From patchwork Mon Mar 17 14:05:59 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 26371 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-vc0-f197.google.com (mail-vc0-f197.google.com [209.85.220.197]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id C78FC202FA for ; Mon, 17 Mar 2014 14:07:38 +0000 (UTC) Received: by mail-vc0-f197.google.com with SMTP id if11sf13490689vcb.0 for ; Mon, 17 Mar 2014 07:07:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:cc:subject:precedence:list-id:list-unsubscribe:list-post :list-help:list-subscribe:mime-version:sender:errors-to :x-original-sender:x-original-authentication-results:mailing-list :list-archive:content-type:content-transfer-encoding; bh=EXSTWxbP/2QGpwlCEa6KTBWJc6iq4pMWzd5Z5Mc6tC4=; b=WhN5NN9GVvZjKz21g0xBjaKYWUxW+Fu76f1VznbsGAzEVWH3H0SmaSn+xIuUjH0jtz f2Ob7hpRW5k4yTnqRxdw2Ajzs3NVg7vaRy/ucUTS8LfU6ut3LRJaQ4b5VdnVnKXt66fn pCzFVski7JT7VSNYZnSNZkwqUhXFwY7FZ4Doqbz+xDVjPPrUDA7JoHjFkdil7zYZKYUf wlKfmeSILAszBzQeCCjIqsXT7OxLGlluMDnu/zjuDE7+Gz5DshUuQQmlUEAJuoiFkPW4 yWhfnxUvTzlbstyAp0sZy9nVnQhMSmlnMMV47YgV1DKpMkuxqUlNu+WNvpQIZXe5ritB Lzpg== X-Gm-Message-State: ALoCoQnMbhUxnyy1Sb4EAkqu5AjeMZedyFEDdGEBaNis/OgEPL68mpTkU3elwhAU4WT68YGRNQZg X-Received: by 10.58.248.170 with SMTP id yn10mr8869794vec.17.1395065258629; Mon, 17 Mar 2014 07:07:38 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.23.111 with SMTP id 102ls1707882qgo.44.gmail; Mon, 17 Mar 2014 07:07:38 -0700 (PDT) X-Received: by 10.220.131.210 with SMTP id y18mr20332080vcs.12.1395065258473; Mon, 17 Mar 2014 07:07:38 -0700 (PDT) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx.google.com with ESMTPS id us10si5284272vcb.59.2014.03.17.07.07.38 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 17 Mar 2014 07:07:38 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.220.182 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.220.182; Received: by mail-vc0-f182.google.com with SMTP id ks9so5705801vcb.41 for ; Mon, 17 Mar 2014 07:07:38 -0700 (PDT) X-Received: by 10.52.242.167 with SMTP id wr7mr1194991vdc.32.1395065258380; Mon, 17 Mar 2014 07:07:38 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.220.78.9 with SMTP id i9csp130050vck; Mon, 17 Mar 2014 07:07:38 -0700 (PDT) X-Received: by 10.224.122.20 with SMTP id j20mr3854345qar.79.1395065257870; Mon, 17 Mar 2014 07:07:37 -0700 (PDT) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id 5si3774238qch.94.2014.03.17.07.07.37 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 17 Mar 2014 07:07:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xen.org designates 50.57.142.19 as permitted sender) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1WPYBV-0002Lc-Dy; Mon, 17 Mar 2014 14:06:33 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1WPYBT-0002JF-JJ for xen-devel@lists.xenproject.org; Mon, 17 Mar 2014 14:06:31 +0000 Received: from [85.158.143.35:36483] by server-2.bemta-4.messagelabs.com id 10/40-06539-66107235; Mon, 17 Mar 2014 14:06:30 +0000 X-Env-Sender: julien.grall@linaro.org X-Msg-Ref: server-14.tower-21.messagelabs.com!1395065189!2662108!1 X-Originating-IP: [74.125.83.54] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.11.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 13683 invoked from network); 17 Mar 2014 14:06:29 -0000 Received: from mail-ee0-f54.google.com (HELO mail-ee0-f54.google.com) (74.125.83.54) by server-14.tower-21.messagelabs.com with RC4-SHA encrypted SMTP; 17 Mar 2014 14:06:29 -0000 Received: by mail-ee0-f54.google.com with SMTP id d49so4232726eek.27 for ; Mon, 17 Mar 2014 07:06:29 -0700 (PDT) X-Received: by 10.14.1.68 with SMTP id 44mr24255892eec.0.1395065189134; Mon, 17 Mar 2014 07:06:29 -0700 (PDT) Received: from belegaer.uk.xensource.com. ([185.25.64.249]) by mx.google.com with ESMTPSA id x3sm39716538eep.17.2014.03.17.07.06.27 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Mar 2014 07:06:28 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Mon, 17 Mar 2014 14:05:59 +0000 Message-Id: <1395065165-15915-10-git-send-email-julien.grall@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1395065165-15915-1-git-send-email-julien.grall@linaro.org> References: <1395065165-15915-1-git-send-email-julien.grall@linaro.org> Cc: stefano.stabellini@citrix.com, Julien Grall , tim@xen.org, ian.campbell@citrix.com Subject: [Xen-devel] [PATCH v2 09/15] xen/xsm: flask: MSI is PCI specific X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: julien.grall@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.220.182 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: MSI is not yet support on ARM and will break the compilation when XSM_ENABLE=y. Signed-off-by: Julien Grall Acked-by: Daniel De Graaf Acked-by: Ian Campbell --- xen/xsm/flask/hooks.c | 72 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 52 insertions(+), 20 deletions(-) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 65343f3..56c7645 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -19,7 +19,9 @@ #include #include #include +#ifdef HAS_PCI #include +#endif #include #include #include @@ -100,7 +102,6 @@ static int domain_has_xen(struct domain *d, u32 perms) static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad) { - struct irq_desc *desc = irq_to_desc(irq); if ( irq >= nr_irqs || irq < 0 ) return -EINVAL; if ( irq < nr_static_irqs ) { @@ -110,15 +111,21 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad) } return security_irq_sid(irq, sid); } - if ( desc->msi_desc && desc->msi_desc->dev ) { - struct pci_dev *dev = desc->msi_desc->dev; - u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn; - if (ad) { - AVC_AUDIT_DATA_INIT(ad, DEV); - ad->device = sbdf; +#ifdef HAS_PCI + { + struct irq_desc *desc = irq_to_desc(irq); + if ( desc->msi_desc && desc->msi_desc->dev ) { + struct pci_dev *dev = desc->msi_desc->dev; + u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn; + if (ad) { + AVC_AUDIT_DATA_INIT(ad, DEV); + ad->device = sbdf; + } + return security_device_sid(sbdf, sid); } - return security_device_sid(sbdf, sid); } +#endif + if (ad) { AVC_AUDIT_DATA_INIT(ad, IRQ); ad->irq = irq; @@ -825,21 +832,34 @@ static int flask_map_domain_pirq (struct domain *d) return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); } +static int flask_map_domain_msi (struct domain *d, int irq, void *data, + u32 *sid, struct avc_audit_data *ad) +{ +#ifdef HAS_PCI + struct msi_info *msi = data; + + u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn; + AVC_AUDIT_DATA_INIT(ad, DEV); + ad->device = machine_bdf; + + return security_device_sid(machine_bdf, sid); +#else + return -EINVAL; +#endif +} + static int flask_map_domain_irq (struct domain *d, int irq, void *data) { u32 sid, dsid; int rc = -EPERM; - struct msi_info *msi = data; struct avc_audit_data ad; - if ( irq >= nr_static_irqs && msi ) { - u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn; - AVC_AUDIT_DATA_INIT(&ad, DEV); - ad.device = machine_bdf; - rc = security_device_sid(machine_bdf, &sid); + if ( irq >= nr_static_irqs && data ) { + rc = flask_map_domain_msi(d, irq, data, &sid, &ad); } else { rc = get_irq_sid(irq, &sid, &ad); } + if ( rc ) return rc; @@ -858,18 +878,30 @@ static int flask_unmap_domain_pirq (struct domain *d) return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } +static int flask_unmap_domain_msi (struct domain *d, int irq, void *data, + u32 *sid, struct avc_audit_data *ad) +{ +#ifdef HAS_PCI + struct msi_info *msi = data; + u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn; + + AVC_AUDIT_DATA_INIT(ad, DEV); + ad->device = machine_bdf; + + return security_device_sid(machine_bdf, sid); +#else + return -EINVAL; +#endif +} + static int flask_unmap_domain_irq (struct domain *d, int irq, void *data) { u32 sid; int rc = -EPERM; - struct msi_info *msi = data; struct avc_audit_data ad; - if ( irq >= nr_static_irqs && msi ) { - u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn; - AVC_AUDIT_DATA_INIT(&ad, DEV); - ad.device = machine_bdf; - rc = security_device_sid(machine_bdf, &sid); + if ( irq >= nr_static_irqs && data ) { + rc = flask_unmap_domain_msi(d, irq, data, &sid, &ad); } else { rc = get_irq_sid(irq, &sid, &ad); }