On 13.10.2025 12:15, Penny Zheng wrote:
> Function xsm_iomem_mapping() seems redundant, and in flask policy, it just
> directly calls xsm_iomem_permission().
> Remove it and use xsm_iomem_permission() instead, with the benefit of a
> cf_check disappearing too.
>
> Suggested-by: Jan Beulich <[email protected]>
> Signed-off-by: Penny Zheng <[email protected]>
No, this is definitely not what I had suggested. What I did suggest was
to get rid of just ...
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -1167,11 +1167,6 @@ static int cf_check flask_iomem_permission(
> return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
> }
>
> -static int cf_check flask_iomem_mapping(struct domain *d, uint64_t start,
> uint64_t end, uint8_t access)
> -{
> - return flask_iomem_permission(d, start, end, access);
> -}
... the extra call layer here, by using ...
> @@ -1945,7 +1940,6 @@ static const struct xsm_ops __initconst_cf_clobber
> flask_ops = {
> .unbind_pt_irq = flask_unbind_pt_irq,
> .irq_permission = flask_irq_permission,
> .iomem_permission = flask_iomem_permission,
> - .iomem_mapping = flask_iomem_mapping,
... flask_iomem_permission() a 2nd time here (and perhaps with a suitable
comment).
That said, if Daniel was okay with the wider folding, so be it.
Jan
