diff options
| -rw-r--r-- | xen/arch/x86/cpu/mcheck/mce.c | 2 | ||||
| -rw-r--r-- | xen/arch/x86/domctl.c | 10 | ||||
| -rw-r--r-- | xen/arch/x86/hvm/hvm.c | 26 | ||||
| -rw-r--r-- | xen/arch/x86/irq.c | 2 | ||||
| -rw-r--r-- | xen/arch/x86/mm.c | 20 | ||||
| -rw-r--r-- | xen/arch/x86/mm/mem_event.c | 4 | ||||
| -rw-r--r-- | xen/arch/x86/mm/mem_sharing.c | 4 | ||||
| -rw-r--r-- | xen/arch/x86/mm/paging.c | 2 | ||||
| -rw-r--r-- | xen/arch/x86/msi.c | 2 | ||||
| -rw-r--r-- | xen/arch/x86/physdev.c | 12 | ||||
| -rw-r--r-- | xen/arch/x86/platform_hypercall.c | 10 | ||||
| -rw-r--r-- | xen/arch/x86/sysctl.c | 4 | ||||
| -rw-r--r-- | xen/arch/x86/traps.c | 2 | ||||
| -rw-r--r-- | xen/common/domain.c | 2 | ||||
| -rw-r--r-- | xen/common/domctl.c | 10 | ||||
| -rw-r--r-- | xen/common/event_channel.c | 12 | ||||
| -rw-r--r-- | xen/common/grant_table.c | 16 | ||||
| -rw-r--r-- | xen/common/kexec.c | 2 | ||||
| -rw-r--r-- | xen/common/memory.c | 8 | ||||
| -rw-r--r-- | xen/common/schedule.c | 2 | ||||
| -rw-r--r-- | xen/common/sysctl.c | 8 | ||||
| -rw-r--r-- | xen/common/xenoprof.c | 2 | ||||
| -rw-r--r-- | xen/drivers/char/console.c | 2 | ||||
| -rw-r--r-- | xen/drivers/passthrough/iommu.c | 10 | ||||
| -rw-r--r-- | xen/drivers/passthrough/pci.c | 4 | ||||
| -rw-r--r-- | xen/include/xsm/dummy.h | 495 | ||||
| -rw-r--r-- | xen/include/xsm/xsm.h | 151 |
27 files changed, 445 insertions, 379 deletions
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 658774ad40..26273f9a01 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -1293,7 +1293,7 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) struct xen_mc_msrinject *mc_msrinject; struct xen_mc_mceinject *mc_mceinject; - ret = xsm_do_mca(); + ret = xsm_do_mca(XSM_PRIV); if ( ret ) return x86_mcerr(NULL, ret); diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 6ab2006a28..738c87a85a 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -77,7 +77,7 @@ long arch_do_domctl( if ( np == 0 ) ret = 0; - else if ( xsm_ioport_permission(d, fp, fp + np - 1, allow) ) + else if ( xsm_ioport_permission(XSM_HOOK, d, fp, fp + np - 1, allow) ) ret = -EPERM; else if ( allow ) ret = ioports_permit_access(d, fp, fp + np - 1); @@ -571,7 +571,7 @@ long arch_do_domctl( if ( !is_hvm_domain(d) ) break; - ret = xsm_bind_pt_irq(d, bind); + ret = xsm_bind_pt_irq(XSM_HOOK, d, bind); if ( ret ) break; @@ -604,7 +604,7 @@ long arch_do_domctl( !irq_access_permitted(current->domain, bind->machine_irq) ) break; - ret = xsm_unbind_pt_irq(d, bind); + ret = xsm_unbind_pt_irq(XSM_HOOK, d, bind); if ( ret ) break; @@ -639,7 +639,7 @@ long arch_do_domctl( !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) ) break; - ret = xsm_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add); + ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn + nr_mfns - 1, add); if ( ret ) break; @@ -717,7 +717,7 @@ long arch_do_domctl( !ioports_access_permitted(current->domain, fmp, fmp + np - 1) ) break; - ret = xsm_ioport_mapping(d, fmp, fmp + np - 1, add); + ret = xsm_ioport_mapping(XSM_HOOK, d, fmp, fmp + np - 1, add); if ( ret ) break; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index e17b7356de..b5d795ae41 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3396,7 +3396,7 @@ static int hvmop_set_pci_intx_level( if ( !is_hvm_domain(d) ) goto out; - rc = xsm_hvm_set_pci_intx_level(d); + rc = xsm_hvm_set_pci_intx_level(XSM_DM_PRIV, d); if ( rc ) goto out; @@ -3563,7 +3563,7 @@ static int hvmop_set_isa_irq_level( if ( !is_hvm_domain(d) ) goto out; - rc = xsm_hvm_set_isa_irq_level(d); + rc = xsm_hvm_set_isa_irq_level(XSM_DM_PRIV, d); if ( rc ) goto out; @@ -3607,7 +3607,7 @@ static int hvmop_set_pci_link_route( if ( !is_hvm_domain(d) ) goto out; - rc = xsm_hvm_set_pci_link_route(d); + rc = xsm_hvm_set_pci_link_route(XSM_DM_PRIV, d); if ( rc ) goto out; @@ -3637,7 +3637,7 @@ static int hvmop_inject_msi( if ( !is_hvm_domain(d) ) goto out; - rc = xsm_hvm_inject_msi(d); + rc = xsm_hvm_inject_msi(XSM_DM_PRIV, d); if ( rc ) goto out; @@ -3734,7 +3734,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( !is_hvm_domain(d) ) goto param_fail; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail; @@ -3983,7 +3983,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( a.nr > GB(1) >> PAGE_SHIFT ) goto param_fail2; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail2; @@ -4021,7 +4021,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( !is_hvm_domain(d) ) goto param_fail3; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail3; @@ -4082,7 +4082,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail_getmemtype; @@ -4136,7 +4136,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( !is_hvm_domain(d) ) goto param_fail4; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail4; @@ -4229,7 +4229,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( !is_hvm_domain(d) ) goto param_fail5; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail5; @@ -4264,7 +4264,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( !is_hvm_domain(d) ) goto param_fail6; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail6; @@ -4300,7 +4300,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( !is_hvm_domain(d) || !paging_mode_shadow(d) ) goto param_fail7; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail7; @@ -4354,7 +4354,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( !is_hvm_domain(d) ) goto param_fail8; - rc = xsm_hvm_param(d, op); + rc = xsm_hvm_param(XSM_TARGET, d, op); if ( rc ) goto param_fail8; diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 238600af7e..095c17dbac 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1874,7 +1874,7 @@ int map_domain_pirq( return 0; } - ret = xsm_map_domain_pirq(d, irq, data); + ret = xsm_map_domain_pirq(XSM_HOOK, d, irq, data); if ( ret ) { dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d mapping to pirq %d\n", diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 19117e24c3..fa5fbbceaf 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2700,7 +2700,7 @@ long do_mmuext_op( goto out; } - rc = xsm_mmuext_op(d, pg_owner); + rc = xsm_mmuext_op(XSM_TARGET, d, pg_owner); if ( rc ) { rcu_unlock_domain(pg_owner); @@ -2772,7 +2772,7 @@ long do_mmuext_op( break; } - if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 ) + if ( (rc = xsm_memory_pin_page(XSM_HOOK, d, pg_owner, page)) != 0 ) { put_page_and_type(page); okay = 0; @@ -3230,7 +3230,7 @@ long do_mmu_update( } if ( xsm_needed != xsm_checked ) { - rc = xsm_mmu_update(d, pt_owner, pg_owner, xsm_needed); + rc = xsm_mmu_update(XSM_TARGET, d, pt_owner, pg_owner, xsm_needed); if ( rc ) break; xsm_checked = xsm_needed; @@ -3349,7 +3349,7 @@ long do_mmu_update( xsm_needed |= XSM_MMU_MACHPHYS_UPDATE; if ( xsm_needed != xsm_checked ) { - rc = xsm_mmu_update(d, NULL, pg_owner, xsm_needed); + rc = xsm_mmu_update(XSM_TARGET, d, NULL, pg_owner, xsm_needed); if ( rc ) break; xsm_checked = xsm_needed; @@ -3917,7 +3917,7 @@ static int __do_update_va_mapping( perfc_incr(calls_to_update_va); - rc = xsm_update_va_mapping(d, pg_owner, val); + rc = xsm_update_va_mapping(XSM_TARGET, d, pg_owner, val); if ( rc ) return rc; @@ -4388,7 +4388,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - if ( xsm_add_to_physmap(current->domain, d) ) + if ( xsm_add_to_physmap(XSM_TARGET, current->domain, d) ) { rcu_unlock_domain(d); return -EPERM; @@ -4427,7 +4427,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - rc = xsm_domain_memory_map(d); + rc = xsm_domain_memory_map(XSM_TARGET, d); if ( rc ) { rcu_unlock_domain(d); @@ -4502,7 +4502,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) XEN_GUEST_HANDLE_PARAM(e820entry_t) buffer_param; unsigned int i; - rc = xsm_machine_memory_map(); + rc = xsm_machine_memory_map(XSM_PRIV); if ( rc ) return rc; @@ -4586,9 +4586,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) return -ESRCH; if ( op == XENMEM_set_pod_target ) - rc = xsm_set_pod_target(d); + rc = xsm_set_pod_target(XSM_PRIV, d); else - rc = xsm_get_pod_target(d); + rc = xsm_get_pod_target(XSM_PRIV, d); if ( rc != 0 ) goto pod_target_out_unlock; diff --git a/xen/arch/x86/mm/mem_event.c b/xen/arch/x86/mm/mem_event.c index c2b36703f8..422224836d 100644 --- a/xen/arch/x86/mm/mem_event.c +++ b/xen/arch/x86/mm/mem_event.c @@ -449,7 +449,7 @@ int do_mem_event_op(int op, uint32_t domain, void *arg) if ( ret ) return ret; - ret = xsm_mem_event_op(d, op); + ret = xsm_mem_event_op(XSM_TARGET, d, op); if ( ret ) goto out; @@ -502,7 +502,7 @@ int mem_event_domctl(struct domain *d, xen_domctl_mem_event_op_t *mec, { int rc; - rc = xsm_mem_event_control(d, mec->mode, mec->op); + rc = xsm_mem_event_control(XSM_PRIV, d, mec->mode, mec->op); if ( rc ) return rc; diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 46243141c4..1caa9000fc 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1351,7 +1351,7 @@ int mem_sharing_memop(struct domain *d, xen_mem_sharing_op_t *mec) if ( rc ) return rc; - rc = xsm_mem_sharing_op(d, cd, mec->op); + rc = xsm_mem_sharing_op(XSM_TARGET, d, cd, mec->op); if ( rc ) { rcu_unlock_domain(cd); @@ -1415,7 +1415,7 @@ int mem_sharing_memop(struct domain *d, xen_mem_sharing_op_t *mec) if ( rc ) return rc; - rc = xsm_mem_sharing_op(d, cd, mec->op); + rc = xsm_mem_sharing_op(XSM_TARGET, d, cd, mec->op); if ( rc ) { rcu_unlock_domain(cd); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index a5cdbd1f3e..ac9bb1a0ed 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -559,7 +559,7 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t *sc, return -EINVAL; } - rc = xsm_shadow_control(d, sc->op); + rc = xsm_shadow_control(XSM_HOOK, d, sc->op); if ( rc ) return rc; diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index e40ed4fcec..0e6e50bce9 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -1016,7 +1016,7 @@ int pci_restore_msi_state(struct pci_dev *pdev) if (!pdev) return -EINVAL; - ret = xsm_resource_setup_pci((pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn); + ret = xsm_resource_setup_pci(XSM_PRIV, (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn); if ( ret ) return ret; diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index 32a861a140..b45e18ac51 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -232,7 +232,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq) goto free_domain; } - ret = xsm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq)); + ret = xsm_unmap_domain_pirq(XSM_TARGET, d, domain_pirq_to_irq(d, pirq)); if ( ret ) goto free_domain; @@ -423,7 +423,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) ret = -EFAULT; if ( copy_from_guest(&apic, arg, 1) != 0 ) break; - ret = xsm_apic(v->domain, cmd); + ret = xsm_apic(XSM_PRIV, v->domain, cmd); if ( ret ) break; ret = ioapic_guest_read(apic.apic_physbase, apic.reg, &apic.value); @@ -437,7 +437,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) ret = -EFAULT; if ( copy_from_guest(&apic, arg, 1) != 0 ) break; - ret = xsm_apic(v->domain, cmd); + ret = xsm_apic(XSM_PRIV, v->domain, cmd); if ( ret ) break; ret = ioapic_guest_write(apic.apic_physbase, apic.reg, apic.value); @@ -453,7 +453,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) /* Use the APIC check since this dummy hypercall should still only * be called by the domain with access to program the ioapic */ - ret = xsm_apic(v->domain, cmd); + ret = xsm_apic(XSM_PRIV, v->domain, cmd); if ( ret ) break; @@ -578,7 +578,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) case PHYSDEVOP_pci_mmcfg_reserved: { struct physdev_pci_mmcfg_reserved info; - ret = xsm_resource_setup_misc(); + ret = xsm_resource_setup_misc(XSM_PRIV); if ( ret ) break; @@ -632,7 +632,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( setup_gsi.gsi < 0 || setup_gsi.gsi >= nr_irqs_gsi ) break; - ret = xsm_resource_setup_gsi(setup_gsi.gsi); + ret = xsm_resource_setup_gsi(XSM_PRIV, setup_gsi.gsi); if ( ret ) break; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index a67aff4af1..5ca2840808 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -72,7 +72,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) if ( op->interface_version != XENPF_INTERFACE_VERSION ) return -EACCES; - ret = xsm_platform_op(op->cmd); + ret = xsm_platform_op(XSM_PRIV, op->cmd); if ( ret ) return ret; @@ -498,7 +498,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) { int cpu = op->u.cpu_ol.cpuid; - ret = xsm_resource_plug_core(); + ret = xsm_resource_plug_core(XSM_HOOK); if ( ret ) break; @@ -523,7 +523,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) { int cpu = op->u.cpu_ol.cpuid; - ret = xsm_resource_unplug_core(); + ret = xsm_resource_unplug_core(XSM_HOOK); if ( ret ) break; @@ -552,7 +552,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) break; case XENPF_cpu_hotadd: - ret = xsm_resource_plug_core(); + ret = xsm_resource_plug_core(XSM_HOOK); if ( ret ) break; @@ -562,7 +562,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) break; case XENPF_mem_hotadd: - ret = xsm_resource_plug_core(); + ret = xsm_resource_plug_core(XSM_HOOK); if ( ret ) break; diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index 59e8100b0f..d0be4bee6a 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -186,14 +186,14 @@ long arch_do_sysctl( switch ( sysctl->u.cpu_hotplug.op ) { case XEN_SYSCTL_CPU_HOTPLUG_ONLINE: - ret = xsm_resource_plug_core(); + ret = xsm_resource_plug_core(XSM_HOOK); if ( ret ) break; ret = continue_hypercall_on_cpu( 0, cpu_up_helper, (void *)(unsigned long)cpu); break; case XEN_SYSCTL_CPU_HOTPLUG_OFFLINE: - ret = xsm_resource_unplug_core(); + ret = xsm_resource_unplug_core(XSM_HOOK); if ( ret ) break; ret = continue_hypercall_on_cpu( diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 44a866eb17..7c180ea676 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1643,7 +1643,7 @@ static int pci_cfg_ok(struct domain *d, int write, int size) start |= (d->arch.pci_cf8 >> 16) & 0xF00; } end = start + size - 1; - if (xsm_pci_config_permission(d, machine_bdf, start, end, write)) + if (xsm_pci_config_permission(XSM_HOOK, d, machine_bdf, start, end, write)) return 0; return 1; } diff --git a/xen/common/domain.c b/xen/common/domain.c index ec8efe8a41..07f62b3b34 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -252,7 +252,7 @@ struct domain *domain_create( if ( !is_idle_domain(d) ) { - if ( (err = xsm_domain_create(d, ssidref)) != 0 ) + if ( (err = xsm_domain_create(XSM_HOOK, d, ssidref)) != 0 ) goto fail; d->is_paused_by_controller = 1; diff --git a/xen/common/domctl.c b/xen/common/domctl.c index e1fb75d751..caa68f7c79 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -265,7 +265,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) return -ESRCH; } - ret = xsm_domctl(d, op->cmd); + ret = xsm_domctl(XSM_OTHER, d, op->cmd); if ( ret ) goto domctl_out_unlock_domonly; @@ -579,7 +579,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) break; } - ret = xsm_getdomaininfo(d); + ret = xsm_getdomaininfo(XSM_HOOK, d); if ( ret ) goto getdomaininfo_out; @@ -719,7 +719,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) if ( pirq >= d->nr_pirqs ) ret = -EINVAL; - else if ( xsm_irq_permission(d, pirq, allow) ) + else if ( xsm_irq_permission(XSM_HOOK, d, pirq, allow) ) ret = -EPERM; else if ( allow ) ret = irq_permit_access(d, pirq); @@ -738,7 +738,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) if ( (mfn + nr_mfns - 1) < mfn ) /* wrap? */ break; - if ( xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) ) + if ( xsm_iomem_permission(XSM_HOOK, d, mfn, mfn + nr_mfns - 1, allow) ) ret = -EPERM; else if ( allow ) ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1); @@ -770,7 +770,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) break; } - ret = xsm_set_target(d, e); + ret = xsm_set_target(XSM_HOOK, d, e); if ( ret ) { put_domain(e); break; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index f620966ce2..2d7afc9e2b 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -175,7 +175,7 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc) ERROR_EXIT_DOM(port, d); chn = evtchn_from_port(d, port); - rc = xsm_evtchn_unbound(d, chn, alloc->remote_dom); + rc = xsm_evtchn_unbound(XSM_TARGET, d, chn, alloc->remote_dom); if ( rc ) goto out; @@ -231,7 +231,7 @@ static long evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind) (rchn->u.unbound.remote_domid != ld->domain_id) ) ERROR_EXIT_DOM(-EINVAL, rd); - rc = xsm_evtchn_interdomain(ld, lchn, rd, rchn); + rc = xsm_evtchn_interdomain(XSM_HOOK, ld, lchn, rd, rchn); if ( rc ) goto out; @@ -580,7 +580,7 @@ int evtchn_send(struct domain *d, unsigned int lport) return -EINVAL; } - ret = xsm_evtchn_send(ld, lchn); + ret = xsm_evtchn_send(XSM_HOOK, ld, lchn); if ( ret ) goto out; @@ -812,7 +812,7 @@ static long evtchn_status(evtchn_status_t *status) chn = evtchn_from_port(d, port); - rc = xsm_evtchn_status(d, chn); + rc = xsm_evtchn_status(XSM_TARGET, d, chn); if ( rc ) goto out; @@ -954,7 +954,7 @@ static long evtchn_reset(evtchn_reset_t *r) if ( d == NULL ) return -ESRCH; - rc = xsm_evtchn_reset(current->domain, d); + rc = xsm_evtchn_reset(XSM_TARGET, current->domain, d); if ( rc ) goto out; @@ -1101,7 +1101,7 @@ int alloc_unbound_xen_event_channel( goto out; chn = evtchn_from_port(d, port); - rc = xsm_evtchn_unbound(d, chn, remote_domid); + rc = xsm_evtchn_unbound(XSM_TARGET, d, chn, remote_domid); chn->state = ECS_UNBOUND; chn->xen_consumer = get_xen_consumer(notification_fn); diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 59708c33e4..f85adb44b7 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -552,7 +552,7 @@ __gnttab_map_grant_ref( return; } - rc = xsm_grant_mapref(ld, rd, op->flags); + rc = xsm_grant_mapref(XSM_HOOK, ld, rd, op->flags); if ( rc ) { rcu_unlock_domain(rd); @@ -872,7 +872,7 @@ __gnttab_unmap_common( return; } - rc = xsm_grant_unmapref(ld, rd); + rc = xsm_grant_unmapref(XSM_HOOK, ld, rd); if ( rc ) { rcu_unlock_domain(rd); @@ -1336,7 +1336,7 @@ gnttab_setup_table( goto out2; } - if ( xsm_grant_setup(current->domain, d) ) + if ( xsm_grant_setup(XSM_TARGET, current->domain, d) ) { op.status = GNTST_permission_denied; goto out2; @@ -1406,7 +1406,7 @@ gnttab_query_size( goto query_out; } - rc = xsm_grant_query_size(current->domain, d); + rc = xsm_grant_query_size(XSM_TARGET, current->domain, d); if ( rc ) { op.status = GNTST_permission_denied; @@ -1582,7 +1582,7 @@ gnttab_transfer( goto copyback; } - if ( xsm_grant_transfer(d, e) ) + if ( xsm_grant_transfer(XSM_HOOK, d, e) ) { put_gfn(d, gop.mfn); gop.status = GNTST_permission_denied; @@ -2022,7 +2022,7 @@ __gnttab_copy( PIN_FAIL(error_out, GNTST_bad_domain, "couldn't find %d\n", op->dest.domid); - rc = xsm_grant_copy(sd, dd); + rc = xsm_grant_copy(XSM_HOOK, sd, dd); if ( rc ) { rc = GNTST_permission_denied; @@ -2280,7 +2280,7 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, op.status = GNTST_bad_domain; goto out1; } - rc = xsm_grant_setup(current->domain, d); + rc = xsm_grant_setup(XSM_TARGET, current->domain, d); if ( rc ) { op.status = GNTST_permission_denied; goto out1; @@ -2331,7 +2331,7 @@ gnttab_get_version(XEN_GUEST_HANDLE_PARAM(gnttab_get_version_t) uop) if ( d == NULL ) return -ESRCH; - rc = xsm_grant_query_size(current->domain, d); + rc = xsm_grant_query_size(XSM_TARGET, current->domain, d); if ( rc ) { rcu_unlock_domain(d); diff --git a/xen/common/kexec.c b/xen/common/kexec.c index d4f633268a..6dd20c65dd 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -852,7 +852,7 @@ static int do_kexec_op_internal(unsigned long op, unsigned long flags; int ret = -EINVAL; - ret = xsm_kexec(); + ret = xsm_kexec(XSM_PRIV); if ( ret ) return ret; diff --git a/xen/common/memory.c b/xen/common/memory.c index e18e224156..fe79ca003e 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -348,7 +348,7 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg) goto fail_early; } - rc = xsm_memory_exchange(d); + rc = xsm_memory_exchange(XSM_TARGET, d); if ( rc ) { rcu_unlock_domain(d); @@ -600,7 +600,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return start_extent; args.domain = d; - rc = xsm_memory_adjust_reservation(current->domain, d); + rc = xsm_memory_adjust_reservation(XSM_TARGET, current->domain, d); if ( rc ) { rcu_unlock_domain(d); @@ -649,7 +649,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - rc = xsm_memory_stat_reservation(current->domain, d); + rc = xsm_memory_stat_reservation(XSM_TARGET, current->domain, d); if ( rc ) { rcu_unlock_domain(d); @@ -687,7 +687,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - if ( xsm_remove_from_physmap(current->domain, d) ) + if ( xsm_remove_from_physmap(XSM_TARGET, current->domain, d) ) { rcu_unlock_domain(d); return -EPERM; diff --git a/xen/common/schedule.c b/xen/common/schedule.c index d40508144b..903f32d57c 100644 --- a/xen/common/schedule.c +++ b/xen/common/schedule.c @@ -921,7 +921,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) break; - ret = xsm_schedop_shutdown(current->domain, d); + ret = xsm_schedop_shutdown(XSM_DM_PRIV, current->domain, d); if ( ret ) { rcu_unlock_domain(d); diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index 2ebf5e64cc..d663ed7430 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -40,7 +40,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) if ( op->interface_version != XEN_SYSCTL_INTERFACE_VERSION ) return -EACCES; - ret = xsm_sysctl(op->cmd); + ret = xsm_sysctl(XSM_PRIV, op->cmd); if ( ret ) return ret; @@ -57,7 +57,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) switch ( op->cmd ) { case XEN_SYSCTL_readconsole: - ret = xsm_readconsole(op->u.readconsole.clear); + ret = xsm_readconsole(XSM_HOOK, op->u.readconsole.clear); if ( ret ) break; @@ -87,7 +87,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) if ( num_domains == op->u.getdomaininfolist.max_domains ) break; - ret = xsm_getdomaininfo(d); + ret = xsm_getdomaininfo(XSM_HOOK, d); if ( ret ) continue; @@ -186,7 +186,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) uint32_t *status, *ptr; unsigned long pfn; - ret = xsm_page_offline(op->u.page_offline.cmd); + ret = xsm_page_offline(XSM_HOOK, op->u.page_offline.cmd); if ( ret ) break; diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c index f545e26bbc..220f1c7785 100644 --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -677,7 +677,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) return -EPERM; } - ret = xsm_profile(current->domain, op); + ret = xsm_profile(XSM_HOOK, current->domain, op); if ( ret ) return ret; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index b2c3ee3419..e9f696d7a6 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -406,7 +406,7 @@ long do_console_io(int cmd, int count, XEN_GUEST_HANDLE_PARAM(char) buffer) long rc; unsigned int idx, len; - rc = xsm_console_io(current->domain, cmd); + rc = xsm_console_io(XSM_OTHER, current->domain, cmd); if ( rc ) return rc; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 19e784b908..527e6e9751 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -514,7 +514,7 @@ static int iommu_get_device_group( ((pdev->bus == bus) && (pdev->devfn == devfn)) ) continue; - if ( xsm_get_device_group((seg << 16) | (pdev->bus << 8) | pdev->devfn) ) + if ( xsm_get_device_group(XSM_HOOK, (seg << 16) | (pdev->bus << 8) | pdev->devfn) ) continue; sdev_id = ops->get_device_group_id(seg, pdev->bus, pdev->devfn); @@ -617,7 +617,7 @@ int iommu_do_domctl( u32 max_sdevs; XEN_GUEST_HANDLE_64(uint32) sdevs; - ret = xsm_get_device_group(domctl->u.get_device_group.machine_sbdf); + ret = xsm_get_device_group(XSM_HOOK, domctl->u.get_device_group.machine_sbdf); if ( ret ) break; @@ -645,7 +645,7 @@ int iommu_do_domctl( break; case XEN_DOMCTL_test_assign_device: - ret = xsm_test_assign_device(domctl->u.assign_device.machine_sbdf); + ret = xsm_test_assign_device(XSM_HOOK, domctl->u.assign_device.machine_sbdf); if ( ret ) break; @@ -669,7 +669,7 @@ int iommu_do_domctl( break; } - ret = xsm_assign_device(d, domctl->u.assign_device.machine_sbdf); + ret = xsm_assign_device(XSM_HOOK, d, domctl->u.assign_device.machine_sbdf); if ( ret ) break; @@ -688,7 +688,7 @@ int iommu_do_domctl( break; case XEN_DOMCTL_deassign_device: - ret = xsm_deassign_device(d, domctl->u.assign_device.machine_sbdf); + ret = xsm_deassign_device(XSM_HOOK, d, domctl->u.assign_device.machine_sbdf); if ( ret ) break; diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 49d4709a47..4f40691a6d 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -477,7 +477,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn, const struct pci_dev_info *info) pdev_type = "device"; } - ret = xsm_resource_plug_pci((seg << 16) | (bus << 8) | devfn); + ret = xsm_resource_plug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | devfn); if ( ret ) return ret; @@ -604,7 +604,7 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn) struct pci_dev *pdev; int ret; - ret = xsm_resource_unplug_pci((seg << 16) | (bus << 8) | devfn); + ret = xsm_resource_unplug_pci(XSM_PRIV, (seg << 16) | (bus << 8) | devfn); if ( ret ) return ret; diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 721fcb48f6..4f75674da8 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -6,68 +6,132 @@ * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. + * + * + * Each XSM hook implementing an access check should have its first parameter + * preceded by XSM_DEFAULT_ARG (or use XSM_DEFAULT_VOID if it has no + * arguments). The first non-declaration statement shold be XSM_ASSERT_ACTION + * with the expected type of the hook, which will either define or check the + * value of action. */ #include <xen/sched.h> #include <xsm/xsm.h> +/* Cannot use BUILD_BUG_ON here because the expressions we check are not + * considered constant at compile time. Instead, rely on constant propagation to + * inline out the calls to this invalid function, which will cause linker errors + * if references remain at link time. + */ +#define LINKER_BUG_ON(x) do { if (x) __xsm_action_mismatch_detected(); } while (0) +/* DO NOT implement this function; it is supposed to trigger link errors */ +void __xsm_action_mismatch_detected(void); + +#ifdef XSM_ENABLE + +/* In XSM_ENABLE builds, this header file is included from xsm/dummy.c, and + * contains static (not inline) functions compiled to the dummy XSM module. + * There is no xsm_default_t argument available, so the value from the assertion + * is used to initialize the variable. + */ +#define XSM_INLINE /* */ +#define XSM_DEFAULT_ARG /* */ +#define XSM_DEFAULT_VOID void +#define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action + +#else /* XSM_ENABLE */ + +/* In !XSM_ENABLE builds, this header file is included from xsm/xsm.h, and + * contains inline functions for each XSM hook. These functions also perform + * compile-time checks on the xsm_default_t argument to ensure that the behavior + * of the dummy XSM module is the same as the behavior with XSM disabled. + */ +#define XSM_INLINE inline +#define XSM_DEFAULT_ARG xsm_default_t action, +#define XSM_DEFAULT_VOID xsm_default_t action +#define XSM_ASSERT_ACTION(def) LINKER_BUG_ON(def != action) + +#endif /* XSM_ENABLE */ + +static inline int xsm_default_action(xsm_default_t action, struct domain *src, + struct domain *target) +{ + switch ( action ) { + case XSM_HOOK: + return 0; + case XSM_DM_PRIV: + if ( !IS_PRIV_FOR(src, target) ) + return -EPERM; + return 0; + case XSM_TARGET: + if ( src != target && !IS_PRIV_FOR(src, target) ) + return -EPERM; + return 0; + case XSM_PRIV: + if ( !IS_PRIV(src) ) + return -EPERM; + return 0; + default: + LINKER_BUG_ON(1); + return -EPERM; + } +} + static XSM_INLINE void xsm_security_domaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) { return; } -static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref) +static XSM_INLINE int xsm_domain_create(XSM_DEFAULT_ARG struct domain *d, u32 ssidref) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_getdomaininfo(struct domain *d) +static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e) +static XSM_INLINE int xsm_set_target(XSM_DEFAULT_ARG struct domain *d, struct domain *e) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_domctl(struct domain *d, int cmd) +static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) { + XSM_ASSERT_ACTION(XSM_OTHER); switch ( cmd ) { case XEN_DOMCTL_ioport_mapping: case XEN_DOMCTL_memory_mapping: case XEN_DOMCTL_bind_pt_irq: - case XEN_DOMCTL_unbind_pt_irq: { - if ( !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - break; - } + case XEN_DOMCTL_unbind_pt_irq: + return xsm_default_action(XSM_DM_PRIV, current->domain, d); default: - if ( !IS_PRIV(current->domain) ) - return -EPERM; + return xsm_default_action(XSM_PRIV, current->domain, d); } - return 0; } -static XSM_INLINE int xsm_sysctl(int cmd) +static XSM_INLINE int xsm_sysctl(XSM_DEFAULT_ARG int cmd) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_readconsole(uint32_t clear) +static XSM_INLINE int xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_do_mca(void) +static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } static XSM_INLINE int xsm_alloc_security_domain(struct domain *d) @@ -80,109 +144,109 @@ static XSM_INLINE void xsm_free_security_domain(struct domain *d) return; } -static XSM_INLINE int xsm_grant_mapref(struct domain *d1, struct domain *d2, +static XSM_INLINE int xsm_grant_mapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, uint32_t flags) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_unmapref(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_setup(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_setup(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_transfer(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_transfer(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_copy(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_copy(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_query_size(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_query_size(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_exchange(struct domain *d) +static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d) { - if ( d != current->domain && !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1, +static XSM_INLINE int xsm_memory_adjust_reservation(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_stat_reservation(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_memory_stat_reservation(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_console_io(struct domain *d, int cmd) +static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) { -#ifndef VERBOSE - if ( !IS_PRIV(current->domain) ) - return -EPERM; + XSM_ASSERT_ACTION(XSM_OTHER); +#ifdef VERBOSE + return xsm_default_action(XSM_HOOK, current->domain, NULL); +#else + return xsm_default_action(XSM_PRIV, current->domain, NULL); #endif - return 0; } -static XSM_INLINE int xsm_profile(struct domain *d, int op) +static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_kexec(void) +static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_schedop_shutdown(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - if ( !IS_PRIV_FOR(d1, d2) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_DM_PRIV); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_pin_page(struct domain *d1, struct domain *d2, +static XSM_INLINE int xsm_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, struct page_info *page) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_evtchn_unbound(struct domain *d, struct evtchn *chn, +static XSM_INLINE int xsm_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, domid_t id2) { - if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_interdomain(struct domain *d1, struct evtchn +static XSM_INLINE int xsm_evtchn_interdomain(XSM_DEFAULT_ARG struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, d1, d2); } static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn) @@ -190,23 +254,22 @@ static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn) return; } -static XSM_INLINE int xsm_evtchn_send(struct domain *d, struct evtchn *chn) +static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_evtchn_status(struct domain *d, struct evtchn *chn) +static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { - if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_reset(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d1, d2); } static XSM_INLINE int xsm_alloc_security_evtchn(struct evtchn *chn) @@ -224,88 +287,88 @@ static XSM_INLINE char *xsm_show_security_evtchn(struct domain *d, const struct return NULL; } -static XSM_INLINE int xsm_get_pod_target(struct domain *d) +static XSM_INLINE int xsm_get_pod_target(XSM_DEFAULT_ARG struct domain *d) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_set_pod_target(struct domain *d) +static XSM_INLINE int xsm_set_pod_target(XSM_DEFAULT_ARG struct domain *d) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_get_device_group(uint32_t machine_bdf) +static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_test_assign_device(uint32_t machine_bdf) +static XSM_INLINE int xsm_test_assign_device(XSM_DEFAULT_ARG uint32_t machine_bdf) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_assign_device(struct domain *d, uint32_t machine_bdf) +static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_device(struct domain *d, uint32_t machine_bdf) +static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_resource_plug_core(void) +static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_core(void) +static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_plug_pci(uint32_t machine_bdf) +static XSM_INLINE int xsm_resource_plug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_pci(uint32_t machine_bdf) +static XSM_INLINE int xsm_resource_unplug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_pci(uint32_t machine_bdf) +static XSM_INLINE int xsm_resource_setup_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_gsi(int gsi) +static XSM_INLINE int xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_misc(void) +static XSM_INLINE int xsm_resource_setup_misc(XSM_DEFAULT_VOID) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_page_offline(uint32_t cmd) +static XSM_INLINE int xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, NULL); } static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) @@ -318,187 +381,179 @@ static XSM_INLINE char *xsm_show_irq_sid(int irq) return NULL; } -static XSM_INLINE int xsm_map_domain_pirq(struct domain *d, int irq, void *data) +static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d, int irq, void *data) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unmap_domain_pirq(struct domain *d, int irq) +static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d, int irq) { - if ( !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_irq_permission(struct domain *d, int pirq, uint8_t allow) +static XSM_INLINE int xsm_irq_permission(XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_permission(struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static XSM_INLINE int xsm_iomem_permission(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_mapping(struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static XSM_INLINE int xsm_iomem_mapping(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pci_config_permission(struct domain *d, uint32_t machine_bdf, +static XSM_INLINE int xsm_pci_config_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } #ifdef CONFIG_X86 -static XSM_INLINE int xsm_shadow_control(struct domain *d, uint32_t op) +static XSM_INLINE int xsm_shadow_control(XSM_DEFAULT_ARG struct domain *d, uint32_t op) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op) +static XSM_INLINE int xsm_hvm_param(XSM_DEFAULT_ARG struct domain *d, unsigned long op) { - if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_set_pci_intx_level(struct domain *d) +static XSM_INLINE int xsm_hvm_set_pci_intx_level(XSM_DEFAULT_ARG struct domain *d) { - if ( !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_DM_PRIV); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_set_isa_irq_level(struct domain *d) +static XSM_INLINE int xsm_hvm_set_isa_irq_level(XSM_DEFAULT_ARG struct domain *d) { - if ( !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_DM_PRIV); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_set_pci_link_route(struct domain *d) +static XSM_INLINE int xsm_hvm_set_pci_link_route(XSM_DEFAULT_ARG struct domain *d) { - if ( !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_DM_PRIV); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d) +static XSM_INLINE int xsm_hvm_inject_msi(XSM_DEFAULT_ARG struct domain *d) { - if ( !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_DM_PRIV); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op) +static XSM_INLINE int xsm_mem_event_control(XSM_DEFAULT_ARG struct domain *d, int mode, int op) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mem_event_op(struct domain *d, int op) +static XSM_INLINE int xsm_mem_event_op(XSM_DEFAULT_ARG struct domain *d, int op) { - if ( !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd, int op) +static XSM_INLINE int xsm_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op) { - if ( !IS_PRIV_FOR(current->domain, cd) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, current->domain, cd); } -static XSM_INLINE int xsm_apic(struct domain *d, int cmd) +static XSM_INLINE int xsm_apic(XSM_DEFAULT_ARG struct domain *d, int cmd) { - if ( !IS_PRIV(d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_platform_op(uint32_t op) +static XSM_INLINE int xsm_platform_op(XSM_DEFAULT_ARG uint32_t op) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_machine_memory_map(void) +static XSM_INLINE int xsm_machine_memory_map(XSM_DEFAULT_VOID) { - if ( !IS_PRIV(current->domain) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_domain_memory_map(struct domain *d) +static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d) { - if ( current->domain != d && !IS_PRIV_FOR(current->domain, d) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mmu_update(struct domain *d, struct domain *t, +static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { + XSM_ASSERT_ACTION(XSM_TARGET); if ( t && d != t && !IS_PRIV_FOR(d, t) ) return -EPERM; - if ( d != f && !IS_PRIV_FOR(d, f) ) - return -EPERM; - return 0; + return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_mmuext_op(struct domain *d, struct domain *f) +static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct domain *f) { - if ( d != f && !IS_PRIV_FOR(d, f) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_update_va_mapping(struct domain *d, struct domain *f, +static XSM_INLINE int xsm_update_va_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *f, l1_pgentry_t pte) { - if ( d != f && !IS_PRIV_FOR(d, f) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_add_to_physmap(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_remove_from_physmap(struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { - if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) ) - return -EPERM; - return 0; + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static XSM_INLINE int xsm_ioport_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_ioport_mapping(struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return 0; + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); } #endif diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 7b62d7832c..17b08996c9 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -27,6 +27,18 @@ typedef u32 xsm_magic_t; #define XSM_MAGIC 0x00000000 #endif +/* These annotations are used by callers and in dummy.h to document the + * default actions of XSM hooks. They should be compiled out otherwise. + */ +enum xsm_default { + XSM_HOOK, /* Guests can normally access the hypercall */ + XSM_DM_PRIV, /* Device model can perform on its target domain */ + XSM_TARGET, /* Can perform on self or your target domain */ + XSM_PRIV, /* Privileged - normally restricted to dom0 */ + XSM_OTHER /* Something more complex */ +}; +typedef enum xsm_default xsm_default_t; + extern char *policy_buffer; extern u32 policy_size; @@ -153,48 +165,48 @@ static inline void xsm_security_domaininfo (struct domain *d, xsm_ops->security_domaininfo(d, info); } -static inline int xsm_domain_create (struct domain *d, u32 ssidref) +static inline int xsm_domain_create (xsm_default_t def, struct domain *d, u32 ssidref) { return xsm_ops->domain_create(d, ssidref); } -static inline int xsm_getdomaininfo (struct domain *d) +static inline int xsm_getdomaininfo (xsm_default_t def, struct domain *d) { return xsm_ops->getdomaininfo(d); } -static inline int xsm_set_target (struct domain *d, struct domain *e) +static inline int xsm_set_target (xsm_default_t def, struct domain *d, struct domain *e) { return xsm_ops->set_target(d, e); } -static inline int xsm_domctl (struct domain *d, int cmd) +static inline int xsm_domctl (xsm_default_t def, struct domain *d, int cmd) { return xsm_ops->domctl(d, cmd); } -static inline int xsm_sysctl (int cmd) +static inline int xsm_sysctl (xsm_default_t def, int cmd) { return xsm_ops->sysctl(cmd); } -static inline int xsm_readconsole (uint32_t clear) +static inline int xsm_readconsole (xsm_default_t def, uint32_t clear) { return xsm_ops->readconsole(clear); } -static inline int xsm_do_mca(void) +static inline int xsm_do_mca(xsm_default_t def) { return xsm_ops->do_mca(); } -static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn, +static inline int xsm_evtchn_unbound (xsm_default_t def, struct domain *d1, struct evtchn *chn, domid_t id2) { return xsm_ops->evtchn_unbound(d1, chn, id2); } -static inline int xsm_evtchn_interdomain (struct domain *d1, +static inline int xsm_evtchn_interdomain (xsm_default_t def, struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2); @@ -205,48 +217,48 @@ static inline void xsm_evtchn_close_post (struct evtchn *chn) xsm_ops->evtchn_close_post(chn); } -static inline int xsm_evtchn_send (struct domain *d, struct evtchn *chn) +static inline int xsm_evtchn_send (xsm_default_t def, struct domain *d, struct evtchn *chn) { return xsm_ops->evtchn_send(d, chn); } -static inline int xsm_evtchn_status (struct domain *d, struct evtchn *chn) +static inline int xsm_evtchn_status (xsm_default_t def, struct domain *d, struct evtchn *chn) { return xsm_ops->evtchn_status(d, chn); } -static inline int xsm_evtchn_reset (struct domain *d1, struct domain *d2) +static inline int xsm_evtchn_reset (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->evtchn_reset(d1, d2); } -static inline int xsm_grant_mapref (struct domain *d1, struct domain *d2, +static inline int xsm_grant_mapref (xsm_default_t def, struct domain *d1, struct domain *d2, uint32_t flags) { return xsm_ops->grant_mapref(d1, d2, flags); } -static inline int xsm_grant_unmapref (struct domain *d1, struct domain *d2) +static inline int xsm_grant_unmapref (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_unmapref(d1, d2); } -static inline int xsm_grant_setup (struct domain *d1, struct domain *d2) +static inline int xsm_grant_setup (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_setup(d1, d2); } -static inline int xsm_grant_transfer (struct domain *d1, struct domain *d2) +static inline int xsm_grant_transfer (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_transfer(d1, d2); } -static inline int xsm_grant_copy (struct domain *d1, struct domain *d2) +static inline int xsm_grant_copy (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_copy(d1, d2); } -static inline int xsm_grant_query_size (struct domain *d1, struct domain *d2) +static inline int xsm_grant_query_size (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_query_size(d1, d2); } @@ -276,60 +288,60 @@ static inline char *xsm_show_security_evtchn (struct domain *d, const struct evt return xsm_ops->show_security_evtchn(d, chn); } -static inline int xsm_get_pod_target (struct domain *d) +static inline int xsm_get_pod_target (xsm_default_t def, struct domain *d) { return xsm_ops->get_pod_target(d); } -static inline int xsm_set_pod_target (struct domain *d) +static inline int xsm_set_pod_target (xsm_default_t def, struct domain *d) { return xsm_ops->set_pod_target(d); } -static inline int xsm_memory_exchange (struct domain *d) +static inline int xsm_memory_exchange (xsm_default_t def, struct domain *d) { return xsm_ops->memory_exchange(d); } -static inline int xsm_memory_adjust_reservation (struct domain *d1, struct +static inline int xsm_memory_adjust_reservation (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->memory_adjust_reservation(d1, d2); } -static inline int xsm_memory_stat_reservation (struct domain *d1, +static inline int xsm_memory_stat_reservation (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->memory_stat_reservation(d1, d2); } -static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2, +static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1, struct domain *d2, struct page_info *page) { return xsm_ops->memory_pin_page(d1, d2, page); } -static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2) +static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->remove_from_physmap(d1, d2); } -static inline int xsm_console_io (struct domain *d, int cmd) +static inline int xsm_console_io (xsm_default_t def, struct domain *d, int cmd) { return xsm_ops->console_io(d, cmd); } -static inline int xsm_profile (struct domain *d, int op) +static inline int xsm_profile (xsm_default_t def, struct domain *d, int op) { return xsm_ops->profile(d, op); } -static inline int xsm_kexec (void) +static inline int xsm_kexec (xsm_default_t def) { return xsm_ops->kexec(); } -static inline int xsm_schedop_shutdown (struct domain *d1, struct domain *d2) +static inline int xsm_schedop_shutdown (xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->schedop_shutdown(d1, d2); } @@ -339,92 +351,92 @@ static inline char *xsm_show_irq_sid (int irq) return xsm_ops->show_irq_sid(irq); } -static inline int xsm_map_domain_pirq (struct domain *d, int irq, void *data) +static inline int xsm_map_domain_pirq (xsm_default_t def, struct domain *d, int irq, void *data) { return xsm_ops->map_domain_pirq(d, irq, data); } -static inline int xsm_unmap_domain_pirq (struct domain *d, int irq) +static inline int xsm_unmap_domain_pirq (xsm_default_t def, struct domain *d, int irq) { return xsm_ops->unmap_domain_pirq(d, irq); } -static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t allow) +static inline int xsm_irq_permission (xsm_default_t def, struct domain *d, int pirq, uint8_t allow) { return xsm_ops->irq_permission(d, pirq, allow); } -static inline int xsm_iomem_permission (struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static inline int xsm_iomem_permission (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { return xsm_ops->iomem_permission(d, s, e, allow); } -static inline int xsm_iomem_mapping (struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static inline int xsm_iomem_mapping (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { return xsm_ops->iomem_mapping(d, s, e, allow); } -static inline int xsm_pci_config_permission (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) +static inline int xsm_pci_config_permission (xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access); } -static inline int xsm_get_device_group(uint32_t machine_bdf) +static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf) { return xsm_ops->get_device_group(machine_bdf); } -static inline int xsm_test_assign_device(uint32_t machine_bdf) +static inline int xsm_test_assign_device(xsm_default_t def, uint32_t machine_bdf) { return xsm_ops->test_assign_device(machine_bdf); } -static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf) +static inline int xsm_assign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) { return xsm_ops->assign_device(d, machine_bdf); } -static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf) +static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) { return xsm_ops->deassign_device(d, machine_bdf); } -static inline int xsm_resource_plug_pci (uint32_t machine_bdf) +static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t machine_bdf) { return xsm_ops->resource_plug_pci(machine_bdf); } -static inline int xsm_resource_unplug_pci (uint32_t machine_bdf) +static inline int xsm_resource_unplug_pci (xsm_default_t def, uint32_t machine_bdf) { return xsm_ops->resource_unplug_pci(machine_bdf); } -static inline int xsm_resource_plug_core (void) +static inline int xsm_resource_plug_core (xsm_default_t def) { return xsm_ops->resource_plug_core(); } -static inline int xsm_resource_unplug_core (void) +static inline int xsm_resource_unplug_core (xsm_default_t def) { return xsm_ops->resource_unplug_core(); } -static inline int xsm_resource_setup_pci (uint32_t machine_bdf) +static inline int xsm_resource_setup_pci (xsm_default_t def, uint32_t machine_bdf) { return xsm_ops->resource_setup_pci(machine_bdf); } -static inline int xsm_resource_setup_gsi (int gsi) +static inline int xsm_resource_setup_gsi (xsm_default_t def, int gsi) { return xsm_ops->resource_setup_gsi(gsi); } -static inline int xsm_resource_setup_misc (void) +static inline int xsm_resource_setup_misc (xsm_default_t def) { return xsm_ops->resource_setup_misc(); } -static inline int xsm_page_offline(uint32_t cmd) +static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd) { return xsm_ops->page_offline(cmd); } @@ -435,116 +447,116 @@ static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) } #ifdef CONFIG_X86 -static inline int xsm_shadow_control (struct domain *d, uint32_t op) +static inline int xsm_shadow_control (xsm_default_t def, struct domain *d, uint32_t op) { return xsm_ops->shadow_control(d, op); } -static inline int xsm_hvm_param (struct domain *d, unsigned long op) +static inline int xsm_hvm_param (xsm_default_t def, struct domain *d, unsigned long op) { return xsm_ops->hvm_param(d, op); } -static inline int xsm_hvm_set_pci_intx_level (struct domain *d) +static inline int xsm_hvm_set_pci_intx_level (xsm_default_t def, struct domain *d) { return xsm_ops->hvm_set_pci_intx_level(d); } -static inline int xsm_hvm_set_isa_irq_level (struct domain *d) +static inline int xsm_hvm_set_isa_irq_level (xsm_default_t def, struct domain *d) { return xsm_ops->hvm_set_isa_irq_level(d); } -static inline int xsm_hvm_set_pci_link_route (struct domain *d) +static inline int xsm_hvm_set_pci_link_route (xsm_default_t def, struct domain *d) { return xsm_ops->hvm_set_pci_link_route(d); } -static inline int xsm_hvm_inject_msi (struct domain *d) +static inline int xsm_hvm_inject_msi (xsm_default_t def, struct domain *d) { return xsm_ops->hvm_inject_msi(d); } -static inline int xsm_mem_event_control (struct domain *d, int mode, int op) +static inline int xsm_mem_event_control (xsm_default_t def, struct domain *d, int mode, int op) { return xsm_ops->mem_event_control(d, mode, op); } -static inline int xsm_mem_event_op (struct domain *d, int op) +static inline int xsm_mem_event_op (xsm_default_t def, struct domain *d, int op) { return xsm_ops->mem_event_op(d, op); } -static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int op) +static inline int xsm_mem_sharing_op (xsm_default_t def, struct domain *d, struct domain *cd, int op) { return xsm_ops->mem_sharing_op(d, cd, op); } -static inline int xsm_apic (struct domain *d, int cmd) +static inline int xsm_apic (xsm_default_t def, struct domain *d, int cmd) { return xsm_ops->apic(d, cmd); } -static inline int xsm_memtype (uint32_t access) +static inline int xsm_memtype (xsm_default_t def, uint32_t access) { return xsm_ops->memtype(access); } -static inline int xsm_platform_op (uint32_t op) +static inline int xsm_platform_op (xsm_default_t def, uint32_t op) { return xsm_ops->platform_op(op); } -static inline int xsm_machine_memory_map(void) +static inline int xsm_machine_memory_map(xsm_default_t def) { return xsm_ops->machine_memory_map(); } -static inline int xsm_domain_memory_map(struct domain *d) +static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d) { return xsm_ops->domain_memory_map(d); } -static inline int xsm_mmu_update (struct domain *d, struct domain *t, +static inline int xsm_mmu_update (xsm_default_t def, struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { return xsm_ops->mmu_update(d, t, f, flags); } -static inline int xsm_mmuext_op (struct domain *d, struct domain *f) +static inline int xsm_mmuext_op (xsm_default_t def, struct domain *d, struct domain *f) { return xsm_ops->mmuext_op(d, f); } -static inline int xsm_update_va_mapping(struct domain *d, struct domain *f, +static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d, struct domain *f, l1_pgentry_t pte) { return xsm_ops->update_va_mapping(d, f, pte); } -static inline int xsm_add_to_physmap(struct domain *d1, struct domain *d2) +static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->add_to_physmap(d1, d2); } -static inline int xsm_bind_pt_irq(struct domain *d, +static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return xsm_ops->bind_pt_irq(d, bind); } -static inline int xsm_unbind_pt_irq(struct domain *d, +static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return xsm_ops->unbind_pt_irq(d, bind); } -static inline int xsm_ioport_permission (struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static inline int xsm_ioport_permission (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { return xsm_ops->ioport_permission(d, s, e, allow); } -static inline int xsm_ioport_mapping (struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { return xsm_ops->ioport_mapping(d, s, e, allow); } @@ -564,7 +576,6 @@ extern void xsm_fixup_ops(struct xsm_operations *ops); #else /* XSM_ENABLE */ -#define XSM_INLINE inline #include <xsm/dummy.h> static inline int xsm_init (unsigned long *module_map, |