Xen project Mailing List

[Xen-changelog] [xen-unstable] xsm: remove unused xsm_assign_vector check

From: Xen patchbot-unstable <patchbot@xxxxxxx>

Date: Sat, 10 Dec 2011 09:33:44 +0000

Delivery-date: Sat, 10 Dec 2011 10:23:51 +0000

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> # Date 1322862315 28800 # Node ID 841c330b23a64461aa246ed024e57082f1cd051b # Parent fba8c4003f427e0ec8135d96a10f74b94d3178fd xsm: remove unused xsm_assign_vector check The PHYSDEVOP_alloc_irq_vector hypercall is a noop, so its XSM check is not useful. Remove it and the "event vector" FLASK permission. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Committed-by: Keir Fraser <keir@xxxxxxx> --- diff -r fba8c4003f42 -r 841c330b23a6 tools/flask/policy/policy/flask/access_vectors --- a/tools/flask/policy/policy/flask/access_vectors Fri Dec 02 13:44:26 2011 -0800 +++ b/tools/flask/policy/policy/flask/access_vectors Fri Dec 02 13:45:15 2011 -0800 @@ -100,7 +100,6 @@ status notify create - vector reset } diff -r fba8c4003f42 -r 841c330b23a6 tools/flask/policy/policy/modules/xen/xen.if --- a/tools/flask/policy/policy/modules/xen/xen.if Fri Dec 02 13:44:26 2011 -0800 +++ b/tools/flask/policy/policy/modules/xen/xen.if Fri Dec 02 13:45:15 2011 -0800 @@ -67,7 +67,6 @@ ############################################################################### define(`create_passthrough_resource', ` type $3, resource_type; - allow $1 $3:event vector; allow $1 $2:resource {add remove}; allow $1 ioport_t:resource {add_ioport use}; allow $1 iomem_t:resource {add_iomem use}; diff -r fba8c4003f42 -r 841c330b23a6 tools/flask/policy/policy/modules/xen/xen.te --- a/tools/flask/policy/policy/modules/xen/xen.te Fri Dec 02 13:44:26 2011 -0800 +++ b/tools/flask/policy/policy/modules/xen/xen.te Fri Dec 02 13:45:15 2011 -0800 @@ -31,7 +31,6 @@ allow dom0_t domio_t:mmu {map_read map_write}; allow dom0_t iomem_t:mmu {map_read map_write}; -allow dom0_t pirq_t:event {vector}; allow dom0_t xen_t:mmu {memorymap}; allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust updatemp}; diff -r fba8c4003f42 -r 841c330b23a6 xen/arch/x86/physdev.c --- a/xen/arch/x86/physdev.c Fri Dec 02 13:44:26 2011 -0800 +++ b/xen/arch/x86/physdev.c Fri Dec 02 13:45:15 2011 -0800 @@ -452,10 +452,6 @@ if ( !IS_PRIV(v->domain) ) break; - ret = xsm_assign_vector(v->domain, irq_op.irq); - if ( ret ) - break; - /* Vector is only used by hypervisor, and dom0 shouldn't touch it in its world, return irq_op.irq as the vecotr, and make this hypercall dummy, and also defer the vector diff -r fba8c4003f42 -r 841c330b23a6 xen/include/xsm/xsm.h --- a/xen/include/xsm/xsm.h Fri Dec 02 13:44:26 2011 -0800 +++ b/xen/include/xsm/xsm.h Fri Dec 02 13:45:15 2011 -0800 @@ -129,7 +129,6 @@ int (*hvm_set_pci_link_route) (struct domain *d); int (*hvm_inject_msi) (struct domain *d); int (*apic) (struct domain *d, int cmd); - int (*assign_vector) (struct domain *d, uint32_t pirq); int (*xen_settime) (void); int (*memtype) (uint32_t access); int (*microcode) (void); @@ -536,11 +535,6 @@ return xsm_call(apic(d, cmd)); } -static inline int xsm_assign_vector (struct domain *d, uint32_t pirq) -{ - return xsm_call(assign_vector(d, pirq)); -} - static inline int xsm_xen_settime (void) { return xsm_call(xen_settime()); diff -r fba8c4003f42 -r 841c330b23a6 xen/xsm/dummy.c --- a/xen/xsm/dummy.c Fri Dec 02 13:44:26 2011 -0800 +++ b/xen/xsm/dummy.c Fri Dec 02 13:45:15 2011 -0800 @@ -345,11 +345,6 @@ return 0; } -static int dummy_assign_vector (struct domain *d, uint32_t pirq) -{ - return 0; -} - static int dummy_xen_settime (void) { return 0; @@ -560,7 +555,6 @@ set_to_dummy_if_null(ops, hvm_set_isa_irq_level); set_to_dummy_if_null(ops, hvm_set_pci_link_route); set_to_dummy_if_null(ops, apic); - set_to_dummy_if_null(ops, assign_vector); set_to_dummy_if_null(ops, xen_settime); set_to_dummy_if_null(ops, memtype); set_to_dummy_if_null(ops, microcode); diff -r fba8c4003f42 -r 841c330b23a6 xen/xsm/flask/hooks.c --- a/xen/xsm/flask/hooks.c Fri Dec 02 13:44:26 2011 -0800 +++ b/xen/xsm/flask/hooks.c Fri Dec 02 13:45:15 2011 -0800 @@ -907,18 +907,6 @@ return domain_has_xen(d, perm); } -static int flask_assign_vector(struct domain *d, uint32_t pirq) -{ - u32 psid; - struct domain_security_struct *dsec; - dsec = d->ssid; - - if ( security_pirq_sid(pirq, &psid) ) - return -EPERM; - - return avc_has_perm(dsec->sid, psid, SECCLASS_EVENT, EVENT__VECTOR, NULL); -} - static int flask_xen_settime(void) { return domain_has_xen(current->domain, XEN__SETTIME); @@ -1306,7 +1294,6 @@ .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level, .hvm_set_pci_link_route = flask_hvm_set_pci_link_route, .apic = flask_apic, - .assign_vector = flask_assign_vector, .xen_settime = flask_xen_settime, .memtype = flask_memtype, .microcode = flask_microcode, diff -r fba8c4003f42 -r 841c330b23a6 xen/xsm/flask/include/av_perm_to_string.h --- a/xen/xsm/flask/include/av_perm_to_string.h Fri Dec 02 13:44:26 2011 -0800 +++ b/xen/xsm/flask/include/av_perm_to_string.h Fri Dec 02 13:45:15 2011 -0800 @@ -56,18 +56,17 @@ S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc") S_(SECCLASS_HVM, HVM__SETPARAM, "setparam") S_(SECCLASS_HVM, HVM__GETPARAM, "getparam") - S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram") S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel") S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel") S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute") S_(SECCLASS_HVM, HVM__BIND_IRQ, "bind_irq") S_(SECCLASS_HVM, HVM__CACHEATTR, "cacheattr") + S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram") S_(SECCLASS_EVENT, EVENT__BIND, "bind") S_(SECCLASS_EVENT, EVENT__SEND, "send") S_(SECCLASS_EVENT, EVENT__STATUS, "status") S_(SECCLASS_EVENT, EVENT__NOTIFY, "notify") S_(SECCLASS_EVENT, EVENT__CREATE, "create") - S_(SECCLASS_EVENT, EVENT__VECTOR, "vector") S_(SECCLASS_EVENT, EVENT__RESET, "reset") S_(SECCLASS_GRANT, GRANT__MAP_READ, "map_read") S_(SECCLASS_GRANT, GRANT__MAP_WRITE, "map_write") diff -r fba8c4003f42 -r 841c330b23a6 xen/xsm/flask/include/av_permissions.h --- a/xen/xsm/flask/include/av_permissions.h Fri Dec 02 13:44:26 2011 -0800 +++ b/xen/xsm/flask/include/av_permissions.h Fri Dec 02 13:45:15 2011 -0800 @@ -70,8 +70,7 @@ #define EVENT__STATUS 0x00000004UL #define EVENT__NOTIFY 0x00000008UL #define EVENT__CREATE 0x00000010UL -#define EVENT__VECTOR 0x00000020UL -#define EVENT__RESET 0x00000040UL +#define EVENT__RESET 0x00000020UL #define GRANT__MAP_READ 0x00000001UL #define GRANT__MAP_WRITE 0x00000002UL _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.