xsm: wrap around xsm_sysctl with CONFIG_SYSCTL

Penny Zheng Tue, 11 Mar 2025 21:23:47 -0700

Signed-off-by: Penny Zheng <penny.zh...@amd.com>
---
 xen/include/xsm/dummy.h | 7 +++++++
 xen/include/xsm/xsm.h   | 9 +++++++++
 xen/xsm/dummy.c         | 2 ++
 xen/xsm/flask/hooks.c   | 4 ++++
 4 files changed, 22 insertions(+)


diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index a8d06de6b0..afc54a0b2f 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -180,11 +180,18 @@ static XSM_INLINE int cf_check xsm_domctl(
     }
 }
 
+#ifdef CONFIG_SYSCTL
 static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd)
 {
     XSM_ASSERT_ACTION(XSM_PRIV);
     return xsm_default_action(action, current->domain, NULL);
 }
+#else
+static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd)
+{
+    return -EOPNOTSUPP;
+}
+#endif
 
 static XSM_INLINE int cf_check xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear)
 {
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 8c33b055fc..276507b515 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -60,7 +60,9 @@ struct xsm_ops {
     int (*sysctl_scheduler_op)(int op);
     int (*set_target)(struct domain *d, struct domain *e);
     int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
+#ifdef CONFIG_SYSCTL
     int (*sysctl)(int cmd);
+#endif
     int (*readconsole)(uint32_t clear);
 
     int (*evtchn_unbound)(struct domain *d, struct evtchn *chn, domid_t id2);
@@ -259,10 +261,17 @@ static inline int xsm_domctl(xsm_default_t def, struct 
domain *d,
     return alternative_call(xsm_ops.domctl, d, cmd, ssidref);
 }
 
+#ifdef CONFIG_SYSCTL
 static inline int xsm_sysctl(xsm_default_t def, int cmd)
 {
     return alternative_call(xsm_ops.sysctl, cmd);
 }
+#else
+static inline int xsm_sysctl(xsm_default_t def, int cmd)
+{
+    return -EOPNOTSUPP;
+}
+#endif
 
 static inline int xsm_readconsole(xsm_default_t def, uint32_t clear)
 {
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index ce6fbdc6c5..0a5fc06bbf 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -22,7 +22,9 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops 
= {
     .sysctl_scheduler_op           = xsm_sysctl_scheduler_op,
     .set_target                    = xsm_set_target,
     .domctl                        = xsm_domctl,
+#ifdef CONFIG_SYSCTL
     .sysctl                        = xsm_sysctl,
+#endif
     .readconsole                   = xsm_readconsole,
 
     .evtchn_unbound                = xsm_evtchn_unbound,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 389707a164..7c5e7f5879 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -856,6 +856,7 @@ static int cf_check flask_domctl(struct domain *d, unsigned 
int cmd,
     }
 }
 
+#ifdef CONFIG_SYSCTL
 static int cf_check flask_sysctl(int cmd)
 {
     switch ( cmd )
@@ -933,6 +934,7 @@ static int cf_check flask_sysctl(int cmd)
         return avc_unknown_permission("sysctl", cmd);
     }
 }
+#endif
 
 static int cf_check flask_readconsole(uint32_t clear)
 {
@@ -1884,7 +1886,9 @@ static const struct xsm_ops __initconst_cf_clobber 
flask_ops = {
     .sysctl_scheduler_op = flask_sysctl_scheduler_op,
     .set_target = flask_set_target,
     .domctl = flask_domctl,
+#ifdef CONFIG_SYSCTL
     .sysctl = flask_sysctl,
+#endif
     .readconsole = flask_readconsole,
 
     .evtchn_unbound = flask_evtchn_unbound,
-- 
2.34.1

[PATCH v1 02/19] xen/xsm: wrap around xsm_sysctl with CONFIG_SYSCTL

Reply via email to