On 08.07.2024 13:41, Jiqian Chen wrote: > Some type of domains don't have PIRQs, like PVH, it doesn't do > PHYSDEVOP_map_pirq for each gsi. When passthrough a device > to guest base on PVH dom0, callstack > pci_add_dm_done->XEN_DOMCTL_irq_permission will fail at function > domain_pirq_to_irq, because PVH has no mapping of gsi, pirq and > irq on Xen side. > What's more, current hypercall XEN_DOMCTL_irq_permission requires > passing in pirq to set the access of irq, it is not suitable for > dom0 that doesn't have PIRQs. > > So, add a new hypercall XEN_DOMCTL_gsi_permission to grant/deny > the permission of irq(translate from x86 gsi) to dumU when dom0 > has no PIRQs. > > Signed-off-by: Jiqian Chen <jiqian.c...@amd.com> > Signed-off-by: Huang Rui <ray.hu...@amd.com> > Signed-off-by: Jiqian Chen <jiqian.c...@amd.com> > --- > CC: Daniel P . Smith <dpsm...@apertussolutions.com> > Remaining comment @Daniel P . Smith: > + ret = -EPERM; > + if ( !irq_access_permitted(currd, irq) || > + xsm_irq_permission(XSM_HOOK, d, irq, access_flag) ) > + goto gsi_permission_out; > Is it okay to issue the XSM check using the translated value, > not the one that was originally passed into the hypercall?
As long as the answer to this is going to be "Yes": Reviewed-by: Jan Beulich <jbeul...@suse.com> Daniel, awaiting your input. Jan