diff mbox series

Argo/XSM: add SILO hooks

Message ID f47a6aa0-3624-5819-2e3a-43c5e492ae1b@suse.com (mailing list archive)
State New
Headers show
Series Argo/XSM: add SILO hooks | expand

Commit Message

Jan Beulich May 7, 2021, 9:20 a.m. UTC
In SILO mode restrictions for inter-domain communication should apply
here along the lines of those for evtchn and gnttab.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
Really I was first thinking about the shim: Shouldn't that proxy argo
requests just like it does for gnttab ones? It only then occurred to me
that there's also an implication for SILO mode.

Comments

Daniel P. Smith May 7, 2021, 3:09 p.m. UTC | #1
On 5/7/21 5:20 AM, Jan Beulich wrote:
> In SILO mode restrictions for inter-domain communication should apply
> here along the lines of those for evtchn and gnttab.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>

> ---
> Really I was first thinking about the shim: Shouldn't that proxy argo
> requests just like it does for gnttab ones? It only then occurred to me
> that there's also an implication for SILO mode.
> 
> --- a/xen/xsm/silo.c
> +++ b/xen/xsm/silo.c
> @@ -81,12 +81,35 @@ static int silo_grant_copy(struct domain
>      return -EPERM;
>  }
>  
> +#ifdef CONFIG_ARGO
> +
> +static int silo_argo_register_single_source(const struct domain *d1,
> +                                            const struct domain *d2)
> +{
> +    if ( silo_mode_dom_check(d1, d2) )
> +        return xsm_argo_register_single_source(d1, d2);
> +    return -EPERM;
> +}
> +
> +static int silo_argo_send(const struct domain *d1, const struct domain *d2)
> +{
> +    if ( silo_mode_dom_check(d1, d2) )
> +        return xsm_argo_send(d1, d2);
> +    return -EPERM;
> +}
> +
> +#endif
> +
>  static struct xsm_operations silo_xsm_ops = {
>      .evtchn_unbound = silo_evtchn_unbound,
>      .evtchn_interdomain = silo_evtchn_interdomain,
>      .grant_mapref = silo_grant_mapref,
>      .grant_transfer = silo_grant_transfer,
>      .grant_copy = silo_grant_copy,
> +#ifdef CONFIG_ARGO
> +    .argo_register_single_source = silo_argo_register_single_source,
> +    .argo_send = silo_argo_send,
> +#endif
>  };
>  
>  void __init silo_init(void)
>
diff mbox series

Patch

--- a/xen/xsm/silo.c
+++ b/xen/xsm/silo.c
@@ -81,12 +81,35 @@  static int silo_grant_copy(struct domain
     return -EPERM;
 }
 
+#ifdef CONFIG_ARGO
+
+static int silo_argo_register_single_source(const struct domain *d1,
+                                            const struct domain *d2)
+{
+    if ( silo_mode_dom_check(d1, d2) )
+        return xsm_argo_register_single_source(d1, d2);
+    return -EPERM;
+}
+
+static int silo_argo_send(const struct domain *d1, const struct domain *d2)
+{
+    if ( silo_mode_dom_check(d1, d2) )
+        return xsm_argo_send(d1, d2);
+    return -EPERM;
+}
+
+#endif
+
 static struct xsm_operations silo_xsm_ops = {
     .evtchn_unbound = silo_evtchn_unbound,
     .evtchn_interdomain = silo_evtchn_interdomain,
     .grant_mapref = silo_grant_mapref,
     .grant_transfer = silo_grant_transfer,
     .grant_copy = silo_grant_copy,
+#ifdef CONFIG_ARGO
+    .argo_register_single_source = silo_argo_register_single_source,
+    .argo_send = silo_argo_send,
+#endif
 };
 
 void __init silo_init(void)