[for-4.20,0/3] xen/flask: Wire up missing hypercalls

Message

Michal Orzel Jan. 7, 2025, 9:27 a.m. UTC

It's been noted by Juergen that recently added XEN_DOMCTL_set_llc_colors
is not wired up in FLASK. While preparing a fix, I noticed two other Arm
hypercalls from the past that were missing the linking as well. These two
are latent bugs while the LLC one is a release blocker for 4.20.

Michal Orzel (3):
  xen/flask: Wire up XEN_DOMCTL_vuart_op
  xen/flask: Wire up XEN_DOMCTL_dt_overlay
  xen/flask: Wire up XEN_DOMCTL_set_llc_colors

 tools/flask/policy/modules/dom0.te  | 2 +-
 tools/flask/policy/modules/xen.if   | 4 ++--
 xen/xsm/flask/hooks.c               | 9 +++++++++
 xen/xsm/flask/policy/access_vectors | 6 ++++++
 4 files changed, 18 insertions(+), 3 deletions(-)

Comments

Oleksii Kurochko Jan. 7, 2025, 3:26 p.m. UTC | #1

Hi Michal,

On 1/7/25 10:27 AM, Michal Orzel wrote:
> It's been noted by Juergen that recently added XEN_DOMCTL_set_llc_colors
> is not wired up in FLASK. While preparing a fix, I noticed two other Arm
> hypercalls from the past that were missing the linking as well. These two
> are latent bugs while the LLC one is a release blocker for 4.20.

Release-Acked-By: Oleksii Kurochko <oleksii.kurochko@gmail.com>


Thanks.


~ Oleksii

>
> Michal Orzel (3):
>    xen/flask: Wire up XEN_DOMCTL_vuart_op
>    xen/flask: Wire up XEN_DOMCTL_dt_overlay
>    xen/flask: Wire up XEN_DOMCTL_set_llc_colors
>
>   tools/flask/policy/modules/dom0.te  | 2 +-
>   tools/flask/policy/modules/xen.if   | 4 ++--
>   xen/xsm/flask/hooks.c               | 9 +++++++++
>   xen/xsm/flask/policy/access_vectors | 6 ++++++
>   4 files changed, 18 insertions(+), 3 deletions(-)
>