File xsa237-5.patch of Package xen.6121

From: Jan Beulich <jbeulich@suse.com>
Subject: x86/FLASK: fix unmap-domain-IRQ XSM hook

The caller and the FLASK implementation of xsm_unmap_domain_irq()
disagreed about what the "data" argument points to in the MSI case:
Change both sides to pass/take a PCI device.

This is part of XSA-237.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Index: xen-4.4.4-testing/xen/arch/x86/irq.c
===================================================================
--- xen-4.4.4-testing.orig/xen/arch/x86/irq.c
+++ xen-4.4.4-testing/xen/arch/x86/irq.c
@@ -2138,7 +2138,8 @@ int unmap_domain_pirq(struct domain *d,
         nr = msi_desc->msi.nvec;
     }
 
-    ret = xsm_unmap_domain_irq(XSM_HOOK, d, irq, msi_desc);
+    ret = xsm_unmap_domain_irq(XSM_HOOK, d, irq,
+                               msi_desc ? msi_desc->dev : NULL);
     if ( ret )
         goto done;
 
Index: xen-4.4.4-testing/xen/xsm/flask/hooks.c
===================================================================
--- xen-4.4.4-testing.orig/xen/xsm/flask/hooks.c
+++ xen-4.4.4-testing/xen/xsm/flask/hooks.c
@@ -873,11 +873,12 @@ static int flask_unmap_domain_irq (struc
 {
     u32 sid;
     int rc = -EPERM;
-    struct msi_info *msi = data;
+    const struct pci_dev *pdev = data;
     struct avc_audit_data ad;
 
-    if ( irq >= nr_static_irqs && msi ) {
-        u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
+    if ( irq >= nr_static_irqs && pdev ) {
+        u32 machine_bdf = (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn;
+
         AVC_AUDIT_DATA_INIT(&ad, DEV);
         ad.device = machine_bdf;
         rc = security_device_sid(machine_bdf, &sid);