From patchwork Thu Mar 19 19:29:45 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 46111 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-we0-f198.google.com (mail-we0-f198.google.com [74.125.82.198]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id EC57421515 for ; Thu, 19 Mar 2015 19:33:01 +0000 (UTC) Received: by wesu56 with SMTP id u56sf14148182wes.2 for ; Thu, 19 Mar 2015 12:33:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:cc:subject:precedence:list-id:list-unsubscribe:list-post :list-help:list-subscribe:mime-version:content-type :content-transfer-encoding:sender:errors-to:x-original-sender :x-original-authentication-results:mailing-list:list-archive; bh=H/J78toi9uLCeQJOd952wGYpKb1vVeAhvfnLb3kF3q8=; b=Bfus8SvUHEc3XOK/a7HO/xYtzN4JcQyoRXaQhNLmilsKX/dGI9tyucDr9uK+Tu85wY R/nbWpXUwxjl4PDyRMKpzAHrPE5WUQ00l5eBMHaaWEWPWIAZJAf7UaiAT2mmb0UWQgaM IXho7MGJ4tQa/X6B7jOAlVkOYsalQvhayq2upDmXaZgUHoS3KskvN2LqMIv68brAFSqj XhZcbOzcEf31svXzMC53qOledjicMMQBLsM8MtBRTHA5ZsCr1Ca9NJ7ihr03i2pfx00f VHpaOImHJYjTTWnUzSQMJJnIT83bisQAONx/49xsBleolSBSe0E6nSt1j8+IcTgmjfa2 UvGg== X-Gm-Message-State: ALoCoQkX0AL89ivxXb9n7qmAkCDk16EJNGBD7Z4xRSkLdzpZo/vybldrkvwKtiJLOaE16mQ+2wQO X-Received: by 10.152.4.229 with SMTP id n5mr12368331lan.1.1426793581156; Thu, 19 Mar 2015 12:33:01 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.6.68 with SMTP id y4ls342949lay.12.gmail; Thu, 19 Mar 2015 12:33:00 -0700 (PDT) X-Received: by 10.152.197.34 with SMTP id ir2mr2322633lac.36.1426793580924; Thu, 19 Mar 2015 12:33:00 -0700 (PDT) Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com. [209.85.217.181]) by mx.google.com with ESMTPS id r1si1656325lbm.84.2015.03.19.12.33.00 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Mar 2015 12:33:00 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.181 as permitted sender) client-ip=209.85.217.181; Received: by lbblx11 with SMTP id lx11so38298186lbb.3 for ; Thu, 19 Mar 2015 12:33:00 -0700 (PDT) X-Received: by 10.112.204.197 with SMTP id la5mr69297479lbc.29.1426793580780; Thu, 19 Mar 2015 12:33:00 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.35.133 with SMTP id h5csp597879lbj; Thu, 19 Mar 2015 12:32:59 -0700 (PDT) X-Received: by 10.140.128.73 with SMTP id 70mr100058272qha.75.1426793559671; Thu, 19 Mar 2015 12:32:39 -0700 (PDT) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id n80si2188905qkh.72.2015.03.19.12.32.39 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 19 Mar 2015 12:32:39 -0700 (PDT) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YYg9u-0004nn-AD; Thu, 19 Mar 2015 19:31:10 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YYg9s-0004kb-Pw for xen-devel@lists.xenproject.org; Thu, 19 Mar 2015 19:31:09 +0000 Received: from [193.109.254.147] by server-12.bemta-14.messagelabs.com id A5/8B-32563-CF32B055; Thu, 19 Mar 2015 19:31:08 +0000 X-Env-Sender: julien.grall@linaro.org X-Msg-Ref: server-4.tower-27.messagelabs.com!1426793466!14435459!1 X-Originating-IP: [74.125.82.50] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.4; banners=-,-,- X-VirusChecked: Checked Received: (qmail 2953 invoked from network); 19 Mar 2015 19:31:06 -0000 Received: from mail-wg0-f50.google.com (HELO mail-wg0-f50.google.com) (74.125.82.50) by server-4.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 19 Mar 2015 19:31:06 -0000 Received: by wggv3 with SMTP id v3so71354849wgg.1 for ; Thu, 19 Mar 2015 12:31:06 -0700 (PDT) X-Received: by 10.194.170.193 with SMTP id ao1mr155577207wjc.52.1426793466478; Thu, 19 Mar 2015 12:31:06 -0700 (PDT) Received: from chilopoda.uk.xensource.com. ([185.25.64.249]) by mx.google.com with ESMTPSA id hl8sm3203005wjb.38.2015.03.19.12.31.05 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 19 Mar 2015 12:31:05 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Thu, 19 Mar 2015 19:29:45 +0000 Message-Id: <1426793399-6283-20-git-send-email-julien.grall@linaro.org> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1426793399-6283-1-git-send-email-julien.grall@linaro.org> References: <1426793399-6283-1-git-send-email-julien.grall@linaro.org> Cc: stefano.stabellini@citrix.com, Julien Grall , tim@xen.org, ian.campbell@citrix.com, Jan Beulich Subject: [Xen-devel] [PATCH v4 19/33] xen/arm: Implement hypercall DOMCTL_{, un}bind_pt_pirq X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: julien.grall@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.181 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: On x86, an IRQ is assigned in 2 steps to an HVM guest: - The toolstack is calling PHYSDEVOP_map_pirq in order to create a guest PIRQ (IRQ bound to an event channel) - The emulator (QEMU) is calling DOMCTL_bind_pt_irq in order to bind the IRQ On ARM, there is no concept of PIRQ as the IRQ can be assigned to a virtual IRQ using the interrupt controller. It's not clear if we will need 2 different hypercalls on ARM to assign IRQ and, for now, only the toolstack will manage IRQ. In order to avoid re-using a fixed ABI hypercall (PHYSDEVOP_*) for a different purpose and allow us more time to figure out the right out, only DOMCTL_{,un}bind_pt_pirq is implemented on ARM. The DOMCTL is extended with a new type PT_IRQ_TYPE_SPI and only IRQ == vIRQ (i.e machine_irq == spi) is supported. Concerning XSM, even if ARM is using one hypercall rather than 2, the resulting check is nearly the same. XSM PHYSDEVOP_map_pirq: 1) Check if the current domain can add resource to the domain 2) Check if the current domain has permission to add the IRQ 3) Check if the target domain has permission to use the IRQ XSM DOMCTL_bind_pirq_irq: 1) Check if the current domain can add resource to the domain 2) Check if the current domain has permission to bind the IRQ 3) Check if the target domain has permission to use the IRQ Rather than checking that the current domain can both add and bind the IRQ, we only check the bind permission. I think this is not a big deal because we don't have emulator on ARM and therefore no disaggregation is required. Note: The toolstack changes for routing an IRQ to a guest will be done in a separate patch. Signed-off-by: Julien Grall Cc: Jan Beulich --- Contrawise PHYSDEV, DOMCTL interface is not fixed. This version is using a DOMCTL in order to let us more to to see if we need a new PHYSDEV op for vIRQ assignation. DOMCTL_unbind_pt_irq has been implemented, although I haven't test it. I'm not sure if we want to keep it. Concerning XSM, the final security check is fairly the same: Changes in v4: - Move the implementation from PHYSDEV to DOMCTL. Reuse DOMCTL_{,un}bind_pt_irq for this purpose. Changes in v3: - Functions to allocate/release/reserved a VIRQ has been moved in a separate patch - Make clear that only MAP_PIRQ_GSI is only supported for now Changes in v2: - Add PHYSDEVOP_unmap_pirq - Rework commit message - Add functions to allocate/release a VIRQ - is_routable_irq has been renamed into is_assignable_irq --- tools/libxc/include/xenctrl.h | 8 +++-- tools/libxc/xc_domain.c | 18 +++++++++-- xen/arch/arm/domctl.c | 66 ++++++++++++++++++++++++++++++++++++++++ xen/include/public/domctl.h | 4 +++ xen/include/xsm/dummy.h | 24 +++++++-------- xen/include/xsm/xsm.h | 28 ++++++++--------- xen/xsm/dummy.c | 4 +-- xen/xsm/flask/hooks.c | 70 ++++++++++++++++++++++--------------------- 8 files changed, 156 insertions(+), 66 deletions(-) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index 60b61b6..b6212bf 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -2090,7 +2090,7 @@ int xc_domain_bind_pt_irq(xc_interface *xch, uint8_t bus, uint8_t device, uint8_t intx, - uint8_t isa_irq); + uint16_t isa_irq); int xc_domain_unbind_pt_irq(xc_interface *xch, uint32_t domid, @@ -2099,7 +2099,7 @@ int xc_domain_unbind_pt_irq(xc_interface *xch, uint8_t bus, uint8_t device, uint8_t intx, - uint8_t isa_irq); + uint16_t isa_irq); int xc_domain_bind_pt_pci_irq(xc_interface *xch, uint32_t domid, @@ -2112,6 +2112,10 @@ int xc_domain_bind_pt_isa_irq(xc_interface *xch, uint32_t domid, uint8_t machine_irq); +int xc_domain_bind_pt_spi_irq(xc_interface *xch, + uint32_t domid, + uint16_t spi); + int xc_domain_set_machine_address_size(xc_interface *xch, uint32_t domid, unsigned int width); diff --git a/tools/libxc/xc_domain.c b/tools/libxc/xc_domain.c index 579d266..8243b70 100644 --- a/tools/libxc/xc_domain.c +++ b/tools/libxc/xc_domain.c @@ -1764,7 +1764,7 @@ int xc_domain_bind_pt_irq( uint8_t bus, uint8_t device, uint8_t intx, - uint8_t isa_irq) + uint16_t isa_irq) { int rc; xen_domctl_bind_pt_irq_t * bind; @@ -1788,6 +1788,9 @@ int xc_domain_bind_pt_irq( case PT_IRQ_TYPE_ISA: bind->u.isa.isa_irq = isa_irq; break; + case PT_IRQ_TYPE_SPI: + bind->u.spi.spi = isa_irq; + break; default: errno = EINVAL; return -1; @@ -1805,7 +1808,7 @@ int xc_domain_unbind_pt_irq( uint8_t bus, uint8_t device, uint8_t intx, - uint8_t isa_irq) + uint16_t isa_irq) { int rc; xen_domctl_bind_pt_irq_t * bind; @@ -1829,6 +1832,8 @@ int xc_domain_unbind_pt_irq( case PT_IRQ_TYPE_ISA: bind->u.isa.isa_irq = isa_irq; break; + case PT_IRQ_TYPE_SPI: + bind->u.spi.spi = isa_irq; default: errno = EINVAL; return -1; @@ -1861,6 +1866,15 @@ int xc_domain_bind_pt_isa_irq( PT_IRQ_TYPE_ISA, 0, 0, 0, machine_irq)); } +int xc_domain_bind_pt_spi_irq( + xc_interface *xch, + uint32_t domid, + uint16_t spi) +{ + return (xc_domain_bind_pt_irq(xch, domid, spi, + PT_IRQ_TYPE_SPI, 0, 0, 0, spi)); +} + int xc_unmap_domain_meminfo(xc_interface *xch, struct xc_domain_meminfo *minfo) { struct domain_info_context _di = { .guest_width = minfo->guest_width, diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c index 6f30af7..f5d5a10 100644 --- a/xen/arch/arm/domctl.c +++ b/xen/arch/arm/domctl.c @@ -10,6 +10,8 @@ #include #include #include +#include +#include #include long arch_do_domctl(struct xen_domctl *domctl, struct domain *d, @@ -30,6 +32,70 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d, return p2m_cache_flush(d, s, e); } + case XEN_DOMCTL_bind_pt_irq: + { + int rc; + xen_domctl_bind_pt_irq_t *bind = &domctl->u.bind_pt_irq; + uint32_t irq = bind->u.spi.spi; + uint32_t virq = bind->machine_irq; + + /* We only support PT_IRQ_TYPE_SPI */ + if ( bind->irq_type != PT_IRQ_TYPE_SPI ) + return -EOPNOTSUPP; + + /* + * XXX: For now map the interrupt 1:1. Other support will require to + * modify domain_pirq_to_irq macro. + */ + if ( irq != virq ) + return -EINVAL; + + rc = xsm_bind_pt_irq(XSM_HOOK, d, bind); + if ( rc ) + return rc; + + if ( !irq_access_permitted(current->domain, irq) ) + return -EPERM; + + if ( !vgic_reserve_virq(d, virq) ) + return -EBUSY; + + rc = route_irq_to_guest(d, virq, irq, "routed IRQ"); + if ( rc ) + vgic_free_virq(d, virq); + + return rc; + } + case XEN_DOMCTL_unbind_pt_irq: + { + int rc; + xen_domctl_bind_pt_irq_t *bind = &domctl->u.bind_pt_irq; + uint32_t irq = bind->u.spi.spi; + uint32_t virq = bind->machine_irq; + + /* We only support PT_IRQ_TYPE_SPI */ + if ( bind->irq_type != PT_IRQ_TYPE_SPI ) + return -EOPNOTSUPP; + + /* For now map the interrupt 1:1 */ + if ( irq != virq ) + return -EINVAL; + + rc = xsm_unbind_pt_irq(XSM_HOOK, d, bind); + if ( rc ) + return rc; + + if ( !irq_access_permitted(current->domain, irq) ) + return -EPERM; + + rc = release_guest_irq(d, virq); + if ( rc ) + return rc; + + vgic_free_virq(d, virq); + + return 0; + } default: return subarch_do_domctl(domctl, d, u_domctl); } diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h index d6c1ec7..7f90150 100644 --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -504,6 +504,7 @@ typedef enum pt_irq_type_e { PT_IRQ_TYPE_ISA, PT_IRQ_TYPE_MSI, PT_IRQ_TYPE_MSI_TRANSLATE, + PT_IRQ_TYPE_SPI, /* ARM: valid range 32-1019 */ } pt_irq_type_t; struct xen_domctl_bind_pt_irq { uint32_t machine_irq; @@ -524,6 +525,9 @@ struct xen_domctl_bind_pt_irq { uint32_t gflags; uint64_aligned_t gtable; } msi; + struct { + uint16_t spi; + } spi; } u; }; typedef struct xen_domctl_bind_pt_irq xen_domctl_bind_pt_irq_t; diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index f20e89c..da414c7 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -445,6 +445,18 @@ static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d) return xsm_default_action(action, current->domain, d); } +static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) +{ + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); +} + +static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) +{ + XSM_ASSERT_ACTION(XSM_HOOK); + return xsm_default_action(action, current->domain, d); +} + static XSM_INLINE int xsm_unmap_domain_irq(XSM_DEFAULT_ARG struct domain *d, int irq, void *data) { XSM_ASSERT_ACTION(XSM_HOOK); @@ -631,18 +643,6 @@ static XSM_INLINE int xsm_priv_mapping(XSM_DEFAULT_ARG struct domain *d, struct return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) -{ - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); -} - -static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) -{ - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); -} - static XSM_INLINE int xsm_ioport_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 0437735..99a59d0 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -107,6 +107,8 @@ struct xsm_operations { int (*map_domain_irq) (struct domain *d, int irq, void *data); int (*unmap_domain_pirq) (struct domain *d); int (*unmap_domain_irq) (struct domain *d, int irq, void *data); + int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); + int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); int (*irq_permission) (struct domain *d, int pirq, uint8_t allow); int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow); int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow); @@ -169,8 +171,6 @@ struct xsm_operations { int (*mmuext_op) (struct domain *d, struct domain *f); int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t pte); int (*priv_mapping) (struct domain *d, struct domain *t); - int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); - int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); #endif @@ -419,6 +419,18 @@ static inline int xsm_unmap_domain_irq (xsm_default_t def, struct domain *d, int return xsm_ops->unmap_domain_irq(d, irq, data); } +static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d, + struct xen_domctl_bind_pt_irq *bind) +{ + return xsm_ops->bind_pt_irq(d, bind); +} + +static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d, + struct xen_domctl_bind_pt_irq *bind) +{ + return xsm_ops->unbind_pt_irq(d, bind); +} + static inline int xsm_irq_permission (xsm_default_t def, struct domain *d, int pirq, uint8_t allow) { return xsm_ops->irq_permission(d, pirq, allow); @@ -643,18 +655,6 @@ static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d, struct d return xsm_ops->priv_mapping(d, t); } -static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d, - struct xen_domctl_bind_pt_irq *bind) -{ - return xsm_ops->bind_pt_irq(d, bind); -} - -static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d, - struct xen_domctl_bind_pt_irq *bind) -{ - return xsm_ops->unbind_pt_irq(d, bind); -} - static inline int xsm_ioport_permission (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { return xsm_ops->ioport_permission(d, s, e, allow); diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 8eb3050..b69a019 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -81,6 +81,8 @@ void xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, map_domain_irq); set_to_dummy_if_null(ops, unmap_domain_pirq); set_to_dummy_if_null(ops, unmap_domain_irq); + set_to_dummy_if_null(ops, bind_pt_irq); + set_to_dummy_if_null(ops, unbind_pt_irq); set_to_dummy_if_null(ops, irq_permission); set_to_dummy_if_null(ops, iomem_permission); set_to_dummy_if_null(ops, iomem_mapping); @@ -140,8 +142,6 @@ void xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, mmuext_op); set_to_dummy_if_null(ops, update_va_mapping); set_to_dummy_if_null(ops, priv_mapping); - set_to_dummy_if_null(ops, bind_pt_irq); - set_to_dummy_if_null(ops, unbind_pt_irq); set_to_dummy_if_null(ops, ioport_permission); set_to_dummy_if_null(ops, ioport_mapping); #endif diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index b453605..e1cc16a 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -580,12 +580,14 @@ static int flask_domctl(struct domain *d, int cmd) #ifdef HAS_MEM_ACCESS case XEN_DOMCTL_mem_event_op: #endif + + /* These have individual XSM hooks (arch/../domctl.c) */ + case XEN_DOMCTL_bind_pt_irq: + case XEN_DOMCTL_unbind_pt_irq: #ifdef CONFIG_X86 /* These have individual XSM hooks (arch/x86/domctl.c) */ case XEN_DOMCTL_shadow_op: case XEN_DOMCTL_ioport_permission: - case XEN_DOMCTL_bind_pt_irq: - case XEN_DOMCTL_unbind_pt_irq: case XEN_DOMCTL_ioport_mapping: /* These have individual XSM hooks (drivers/passthrough/iommu.c) */ case XEN_DOMCTL_get_device_group: @@ -911,6 +913,36 @@ static int flask_unmap_domain_irq (struct domain *d, int irq, void *data) return rc; } +static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind) +{ + u32 dsid, rsid; + int rc = -EPERM; + int irq; + struct avc_audit_data ad; + + rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); + if ( rc ) + return rc; + + irq = domain_pirq_to_irq(d, bind->machine_irq); + + rc = get_irq_sid(irq, &rsid, &ad); + if ( rc ) + return rc; + + rc = avc_current_has_perm(rsid, SECCLASS_HVM, HVM__BIND_IRQ, &ad); + if ( rc ) + return rc; + + dsid = domain_sid(d); + return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad); +} + +static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind) +{ + return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); +} + static int flask_irq_permission (struct domain *d, int pirq, uint8_t access) { /* the PIRQ number is not useful; real IRQ is checked during mapping */ @@ -1468,36 +1500,6 @@ static int flask_priv_mapping(struct domain *d, struct domain *t) { return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK); } - -static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind) -{ - u32 dsid, rsid; - int rc = -EPERM; - int irq; - struct avc_audit_data ad; - - rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); - if ( rc ) - return rc; - - irq = domain_pirq_to_irq(d, bind->machine_irq); - - rc = get_irq_sid(irq, &rsid, &ad); - if ( rc ) - return rc; - - rc = avc_current_has_perm(rsid, SECCLASS_HVM, HVM__BIND_IRQ, &ad); - if ( rc ) - return rc; - - dsid = domain_sid(d); - return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad); -} - -static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind) -{ - return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); -} #endif /* CONFIG_X86 */ long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op); @@ -1556,6 +1558,8 @@ static struct xsm_operations flask_ops = { .map_domain_irq = flask_map_domain_irq, .unmap_domain_pirq = flask_unmap_domain_pirq, .unmap_domain_irq = flask_unmap_domain_irq, + .bind_pt_irq = flask_bind_pt_irq, + .unbind_pt_irq = flask_unbind_pt_irq, .irq_permission = flask_irq_permission, .iomem_permission = flask_iomem_permission, .iomem_mapping = flask_iomem_mapping, @@ -1616,8 +1620,6 @@ static struct xsm_operations flask_ops = { .mmuext_op = flask_mmuext_op, .update_va_mapping = flask_update_va_mapping, .priv_mapping = flask_priv_mapping, - .bind_pt_irq = flask_bind_pt_irq, - .unbind_pt_irq = flask_unbind_pt_irq, .ioport_permission = flask_ioport_permission, .ioport_mapping = flask_ioport_mapping, #endif