From patchwork Mon Jun 20 12:53:53 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Beulich <JBeulich@suse.com>
X-Patchwork-Id: 9187397
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	2807C607D1 for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 20 Jun 2016 13:17:22 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 13A152236A
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 20 Jun 2016 13:17:22 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 084BD2780C; Mon, 20 Jun 2016 13:17:22 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C05CD2236A
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 20 Jun 2016 13:17:20 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1bEz2v-0002Dp-Kg; Mon, 20 Jun 2016 13:15:21 +0000
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <JBeulich@suse.com>) id 1bEz2u-0002DX-0I
	for xen-devel@lists.xenproject.org; Mon, 20 Jun 2016 13:15:20 +0000
Received: from [85.158.137.68] by server-14.bemta-3.messagelabs.com id
	4A/D7-07949-66CE7675; Mon, 20 Jun 2016 13:15:18 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrBIsWRWlGSWpSXmKPExsXS6fjDSzflTXq
	4Qcs6FovvWyYzOTB6HP5whSWAMYo1My8pvyKBNeP7XLeCjsmMFQ17frM1MHaVdzFycggJ5Elc
	PH+VEcTmFbCTeNHdxwxiSwgYSuybv4qti5GDg0VAVeL4XX6QMJuAukTbs+2sIGERAQOJc0eTu
	hi5OJgF9jJJtE37xAJSIww0ZuX+y0wQ4+0k3tz6ADaSU8BeYuXkDWC9vAKCEn93CIOEmYFKbv
	T+Y5rAyDMLITMLSQbC1pJ4+OsWC4StLbFs4WtmkHJmAWmJ5f84IMIGEt3LZzOiKgGxrSWm3Ot
	hXMDIsYpRvTi1qCy1SNdEL6koMz2jJDcxM0fX0MBYLze1uDgxPTUnMalYLzk/dxMjMFQZgGAH
	Y+MXp0OMkhxMSqK805+khwvxJeWnVGYkFmfEF5XmpBYfYtTg4BDYtmv1BUYplrz8vFQlCd4bz
	4DqBItS01Mr0jJzgNEEUyrBwaMkwmsMkuYtLkjMLc5Mh0idYlSUEuftBUkIgCQySvPg2mARfI
	lRVkqYlxHoKCGegtSi3MwSVPlXjOIcjErCvLtBpvBk5pXATX8FtJgJaPGyfrDFJYkIKakGRt1
	pb9y/xbLszbl25e83ZXs/nqQviaJh8v+eevueP3vh8zdtn38f13B/miNo6y9c6PZ9m5L5mlkZ
	+zjLG47xapeW8u8tXXCj/g635tKi6idxX2ZOf23mJdNZtGXr5uf+Du/jlDWLjvbELdOMNPuuM
	vWIduyiptwJ8axJN2pbdzt+czLyD+k3U2Ipzkg01GIuKk4EAHdZxs3bAgAA
X-Env-Sender: JBeulich@suse.com
X-Msg-Ref: server-13.tower-31.messagelabs.com!1466428507!45703586!1
X-Originating-IP: [137.65.248.74]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.46; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 11248 invoked from network); 20 Jun 2016 13:15:11 -0000
Received: from prv-mh.provo.novell.com (HELO prv-mh.provo.novell.com)
	(137.65.248.74)
	by server-13.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 20 Jun 2016 13:15:11 -0000
Received: from INET-PRV-MTA by prv-mh.provo.novell.com
	with Novell_GroupWise; Mon, 20 Jun 2016 06:53:57 -0600
Message-Id: <5768038102000078000F6BC6@prv-mh.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 14.2.0 
Date: Mon, 20 Jun 2016 06:53:53 -0600
From: "Jan Beulich" <JBeulich@suse.com>
To: "xen-devel" <xen-devel@lists.xenproject.org>
References: <5768002C02000078000F6B8D@prv-mh.provo.novell.com>
In-Reply-To: <5768002C02000078000F6B8D@prv-mh.provo.novell.com>
Mime-Version: 1.0
Cc: Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>,
	George Dunlap <George.Dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Jackson <Ian.Jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
	Paul Durrant <paul.durrant@citrix.com>, dgdegra@tycho.nsa.gov
Subject: [Xen-devel] [PATCH 03/11] hvmctl: convert HVMOP_set_isa_irq_level
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Note that this retains the hvmop interface definitions as those had
(wrongly) been exposed to non-tool stack consumers (albeit the
operation wouldn't have succeeded when requested by a domain for
itself).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
hvmctl: convert HVMOP_set_isa_irq_level

Note that this retains the hvmop interface definitions as those had
(wrongly) been exposed to non-tool stack consumers (albeit the
operation wouldn't have succeeded when requested by a domain for
itself).

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/tools/libxc/xc_misc.c
+++ b/tools/libxc/xc_misc.c
@@ -488,27 +488,11 @@ int xc_hvm_set_isa_irq_level(
     uint8_t isa_irq,
     unsigned int level)
 {
-    DECLARE_HYPERCALL_BUFFER(struct xen_hvm_set_isa_irq_level, arg);
-    int rc;
+    DECLARE_HVMCTL(set_isa_irq_level, dom,
+                   .isa_irq = isa_irq,
+                   .level   = level);
 
-    arg = xc_hypercall_buffer_alloc(xch, arg, sizeof(*arg));
-    if ( arg == NULL )
-    {
-        PERROR("Could not allocate memory for xc_hvm_set_isa_irq_level hypercall");
-        return -1;
-    }
-
-    arg->domid   = dom;
-    arg->isa_irq = isa_irq;
-    arg->level   = level;
-
-    rc = xencall2(xch->xcall, __HYPERVISOR_hvm_op,
-                  HVMOP_set_isa_irq_level,
-                  HYPERCALL_BUFFER_AS_ARG(arg));
-
-    xc_hypercall_buffer_free(xch, arg);
-
-    return rc;
+    return do_hvmctl(xch, &hvmctl);
 }
 
 int xc_hvm_set_pci_link_route(
--- a/xen/arch/x86/hvm/control.c
+++ b/xen/arch/x86/hvm/control.c
@@ -43,6 +43,30 @@ static int set_pci_intx_level(struct dom
     return 0;
 }
 
+static int set_isa_irq_level(struct domain *d,
+                             const struct xen_hvm_set_isa_irq_level *op)
+{
+    if ( op->isa_irq > 15 )
+        return -EINVAL;
+
+    if ( !is_hvm_domain(d) )
+        return -EINVAL;
+
+    switch ( op->level )
+    {
+    case 0:
+        hvm_isa_irq_deassert(d, op->isa_irq);
+        break;
+    case 1:
+        hvm_isa_irq_assert(d, op->isa_irq);
+        break;
+    default:
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
 /*
  * Note that this value is effectively part of the ABI, even if we don't need
  * to make it a formal part of it.  Hence this value may only be changed if
@@ -92,6 +116,10 @@ long do_hvmctl(XEN_GUEST_HANDLE_PARAM(xe
         rc = set_pci_intx_level(d, &op.u.set_pci_intx_level);
         break;
 
+    case XEN_HVMCTL_set_isa_irq_level:
+        rc = set_isa_irq_level(d, &op.u.set_isa_irq_level);
+        break;
+
     default:
         rc = -EOPNOTSUPP;
         break;
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4446,50 +4446,6 @@ static void hvm_s3_resume(struct domain
     }
 }
 
-static int hvmop_set_isa_irq_level(
-    XEN_GUEST_HANDLE_PARAM(xen_hvm_set_isa_irq_level_t) uop)
-{
-    struct xen_hvm_set_isa_irq_level op;
-    struct domain *d;
-    int rc;
-
-    if ( copy_from_guest(&op, uop, 1) )
-        return -EFAULT;
-
-    if ( op.isa_irq > 15 )
-        return -EINVAL;
-
-    rc = rcu_lock_remote_domain_by_id(op.domid, &d);
-    if ( rc != 0 )
-        return rc;
-
-    rc = -EINVAL;
-    if ( !is_hvm_domain(d) )
-        goto out;
-
-    rc = xsm_hvm_set_isa_irq_level(XSM_DM_PRIV, d);
-    if ( rc )
-        goto out;
-
-    rc = 0;
-    switch ( op.level )
-    {
-    case 0:
-        hvm_isa_irq_deassert(d, op.isa_irq);
-        break;
-    case 1:
-        hvm_isa_irq_assert(d, op.isa_irq);
-        break;
-    default:
-        rc = -EINVAL;
-        break;
-    }
-
- out:
-    rcu_unlock_domain(d);
-    return rc;
-}
-
 static int hvmop_set_pci_link_route(
     XEN_GUEST_HANDLE_PARAM(xen_hvm_set_pci_link_route_t) uop)
 {
@@ -5364,11 +5320,6 @@ long do_hvm_op(unsigned long op, XEN_GUE
             guest_handle_cast(arg, xen_hvm_param_t));
         break;
 
-    case HVMOP_set_isa_irq_level:
-        rc = hvmop_set_isa_irq_level(
-            guest_handle_cast(arg, xen_hvm_set_isa_irq_level_t));
-        break;
-
     case HVMOP_inject_msi:
         rc = hvmop_inject_msi(
             guest_handle_cast(arg, xen_hvm_inject_msi_t));
--- a/xen/include/public/hvm/control.h
+++ b/xen/include/public/hvm/control.h
@@ -38,14 +38,25 @@ struct xen_hvm_set_pci_intx_level {
     uint8_t level;
 };
 
+/* XEN_HVMCTL_set_isa_irq_level */
+/* Set the logical level of one of a domain's ISA IRQ wires. */
+struct xen_hvm_set_isa_irq_level {
+    /* ISA device identification, by ISA IRQ (0-15). */
+    uint8_t  isa_irq;
+    /* Assertion level (0 = unasserted, 1 = asserted). */
+    uint8_t  level;
+};
+
 struct xen_hvmctl {
     uint16_t interface_version;    /* XEN_HVMCTL_INTERFACE_VERSION */
     domid_t domain;
     uint16_t cmd;
 #define XEN_HVMCTL_set_pci_intx_level            1
+#define XEN_HVMCTL_set_isa_irq_level             2
     uint16_t opaque;               /* Must be zero on initial invocation. */
     union {
         struct xen_hvm_set_pci_intx_level set_pci_intx_level;
+        struct xen_hvm_set_isa_irq_level set_isa_irq_level;
         uint8_t pad[120];
     } u;
 };
--- a/xen/include/public/hvm/hvm_op.h
+++ b/xen/include/public/hvm/hvm_op.h
@@ -53,8 +53,6 @@ struct xen_hvm_set_pci_intx_level {
 typedef struct xen_hvm_set_pci_intx_level xen_hvm_set_pci_intx_level_t;
 DEFINE_XEN_GUEST_HANDLE(xen_hvm_set_pci_intx_level_t);
 
-#endif
-
 /* Set the logical level of one of a domain's ISA IRQ wires. */
 #define HVMOP_set_isa_irq_level   3
 struct xen_hvm_set_isa_irq_level {
@@ -68,6 +66,8 @@ struct xen_hvm_set_isa_irq_level {
 typedef struct xen_hvm_set_isa_irq_level xen_hvm_set_isa_irq_level_t;
 DEFINE_XEN_GUEST_HANDLE(xen_hvm_set_isa_irq_level_t);
 
+#endif
+
 #define HVMOP_set_pci_link_route  4
 struct xen_hvm_set_pci_link_route {
     /* Domain to be updated. */
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -609,12 +609,6 @@ static XSM_INLINE int xsm_shadow_control
     return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_hvm_set_isa_irq_level(XSM_DEFAULT_ARG struct domain *d)
-{
-    XSM_ASSERT_ACTION(XSM_DM_PRIV);
-    return xsm_default_action(action, current->domain, d);
-}
-
 static XSM_INLINE int xsm_hvm_set_pci_link_route(XSM_DEFAULT_ARG struct domain *d)
 {
     XSM_ASSERT_ACTION(XSM_DM_PRIV);
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -173,7 +173,6 @@ struct xsm_operations {
 #ifdef CONFIG_X86
     int (*do_mca) (void);
     int (*shadow_control) (struct domain *d, uint32_t op);
-    int (*hvm_set_isa_irq_level) (struct domain *d);
     int (*hvm_set_pci_link_route) (struct domain *d);
     int (*hvm_inject_msi) (struct domain *d);
     int (*hvm_ioreq_server) (struct domain *d, int op);
@@ -645,11 +644,6 @@ static inline int xsm_shadow_control (xs
     return xsm_ops->shadow_control(d, op);
 }
 
-static inline int xsm_hvm_set_isa_irq_level (xsm_default_t def, struct domain *d)
-{
-    return xsm_ops->hvm_set_isa_irq_level(d);
-}
-
 static inline int xsm_hvm_set_pci_link_route (xsm_default_t def, struct domain *d)
 {
     return xsm_ops->hvm_set_pci_link_route(d);
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -145,7 +145,6 @@ void xsm_fixup_ops (struct xsm_operation
 #ifdef CONFIG_X86
     set_to_dummy_if_null(ops, do_mca);
     set_to_dummy_if_null(ops, shadow_control);
-    set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
     set_to_dummy_if_null(ops, hvm_set_pci_link_route);
     set_to_dummy_if_null(ops, hvm_inject_msi);
     set_to_dummy_if_null(ops, hvm_ioreq_server);
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1193,6 +1193,9 @@ static int flask_hvm_control(struct doma
     case XEN_HVMCTL_set_pci_intx_level:
         perm = HVM__PCILEVEL;
         break;
+    case XEN_HVMCTL_set_isa_irq_level:
+        perm = HVM__IRQLEVEL;
+        break;
     default:
         perm = HVM__HVMCTL;
         break;
@@ -1517,11 +1520,6 @@ static int flask_ioport_mapping(struct d
     return flask_ioport_permission(d, start, end, access);
 }
 
-static int flask_hvm_set_isa_irq_level(struct domain *d)
-{
-    return current_has_perm(d, SECCLASS_HVM, HVM__IRQLEVEL);
-}
-
 static int flask_hvm_set_pci_link_route(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_HVM, HVM__PCIROUTE);
@@ -1805,7 +1803,6 @@ static struct xsm_operations flask_ops =
 #ifdef CONFIG_X86
     .do_mca = flask_do_mca,
     .shadow_control = flask_shadow_control,
-    .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
     .hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
     .hvm_inject_msi = flask_hvm_inject_msi,
     .hvm_ioreq_server = flask_hvm_ioreq_server,
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -263,7 +263,7 @@ class hvm
     getparam
 # XEN_HVMCTL_set_pci_intx_level (also needs hvmctl)
     pcilevel
-# HVMOP_set_isa_irq_level
+# XEN_HVMCTL_set_isa_irq_level
     irqlevel
 # HVMOP_set_pci_link_route
     pciroute
Reviewed-by: Wei Liu <wei.liu2@citrix.com>

--- a/tools/libxc/xc_misc.c
+++ b/tools/libxc/xc_misc.c
@@ -488,27 +488,11 @@ int xc_hvm_set_isa_irq_level(
     uint8_t isa_irq,
     unsigned int level)
 {
-    DECLARE_HYPERCALL_BUFFER(struct xen_hvm_set_isa_irq_level, arg);
-    int rc;
+    DECLARE_HVMCTL(set_isa_irq_level, dom,
+                   .isa_irq = isa_irq,
+                   .level   = level);
 
-    arg = xc_hypercall_buffer_alloc(xch, arg, sizeof(*arg));
-    if ( arg == NULL )
-    {
-        PERROR("Could not allocate memory for xc_hvm_set_isa_irq_level hypercall");
-        return -1;
-    }
-
-    arg->domid   = dom;
-    arg->isa_irq = isa_irq;
-    arg->level   = level;
-
-    rc = xencall2(xch->xcall, __HYPERVISOR_hvm_op,
-                  HVMOP_set_isa_irq_level,
-                  HYPERCALL_BUFFER_AS_ARG(arg));
-
-    xc_hypercall_buffer_free(xch, arg);
-
-    return rc;
+    return do_hvmctl(xch, &hvmctl);
 }
 
 int xc_hvm_set_pci_link_route(
--- a/xen/arch/x86/hvm/control.c
+++ b/xen/arch/x86/hvm/control.c
@@ -43,6 +43,30 @@ static int set_pci_intx_level(struct dom
     return 0;
 }
 
+static int set_isa_irq_level(struct domain *d,
+                             const struct xen_hvm_set_isa_irq_level *op)
+{
+    if ( op->isa_irq > 15 )
+        return -EINVAL;
+
+    if ( !is_hvm_domain(d) )
+        return -EINVAL;
+
+    switch ( op->level )
+    {
+    case 0:
+        hvm_isa_irq_deassert(d, op->isa_irq);
+        break;
+    case 1:
+        hvm_isa_irq_assert(d, op->isa_irq);
+        break;
+    default:
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
 /*
  * Note that this value is effectively part of the ABI, even if we don't need
  * to make it a formal part of it.  Hence this value may only be changed if
@@ -92,6 +116,10 @@ long do_hvmctl(XEN_GUEST_HANDLE_PARAM(xe
         rc = set_pci_intx_level(d, &op.u.set_pci_intx_level);
         break;
 
+    case XEN_HVMCTL_set_isa_irq_level:
+        rc = set_isa_irq_level(d, &op.u.set_isa_irq_level);
+        break;
+
     default:
         rc = -EOPNOTSUPP;
         break;
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4446,50 +4446,6 @@ static void hvm_s3_resume(struct domain
     }
 }
 
-static int hvmop_set_isa_irq_level(
-    XEN_GUEST_HANDLE_PARAM(xen_hvm_set_isa_irq_level_t) uop)
-{
-    struct xen_hvm_set_isa_irq_level op;
-    struct domain *d;
-    int rc;
-
-    if ( copy_from_guest(&op, uop, 1) )
-        return -EFAULT;
-
-    if ( op.isa_irq > 15 )
-        return -EINVAL;
-
-    rc = rcu_lock_remote_domain_by_id(op.domid, &d);
-    if ( rc != 0 )
-        return rc;
-
-    rc = -EINVAL;
-    if ( !is_hvm_domain(d) )
-        goto out;
-
-    rc = xsm_hvm_set_isa_irq_level(XSM_DM_PRIV, d);
-    if ( rc )
-        goto out;
-
-    rc = 0;
-    switch ( op.level )
-    {
-    case 0:
-        hvm_isa_irq_deassert(d, op.isa_irq);
-        break;
-    case 1:
-        hvm_isa_irq_assert(d, op.isa_irq);
-        break;
-    default:
-        rc = -EINVAL;
-        break;
-    }
-
- out:
-    rcu_unlock_domain(d);
-    return rc;
-}
-
 static int hvmop_set_pci_link_route(
     XEN_GUEST_HANDLE_PARAM(xen_hvm_set_pci_link_route_t) uop)
 {
@@ -5364,11 +5320,6 @@ long do_hvm_op(unsigned long op, XEN_GUE
             guest_handle_cast(arg, xen_hvm_param_t));
         break;
 
-    case HVMOP_set_isa_irq_level:
-        rc = hvmop_set_isa_irq_level(
-            guest_handle_cast(arg, xen_hvm_set_isa_irq_level_t));
-        break;
-
     case HVMOP_inject_msi:
         rc = hvmop_inject_msi(
             guest_handle_cast(arg, xen_hvm_inject_msi_t));
--- a/xen/include/public/hvm/control.h
+++ b/xen/include/public/hvm/control.h
@@ -38,14 +38,25 @@ struct xen_hvm_set_pci_intx_level {
     uint8_t level;
 };
 
+/* XEN_HVMCTL_set_isa_irq_level */
+/* Set the logical level of one of a domain's ISA IRQ wires. */
+struct xen_hvm_set_isa_irq_level {
+    /* ISA device identification, by ISA IRQ (0-15). */
+    uint8_t  isa_irq;
+    /* Assertion level (0 = unasserted, 1 = asserted). */
+    uint8_t  level;
+};
+
 struct xen_hvmctl {
     uint16_t interface_version;    /* XEN_HVMCTL_INTERFACE_VERSION */
     domid_t domain;
     uint16_t cmd;
 #define XEN_HVMCTL_set_pci_intx_level            1
+#define XEN_HVMCTL_set_isa_irq_level             2
     uint16_t opaque;               /* Must be zero on initial invocation. */
     union {
         struct xen_hvm_set_pci_intx_level set_pci_intx_level;
+        struct xen_hvm_set_isa_irq_level set_isa_irq_level;
         uint8_t pad[120];
     } u;
 };
--- a/xen/include/public/hvm/hvm_op.h
+++ b/xen/include/public/hvm/hvm_op.h
@@ -53,8 +53,6 @@ struct xen_hvm_set_pci_intx_level {
 typedef struct xen_hvm_set_pci_intx_level xen_hvm_set_pci_intx_level_t;
 DEFINE_XEN_GUEST_HANDLE(xen_hvm_set_pci_intx_level_t);
 
-#endif
-
 /* Set the logical level of one of a domain's ISA IRQ wires. */
 #define HVMOP_set_isa_irq_level   3
 struct xen_hvm_set_isa_irq_level {
@@ -68,6 +66,8 @@ struct xen_hvm_set_isa_irq_level {
 typedef struct xen_hvm_set_isa_irq_level xen_hvm_set_isa_irq_level_t;
 DEFINE_XEN_GUEST_HANDLE(xen_hvm_set_isa_irq_level_t);
 
+#endif
+
 #define HVMOP_set_pci_link_route  4
 struct xen_hvm_set_pci_link_route {
     /* Domain to be updated. */
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -609,12 +609,6 @@ static XSM_INLINE int xsm_shadow_control
     return xsm_default_action(action, current->domain, d);
 }
 
-static XSM_INLINE int xsm_hvm_set_isa_irq_level(XSM_DEFAULT_ARG struct domain *d)
-{
-    XSM_ASSERT_ACTION(XSM_DM_PRIV);
-    return xsm_default_action(action, current->domain, d);
-}
-
 static XSM_INLINE int xsm_hvm_set_pci_link_route(XSM_DEFAULT_ARG struct domain *d)
 {
     XSM_ASSERT_ACTION(XSM_DM_PRIV);
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -173,7 +173,6 @@ struct xsm_operations {
 #ifdef CONFIG_X86
     int (*do_mca) (void);
     int (*shadow_control) (struct domain *d, uint32_t op);
-    int (*hvm_set_isa_irq_level) (struct domain *d);
     int (*hvm_set_pci_link_route) (struct domain *d);
     int (*hvm_inject_msi) (struct domain *d);
     int (*hvm_ioreq_server) (struct domain *d, int op);
@@ -645,11 +644,6 @@ static inline int xsm_shadow_control (xs
     return xsm_ops->shadow_control(d, op);
 }
 
-static inline int xsm_hvm_set_isa_irq_level (xsm_default_t def, struct domain *d)
-{
-    return xsm_ops->hvm_set_isa_irq_level(d);
-}
-
 static inline int xsm_hvm_set_pci_link_route (xsm_default_t def, struct domain *d)
 {
     return xsm_ops->hvm_set_pci_link_route(d);
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -145,7 +145,6 @@ void xsm_fixup_ops (struct xsm_operation
 #ifdef CONFIG_X86
     set_to_dummy_if_null(ops, do_mca);
     set_to_dummy_if_null(ops, shadow_control);
-    set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
     set_to_dummy_if_null(ops, hvm_set_pci_link_route);
     set_to_dummy_if_null(ops, hvm_inject_msi);
     set_to_dummy_if_null(ops, hvm_ioreq_server);
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1193,6 +1193,9 @@ static int flask_hvm_control(struct doma
     case XEN_HVMCTL_set_pci_intx_level:
         perm = HVM__PCILEVEL;
         break;
+    case XEN_HVMCTL_set_isa_irq_level:
+        perm = HVM__IRQLEVEL;
+        break;
     default:
         perm = HVM__HVMCTL;
         break;
@@ -1517,11 +1520,6 @@ static int flask_ioport_mapping(struct d
     return flask_ioport_permission(d, start, end, access);
 }
 
-static int flask_hvm_set_isa_irq_level(struct domain *d)
-{
-    return current_has_perm(d, SECCLASS_HVM, HVM__IRQLEVEL);
-}
-
 static int flask_hvm_set_pci_link_route(struct domain *d)
 {
     return current_has_perm(d, SECCLASS_HVM, HVM__PCIROUTE);
@@ -1805,7 +1803,6 @@ static struct xsm_operations flask_ops =
 #ifdef CONFIG_X86
     .do_mca = flask_do_mca,
     .shadow_control = flask_shadow_control,
-    .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
     .hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
     .hvm_inject_msi = flask_hvm_inject_msi,
     .hvm_ioreq_server = flask_hvm_ioreq_server,
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -263,7 +263,7 @@ class hvm
     getparam
 # XEN_HVMCTL_set_pci_intx_level (also needs hvmctl)
     pcilevel
-# HVMOP_set_isa_irq_level
+# XEN_HVMCTL_set_isa_irq_level
     irqlevel
 # HVMOP_set_pci_link_route
     pciroute