[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] domctl/XSM: avoid XSM_OTHER with xsm_domctl()

commit 88845240803ef3b601207ea368c98403c92f3fdc
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Jun 17 09:21:38 2026 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Jun 17 09:21:38 2026 +0200

    domctl/XSM: avoid XSM_OTHER with xsm_domctl()
    
    Make explicit at the call sites what (default) permission is required.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
    Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
---
 xen/arch/x86/domctl.c    | 2 +-
 xen/arch/x86/mm/paging.c | 2 +-
 xen/common/domctl.c      | 4 ++--
 xen/include/xsm/dummy.h  | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index d1bd753481..07f712a0a4 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -331,7 +331,7 @@ long arch_do_domctl(
         /* Games to allow this code block to handle a compat guest. */
         void __user *guest_handle = domctl->u.getpageframeinfo3.array.p;
 
-        ret = xsm_domctl(XSM_OTHER, d, domctl);
+        ret = xsm_domctl(XSM_PRIV, d, domctl);
         if ( ret )
             break;
 
diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index bfb5b423a0..14ab7defd8 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -743,7 +743,7 @@ long do_paging_domctl_cont(
     if ( d == NULL )
         return -ESRCH;
 
-    ret = xsm_domctl(XSM_OTHER, d, &op);
+    ret = xsm_domctl(XSM_PRIV, d, &op);
     if ( !ret )
     {
         bool lock = !(op.u.shadow_op.op == XEN_DOMCTL_SHADOW_OP_CLEAN ||
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 61149d740e..32ef5b2e38 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -518,7 +518,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
         if ( op->u.shadow_op.op == XEN_DOMCTL_SHADOW_OP_CLEAN ||
              op->u.shadow_op.op == XEN_DOMCTL_SHADOW_OP_PEEK )
         {
-            ret = xsm_domctl(XSM_OTHER, d, op);
+            ret = xsm_domctl(XSM_PRIV, d, op);
             if ( !ret )
                 ret = arch_do_domctl(op, d, u_domctl);
             goto domctl_out_unlock_rcuonly;
@@ -544,7 +544,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
         break;
     }
 
-    ret = xsm_domctl(XSM_OTHER, d, op);
+    ret = xsm_domctl(XSM_PRIV, d, op);
     if ( ret )
         goto domctl_out_unlock_rcuonly;
 
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 36369da963..74b1c0ed39 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -157,7 +157,7 @@ static XSM_INLINE int cf_check xsm_set_target(
 static XSM_INLINE int cf_check xsm_domctl(
     XSM_DEFAULT_ARG struct domain *d, struct xen_domctl *op)
 {
-    XSM_ASSERT_ACTION(XSM_OTHER);
+    XSM_ASSERT_ACTION(XSM_PRIV);
     switch ( op->cmd )
     {
     case XEN_DOMCTL_bind_pt_irq:
@@ -176,7 +176,7 @@ static XSM_INLINE int cf_check xsm_domctl(
         return -EILSEQ;
 
     default:
-        return xsm_default_action(XSM_PRIV, current->domain, d);
+        return xsm_default_action(action, current->domain, d);
     }
 }
 
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.