xsm_iomem_mapping() in flask policy seems redundant, as it only provides an extra call layer by calling flask_iomem_permission(). It also has benefit of making a cf_check disappearing too.
Suggested-by: Jan Beulich <[email protected]> Signed-off-by: Penny Zheng <[email protected]> --- v2 -> v3: - new commit --- v4 -> v5: - only folding redundant xsm_iomem_mapping() implementation --- xen/xsm/flask/hooks.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 9f3915617c..a43cd361a2 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1167,11 +1167,6 @@ static int cf_check flask_iomem_permission( return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data); } -static int cf_check flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access) -{ - return flask_iomem_permission(d, start, end, access); -} - static int cf_check flask_pci_config_permission( struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) @@ -1945,7 +1940,7 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = { .unbind_pt_irq = flask_unbind_pt_irq, .irq_permission = flask_irq_permission, .iomem_permission = flask_iomem_permission, - .iomem_mapping = flask_iomem_mapping, + .iomem_mapping = flask_iomem_permission, .pci_config_permission = flask_pci_config_permission, .resource_plug_core = flask_resource_plug_core, -- 2.34.1
