xsm_ops *silo_init(void);
> +#else
> +static const inline struct xsm_ops *silo_init(void)
> +{
> + return NULL;
> +}
> +#endif
> +
> +#else /* CONFIG_XSM */
> +
> +#ifdef CONFIG_MULTIBOOT
> +static inline int xsm_multiboot_init(unsigned long *module_map,
> + const multiboot_info_t *mbi)
> +{
> + return 0;
> +}
> +#endif
> +
> +#ifdef CONFIG_HAS_DEVICE_TREE
> +static inline int xsm_dt_init(void)
> +{
> + return 0;
> +}
> +
> +static inline bool has_xsm_magic(paddr_t start)
> +{
> + return false;
> +}
> +#endif /* CONFIG_HAS_DEVICE_TREE */
Shouldn't this be an #ifndef CONFIG_HAS_DEVICE_TREE ?
And the answer is no because of the #else /* CONFIG_XSM */ higher up,
but it is incredibly deceptive to read.
I think this logic would be far easier to follow as:
#if IS_ENABLED(CONFIG_XSM) && IS_ENABLED(CONFIG_MULTIBOOT)
...
#else
...
#endif
etc.
rather than having two separate #ifdef CONFIG_MULTIBOOT blocks doing
opposite things due to the position of intermixed #ifdef CONFIG_XSM.
~Andrew
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 09/11] silo: remove circular xsm hook call
2021-09-03 19:06 ` [PATCH v4 09/11] silo: remove circular xsm hook call Daniel P. Smith
@ 2021-09-06 18:55 ` Andrew Cooper
2021-09-07 14:00 ` Daniel P. Smith
2021-09-09 15:45 ` Jan Beulich
1 sibling, 1 reply; 37+ messages in thread
From: Andrew Cooper @ 2021-09-06 18:55 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
On 03/09/2021 20:06, Daniel P. Smith wrote:
> SILO implements a few XSM hooks to extended the decision logic beyond
> what is defined in the dummy/default policy. For each of the hooks, it
> falls back to the dummy/default policy. The fall back is done a slight
> round-about way.
"done in a slightly" ?
> This commit makes the direct call to the default policy's
> logic, xsm_default_action().
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> ---
> xen/xsm/silo.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c
> index 6db793f35c..56a330a831 100644
> --- a/xen/xsm/silo.c
> +++ b/xen/xsm/silo.c
> @@ -17,6 +17,7 @@
> * You should have received a copy of the GNU General Public License along with
> * this program; If not, see <http://www.gnu.org/licenses/>.
> */
> +#include <xsm/xsm-core.h>
> #include <xsm/dummy.h>
>
> /*
> @@ -43,7 +44,7 @@ static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn,
> else
> {
> if ( silo_mode_dom_check(d1, d2) )
> - rc = xsm_evtchn_unbound(d1, chn, id2);
> + rc = xsm_default_action(XSM_TARGET, current->domain, d1);
> rcu_unlock_domain(d2);
> }
>
> @@ -54,7 +55,7 @@ static int silo_evtchn_interdomain(struct domain *d1, struct evtchn *chan1,
> struct domain *d2, struct evtchn *chan2)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_evtchn_interdomain(d1, chan1, d2, chan2);
> + return xsm_default_action(XSM_HOOK, d1, d2);
> return -EPERM;
> }
>
> @@ -62,21 +63,21 @@ static int silo_grant_mapref(struct domain *d1, struct domain *d2,
> uint32_t flags)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_grant_mapref(d1, d2, flags);
> + return xsm_default_action(XSM_HOOK, d1, d2);
> return -EPERM;
> }
>
> static int silo_grant_transfer(struct domain *d1, struct domain *d2)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_grant_transfer(d1, d2);
> + return xsm_default_action(XSM_HOOK, d1, d2);
> return -EPERM;
> }
>
> static int silo_grant_copy(struct domain *d1, struct domain *d2)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_grant_copy(d1, d2);
> + return xsm_default_action(XSM_HOOK, d1, d2);
> return -EPERM;
> }
>
> @@ -86,14 +87,14 @@ static int silo_argo_register_single_source(const struct domain *d1,
> const struct domain *d2)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_argo_register_single_source(d1, d2);
> + return 0;
> return -EPERM;
> }
>
> static int silo_argo_send(const struct domain *d1, const struct domain *d2)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_argo_send(d1, d2);
> + return 0;
Shouldn't these be XSM_HOOK too? Or should all other XSM_HOOK's be
short-circuted to 0?
The asymmetry here seems weird.
~Andrew
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 11/11] xsm: remove alternate xsm hook interface
2021-09-03 19:06 ` [PATCH v4 11/11] xsm: remove alternate xsm hook interface Daniel P. Smith
@ 2021-09-06 19:18 ` Andrew Cooper
2021-09-07 14:03 ` Daniel P. Smith
0 siblings, 1 reply; 37+ messages in thread
From: Andrew Cooper @ 2021-09-06 19:18 UTC (permalink / raw)
To: Daniel P. Smith, xen-devel; +Cc: Daniel De Graaf
On 03/09/2021 20:06, Daniel P. Smith wrote:
> -static inline int xsm_memtype(xsm_default_t def, uint32_t access)
> +#if 0
> +/* Could not find any usages */
> +static inline int xsm_memtype(xsm_default_t action, uint32_t access)
> {
> return alternative_call(xsm_ops.memtype, access);
> }
> +#endif
There wants to be an earlier patch deleting dead code. We don't want to
retain this if-0'd out.
> diff --git a/xen/xsm/dummy.h b/xen/xsm/dummy.h
> new file mode 100644
> index 0000000000..b9a7e8c40f
> --- /dev/null
> +++ b/xen/xsm/dummy.h
> @@ -0,0 +1,739 @@
> +/*
> + * Default XSM hooks - IS_PRIV and IS_PRIV_FOR checks
> + *
> + * Author: Daniel De Graaf <dgdegra@tyhco.nsa.gov>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2,
> + * as published by the Free Software Foundation.
> + *
> + *
> + * Dummy XSM hooks implementing the default access check. Each hook should
> + * have as its first line XSM_DEFAULT_ACTION declaring the privilege level
> + * required for this access.
> + */
> +
> +#ifndef __XSM_DUMMY_H__
> +#define __XSM_DUMMY_H__
> +
> +#include <xen/sched.h>
> +#include <xsm/xsm-core.h>
> +#include <public/hvm/params.h>
> +
> +#define XSM_DEFAULT_ACTION(def) xsm_default_t action = def; (void)action
> +
> +static always_inline int xsm_default_action(
> + xsm_default_t action, struct domain *src, struct domain *target)
> +{
> + switch ( action ) {
Either here (because you're moving code), or in the style fix, the brace
wants to be on the next line.
~Andrew
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code
2021-09-06 16:22 ` Andrew Cooper
@ 2021-09-07 6:00 ` Jan Beulich
2021-09-07 13:07 ` Daniel P. Smith
0 siblings, 1 reply; 37+ messages in thread
From: Jan Beulich @ 2021-09-07 6:00 UTC (permalink / raw)
To: Andrew Cooper, Daniel P. Smith
Cc: Roger Pau Monné,
Stefano Stabellini, Julien Grall, Volodymyr Babchuk,
Bob Eshleman, Alistair Francis, Connor Davis, George Dunlap,
Ian Jackson, Wei Liu, xen-devel
On 06.09.2021 18:22, Andrew Cooper wrote:
> On 06/09/2021 16:52, Jan Beulich wrote:
>> On 03.09.2021 21:06, Daniel P. Smith wrote:
>>> --- /dev/null
>>> +++ b/xen/include/xen/alternative-call.h
>>> @@ -0,0 +1,63 @@
>>> +/* SPDX-License-Identifier: GPL-2.0 */
>>> +#ifndef XEN_ALTERNATIVE_CALL
>>> +#define XEN_ALTERNATIVE_CALL
>>> +
>>> +/*
>>> + * Some subsystems in Xen may have multiple implementions, which can be
>>> + * resolved to a single implementation at boot time. By default, this will
>>> + * result in the use of function pointers.
>>> + *
>>> + * Some architectures may have mechanisms for dynamically modifying .text.
>>> + * Using this mechnaism, function pointers can be converted to direct calls
>>> + * which are typically more efficient at runtime.
>>> + *
>>> + * For architectures to support:
>>> + *
>>> + * - Implement alternative_{,v}call() in asm/alternative.h. Code generation
>>> + * requirements are to emit a function pointer call at build time, and stash
>>> + * enough metadata to simplify the call at boot once the implementation has
>>> + * been resolved.
>>> + * - Select ALTERNATIVE_CALL in Kconfig.
>>> + *
>>> + * To use:
>>> + *
>>> + * Consider the following simplified example.
>>> + *
>>> + * 1) struct foo_ops __alt_call_maybe_initdata ops;
>>> + *
>>> + * 2) const struct foo_ops __initconst foo_a_ops = { ... };
>>> + * const struct foo_ops __initconst foo_b_ops = { ... };
>>> + *
>>> + * void foo_init(void)
>>> + * {
>>> + * ...
>>> + * if ( use_impl_a )
>>> + * ops = *foo_a_ops;
>>> + * else if ( use_impl_b )
>>> + * ops = *foo_b_ops;
>>> + * ...
>>> + * }
>>> + *
>>> + * 3) alternative_call(ops.bar, ...);
>>> + *
>>> + * There needs to a single ops object (1) which will eventually contain the
>>> + * function pointers. This should be populated in foo's init() function (2)
>>> + * by one of the available implementations. To call functions, use
>>> + * alternative_{,v}call() referencing the main ops object (3).
>>> + */
>>> +
>>> +#ifdef CONFIG_ALTERNATIVE_CALL
>>> +
>>> +#include <asm/alternative.h>
>>> +
>>> +#define __alt_call_maybe_initdata __initdata
>> My v3 comment here was:
>>
>> "I think it wants (needs) clarifying that this may only be used if
>> the ops object is used exclusively in alternative_{,v}call()
>> instances (besides the original assignments to it, of course)."
>>
>> I realize this was slightly too strict, as other uses from .init.*
>> are of course also okay, but I continue to think that - in
>> particular with the example using it - there should be a warning
>> about this possible pitfall. Or am I merely unable to spot the
>> wording change somewhere in the comment?
>
> Such a comment is utterly pointless. initdata has a well known meaning,
> and a comment warning about the effects of it is just teaching
> developers to suck eggs[1]
Well, okay then - at least the definition of __alt_call_maybe_initdata
isn't far away from the comment. (What I'm not convinced of is that
people knowing __initdata's meaning necessarily need to correctly
infer __alt_call_maybe_initdata's.)
Two other observations about the comment though, which I'd like to be
taken care of (perhaps while committing):
- __initconst wants to become __initconstrel.
- foo_init(), seeing that there are section annotations elsewhere,
wants to be marked __init.
Then
Acked-by: Jan Beulich <jbeulich@suse.com>
Daniel, you having made changes (even if just minor ones) imo requires
you S-o-b on the patch alongside Andrew's.
Jan
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code
2021-09-07 6:00 ` Jan Beulich
@ 2021-09-07 13:07 ` Daniel P. Smith
0 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-07 13:07 UTC (permalink / raw)
To: Jan Beulich, Andrew Cooper
Cc: Roger Pau Monné,
Stefano Stabellini, Julien Grall, Volodymyr Babchuk,
Bob Eshleman, Alistair Francis, Connor Davis, George Dunlap,
Ian Jackson, Wei Liu, xen-devel
On 9/7/21 2:00 AM, Jan Beulich wrote:
> On 06.09.2021 18:22, Andrew Cooper wrote:
>> On 06/09/2021 16:52, Jan Beulich wrote:
>>> On 03.09.2021 21:06, Daniel P. Smith wrote:
>>>> --- /dev/null
>>>> +++ b/xen/include/xen/alternative-call.h
>>>> @@ -0,0 +1,63 @@
>>>> +/* SPDX-License-Identifier: GPL-2.0 */
>>>> +#ifndef XEN_ALTERNATIVE_CALL
>>>> +#define XEN_ALTERNATIVE_CALL
>>>> +
>>>> +/*
>>>> + * Some subsystems in Xen may have multiple implementions, which can be
>>>> + * resolved to a single implementation at boot time. By default, this will
>>>> + * result in the use of function pointers.
>>>> + *
>>>> + * Some architectures may have mechanisms for dynamically modifying .text.
>>>> + * Using this mechnaism, function pointers can be converted to direct calls
>>>> + * which are typically more efficient at runtime.
>>>> + *
>>>> + * For architectures to support:
>>>> + *
>>>> + * - Implement alternative_{,v}call() in asm/alternative.h. Code generation
>>>> + * requirements are to emit a function pointer call at build time, and stash
>>>> + * enough metadata to simplify the call at boot once the implementation has
>>>> + * been resolved.
>>>> + * - Select ALTERNATIVE_CALL in Kconfig.
>>>> + *
>>>> + * To use:
>>>> + *
>>>> + * Consider the following simplified example.
>>>> + *
>>>> + * 1) struct foo_ops __alt_call_maybe_initdata ops;
>>>> + *
>>>> + * 2) const struct foo_ops __initconst foo_a_ops = { ... };
>>>> + * const struct foo_ops __initconst foo_b_ops = { ... };
>>>> + *
>>>> + * void foo_init(void)
>>>> + * {
>>>> + * ...
>>>> + * if ( use_impl_a )
>>>> + * ops = *foo_a_ops;
>>>> + * else if ( use_impl_b )
>>>> + * ops = *foo_b_ops;
>>>> + * ...
>>>> + * }
>>>> + *
>>>> + * 3) alternative_call(ops.bar, ...);
>>>> + *
>>>> + * There needs to a single ops object (1) which will eventually contain the
>>>> + * function pointers. This should be populated in foo's init() function (2)
>>>> + * by one of the available implementations. To call functions, use
>>>> + * alternative_{,v}call() referencing the main ops object (3).
>>>> + */
>>>> +
>>>> +#ifdef CONFIG_ALTERNATIVE_CALL
>>>> +
>>>> +#include <asm/alternative.h>
>>>> +
>>>> +#define __alt_call_maybe_initdata __initdata
>>> My v3 comment here was:
>>>
>>> "I think it wants (needs) clarifying that this may only be used if
>>> the ops object is used exclusively in alternative_{,v}call()
>>> instances (besides the original assignments to it, of course)."
>>>
>>> I realize this was slightly too strict, as other uses from .init.*
>>> are of course also okay, but I continue to think that - in
>>> particular with the example using it - there should be a warning
>>> about this possible pitfall. Or am I merely unable to spot the
>>> wording change somewhere in the comment?
>>
>> Such a comment is utterly pointless. initdata has a well known meaning,
>> and a comment warning about the effects of it is just teaching
>> developers to suck eggs[1]
>
> Well, okay then - at least the definition of __alt_call_maybe_initdata
> isn't far away from the comment. (What I'm not convinced of is that
> people knowing __initdata's meaning necessarily need to correctly
> infer __alt_call_maybe_initdata's.)
>
> Two other observations about the comment though, which I'd like to be
> taken care of (perhaps while committing):
>
> - __initconst wants to become __initconstrel.
> - foo_init(), seeing that there are section annotations elsewhere,
> wants to be marked __init.
>
> Then
> Acked-by: Jan Beulich <jbeulich@suse.com>
>
> Daniel, you having made changes (even if just minor ones) imo requires
> you S-o-b on the patch alongside Andrew's.
Ack, I realized after sending I didn't SoB it, my apologies on that.
v/r,
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 04/11] xsm: apply coding style
2021-09-06 18:17 ` Andrew Cooper
@ 2021-09-07 13:41 ` Daniel P. Smith
2021-09-07 13:50 ` Jan Beulich
0 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-07 13:41 UTC (permalink / raw)
To: Andrew Cooper, xen-devel; +Cc: Daniel De Graaf
On 9/6/21 2:17 PM, Andrew Cooper wrote:
> On 03/09/2021 20:06, Daniel P. Smith wrote:
>> Instead of intermixing coding style changes with code changes as they
>> are come upon in this patch set, moving all coding style changes
>> into a single commit. The focus of coding style changes here are,
>>
>> - move trailing comments to line above
>> - ensuring line length does not exceed 80 chars
>> - ensuring proper indentation for 80 char wrapping
>> - covert u32 type statements to uint32_t
>> - remove space between closing and opening parens
>> - drop extern on function declarations
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
>> ---
>> xen/include/xsm/dummy.h | 173 +++++++++-----
>> xen/include/xsm/xsm.h | 494 ++++++++++++++++++++++------------------
>> xen/xsm/xsm_core.c | 4 +-
>> 3 files changed, 389 insertions(+), 282 deletions(-)
>>
>> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
>> index 214b5408b1..deaf23035e 100644
>> --- a/xen/include/xsm/dummy.h
>> +++ b/xen/include/xsm/dummy.h
>> @@ -69,8 +69,9 @@ void __xsm_action_mismatch_detected(void);
>>
>> #endif /* CONFIG_XSM */
>>
>> -static always_inline int xsm_default_action(
>> - xsm_default_t action, struct domain *src, struct domain *target)
>> +static always_inline int xsm_default_action(xsm_default_t action,
>> + struct domain *src,
>> + struct domain *target)
>
> The old code is correct. We have plenty of examples of this in Xen, and
> I have been adding new ones when appropriate.
>
> It avoids squashing everything on the RHS and ballooning the line count
> to compensate. (This isn't a particularly bad example, but we've had
> worse cases in the past).
Based on the past discussions I understood either is acceptable and find
this version much easier to visually parse myself. With that said, if
the "next line single indent" really is the preferred style by the
maintainers/community, then I can convert all of these over.
>> {
>> switch ( action ) {
>> case XSM_HOOK:
>> @@ -99,12 +100,13 @@ static always_inline int xsm_default_action(
>> }
>>
>> static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
>> - struct xen_domctl_getdomaininfo *info)
>> + struct xen_domctl_getdomaininfo *info)
>
> This doesn't match any styles I'm aware of. Either struct domain on the
> new line, or the two structs vertically aligned.
>
> It more obviously highlights why squashing all parameters on the RHS is
> a bad move.
Apologies I let one slip through, though going through over 80-some
function defs trying to make sure they are all aligned and missing one
I would say is not a bad job.
>> @@ -291,37 +307,41 @@ static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
>> return;
>> }
>>
>> -static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn)
>> +static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d,
>> + struct evtchn *chn)
>> {
>> XSM_ASSERT_ACTION(XSM_HOOK);
>> return xsm_default_action(action, d, NULL);
>> }
>>
>> -static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn)
>> +static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d,
>> + struct evtchn *chn)
>> {
>> XSM_ASSERT_ACTION(XSM_TARGET);
>> return xsm_default_action(action, current->domain, d);
>> }
>>
>> -static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2)
>> +static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1,
>> + struct domain *d2)
>> {
>> XSM_ASSERT_ACTION(XSM_TARGET);
>> return xsm_default_action(action, d1, d2);
>> }
>>
>> -static XSM_INLINE int xsm_alloc_security_evtchns(
>> - struct evtchn chn[], unsigned int nr)
>> +static XSM_INLINE int xsm_alloc_security_evtchns(struct evtchn chn[],
>> + unsigned int nr)
>
> I maintain that this was correct before.
Getting to this point I must say it would be helpful if this could be
spelled out in CODING_STYLE. Specifically, so that I am clear, if a
parameter overflows, than all the parameters overflow? Are there
exceptions such as if overflow doesn't happen until the third of four or
the fourth parameter. Having a rule set would be much more helpful than
trying to look for examples elsewhere in code.
>> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
>> index 9872bae502..8878281eae 100644
>> --- a/xen/include/xsm/xsm.h
>> +++ b/xen/include/xsm/xsm.h
>> @@ -19,7 +19,7 @@
>> #include <xen/multiboot.h>
>>
>> /* policy magic number (defined by XSM_MAGIC) */
>> -typedef u32 xsm_magic_t;
>> +typedef uint32_t xsm_magic_t;
>>
>> #ifdef CONFIG_XSM_FLASK
>> #define XSM_MAGIC 0xf97cff8c
>> @@ -31,158 +31,171 @@ typedef u32 xsm_magic_t;
>> * default actions of XSM hooks. They should be compiled out otherwise.
>> */
>> enum xsm_default {
>> - XSM_HOOK, /* Guests can normally access the hypercall */
>> - XSM_DM_PRIV, /* Device model can perform on its target domain */
>> - XSM_TARGET, /* Can perform on self or your target domain */
>> - XSM_PRIV, /* Privileged - normally restricted to dom0 */
>> - XSM_XS_PRIV, /* Xenstore domain - can do some privileged operations */
>> - XSM_OTHER /* Something more complex */
>> + /* Guests can normally access the hypercall */
>> + XSM_HOOK,
>> + /* Device model can perform on its target domain */
>> + XSM_DM_PRIV,
>> + /* Can perform on self or your target domain */
>> + XSM_TARGET,
>> + /* Privileged - normally restricted to dom0 */
>> + XSM_PRIV,
>> + /* Xenstore domain - can do some privileged operations */
>> + XSM_XS_PRIV,
>> + /* Something more complex */
>> + XSM_OTHER
>> };
>
> Why? This takes a table which was unambiguous to read, and makes it
> ambiguous at a glance. You want either no change at all, or blank lines
> between comment/constant pairs so you don't need to read to either end
> to figure out how to parse the comments.
I went back to the comment that prompted me to do this and rereading now
makes me think I took it to literal. Specifically, "...I'd like to
encourage you to also address other style issues in the newly introduced
file. Here I'm talking about comment style, requiring /* to be on its
own line." I took that to include these as well since I am pretty sure I
have seen elsewhere this kind of commenting. Regardless, looking back I
can see how the meaning could have only for other block quotes.
Honestly I will gladly change it back as I think that is far clearer.
v/r,
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 05/11] xsm: refactor xsm_ops handling
2021-09-06 18:31 ` Andrew Cooper
@ 2021-09-07 13:44 ` Daniel P. Smith
0 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-07 13:44 UTC (permalink / raw)
To: Andrew Cooper, xen-devel; +Cc: Daniel De Graaf
On 9/6/21 2:31 PM, Andrew Cooper wrote:
> On 03/09/2021 20:06, Daniel P. Smith wrote:
>> This renames the `struct xsm_operations` to the shorter `struct xsm_ops` and
>> converts the global xsm_ops from being a pointer to an explicit instance. As
>> part of this conversion, it reworks the XSM modules init function to return
>> their xsm_ops struct which is copied in to the global xsm_ops instance.
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
>
> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
>
> However, some suggestions...
>
>> diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
>> index 55483292c5..859af3fe9a 100644
>> --- a/xen/xsm/xsm_core.c
>> +++ b/xen/xsm/xsm_core.c
>> @@ -28,9 +28,17 @@
>> #include <asm/setup.h>
>> #endif
>>
>> -#define XSM_FRAMEWORK_VERSION "1.0.0"
>> +#define XSM_FRAMEWORK_VERSION "1.0.1"
>>
>> -struct xsm_operations *xsm_ops;
>> +struct xsm_ops __read_mostly xsm_ops;
>> +
>> +enum xsm_ops_state {
>> + XSM_OPS_UNREGISTERED,
>> + XSM_OPS_REG_FAILED,
>> + XSM_OPS_REGISTERED,
>> +};
>> +
>> +static enum xsm_ops_state xsm_ops_registered = XSM_OPS_UNREGISTERED;
>
> __read_mostly, or can this be __initdata ?
Apologies, I think you may have suggested this before. It would be good
to be able to check this later but currently since I just introduced
this and it is only used during init, it could be made __initdata for
now and later if it gets exposed, then it can be moved to __read_mostly.
Do you agree?
>> @@ -87,25 +88,35 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
>> }
>> #endif
>>
>> - if ( verify(&dummy_xsm_ops) )
>> + if ( xsm_ops_registered != XSM_OPS_UNREGISTERED )
>> {
>> - printk(XENLOG_ERR "Could not verify dummy_xsm_ops structure\n");
>> + printk(XENLOG_ERR
>> + "Could not init XSM, xsm_ops register already attempted\n");
>> return -EIO;
>> }
>>
>> - xsm_ops = &dummy_xsm_ops;
>> -
>> switch ( xsm_bootparam )
>> {
>> case XSM_BOOTPARAM_DUMMY:
>> + xsm_ops_registered = XSM_OPS_REGISTERED;
>> break;
>>
>> case XSM_BOOTPARAM_FLASK:
>> - flask_init(policy_buffer, policy_size);
>> + ops = flask_init(policy_buffer, policy_size);
>> + if ( ops )
>> + {
>> + xsm_ops_registered = XSM_OPS_REGISTERED;
>> + xsm_ops = *ops;
>> + }
>> break;
>>
>> case XSM_BOOTPARAM_SILO:
>> - silo_init();
>> + ops = silo_init();
>> + if ( ops )
>> + {
>> + xsm_ops_registered = XSM_OPS_REGISTERED;
>> + xsm_ops = *ops;
>> + }
>
> This if ( ops ) block can be deduplicated by moving after the switch()
> statement. It's going to be common to all everything except dummy.
Good call. I will rework to remove the duplication.
v/r,
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 04/11] xsm: apply coding style
2021-09-07 13:41 ` Daniel P. Smith
@ 2021-09-07 13:50 ` Jan Beulich
2021-09-07 14:09 ` Daniel P. Smith
0 siblings, 1 reply; 37+ messages in thread
From: Jan Beulich @ 2021-09-07 13:50 UTC (permalink / raw)
To: Daniel P. Smith; +Cc: Daniel De Graaf, Andrew Cooper, xen-devel
On 07.09.2021 15:41, Daniel P. Smith wrote:
> On 9/6/21 2:17 PM, Andrew Cooper wrote:
>> On 03/09/2021 20:06, Daniel P. Smith wrote:
>>> --- a/xen/include/xsm/dummy.h
>>> +++ b/xen/include/xsm/dummy.h
>>> @@ -69,8 +69,9 @@ void __xsm_action_mismatch_detected(void);
>>>
>>> #endif /* CONFIG_XSM */
>>>
>>> -static always_inline int xsm_default_action(
>>> - xsm_default_t action, struct domain *src, struct domain *target)
>>> +static always_inline int xsm_default_action(xsm_default_t action,
>>> + struct domain *src,
>>> + struct domain *target)
>>
>> The old code is correct. We have plenty of examples of this in Xen, and
>> I have been adding new ones when appropriate.
>>
>> It avoids squashing everything on the RHS and ballooning the line count
>> to compensate. (This isn't a particularly bad example, but we've had
>> worse cases in the past).
>
> Based on the past discussions I understood either is acceptable and find
> this version much easier to visually parse myself. With that said, if
> the "next line single indent" really is the preferred style by the
> maintainers/community, then I can convert all of these over.
I guess neither is the "preferred" style; as Andrew says, both are
acceptable and both are in active use. I guess the rule of thumb is:
The longer what's left of the function name, the more you should
consider the style that you change away from.
Anyway, in the end I guess the request for style adjustments was
mainly to purge bad style, not to convert one acceptable form to
another. Converting the entire file to the same style is of course
fine (for producing a consistent result), but then - as per above -
here it would more likely be the one that in this case was already
there.
Jan
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 07/11] xsm: decouple xsm header inclusion selection
2021-09-06 18:47 ` Andrew Cooper
@ 2021-09-07 13:52 ` Daniel P. Smith
0 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-07 13:52 UTC (permalink / raw)
To: Andrew Cooper, xen-devel; +Cc: Daniel De Graaf
On 9/6/21 2:47 PM, Andrew Cooper wrote:
> On 03/09/2021 20:06, Daniel P. Smith wrote:
>> diff --git a/xen/include/xsm/xsm-core.h b/xen/include/xsm/xsm-core.h
>> new file mode 100644
>> index 0000000000..4555e111dc
>> --- /dev/null
>> +++ b/xen/include/xsm/xsm-core.h
>> @@ -0,0 +1,274 @@
>> +/*
>> + * This file contains the XSM hook definitions for Xen.
>> + *
>> + * This work is based on the LSM implementation in Linux 2.6.13.4.
>> + *
>> + * Author: George Coker, <gscoker@alpha.ncsc.mil>
>> + *
>> + * Contributors: Michael LeMay, <mdlemay@epoch.ncsc.mil>
>> + *
>> + * This program is free software; you can redistribute it and/or modify
>> + * it under the terms of the GNU General Public License version 2,
>> + * as published by the Free Software Foundation.
>> + */
>> +
>> +#ifndef __XSM_CORE_H__
>> +#define __XSM_CORE_H__
>> +
>> +#include <xen/sched.h>
>> +#include <xen/multiboot.h>
>> +
>> +/* policy magic number (defined by XSM_MAGIC) */
>> +typedef uint32_t xsm_magic_t;
>> +
>> +#ifdef CONFIG_XSM_FLASK
>> +#define XSM_MAGIC 0xf97cff8c
>> +#else
>> +#define XSM_MAGIC 0x0
>> +#endif
>
> Eww. I know you're only moving code, but this construct is broken
> (right from XSM's introduction in c/s d046f361dc937), and creates a
> fairly-severe bug.
>
> It causes xsm_multiboot_policy_init() to malfunction and accept a module
> which starts with 4 zeroes, rather than the flask magic number. The one
> caller is suitably guarded so this is only a latent bug right now, but I
> don't think we could credibly security support the code without this
> being fixed. (Again - fine to add to the todo list. I know there's
> loads to do)
I cannot in good conscience leave a clearly latent bug. Let me see if
can work a safer means to handling policy module loading.
>> +
>> +/* These annotations are used by callers and in dummy.h to document the
>> + * default actions of XSM hooks. They should be compiled out otherwise.
>> + */
>
> For the coding style patch, this should be
>
> /*
> * These ...
Ack.
>> +#ifdef CONFIG_XSM
>> +
>> +#ifdef CONFIG_MULTIBOOT
>> +int xsm_multiboot_init(unsigned long *module_map,
>> + const multiboot_info_t *mbi);
>> +int xsm_multiboot_policy_init(unsigned long *module_map,
>> + const multiboot_info_t *mbi,
>> + void **policy_buffer,
>> + size_t *policy_size);
>> +#endif
>> +
>> +#ifdef CONFIG_HAS_DEVICE_TREE
>> +/*
>> + * Initialize XSM
>> + *
>> + * On success, return 1 if using SILO mode else 0.
>> + */
>> +int xsm_dt_init(void);
>> +int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size);
>> +bool has_xsm_magic(paddr_t);
>> +#endif
>> +
>> +#ifdef CONFIG_XSM_FLASK
>> +const struct xsm_ops *flask_init(const void *policy_buffer,
>> + size_t policy_size);
>> +#else
>> +static inline const struct xsm_ops *flask_init(const void *policy_buffer,
>> + size_t policy_size)
>> +{
>> + return NULL;
>> +}
>> +#endif
>> +
>> +#ifdef CONFIG_XSM_SILO
>> +const struct xsm_ops *silo_init(void);
>> +#else
>> +static const inline struct xsm_ops *silo_init(void)
>> +{
>> + return NULL;
>> +}
>> +#endif
>> +
>> +#else /* CONFIG_XSM */
>> +
>> +#ifdef CONFIG_MULTIBOOT
>> +static inline int xsm_multiboot_init(unsigned long *module_map,
>> + const multiboot_info_t *mbi)
>> +{
>> + return 0;
>> +}
>> +#endif
>> +
>> +#ifdef CONFIG_HAS_DEVICE_TREE
>> +static inline int xsm_dt_init(void)
>> +{
>> + return 0;
>> +}
>> +
>> +static inline bool has_xsm_magic(paddr_t start)
>> +{
>> + return false;
>> +}
>> +#endif /* CONFIG_HAS_DEVICE_TREE */
>
> Shouldn't this be an #ifndef CONFIG_HAS_DEVICE_TREE ?
>
> And the answer is no because of the #else /* CONFIG_XSM */ higher up,
> but it is incredibly deceptive to read.
>
>
> I think this logic would be far easier to follow as:
>
> #if IS_ENABLED(CONFIG_XSM) && IS_ENABLED(CONFIG_MULTIBOOT)
> ...
> #else
> ...
> #endif
>
> etc.
>
> rather than having two separate #ifdef CONFIG_MULTIBOOT blocks doing
> opposite things due to the position of intermixed #ifdef CONFIG_XSM.
Ack.
v/r
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 09/11] silo: remove circular xsm hook call
2021-09-06 18:55 ` Andrew Cooper
@ 2021-09-07 14:00 ` Daniel P. Smith
0 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-07 14:00 UTC (permalink / raw)
To: Andrew Cooper, xen-devel; +Cc: Daniel De Graaf
On 9/6/21 2:55 PM, Andrew Cooper wrote:
> On 03/09/2021 20:06, Daniel P. Smith wrote:
>> SILO implements a few XSM hooks to extended the decision logic beyond
>> what is defined in the dummy/default policy. For each of the hooks, it
>> falls back to the dummy/default policy. The fall back is done a slight
>> round-about way.
>
> "done in a slightly" ?
Ack.
>> This commit makes the direct call to the default policy's
>> logic, xsm_default_action().
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
>> ---
>> xen/xsm/silo.c | 15 ++++++++-------
>> 1 file changed, 8 insertions(+), 7 deletions(-)
>>
>> diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c
>> index 6db793f35c..56a330a831 100644
>> --- a/xen/xsm/silo.c
>> +++ b/xen/xsm/silo.c
>> @@ -17,6 +17,7 @@
>> * You should have received a copy of the GNU General Public License along with
>> * this program; If not, see <http://www.gnu.org/licenses/>.
>> */
>> +#include <xsm/xsm-core.h>
>> #include <xsm/dummy.h>
>>
>> /*
>> @@ -43,7 +44,7 @@ static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn,
>> else
>> {
>> if ( silo_mode_dom_check(d1, d2) )
>> - rc = xsm_evtchn_unbound(d1, chn, id2);
>> + rc = xsm_default_action(XSM_TARGET, current->domain, d1);
>> rcu_unlock_domain(d2);
>> }
>>
>> @@ -54,7 +55,7 @@ static int silo_evtchn_interdomain(struct domain *d1, struct evtchn *chan1,
>> struct domain *d2, struct evtchn *chan2)
>> {
>> if ( silo_mode_dom_check(d1, d2) )
>> - return xsm_evtchn_interdomain(d1, chan1, d2, chan2);
>> + return xsm_default_action(XSM_HOOK, d1, d2);
>> return -EPERM;
>> }
>>
>> @@ -62,21 +63,21 @@ static int silo_grant_mapref(struct domain *d1, struct domain *d2,
>> uint32_t flags)
>> {
>> if ( silo_mode_dom_check(d1, d2) )
>> - return xsm_grant_mapref(d1, d2, flags);
>> + return xsm_default_action(XSM_HOOK, d1, d2);
>> return -EPERM;
>> }
>>
>> static int silo_grant_transfer(struct domain *d1, struct domain *d2)
>> {
>> if ( silo_mode_dom_check(d1, d2) )
>> - return xsm_grant_transfer(d1, d2);
>> + return xsm_default_action(XSM_HOOK, d1, d2);
>> return -EPERM;
>> }
>>
>> static int silo_grant_copy(struct domain *d1, struct domain *d2)
>> {
>> if ( silo_mode_dom_check(d1, d2) )
>> - return xsm_grant_copy(d1, d2);
>> + return xsm_default_action(XSM_HOOK, d1, d2);
>> return -EPERM;
>> }
>>
>> @@ -86,14 +87,14 @@ static int silo_argo_register_single_source(const struct domain *d1,
>> const struct domain *d2)
>> {
>> if ( silo_mode_dom_check(d1, d2) )
>> - return xsm_argo_register_single_source(d1, d2);
>> + return 0;
>> return -EPERM;
>> }
>>
>> static int silo_argo_send(const struct domain *d1, const struct domain *d2)
>> {
>> if ( silo_mode_dom_check(d1, d2) )
>> - return xsm_argo_send(d1, d2);
>> + return 0;
>
> Shouldn't these be XSM_HOOK too? Or should all other XSM_HOOK's be
> short-circuted to 0?
>
> The asymmetry here seems weird.
It makes more sense when you follow the approach, which was to duplicate
the body of the dummy hook instead of making a call to the hook which
would then call the function pointer to the dummy hook. The definition
for the argo dummy hooks is to return 0. In the future these other calls
may well have XSM_HOOk replaced with the proper role expected. Since all
argo checks just return 0, this reflects there is no logic rules in
xsm_default_action to determine argo accesses. Of course this is on my
list todo and when the dummy hook is fixed, these would be synchronized.
With that said, converting over to XSM_HOOK does provide the equivalent
and would provide consistency within the context of this file. Basically
a long winded way of saying, ack.
v/r,
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 11/11] xsm: remove alternate xsm hook interface
2021-09-06 19:18 ` Andrew Cooper
@ 2021-09-07 14:03 ` Daniel P. Smith
0 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-07 14:03 UTC (permalink / raw)
To: Andrew Cooper, xen-devel; +Cc: Daniel De Graaf
On 9/6/21 3:18 PM, Andrew Cooper wrote:
> On 03/09/2021 20:06, Daniel P. Smith wrote:
>> -static inline int xsm_memtype(xsm_default_t def, uint32_t access)
>> +#if 0
>> +/* Could not find any usages */
>> +static inline int xsm_memtype(xsm_default_t action, uint32_t access)
>> {
>> return alternative_call(xsm_ops.memtype, access);
>> }
>> +#endif
>
> There wants to be an earlier patch deleting dead code. We don't want to
> retain this if-0'd out.
I can transition this to a standalone patch at the beginning to drop the
benign code.
>> diff --git a/xen/xsm/dummy.h b/xen/xsm/dummy.h
>> new file mode 100644
>> index 0000000000..b9a7e8c40f
>> --- /dev/null
>> +++ b/xen/xsm/dummy.h
>> @@ -0,0 +1,739 @@
>> +/*
>> + * Default XSM hooks - IS_PRIV and IS_PRIV_FOR checks
>> + *
>> + * Author: Daniel De Graaf <dgdegra@tyhco.nsa.gov>
>> + *
>> + * This program is free software; you can redistribute it and/or modify
>> + * it under the terms of the GNU General Public License version 2,
>> + * as published by the Free Software Foundation.
>> + *
>> + *
>> + * Dummy XSM hooks implementing the default access check. Each hook should
>> + * have as its first line XSM_DEFAULT_ACTION declaring the privilege level
>> + * required for this access.
>> + */
>> +
>> +#ifndef __XSM_DUMMY_H__
>> +#define __XSM_DUMMY_H__
>> +
>> +#include <xen/sched.h>
>> +#include <xsm/xsm-core.h>
>> +#include <public/hvm/params.h>
>> +
>> +#define XSM_DEFAULT_ACTION(def) xsm_default_t action = def; (void)action
>> +
>> +static always_inline int xsm_default_action(
>> + xsm_default_t action, struct domain *src, struct domain *target)
>> +{
>> + switch ( action ) {
>
> Either here (because you're moving code), or in the style fix, the brace
> wants to be on the next line.
I will promote to the style patch and carry it through the move.
v/r,
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 04/11] xsm: apply coding style
2021-09-07 13:50 ` Jan Beulich
@ 2021-09-07 14:09 ` Daniel P. Smith
2021-09-07 14:27 ` Jan Beulich
0 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-07 14:09 UTC (permalink / raw)
To: Jan Beulich; +Cc: Daniel De Graaf, Andrew Cooper, xen-devel
On 9/7/21 9:50 AM, Jan Beulich wrote:
> On 07.09.2021 15:41, Daniel P. Smith wrote:
>> On 9/6/21 2:17 PM, Andrew Cooper wrote:
>>> On 03/09/2021 20:06, Daniel P. Smith wrote:
>>>> --- a/xen/include/xsm/dummy.h
>>>> +++ b/xen/include/xsm/dummy.h
>>>> @@ -69,8 +69,9 @@ void __xsm_action_mismatch_detected(void);
>>>>
>>>> #endif /* CONFIG_XSM */
>>>>
>>>> -static always_inline int xsm_default_action(
>>>> - xsm_default_t action, struct domain *src, struct domain *target)
>>>> +static always_inline int xsm_default_action(xsm_default_t action,
>>>> + struct domain *src,
>>>> + struct domain *target)
>>>
>>> The old code is correct. We have plenty of examples of this in Xen, and
>>> I have been adding new ones when appropriate.
>>>
>>> It avoids squashing everything on the RHS and ballooning the line count
>>> to compensate. (This isn't a particularly bad example, but we've had
>>> worse cases in the past).
>>
>> Based on the past discussions I understood either is acceptable and find
>> this version much easier to visually parse myself. With that said, if
>> the "next line single indent" really is the preferred style by the
>> maintainers/community, then I can convert all of these over.
>
> I guess neither is the "preferred" style; as Andrew says, both are
> acceptable and both are in active use. I guess the rule of thumb is:
> The longer what's left of the function name, the more you should
> consider the style that you change away from.
>
> Anyway, in the end I guess the request for style adjustments was
> mainly to purge bad style, not to convert one acceptable form to
> another. Converting the entire file to the same style is of course
> fine (for producing a consistent result), but then - as per above -
> here it would more likely be the one that in this case was already
> there.
Understood, I will respin with all the function defs to align with the
"next line single indent" style, though it would be helpful for
clarification on this style exactly. Do you always wrap all args if one
extends past 80 col or is there a rule for when some should remain on
the first line (function def line)?
v/r,
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 04/11] xsm: apply coding style
2021-09-07 14:09 ` Daniel P. Smith
@ 2021-09-07 14:27 ` Jan Beulich
2021-09-07 14:55 ` Daniel P. Smith
0 siblings, 1 reply; 37+ messages in thread
From: Jan Beulich @ 2021-09-07 14:27 UTC (permalink / raw)
To: Daniel P. Smith; +Cc: Daniel De Graaf, Andrew Cooper, xen-devel
On 07.09.2021 16:09, Daniel P. Smith wrote:
> On 9/7/21 9:50 AM, Jan Beulich wrote:
>> On 07.09.2021 15:41, Daniel P. Smith wrote:
>>> On 9/6/21 2:17 PM, Andrew Cooper wrote:
>>>> On 03/09/2021 20:06, Daniel P. Smith wrote:
>>>>> --- a/xen/include/xsm/dummy.h
>>>>> +++ b/xen/include/xsm/dummy.h
>>>>> @@ -69,8 +69,9 @@ void __xsm_action_mismatch_detected(void);
>>>>>
>>>>> #endif /* CONFIG_XSM */
>>>>>
>>>>> -static always_inline int xsm_default_action(
>>>>> - xsm_default_t action, struct domain *src, struct domain *target)
>>>>> +static always_inline int xsm_default_action(xsm_default_t action,
>>>>> + struct domain *src,
>>>>> + struct domain *target)
>>>>
>>>> The old code is correct. We have plenty of examples of this in Xen, and
>>>> I have been adding new ones when appropriate.
>>>>
>>>> It avoids squashing everything on the RHS and ballooning the line count
>>>> to compensate. (This isn't a particularly bad example, but we've had
>>>> worse cases in the past).
>>>
>>> Based on the past discussions I understood either is acceptable and find
>>> this version much easier to visually parse myself. With that said, if
>>> the "next line single indent" really is the preferred style by the
>>> maintainers/community, then I can convert all of these over.
>>
>> I guess neither is the "preferred" style; as Andrew says, both are
>> acceptable and both are in active use. I guess the rule of thumb is:
>> The longer what's left of the function name, the more you should
>> consider the style that you change away from.
>>
>> Anyway, in the end I guess the request for style adjustments was
>> mainly to purge bad style, not to convert one acceptable form to
>> another. Converting the entire file to the same style is of course
>> fine (for producing a consistent result), but then - as per above -
>> here it would more likely be the one that in this case was already
>> there.
>
> Understood, I will respin with all the function defs to align with the
> "next line single indent" style, though it would be helpful for
> clarification on this style exactly. Do you always wrap all args if one
> extends past 80 col or is there a rule for when some should remain on
> the first line (function def line)?
I don't think that aspect has been discussed. I would say
void sufficiently_long_attribute test(unsigned int x, unsigned int y,
unsigned int z, void *p);
is as acceptable as
void sufficiently_long_attribute test(unsigned int x,
unsigned int y,
unsigned int z,
void *p);
with a slight preference to the former.
Jan
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 04/11] xsm: apply coding style
2021-09-07 14:27 ` Jan Beulich
@ 2021-09-07 14:55 ` Daniel P. Smith
2021-09-07 15:01 ` Jan Beulich
0 siblings, 1 reply; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-07 14:55 UTC (permalink / raw)
To: Jan Beulich; +Cc: Daniel De Graaf, Andrew Cooper, xen-devel
On 9/7/21 10:27 AM, Jan Beulich wrote:
> On 07.09.2021 16:09, Daniel P. Smith wrote:
>> On 9/7/21 9:50 AM, Jan Beulich wrote:
>>> On 07.09.2021 15:41, Daniel P. Smith wrote:
>>>> On 9/6/21 2:17 PM, Andrew Cooper wrote:
>>>>> On 03/09/2021 20:06, Daniel P. Smith wrote:
>>>>>> --- a/xen/include/xsm/dummy.h
>>>>>> +++ b/xen/include/xsm/dummy.h
>>>>>> @@ -69,8 +69,9 @@ void __xsm_action_mismatch_detected(void);
>>>>>>
>>>>>> #endif /* CONFIG_XSM */
>>>>>>
>>>>>> -static always_inline int xsm_default_action(
>>>>>> - xsm_default_t action, struct domain *src, struct domain *target)
>>>>>> +static always_inline int xsm_default_action(xsm_default_t action,
>>>>>> + struct domain *src,
>>>>>> + struct domain *target)
>>>>>
>>>>> The old code is correct. We have plenty of examples of this in Xen, and
>>>>> I have been adding new ones when appropriate.
>>>>>
>>>>> It avoids squashing everything on the RHS and ballooning the line count
>>>>> to compensate. (This isn't a particularly bad example, but we've had
>>>>> worse cases in the past).
>>>>
>>>> Based on the past discussions I understood either is acceptable and find
>>>> this version much easier to visually parse myself. With that said, if
>>>> the "next line single indent" really is the preferred style by the
>>>> maintainers/community, then I can convert all of these over.
>>>
>>> I guess neither is the "preferred" style; as Andrew says, both are
>>> acceptable and both are in active use. I guess the rule of thumb is:
>>> The longer what's left of the function name, the more you should
>>> consider the style that you change away from.
>>>
>>> Anyway, in the end I guess the request for style adjustments was
>>> mainly to purge bad style, not to convert one acceptable form to
>>> another. Converting the entire file to the same style is of course
>>> fine (for producing a consistent result), but then - as per above -
>>> here it would more likely be the one that in this case was already
>>> there.
>>
>> Understood, I will respin with all the function defs to align with the
>> "next line single indent" style, though it would be helpful for
>> clarification on this style exactly. Do you always wrap all args if one
>> extends past 80 col or is there a rule for when some should remain on
>> the first line (function def line)?
>
> I don't think that aspect has been discussed. I would say
>
> void sufficiently_long_attribute test(unsigned int x, unsigned int y,
> unsigned int z, void *p);
>
> is as acceptable as
>
> void sufficiently_long_attribute test(unsigned int x,
> unsigned int y,
> unsigned int z,
> void *p);
>
> with a slight preference to the former.
>
> Jan
>
Apologies, I was referring to this style which I am understanding is a
little more preferred
void short_function_name(
struct really_long__struct_name *x,
struct really_long__struct_name *y, unsigned int z, void *p);
vs
void short_function_name(struct really_long__struct_name *x,
struct really_long__struct_name *y, unsigned int z, void *p);
NB: I don't recall it off the top of my head, but there is one function
def in here that is similar to this situation
v/r,
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 04/11] xsm: apply coding style
2021-09-07 14:55 ` Daniel P. Smith
@ 2021-09-07 15:01 ` Jan Beulich
0 siblings, 0 replies; 37+ messages in thread
From: Jan Beulich @ 2021-09-07 15:01 UTC (permalink / raw)
To: Daniel P. Smith; +Cc: Daniel De Graaf, Andrew Cooper, xen-devel
On 07.09.2021 16:55, Daniel P. Smith wrote:
> On 9/7/21 10:27 AM, Jan Beulich wrote:
>> On 07.09.2021 16:09, Daniel P. Smith wrote:
>>> On 9/7/21 9:50 AM, Jan Beulich wrote:
>>>> On 07.09.2021 15:41, Daniel P. Smith wrote:
>>>>> On 9/6/21 2:17 PM, Andrew Cooper wrote:
>>>>>> On 03/09/2021 20:06, Daniel P. Smith wrote:
>>>>>>> --- a/xen/include/xsm/dummy.h
>>>>>>> +++ b/xen/include/xsm/dummy.h
>>>>>>> @@ -69,8 +69,9 @@ void __xsm_action_mismatch_detected(void);
>>>>>>>
>>>>>>> #endif /* CONFIG_XSM */
>>>>>>>
>>>>>>> -static always_inline int xsm_default_action(
>>>>>>> - xsm_default_t action, struct domain *src, struct domain *target)
>>>>>>> +static always_inline int xsm_default_action(xsm_default_t action,
>>>>>>> + struct domain *src,
>>>>>>> + struct domain *target)
>>>>>>
>>>>>> The old code is correct. We have plenty of examples of this in Xen, and
>>>>>> I have been adding new ones when appropriate.
>>>>>>
>>>>>> It avoids squashing everything on the RHS and ballooning the line count
>>>>>> to compensate. (This isn't a particularly bad example, but we've had
>>>>>> worse cases in the past).
>>>>>
>>>>> Based on the past discussions I understood either is acceptable and find
>>>>> this version much easier to visually parse myself. With that said, if
>>>>> the "next line single indent" really is the preferred style by the
>>>>> maintainers/community, then I can convert all of these over.
>>>>
>>>> I guess neither is the "preferred" style; as Andrew says, both are
>>>> acceptable and both are in active use. I guess the rule of thumb is:
>>>> The longer what's left of the function name, the more you should
>>>> consider the style that you change away from.
>>>>
>>>> Anyway, in the end I guess the request for style adjustments was
>>>> mainly to purge bad style, not to convert one acceptable form to
>>>> another. Converting the entire file to the same style is of course
>>>> fine (for producing a consistent result), but then - as per above -
>>>> here it would more likely be the one that in this case was already
>>>> there.
>>>
>>> Understood, I will respin with all the function defs to align with the
>>> "next line single indent" style, though it would be helpful for
>>> clarification on this style exactly. Do you always wrap all args if one
>>> extends past 80 col or is there a rule for when some should remain on
>>> the first line (function def line)?
>>
>> I don't think that aspect has been discussed. I would say
>>
>> void sufficiently_long_attribute test(unsigned int x, unsigned int y,
>> unsigned int z, void *p);
>>
>> is as acceptable as
>>
>> void sufficiently_long_attribute test(unsigned int x,
>> unsigned int y,
>> unsigned int z,
>> void *p);
>>
>> with a slight preference to the former.
>
> Apologies, I was referring to this style which I am understanding is a
> little more preferred
>
> void short_function_name(
> struct really_long__struct_name *x,
> struct really_long__struct_name *y, unsigned int z, void *p);
>
> vs
>
> void short_function_name(struct really_long__struct_name *x,
> struct really_long__struct_name *y, unsigned int z, void *p);
This latter style is not supposed to be used.
Jan
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 08/11] xsm: drop generic event channel labeling exclusion
2021-09-03 19:06 ` [PATCH v4 08/11] xsm: drop generic event channel labeling exclusion Daniel P. Smith
@ 2021-09-09 15:35 ` Jan Beulich
2021-09-09 16:44 ` Daniel P. Smith
0 siblings, 1 reply; 37+ messages in thread
From: Jan Beulich @ 2021-09-09 15:35 UTC (permalink / raw)
To: Daniel P. Smith
Cc: Andrew Cooper, George Dunlap, Ian Jackson, Julien Grall,
Stefano Stabellini, Wei Liu, xen-devel
On 03.09.2021 21:06, Daniel P. Smith wrote:
> The internal define flag is not used by any XSM module, removing the #ifdef
> leaving the generic event channel labeling as always present.
Already on v2 I did ask
"I'm not fully convinced of this removal: Does it get in the way of
anything?"
I have no record of getting reply, so I'm still wondering.
> --- a/xen/include/xen/sched.h
> +++ b/xen/include/xen/sched.h
> @@ -122,13 +122,11 @@ struct evtchn
>
> #ifdef CONFIG_XSM
> union {
> -#ifdef XSM_NEED_GENERIC_EVTCHN_SSID
> /*
> * If an XSM module needs more space for its event channel context,
> * this pointer stores the necessary data for the security server.
> */
> void *generic;
> -#endif
I don't consider this any better than what you had originally: Then
you've removed everything inside the #ifdef as well. Now you keep
it and drop just the #ifdef, exposing the field universally (as long
as XSM is set) despite Flask's 32-bit only field being enough for
all practical purposes.
What is there demonstrates what the original intentions were. It's
easy enough to put back if needed in the future, but I think it's
even easier to simply leave as is.
Jan
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 09/11] silo: remove circular xsm hook call
2021-09-03 19:06 ` [PATCH v4 09/11] silo: remove circular xsm hook call Daniel P. Smith
2021-09-06 18:55 ` Andrew Cooper
@ 2021-09-09 15:45 ` Jan Beulich
2021-09-09 19:14 ` Daniel P. Smith
1 sibling, 1 reply; 37+ messages in thread
From: Jan Beulich @ 2021-09-09 15:45 UTC (permalink / raw)
To: Daniel P. Smith; +Cc: Daniel De Graaf, xen-devel
On 03.09.2021 21:06, Daniel P. Smith wrote:
> SILO implements a few XSM hooks to extended the decision logic beyond
> what is defined in the dummy/default policy. For each of the hooks, it
> falls back to the dummy/default policy. The fall back is done a slight
> round-about way. This commit makes the direct call to the default policy's
> logic, xsm_default_action().
Again it's not clear to me what you're finding wrong here. The way it's
done is not as direct as it could be, but going through the extra layer
allows the functions to document things at the same time. You lose not
only that documentation, but also ...
> @@ -43,7 +44,7 @@ static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn,
> else
> {
> if ( silo_mode_dom_check(d1, d2) )
> - rc = xsm_evtchn_unbound(d1, chn, id2);
> + rc = xsm_default_action(XSM_TARGET, current->domain, d1);
... will need to sync changes to the dummy xsm_evtchn_unbound(), no
matter how unlikely such may be, back to here. This would be quite
easy to forget.
But maybe I'm overlooking something where how things are really gets in
the way of something you mean to do in the remaining two patches (or
later)?
> static int silo_grant_copy(struct domain *d1, struct domain *d2)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_grant_copy(d1, d2);
> + return xsm_default_action(XSM_HOOK, d1, d2);
> return -EPERM;
> }
>
> @@ -86,14 +87,14 @@ static int silo_argo_register_single_source(const struct domain *d1,
> const struct domain *d2)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_argo_register_single_source(d1, d2);
> + return 0;
> return -EPERM;
> }
>
> static int silo_argo_send(const struct domain *d1, const struct domain *d2)
> {
> if ( silo_mode_dom_check(d1, d2) )
> - return xsm_argo_send(d1, d2);
> + return 0;
> return -EPERM;
> }
This would then also avoid introducing the anomaly observed by Andrew here.
And in fact the Argo dummy functions may be a good example where a change
might happen down the road - them being all empty doesn't seem quite right
to me.
Jan
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 08/11] xsm: drop generic event channel labeling exclusion
2021-09-09 15:35 ` Jan Beulich
@ 2021-09-09 16:44 ` Daniel P. Smith
0 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-09 16:44 UTC (permalink / raw)
To: Jan Beulich
Cc: Andrew Cooper, George Dunlap, Ian Jackson, Julien Grall,
Stefano Stabellini, Wei Liu, xen-devel
On 9/9/21 11:35 AM, Jan Beulich wrote:
> On 03.09.2021 21:06, Daniel P. Smith wrote:
>> The internal define flag is not used by any XSM module, removing the #ifdef
>> leaving the generic event channel labeling as always present.
>
> Already on v2 I did ask
>
> "I'm not fully convinced of this removal: Does it get in the way of
> anything?"
>
> I have no record of getting reply, so I'm still wondering.
I can't find any email record of it but I know I made this change
because of a request to drop XSM_NEED_GENERIC_EVTCHN_SSID since it is
completely unused. Honestly I am not concerned on whether this
completely unused field is kept or not that is behind a flag that is
never set but it clearly is concerning for you, so I will just drop this
for now.
v/r,
dps
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [PATCH v4 09/11] silo: remove circular xsm hook call
2021-09-09 15:45 ` Jan Beulich
@ 2021-09-09 19:14 ` Daniel P. Smith
0 siblings, 0 replies; 37+ messages in thread
From: Daniel P. Smith @ 2021-09-09 19:14 UTC (permalink / raw)
To: Jan Beulich; +Cc: Daniel De Graaf, xen-devel
On 9/9/21 11:45 AM, Jan Beulich wrote:
> On 03.09.2021 21:06, Daniel P. Smith wrote:
>> SILO implements a few XSM hooks to extended the decision logic beyond
>> what is defined in the dummy/default policy. For each of the hooks, it
>> falls back to the dummy/default policy. The fall back is done a slight
>> round-about way. This commit makes the direct call to the default policy's
>> logic, xsm_default_action().
>
> Again it's not clear to me what you're finding wrong here. The way it's
> done is not as direct as it could be, but going through the extra layer
> allows the functions to document things at the same time. You lose not
> only that documentation, but also ...
It is only for six calls, thus I figured the slight overhead would be
worth cutting out the indirection. If now one is worried about the extra
indirection, than I can adjust to call the default's handlers.
^ permalink raw reply [flat|nested] 37+ messages in thread
end of thread, other threads:[~2021-09-09 19:14 UTC | newest]
Thread overview: 37+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-03 19:06 [PATCH v4 00/11] xsm: refactoring xsm hooks Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 01/11] xen: Implement xen/alternative-call.h for use in common code Daniel P. Smith
2021-09-06 15:52 ` Jan Beulich
2021-09-06 16:22 ` Andrew Cooper
2021-09-07 6:00 ` Jan Beulich
2021-09-07 13:07 ` Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 02/11] xsm: remove the ability to disable flask Daniel P. Smith
2021-09-06 17:56 ` Andrew Cooper
2021-09-03 19:06 ` [PATCH v4 03/11] xsm: drop dubious xsm_op_t type Daniel P. Smith
2021-09-06 18:00 ` Andrew Cooper
2021-09-03 19:06 ` [PATCH v4 04/11] xsm: apply coding style Daniel P. Smith
2021-09-06 18:17 ` Andrew Cooper
2021-09-07 13:41 ` Daniel P. Smith
2021-09-07 13:50 ` Jan Beulich
2021-09-07 14:09 ` Daniel P. Smith
2021-09-07 14:27 ` Jan Beulich
2021-09-07 14:55 ` Daniel P. Smith
2021-09-07 15:01 ` Jan Beulich
2021-09-03 19:06 ` [PATCH v4 05/11] xsm: refactor xsm_ops handling Daniel P. Smith
2021-09-06 18:31 ` Andrew Cooper
2021-09-07 13:44 ` Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 06/11] xsm: convert xsm_ops hook calls to alternative call Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 07/11] xsm: decouple xsm header inclusion selection Daniel P. Smith
2021-09-06 18:47 ` Andrew Cooper
2021-09-07 13:52 ` Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 08/11] xsm: drop generic event channel labeling exclusion Daniel P. Smith
2021-09-09 15:35 ` Jan Beulich
2021-09-09 16:44 ` Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 09/11] silo: remove circular xsm hook call Daniel P. Smith
2021-09-06 18:55 ` Andrew Cooper
2021-09-07 14:00 ` Daniel P. Smith
2021-09-09 15:45 ` Jan Beulich
2021-09-09 19:14 ` Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 10/11] kconfig: update xsm config to reflect reality Daniel P. Smith
2021-09-03 19:06 ` [PATCH v4 11/11] xsm: remove alternate xsm hook interface Daniel P. Smith
2021-09-06 19:18 ` Andrew Cooper
2021-09-07 14:03 ` Daniel P. Smith
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.