On 01.08.2024 13:06, Roger Pau Monné wrote: > On Mon, Jul 08, 2024 at 07:41:21PM +0800, Jiqian Chen wrote: >> Remaining comment @Daniel P . Smith: >> + ret = -EPERM; >> + if ( !irq_access_permitted(currd, irq) || >> + xsm_irq_permission(XSM_HOOK, d, irq, access_flag) ) >> + goto gsi_permission_out; >> Is it okay to issue the XSM check using the translated value, >> not the one that was originally passed into the hypercall? > > FWIW, I don't see the GSI -> IRQ translation much different from the > pIRQ -> IRQ translation done by pirq_access_permitted(), which is also > ahead of the xsm check.
The question (which I raised originally) isn't an ordering one, but an auditing one: Is it okay to pass the XSM hook a value that isn't what was passed into the hypercall? And Daniel, please, can you finally take a moment to help here, in your role as XSM maintainer? Elsewhere you complained you weren't Cc-ed or asked; now that you were asked, you haven't responded for weeks if not months. Jan
