Hi Daniel, On 2024/7/9 21:08, Jan Beulich wrote: > On 08.07.2024 13:41, Jiqian Chen wrote: >> Some type of domains don't have PIRQs, like PVH, it doesn't do >> PHYSDEVOP_map_pirq for each gsi. When passthrough a device >> to guest base on PVH dom0, callstack >> pci_add_dm_done->XEN_DOMCTL_irq_permission will fail at function >> domain_pirq_to_irq, because PVH has no mapping of gsi, pirq and >> irq on Xen side. >> What's more, current hypercall XEN_DOMCTL_irq_permission requires >> passing in pirq to set the access of irq, it is not suitable for >> dom0 that doesn't have PIRQs. >> >> So, add a new hypercall XEN_DOMCTL_gsi_permission to grant/deny >> the permission of irq(translate from x86 gsi) to dumU when dom0 >> has no PIRQs. >> >> Signed-off-by: Jiqian Chen <jiqian.c...@amd.com> >> Signed-off-by: Huang Rui <ray.hu...@amd.com> >> Signed-off-by: Jiqian Chen <jiqian.c...@amd.com> >> --- >> CC: Daniel P . Smith <dpsm...@apertussolutions.com> >> Remaining comment @Daniel P . Smith: >> + ret = -EPERM; >> + if ( !irq_access_permitted(currd, irq) || >> + xsm_irq_permission(XSM_HOOK, d, irq, access_flag) ) >> + goto gsi_permission_out; >> Is it okay to issue the XSM check using the translated value, >> not the one that was originally passed into the hypercall?
Need your input. > > As long as the answer to this is going to be "Yes": > Reviewed-by: Jan Beulich <jbeul...@suse.com> > > Daniel, awaiting your input. > > Jan -- Best regards, Jiqian Chen.
