From: Frediano Ziglio <freddy77@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: "Frediano Ziglio" <frediano.ziglio@citrix.com>,
"Jan Beulich" <jbeulich@suse.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Teddy Astie" <teddy.astie@vates.tech>,
"Anthony PERARD" <anthony.perard@vates.tech>,
"Juergen Gross" <jgross@suse.com>
Subject: [PATCH v5 12/16] xen: implement new foreign copy hypercall
Date: Sat, 13 Jun 2026 22:47:45 +0100 [thread overview]
Message-ID: <20260613214749.20620-13-frediano.ziglio@cloud.com> (raw)
In-Reply-To: <20260613214749.20620-1-frediano.ziglio@cloud.com>
From: Frediano Ziglio <frediano.ziglio@citrix.com>
Add a sub hypercall to __HYPERVISOR_memory_op to allow to
read/write memory from/to a foreign domain.
Signed-off-by: Frediano Ziglio <frediano.ziglio@citrix.com>
--
Changes since v4:
- Fix typo in comment;
- removed from check.
---
xen/common/memory.c | 134 ++++++++++++++++++++++++++++++++++++
xen/include/public/memory.h | 40 ++++++++++-
2 files changed, 173 insertions(+), 1 deletion(-)
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 3672bda025..8e6317d3cf 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -1545,6 +1545,133 @@ static int acquire_resource(
return rc;
}
+/*
+ * The "noinline" qualifier avoids the compiler to create a large function
+ * consuming quite a lot of stack.
+ */
+static int noinline mem_foreigncopy(
+ XEN_GUEST_HANDLE_PARAM(xen_foreigncopy_t) arg)
+{
+ struct domain *d, *const currd = current->domain;
+ xen_foreigncopy_t copy;
+ int rc, direction;
+
+ if ( copy_from_guest(©, arg, 1) )
+ return -EFAULT;
+
+ if ( copy.flags & ~1U )
+ return -EINVAL;
+
+ direction = copy.flags & XENMEM_foreigncopy_direction;
+
+ if ( copy.nr_frames == 0 )
+ return 0;
+
+ rc = rcu_lock_remote_domain_by_id(copy.domid, &d);
+ if ( rc )
+ return rc;
+
+ /*
+ * Check we are allowed to map and access these foreign pages.
+ */
+ rc = xsm_map_gmfn_foreign(XSM_TARGET, currd, d);
+ if ( rc )
+ goto out;
+
+ do {
+ /*
+ * Arbitrary size. Not too much stack space, and a reasonable stride
+ * for continuation checks.
+ */
+ xen_pfn_t gfn_list[32];
+ unsigned int todo = MIN(ARRAY_SIZE(gfn_list), copy.nr_frames);
+
+ rc = -EFAULT;
+ if ( copy_from_guest(gfn_list, copy.frame_list, todo) )
+ goto out;
+
+ for ( unsigned i = 0; i < todo; i++ )
+ {
+ struct page_info *foreign_page;
+ void *foreign;
+ p2m_type_t p2mt;
+ const unsigned long valid_mask =
+#ifdef CONFIG_X86
+ p2m_to_mask(p2m_ram_rw) | p2m_to_mask(p2m_ram_logdirty);
+#else
+ p2m_to_mask(p2m_ram_rw);
+#endif
+
+ foreign_page = get_page_from_gfn(d, gfn_list[i], &p2mt, P2M_ALLOC);
+
+ if ( unlikely(p2m_to_mask(p2mt) & valid_mask) && foreign_page )
+ {
+ put_page(foreign_page);
+ foreign_page = NULL;
+ }
+ if ( unlikely(!foreign_page) )
+ {
+ gdprintk(XENLOG_WARNING,
+ "Error accessing foreign gfn %" PRI_gfn "\n",
+ gfn_list[i]);
+ rc = -EINVAL;
+ copy.nr_frames -= i;
+ guest_handle_add_offset(copy.frame_list, i);
+ goto out;
+ }
+
+ /* A page is dirtied when it's being copied to. */
+ if ( direction == XENMEM_foreigncopy_to )
+ paging_mark_dirty(d, page_to_mfn(foreign_page));
+
+ foreign = map_domain_page(page_to_mfn(foreign_page));
+ if ( direction == XENMEM_foreigncopy_from )
+ rc = copy_to_guest(copy.buffer, foreign, PAGE_SIZE);
+ else
+ rc = copy_from_guest(foreign, copy.buffer, PAGE_SIZE);
+ unmap_domain_page(foreign);
+ put_page(foreign_page);
+
+ if ( unlikely(rc) )
+ {
+ gdprintk(XENLOG_WARNING,
+ "Error %d copying gfn %" PRI_gfn "\n",
+ -rc, gfn_list[i]);
+ copy.nr_frames -= i;
+ guest_handle_add_offset(copy.frame_list, i);
+ goto out;
+ }
+
+ guest_handle_add_offset(copy.buffer, PAGE_SIZE);
+ }
+
+ copy.nr_frames -= todo;
+ guest_handle_add_offset(copy.frame_list, todo);
+
+ if ( copy.nr_frames && hypercall_preempt_check() )
+ {
+ rc = hypercall_create_continuation(
+ __HYPERVISOR_memory_op, "lh", XENMEM_foreigncopy, arg);
+ goto out;
+ }
+ } while ( copy.nr_frames );
+
+ rc = 0;
+
+ out:
+ rcu_unlock_domain(d);
+
+ /*
+ * Update in all cases, it allows the caller to know how many
+ * frames were successfully copied and the continuation to
+ * continue correctly.
+ */
+ if ( __copy_to_guest(arg, ©, 1) )
+ rc = -EFAULT;
+
+ return rc;
+}
+
long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
{
struct domain *d, *curr_d = current->domain;
@@ -2012,6 +2139,13 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
start_extent);
break;
+ case XENMEM_foreigncopy:
+ if ( unlikely(start_extent) )
+ return -EINVAL;
+
+ rc = mem_foreigncopy(guest_handle_cast(arg, xen_foreigncopy_t));
+ break;
+
default:
rc = arch_memory_op(cmd, arg);
break;
diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h
index bd9fc37b52..b48d1f378f 100644
--- a/xen/include/public/memory.h
+++ b/xen/include/public/memory.h
@@ -740,7 +740,45 @@ struct xen_vnuma_topology_info {
typedef struct xen_vnuma_topology_info xen_vnuma_topology_info_t;
DEFINE_XEN_GUEST_HANDLE(xen_vnuma_topology_info_t);
-/* Next available subop number is 29 */
+/*
+ * Copy memory from/to a given domain.
+ */
+#define XENMEM_foreigncopy 29
+struct xen_foreigncopy {
+ /* IN - The domain whose resource is to be copied. */
+ domid_t domid;
+
+ /* IN - Flags. */
+#define XENMEM_foreigncopy_from 0
+#define XENMEM_foreigncopy_to 1
+#define XENMEM_foreigncopy_direction 1
+ uint16_t flags;
+
+ /*
+ * IN
+ *
+ * As an IN parameter number of frames of the domain to be copied.
+ */
+ uint32_t nr_frames;
+
+ /*
+ * IN
+ *
+ * Frames to be copied.
+ */
+ XEN_GUEST_HANDLE(xen_pfn_t) frame_list;
+
+ /*
+ * IN/OUT
+ *
+ * Userspace buffer to read/write from.
+ */
+ XEN_GUEST_HANDLE(uint8) buffer;
+};
+typedef struct xen_foreigncopy xen_foreigncopy_t;
+DEFINE_XEN_GUEST_HANDLE(xen_foreigncopy_t);
+
+/* Next available subop number is 30 */
#endif /* __XEN_PUBLIC_MEMORY_H__ */
--
2.43.0
next prev parent reply other threads:[~2026-06-13 21:48 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-13 21:47 [PATCH v5 00/16] xenguest optimisations Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 01/16] libs/guest: Reduce number of parts in write_split_record Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 02/16] libs/guest: Reduce number of I/O vectors in write_batch Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 03/16] " Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 04/16] libs/guest: Use a single write_exact in write_headers Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 05/16] libs/guest: allocate various migration arrays just once Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 06/16] libs/call: cache up to 4 pages in hypercall bounce buffers Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 07/16] libs/guest: avoids using 2 indexes Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 08/16] libs/guest: fill directly iov structure Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 09/16] libs/ctrl: Allows writev_exact to change iov array Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 10/16] libs/guest: add xg_foreignmemory_copy_{from,to} Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 11/16] PoC: libs/guest: use foreign copy during migration Frediano Ziglio
2026-06-13 21:47 ` Frediano Ziglio [this message]
2026-06-13 21:47 ` [PATCH v5 13/16] privcmd: Add definition for new Linux privcmd to access new Xen hypercall Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 14/16] libs/guest: use new hypercall if available Frediano Ziglio
2026-06-13 21:47 ` [PATCH v5 15/16] libs/guest: finalize PoC Frediano Ziglio
2026-06-13 21:47 ` [PATCH Linux v5 16/16] xen/privcmd: Add new ABI to allow copying foreign memory Frediano Ziglio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260613214749.20620-13-frediano.ziglio@cloud.com \
--to=freddy77@gmail.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@vates.tech \
--cc=frediano.ziglio@citrix.com \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=roger.pau@citrix.com \
--cc=teddy.astie@vates.tech \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.