From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xenproject.org
Cc: stefano.stabellini@citrix.com,
Daniel De Graaf <dgdegra@tycho.nsa.gov>,
Julien Grall <julien.grall@linaro.org>,
tim@xen.org, ian.campbell@citrix.com
Subject: [RFC 09/14] xen/xsm: flask: MSI is PCI specific
Date: Wed, 12 Mar 2014 16:16:04 +0000 [thread overview]
Message-ID: <1394640969-25583-10-git-send-email-julien.grall@linaro.org> (raw)
In-Reply-To: <1394640969-25583-1-git-send-email-julien.grall@linaro.org>
MSI is not yet support on ARM and will break the compilation when XSM_ENABLE=y.
Signed-off-by: Julien Grall <julien.grall@linaro.org>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/xsm/flask/hooks.c | 72 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 52 insertions(+), 20 deletions(-)
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 65343f3..56c7645 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -19,7 +19,9 @@
#include <xen/errno.h>
#include <xen/guest_access.h>
#include <xen/xenoprof.h>
+#ifdef HAS_PCI
#include <asm/msi.h>
+#endif
#include <public/xen.h>
#include <public/physdev.h>
#include <public/platform.h>
@@ -100,7 +102,6 @@ static int domain_has_xen(struct domain *d, u32 perms)
static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
{
- struct irq_desc *desc = irq_to_desc(irq);
if ( irq >= nr_irqs || irq < 0 )
return -EINVAL;
if ( irq < nr_static_irqs ) {
@@ -110,15 +111,21 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
}
return security_irq_sid(irq, sid);
}
- if ( desc->msi_desc && desc->msi_desc->dev ) {
- struct pci_dev *dev = desc->msi_desc->dev;
- u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
- if (ad) {
- AVC_AUDIT_DATA_INIT(ad, DEV);
- ad->device = sbdf;
+#ifdef HAS_PCI
+ {
+ struct irq_desc *desc = irq_to_desc(irq);
+ if ( desc->msi_desc && desc->msi_desc->dev ) {
+ struct pci_dev *dev = desc->msi_desc->dev;
+ u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
+ if (ad) {
+ AVC_AUDIT_DATA_INIT(ad, DEV);
+ ad->device = sbdf;
+ }
+ return security_device_sid(sbdf, sid);
}
- return security_device_sid(sbdf, sid);
}
+#endif
+
if (ad) {
AVC_AUDIT_DATA_INIT(ad, IRQ);
ad->irq = irq;
@@ -825,21 +832,34 @@ static int flask_map_domain_pirq (struct domain *d)
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
}
+static int flask_map_domain_msi (struct domain *d, int irq, void *data,
+ u32 *sid, struct avc_audit_data *ad)
+{
+#ifdef HAS_PCI
+ struct msi_info *msi = data;
+
+ u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
+ AVC_AUDIT_DATA_INIT(ad, DEV);
+ ad->device = machine_bdf;
+
+ return security_device_sid(machine_bdf, sid);
+#else
+ return -EINVAL;
+#endif
+}
+
static int flask_map_domain_irq (struct domain *d, int irq, void *data)
{
u32 sid, dsid;
int rc = -EPERM;
- struct msi_info *msi = data;
struct avc_audit_data ad;
- if ( irq >= nr_static_irqs && msi ) {
- u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
- AVC_AUDIT_DATA_INIT(&ad, DEV);
- ad.device = machine_bdf;
- rc = security_device_sid(machine_bdf, &sid);
+ if ( irq >= nr_static_irqs && data ) {
+ rc = flask_map_domain_msi(d, irq, data, &sid, &ad);
} else {
rc = get_irq_sid(irq, &sid, &ad);
}
+
if ( rc )
return rc;
@@ -858,18 +878,30 @@ static int flask_unmap_domain_pirq (struct domain *d)
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
+static int flask_unmap_domain_msi (struct domain *d, int irq, void *data,
+ u32 *sid, struct avc_audit_data *ad)
+{
+#ifdef HAS_PCI
+ struct msi_info *msi = data;
+ u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
+
+ AVC_AUDIT_DATA_INIT(ad, DEV);
+ ad->device = machine_bdf;
+
+ return security_device_sid(machine_bdf, sid);
+#else
+ return -EINVAL;
+#endif
+}
+
static int flask_unmap_domain_irq (struct domain *d, int irq, void *data)
{
u32 sid;
int rc = -EPERM;
- struct msi_info *msi = data;
struct avc_audit_data ad;
- if ( irq >= nr_static_irqs && msi ) {
- u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
- AVC_AUDIT_DATA_INIT(&ad, DEV);
- ad.device = machine_bdf;
- rc = security_device_sid(machine_bdf, &sid);
+ if ( irq >= nr_static_irqs && data ) {
+ rc = flask_unmap_domain_msi(d, irq, data, &sid, &ad);
} else {
rc = get_irq_sid(irq, &sid, &ad);
}
--
1.7.10.4
next prev parent reply other threads:[~2014-03-12 16:17 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-12 16:15 [RFC 00/14] xen/arm: Add support for XSM Julien Grall
2014-03-12 16:15 ` [RFC 01/14] xen/arm: kernel: Don't harcode flash address Julien Grall
2014-03-14 17:10 ` Ian Campbell
2014-03-14 17:44 ` Julien Grall
2014-03-12 16:15 ` [RFC 02/14] xen/arm: Remove the parameter "attrindx" in copy_paddr Julien Grall
2014-03-14 17:14 ` Ian Campbell
2014-03-14 18:02 ` Julien Grall
2014-03-17 10:13 ` Ian Campbell
2014-03-17 11:53 ` Julien Grall
2014-03-17 12:02 ` Ian Campbell
2014-03-12 16:15 ` [RFC 03/14] xen/arm: Correctly define size_t Julien Grall
2014-03-14 17:18 ` Ian Campbell
2014-03-12 16:15 ` [RFC 04/14] xen/arm: next_module: Skip module if the size is 0 Julien Grall
2014-03-14 17:19 ` Ian Campbell
2014-03-12 16:16 ` [RFC 05/14] xen/xsm: xsm functions for PCI passthrough is not x86 specific Julien Grall
2014-03-13 14:25 ` Daniel De Graaf
2014-03-14 17:20 ` Ian Campbell
2014-03-12 16:16 ` [RFC 06/14] xen/xsm: xsm_do_mca is " Julien Grall
2014-03-13 14:26 ` Daniel De Graaf
2014-03-14 17:21 ` Ian Campbell
2014-03-12 16:16 ` [RFC 07/14] xen/xsm: flask: Fix compilation when CONFIG_COMPAT=y Julien Grall
2014-03-13 14:26 ` Daniel De Graaf
2014-03-14 17:23 ` Ian Campbell
2014-03-14 18:08 ` Julien Grall
2014-03-17 7:22 ` Jan Beulich
2014-03-17 10:15 ` Ian Campbell
2014-03-17 11:57 ` Julien Grall
2014-03-12 16:16 ` [RFC 08/14] xen/xsm: flask: Rename variable "bool" in "b" Julien Grall
2014-03-12 16:26 ` Andrew Cooper
2014-03-13 13:17 ` Julien Grall
2014-03-13 13:57 ` Jan Beulich
2014-03-13 14:27 ` Daniel De Graaf
2014-03-14 17:24 ` Ian Campbell
2014-03-12 16:16 ` Julien Grall [this message]
2014-03-13 14:34 ` [RFC 09/14] xen/xsm: flask: MSI is PCI specific Daniel De Graaf
2014-03-13 14:40 ` Julien Grall
2014-03-14 17:25 ` Ian Campbell
2014-03-14 18:15 ` Julien Grall
2014-03-17 10:13 ` Ian Campbell
2014-03-17 12:05 ` Julien Grall
2014-03-12 16:16 ` [RFC 10/14] xen/xsm: flask: flask_copying_string is taking a XEN_GUEST_HANDLE as first param Julien Grall
2014-03-13 14:34 ` Daniel De Graaf
2014-03-14 17:26 ` Ian Campbell
2014-03-12 16:16 ` [RFC 11/14] xen/xsm: flask: Add missing header in hooks.c Julien Grall
2014-03-13 14:34 ` Daniel De Graaf
2014-03-14 17:26 ` Ian Campbell
2014-03-12 16:16 ` [RFC 12/14] xen/xsm: Don't use multiboot by default to initialize XSM Julien Grall
2014-03-12 16:52 ` Jan Beulich
2014-03-13 14:36 ` Daniel De Graaf
2014-03-14 17:27 ` Ian Campbell
2014-03-12 16:16 ` [RFC 13/14] xen/xsm: Add support for device tree Julien Grall
2014-03-13 14:47 ` Daniel De Graaf
2014-03-14 17:34 ` Ian Campbell
2014-03-14 18:24 ` Julien Grall
2014-03-17 10:15 ` Ian Campbell
2014-03-12 16:16 ` [RFC 14/14] xen/arm: Add support for XSM Julien Grall
2014-03-14 17:34 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1394640969-25583-10-git-send-email-julien.grall@linaro.org \
--to=julien.grall@linaro.org \
--cc=dgdegra@tycho.nsa.gov \
--cc=ian.campbell@citrix.com \
--cc=stefano.stabellini@citrix.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).