* [PATCH v2 01/26] xen/x86: move domctl.o out of PV_SHIM_EXCLUSIVE
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 13:47 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 02/26] xen/sysctl: replace CONFIG_SYSCTL with CONFIG_MGMT_DOMCTL Penny Zheng
` (24 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Jan Beulich, Andrew Cooper,
Roger Pau Monné, Anthony PERARD, Michal Orzel, Julien Grall,
Stefano Stabellini
In order to fix CI error of a randconfig picking both PV_SHIM_EXCLUSIVE=y and
HVM=y results in hvm.c being built, but domctl.c not being built, which leaves
a few functions, like domctl_lock_acquire/release() undefined, causing linking
to fail.
To fix that, we intend to move domctl.o out of the PV_SHIM_EXCLUSIVE Makefile
/hypercall-defs section, with this adjustment, we also need to release
redundant vnuma_destroy() stub definition from PV_SHIM_EXCLUSIVE guardian,
to not break compilation
Above change will leave dead code in the shim binary temporarily and will be
fixed with the introduction of "wrap domctl-op with CONFIG_MGMT_HYPERCALLS".
Fixes: 568f806cba4c ("xen/x86: remove "depends on !PV_SHIM_EXCLUSIVE"")
Reported-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- remove paging_domctl hypercall-defs
---
xen/arch/x86/Makefile | 2 +-
xen/common/Makefile | 5 +----
xen/include/hypercall-defs.c | 4 +---
xen/include/xen/domain.h | 4 ----
4 files changed, 3 insertions(+), 12 deletions(-)
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index d7aed7d92c..84a83839d6 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -28,6 +28,7 @@ obj-y += delay.o
obj-y += desc.o
obj-bin-y += dmi_scan.init.o
obj-y += domain.o
+obj-y += domctl.o
obj-bin-y += dom0_build.init.o
obj-y += domain_page.o
obj-y += e820.o
@@ -79,7 +80,6 @@ obj-y += vm_event.o
obj-y += xstate.o
ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
-obj-y += domctl.o
obj-y += platform_hypercall.o
obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o
endif
diff --git a/xen/common/Makefile b/xen/common/Makefile
index 0c7d0f5d46..be442a3e47 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -11,6 +11,7 @@ obj-$(filter-out $(CONFIG_X86),$(CONFIG_ACPI)) += device.o
obj-$(CONFIG_DEVICE_TREE_PARSE) += device-tree/
obj-$(CONFIG_IOREQ_SERVER) += dm.o
obj-y += domain.o
+obj-y += domctl.o
obj-y += domid.o
obj-y += event_2l.o
obj-y += event_channel.o
@@ -70,10 +71,6 @@ obj-bin-$(CONFIG_X86) += $(foreach n,decompress bunzip2 unxz unlzma lzo unlzo un
obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o memory.o multicall.o xlat.o)
-ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
-obj-y += domctl.o
-endif
-
extra-y := symbols-dummy.o
obj-$(CONFIG_COVERAGE) += coverage/
diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c
index 8370b4b289..221dc25f6f 100644
--- a/xen/include/hypercall-defs.c
+++ b/xen/include/hypercall-defs.c
@@ -200,8 +200,8 @@ sysctl(xen_sysctl_t *u_sysctl)
#if defined(CONFIG_X86) && defined(CONFIG_PAGING)
paging_domctl_cont(xen_domctl_t *u_domctl)
#endif
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
domctl(xen_domctl_t *u_domctl)
+#ifndef CONFIG_PV_SHIM_EXCLUSIVE
platform_op(xen_platform_op_t *u_xenpf_op)
#endif
#ifdef CONFIG_HVM
@@ -280,9 +280,7 @@ hvm_op do do do do do
#ifdef CONFIG_SYSCTL
sysctl do do do do do
#endif
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
domctl do do do do do
-#endif
#ifdef CONFIG_KEXEC
kexec_op compat do - - -
#endif
diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h
index 8aab05ae93..11d2505420 100644
--- a/xen/include/xen/domain.h
+++ b/xen/include/xen/domain.h
@@ -185,11 +185,7 @@ struct vnuma_info {
struct xen_vmemrange *vmemrange;
};
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
void vnuma_destroy(struct vnuma_info *vnuma);
-#else
-static inline void vnuma_destroy(struct vnuma_info *vnuma) { ASSERT(!vnuma); }
-#endif
extern bool vmtrace_available;
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 01/26] xen/x86: move domctl.o out of PV_SHIM_EXCLUSIVE
2025-09-10 7:38 ` [PATCH v2 01/26] xen/x86: move domctl.o out of PV_SHIM_EXCLUSIVE Penny Zheng
@ 2025-09-10 13:47 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 13:47 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Andrew Cooper, Roger Pau Monné, Anthony PERARD,
Michal Orzel, Julien Grall, Stefano Stabellini, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> In order to fix CI error of a randconfig picking both PV_SHIM_EXCLUSIVE=y and
> HVM=y results in hvm.c being built, but domctl.c not being built, which leaves
> a few functions, like domctl_lock_acquire/release() undefined, causing linking
> to fail.
> To fix that, we intend to move domctl.o out of the PV_SHIM_EXCLUSIVE Makefile
> /hypercall-defs section, with this adjustment, we also need to release
> redundant vnuma_destroy() stub definition from PV_SHIM_EXCLUSIVE guardian,
> to not break compilation
> Above change will leave dead code in the shim binary temporarily and will be
> fixed with the introduction of "wrap domctl-op with CONFIG_MGMT_HYPERCALLS".
>
> Fixes: 568f806cba4c ("xen/x86: remove "depends on !PV_SHIM_EXCLUSIVE"")
> Reported-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - remove paging_domctl hypercall-defs
> ---
> xen/arch/x86/Makefile | 2 +-
> xen/common/Makefile | 5 +----
> xen/include/hypercall-defs.c | 4 +---
> xen/include/xen/domain.h | 4 ----
> 4 files changed, 3 insertions(+), 12 deletions(-)
So this is still the same patch as before, still at the front of the series.
While I understand Stefano thinks differently, it was my expectation that
the domctl work would follow the sysctl one in (technical) style: First make
necessary arrangements, then expose the option for people to turn it off if
they feel like doing so.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 02/26] xen/sysctl: replace CONFIG_SYSCTL with CONFIG_MGMT_DOMCTL
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
2025-09-10 7:38 ` [PATCH v2 01/26] xen/x86: move domctl.o out of PV_SHIM_EXCLUSIVE Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 1:34 ` Stefano Stabellini
2025-09-10 7:38 ` [PATCH v2 03/26] xen/x86: consolidate vram tracking support Penny Zheng
` (23 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel, xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini, Bertrand Marquis, Volodymyr Babchuk,
Alistair Francis, Bob Eshleman, Connor Davis, Oleksii Kurochko,
Nathan Studer, Stewart Hildebrand, Dario Faggioli, Juergen Gross,
George Dunlap, Daniel P. Smith
Rename all the CONFIG_SYSCTL into a single CONFIG_MGMT_HYPERCALLS to help
provide a single option to manage all unnecessary hypercalls, including
sysctl, domctl, etc, in dom0less system and PV shim mode, which could also
make it easier to support randconfigs.
Suggested-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- new commit
---
xen/Kconfig.debug | 2 +-
xen/arch/arm/Makefile | 2 +-
xen/arch/riscv/stubs.c | 4 ++--
xen/arch/x86/Makefile | 2 +-
xen/arch/x86/configs/pvshim_defconfig | 2 +-
xen/arch/x86/psr.c | 26 +++++++++++++-------------
xen/common/Kconfig | 20 ++++++++------------
xen/common/Makefile | 2 +-
xen/common/page_alloc.c | 8 ++++----
xen/common/perfc.c | 4 ++--
xen/common/sched/arinc653.c | 10 +++++-----
xen/common/sched/core.c | 6 +++---
xen/common/sched/cpupool.c | 16 ++++++++--------
xen/common/sched/credit.c | 6 +++---
xen/common/sched/credit2.c | 6 +++---
xen/common/sched/private.h | 4 ++--
xen/common/spinlock.c | 4 ++--
xen/drivers/char/console.c | 4 ++--
xen/include/hypercall-defs.c | 4 ++--
xen/include/xsm/xsm.h | 12 ++++++------
xen/xsm/dummy.c | 6 +++---
xen/xsm/flask/hooks.c | 22 +++++++++++-----------
22 files changed, 84 insertions(+), 88 deletions(-)
diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
index d900d926c5..a69615cd63 100644
--- a/xen/Kconfig.debug
+++ b/xen/Kconfig.debug
@@ -37,7 +37,7 @@ config SELF_TESTS
config COVERAGE
bool "Code coverage support"
- depends on SYSCTL && !LIVEPATCH
+ depends on MGMT_HYPERCALLS && !LIVEPATCH
select SUPPRESS_DUPLICATE_SYMBOL_WARNINGS if !ENFORCE_UNIQUE_SYMBOLS
help
Enable code coverage support.
diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index 7e88ddd3d7..2aff1a1630 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -51,7 +51,7 @@ obj-y += setup.o
obj-y += shutdown.o
obj-y += smp.o
obj-y += smpboot.o
-obj-$(CONFIG_SYSCTL) += sysctl.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += sysctl.o
obj-y += time.o
obj-y += traps.o
obj-y += vcpreg.o
diff --git a/xen/arch/riscv/stubs.c b/xen/arch/riscv/stubs.c
index 1a8c86cd8d..a74e56843c 100644
--- a/xen/arch/riscv/stubs.c
+++ b/xen/arch/riscv/stubs.c
@@ -282,7 +282,7 @@ unsigned long raw_copy_from_guest(void *to, const void __user *from,
BUG_ON("unimplemented");
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/* sysctl.c */
long arch_do_sysctl(struct xen_sysctl *sysctl,
@@ -295,7 +295,7 @@ void arch_do_physinfo(struct xen_sysctl_physinfo *pi)
{
BUG_ON("unimplemented");
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/* p2m.c */
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index 84a83839d6..a9fdba0b4c 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -67,7 +67,7 @@ obj-y += smpboot.o
obj-y += spec_ctrl.o
obj-y += srat.o
obj-y += string.o
-obj-$(CONFIG_SYSCTL) += sysctl.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += sysctl.o
obj-y += time.o
obj-y += traps-setup.o
obj-y += traps.o
diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig
index 24f4e4857d..d1db94df78 100644
--- a/xen/arch/x86/configs/pvshim_defconfig
+++ b/xen/arch/x86/configs/pvshim_defconfig
@@ -25,4 +25,4 @@ CONFIG_PDX_NONE=y
# CONFIG_INTEL_IOMMU is not set
# CONFIG_DEBUG is not set
# CONFIG_GDBSX is not set
-# CONFIG_SYSCTL is not set
+# CONFIG_MGMT_HYPERCALLS is not set
diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c
index cce7020868..80ce5804b4 100644
--- a/xen/arch/x86/psr.c
+++ b/xen/arch/x86/psr.c
@@ -135,7 +135,7 @@ static const struct feat_props {
*/
enum psr_type alt_type;
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/* get_feat_info is used to return feature HW info through sysctl. */
bool (*get_feat_info)(const struct feat_node *feat,
uint32_t data[], unsigned int array_len);
@@ -422,7 +422,7 @@ static bool mba_init_feature(const struct cpuid_leaf *regs,
return true;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static bool cf_check cat_get_feat_info(
const struct feat_node *feat, uint32_t data[], unsigned int array_len)
{
@@ -435,7 +435,7 @@ static bool cf_check cat_get_feat_info(
return true;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/* L3 CAT props */
static void cf_check l3_cat_write_msr(
@@ -448,14 +448,14 @@ static const struct feat_props l3_cat_props = {
.cos_num = 1,
.type[0] = PSR_TYPE_L3_CBM,
.alt_type = PSR_TYPE_UNKNOWN,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.get_feat_info = cat_get_feat_info,
#endif
.write_msr = l3_cat_write_msr,
.sanitize = cat_check_cbm,
};
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/* L3 CDP props */
static bool cf_check l3_cdp_get_feat_info(
const struct feat_node *feat, uint32_t data[], uint32_t array_len)
@@ -467,7 +467,7 @@ static bool cf_check l3_cdp_get_feat_info(
return true;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void cf_check l3_cdp_write_msr(
unsigned int cos, uint32_t val, enum psr_type type)
@@ -483,7 +483,7 @@ static const struct feat_props l3_cdp_props = {
.type[0] = PSR_TYPE_L3_DATA,
.type[1] = PSR_TYPE_L3_CODE,
.alt_type = PSR_TYPE_L3_CBM,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.get_feat_info = l3_cdp_get_feat_info,
#endif
.write_msr = l3_cdp_write_msr,
@@ -501,14 +501,14 @@ static const struct feat_props l2_cat_props = {
.cos_num = 1,
.type[0] = PSR_TYPE_L2_CBM,
.alt_type = PSR_TYPE_UNKNOWN,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.get_feat_info = cat_get_feat_info,
#endif
.write_msr = l2_cat_write_msr,
.sanitize = cat_check_cbm,
};
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/* MBA props */
static bool cf_check mba_get_feat_info(
const struct feat_node *feat, uint32_t data[], unsigned int array_len)
@@ -523,7 +523,7 @@ static bool cf_check mba_get_feat_info(
return true;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void cf_check mba_write_msr(
unsigned int cos, uint32_t val, enum psr_type type)
@@ -561,7 +561,7 @@ static const struct feat_props mba_props = {
.cos_num = 1,
.type[0] = PSR_TYPE_MBA_THRTL,
.alt_type = PSR_TYPE_UNKNOWN,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.get_feat_info = mba_get_feat_info,
#endif
.write_msr = mba_write_msr,
@@ -826,7 +826,7 @@ static struct psr_socket_info *get_socket_info(unsigned int socket)
return socket_info + socket;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
int psr_get_info(unsigned int socket, enum psr_type type,
uint32_t data[], unsigned int array_len)
{
@@ -858,7 +858,7 @@ int psr_get_info(unsigned int socket, enum psr_type type,
return -EINVAL;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
int psr_get_val(struct domain *d, unsigned int socket,
uint32_t *val, enum psr_type type)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 76f9ce705f..c1571377d3 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -508,7 +508,7 @@ config CRYPTO
config LIVEPATCH
bool "Live patching support"
default X86
- depends on "$(XEN_HAS_BUILD_ID)" = "y" && SYSCTL && HAS_VMAP
+ depends on "$(XEN_HAS_BUILD_ID)" = "y" && MGMT_HYPERCALLS && HAS_VMAP
select CC_SPLIT_SECTIONS
help
Allows a running Xen hypervisor to be dynamically patched using
@@ -600,7 +600,7 @@ config DTB_FILE
config TRACEBUFFER
bool "Enable tracing infrastructure" if EXPERT
default y
- depends on SYSCTL
+ depends on MGMT_HYPERCALLS
help
Enable tracing infrastructure and pre-defined tracepoints within Xen.
This will allow live information about Xen's execution and performance
@@ -648,21 +648,17 @@ config SYSTEM_SUSPEND
If unsure, say N.
-menu "Supported hypercall interfaces"
- visible if EXPERT
-
-config SYSCTL
- bool "Enable sysctl hypercall"
+config MGMT_HYPERCALLS
+ bool "Enable hypercalls under management"
default y
help
This option shall only be disabled on some dom0less systems, or
- PV shim on x86, to reduce Xen footprint.
-
-endmenu
+ PV shim on x86, to reduce Xen footprint via managing unnessary
+ hypercalls, like sysctl, etc.
config PM_OP
bool "Enable Performance Management Operation"
- depends on ACPI && HAS_CPUFREQ && SYSCTL
+ depends on ACPI && HAS_CPUFREQ && MGMT_HYPERCALLS
default y
help
This option shall enable userspace performance management control
@@ -670,7 +666,7 @@ config PM_OP
config PM_STATS
bool "Enable Performance Management Statistics"
- depends on ACPI && HAS_CPUFREQ && SYSCTL
+ depends on ACPI && HAS_CPUFREQ && MGMT_HYPERCALLS
default y
help
Enable collection of performance management statistics to aid in
diff --git a/xen/common/Makefile b/xen/common/Makefile
index be442a3e47..fdf826f218 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -52,7 +52,7 @@ obj-y += spinlock.o
obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o
obj-y += stop_machine.o
obj-y += symbols.o
-obj-$(CONFIG_SYSCTL) += sysctl.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += sysctl.o
obj-y += tasklet.o
obj-y += time.o
obj-y += timer.o
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index 1f67b88a89..26615d1e97 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -602,7 +602,7 @@ out:
return ret;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
void get_outstanding_claims(uint64_t *free_pages, uint64_t *outstanding_pages)
{
spin_lock(&heap_lock);
@@ -610,7 +610,7 @@ void get_outstanding_claims(uint64_t *free_pages, uint64_t *outstanding_pages)
*free_pages = avail_heap_pages(MEMZONE_XEN + 1, NR_ZONES - 1, -1);
spin_unlock(&heap_lock);
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static bool __read_mostly first_node_initialised;
#ifndef CONFIG_SEPARATE_XENHEAP
@@ -1788,7 +1788,7 @@ int offline_page(mfn_t mfn, int broken, uint32_t *status)
return 0;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* Online the memory.
* The caller should make sure end_pfn <= max_page,
@@ -1873,7 +1873,7 @@ int query_page_offline(mfn_t mfn, uint32_t *status)
return 0;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* This function should only be called with valid pages from the same NUMA
diff --git a/xen/common/perfc.c b/xen/common/perfc.c
index 0f3b89af2c..97a94ef1fc 100644
--- a/xen/common/perfc.c
+++ b/xen/common/perfc.c
@@ -149,7 +149,7 @@ void cf_check perfc_reset(unsigned char key)
}
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static struct xen_sysctl_perfc_desc perfc_d[NR_PERFCTRS];
static xen_sysctl_perfc_val_t *perfc_vals;
static unsigned int perfc_nbr_vals;
@@ -266,7 +266,7 @@ int perfc_control(struct xen_sysctl_perfc_op *pc)
return rc;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Local variables:
diff --git a/xen/common/sched/arinc653.c b/xen/common/sched/arinc653.c
index 8a4f4259d8..7d6c40d800 100644
--- a/xen/common/sched/arinc653.c
+++ b/xen/common/sched/arinc653.c
@@ -220,7 +220,7 @@ static void update_schedule_units(const struct scheduler *ops)
SCHED_PRIV(ops)->schedule[i].unit_id);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/**
* This function is called by the adjust_global scheduler hook to put
* in place a new ARINC653 schedule.
@@ -335,7 +335,7 @@ arinc653_sched_get(
return 0;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/**************************************************************************
* Scheduler callback functions *
@@ -661,7 +661,7 @@ a653_switch_sched(struct scheduler *new_ops, unsigned int cpu,
return &sr->_lock;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/**
* Xen scheduler callback function to perform a global (not domain-specific)
* adjustment. It is used by the ARINC 653 scheduler to put in place a new
@@ -701,7 +701,7 @@ a653sched_adjust_global(const struct scheduler *ops,
return rc;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/**
* This structure defines our scheduler for Xen.
@@ -736,7 +736,7 @@ static const struct scheduler sched_arinc653_def = {
.switch_sched = a653_switch_sched,
.adjust = NULL,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.adjust_global = a653sched_adjust_global,
#endif
diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c
index 2ab4313517..a0faddcb92 100644
--- a/xen/common/sched/core.c
+++ b/xen/common/sched/core.c
@@ -2068,7 +2068,7 @@ long do_set_timer_op(s_time_t timeout)
return 0;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/* scheduler_id - fetch ID of current scheduler */
int scheduler_id(void)
{
@@ -2111,7 +2111,7 @@ long sched_adjust(struct domain *d, struct xen_domctl_scheduler_op *op)
return ret;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
long sched_adjust_global(struct xen_sysctl_scheduler_op *op)
{
struct cpupool *pool;
@@ -2140,7 +2140,7 @@ long sched_adjust_global(struct xen_sysctl_scheduler_op *op)
return rc;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void vcpu_periodic_timer_work_locked(struct vcpu *v)
{
diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c
index f5459c2779..51ba3cb43d 100644
--- a/xen/common/sched/cpupool.c
+++ b/xen/common/sched/cpupool.c
@@ -241,12 +241,12 @@ struct cpupool *cpupool_get_by_id(unsigned int poolid)
return __cpupool_get_by_id(poolid, true);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static struct cpupool *cpupool_get_next_by_id(unsigned int poolid)
{
return __cpupool_get_by_id(poolid, false);
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
void cpupool_put(struct cpupool *pool)
{
@@ -354,7 +354,7 @@ static struct cpupool *cpupool_create(unsigned int poolid,
return ERR_PTR(ret);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* destroys the given cpupool
* returns 0 on success, 1 else
@@ -382,7 +382,7 @@ static int cpupool_destroy(struct cpupool *c)
debugtrace_printk("cpupool_destroy(pool=%u)\n", c->cpupool_id);
return 0;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Move domain to another cpupool
@@ -572,7 +572,7 @@ static int cpupool_unassign_cpu_start(struct cpupool *c, unsigned int cpu)
return ret;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static long cf_check cpupool_unassign_cpu_helper(void *info)
{
struct cpupool *c = info;
@@ -638,7 +638,7 @@ static int cpupool_unassign_cpu(struct cpupool *c, unsigned int cpu)
}
return continue_hypercall_on_cpu(work_cpu, cpupool_unassign_cpu_helper, c);
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* add a new domain to a cpupool
@@ -816,7 +816,7 @@ static void cpupool_cpu_remove_forced(unsigned int cpu)
rcu_read_unlock(&sched_res_rculock);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* do cpupool related sysctl operations
*/
@@ -982,7 +982,7 @@ int cpupool_do_sysctl(struct xen_sysctl_cpupool_op *op)
return ret;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
unsigned int cpupool_get_id(const struct domain *d)
{
diff --git a/xen/common/sched/credit.c b/xen/common/sched/credit.c
index 6dcf6b2c8b..0cbec2a9c0 100644
--- a/xen/common/sched/credit.c
+++ b/xen/common/sched/credit.c
@@ -1256,7 +1256,7 @@ __csched_set_tslice(struct csched_private *prv, unsigned int timeslice_ms)
prv->credit = prv->credits_per_tslice * prv->ncpus;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check
csched_sys_cntl(const struct scheduler *ops,
struct xen_sysctl_scheduler_op *sc)
@@ -1299,7 +1299,7 @@ csched_sys_cntl(const struct scheduler *ops,
out:
return rc;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void *cf_check
csched_alloc_domdata(const struct scheduler *ops, struct domain *dom)
@@ -2290,7 +2290,7 @@ static const struct scheduler sched_credit_def = {
.adjust = csched_dom_cntl,
.adjust_affinity= csched_aff_cntl,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.adjust_global = csched_sys_cntl,
#endif
diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c
index 75316d42b7..307e63ebd8 100644
--- a/xen/common/sched/credit2.c
+++ b/xen/common/sched/credit2.c
@@ -3131,7 +3131,7 @@ csched2_aff_cntl(const struct scheduler *ops, struct sched_unit *unit,
__clear_bit(__CSFLAG_pinned, &svc->flags);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check csched2_sys_cntl(
const struct scheduler *ops, struct xen_sysctl_scheduler_op *sc)
{
@@ -3163,7 +3163,7 @@ static int cf_check csched2_sys_cntl(
return 0;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void *cf_check
csched2_alloc_domdata(const struct scheduler *ops, struct domain *dom)
@@ -4248,7 +4248,7 @@ static const struct scheduler sched_credit2_def = {
.adjust = csched2_dom_cntl,
.adjust_affinity= csched2_aff_cntl,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.adjust_global = csched2_sys_cntl,
#endif
diff --git a/xen/common/sched/private.h b/xen/common/sched/private.h
index d6884550cd..b7ff67200b 100644
--- a/xen/common/sched/private.h
+++ b/xen/common/sched/private.h
@@ -356,7 +356,7 @@ struct scheduler {
struct sched_unit *unit,
const struct cpumask *hard,
const struct cpumask *soft);
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*adjust_global) (const struct scheduler *ops,
struct xen_sysctl_scheduler_op *sc);
#endif
@@ -512,7 +512,7 @@ static inline int sched_adjust_dom(const struct scheduler *s, struct domain *d,
return s->adjust ? s->adjust(s, d, op) : 0;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int sched_adjust_cpupool(const struct scheduler *s,
struct xen_sysctl_scheduler_op *op)
{
diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c
index 0389293b09..9d08159615 100644
--- a/xen/common/spinlock.c
+++ b/xen/common/spinlock.c
@@ -690,7 +690,7 @@ void cf_check spinlock_profile_reset(unsigned char key)
spinlock_profile_iterate(spinlock_profile_reset_elem, NULL);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
typedef struct {
struct xen_sysctl_lockprof_op *pc;
int rc;
@@ -750,7 +750,7 @@ int spinlock_profile_control(struct xen_sysctl_lockprof_op *pc)
return rc;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
void _lock_profile_register_struct(
int32_t type, struct lock_profile_qhead *qhead, int32_t idx)
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index 9bd5b4825d..c38b58d5fc 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -371,7 +371,7 @@ static void conring_puts(const char *str, size_t len)
conringc = conringp - conring_size;
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
long read_console_ring(struct xen_sysctl_readconsole *op)
{
XEN_GUEST_HANDLE_PARAM(char) str;
@@ -414,7 +414,7 @@ long read_console_ring(struct xen_sysctl_readconsole *op)
return 0;
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c
index 221dc25f6f..cd2c801af6 100644
--- a/xen/include/hypercall-defs.c
+++ b/xen/include/hypercall-defs.c
@@ -194,7 +194,7 @@ kexec_op(unsigned long op, void *uarg)
#ifdef CONFIG_IOREQ_SERVER
dm_op(domid_t domid, unsigned int nr_bufs, xen_dm_op_buf_t *bufs)
#endif
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
sysctl(xen_sysctl_t *u_sysctl)
#endif
#if defined(CONFIG_X86) && defined(CONFIG_PAGING)
@@ -277,7 +277,7 @@ physdev_op compat do hvm hvm do_arm
#ifdef CONFIG_HVM
hvm_op do do do do do
#endif
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
sysctl do do do do do
#endif
domctl do do do do do
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 9a23d2827c..3c960ad909 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -57,7 +57,7 @@ struct xsm_ops {
int (*domain_create)(struct domain *d, uint32_t ssidref);
int (*getdomaininfo)(struct domain *d);
int (*domctl_scheduler_op)(struct domain *d, int op);
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*sysctl_scheduler_op)(int op);
#endif
int (*set_target)(struct domain *d, struct domain *e);
@@ -140,7 +140,7 @@ struct xsm_ops {
int (*resource_setup_gsi)(int gsi);
int (*resource_setup_misc)(void);
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*page_offline)(uint32_t cmd);
#endif
int (*hypfs_op)(void);
@@ -246,7 +246,7 @@ static inline int xsm_domctl_scheduler_op(
return alternative_call(xsm_ops.domctl_scheduler_op, d, cmd);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
{
return alternative_call(xsm_ops.sysctl_scheduler_op, cmd);
@@ -267,7 +267,7 @@ static inline int xsm_domctl(xsm_default_t def, struct domain *d,
static inline int xsm_sysctl(xsm_default_t def, int cmd)
{
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.sysctl, cmd);
#else
return -EOPNOTSUPP;
@@ -276,7 +276,7 @@ static inline int xsm_sysctl(xsm_default_t def, int cmd)
static inline int xsm_readconsole(xsm_default_t def, uint32_t clear)
{
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.readconsole, clear);
#else
return -EOPNOTSUPP;
@@ -603,7 +603,7 @@ static inline int xsm_resource_setup_misc(xsm_default_t def)
static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd)
{
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.page_offline, cmd);
#else
return -EOPNOTSUPP;
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 8b7e01b506..f5483e0709 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -19,12 +19,12 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.domain_create = xsm_domain_create,
.getdomaininfo = xsm_getdomaininfo,
.domctl_scheduler_op = xsm_domctl_scheduler_op,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl_scheduler_op = xsm_sysctl_scheduler_op,
#endif
.set_target = xsm_set_target,
.domctl = xsm_domctl,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl = xsm_sysctl,
.readconsole = xsm_readconsole,
#endif
@@ -98,7 +98,7 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.resource_setup_gsi = xsm_resource_setup_gsi,
.resource_setup_misc = xsm_resource_setup_misc,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.page_offline = xsm_page_offline,
#endif
.hypfs_op = xsm_hypfs_op,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index b0308e1b26..21914d3507 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -626,7 +626,7 @@ static int cf_check flask_domctl_scheduler_op(struct domain *d, int op)
}
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_sysctl_scheduler_op(int op)
{
switch ( op )
@@ -641,7 +641,7 @@ static int cf_check flask_sysctl_scheduler_op(int op)
return avc_unknown_permission("sysctl_scheduler_op", op);
}
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check flask_set_target(struct domain *d, struct domain *t)
{
@@ -858,7 +858,7 @@ static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
}
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_sysctl(int cmd)
{
switch ( cmd )
@@ -946,7 +946,7 @@ static int cf_check flask_readconsole(uint32_t clear)
return domain_has_xen(current->domain, perms);
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static inline uint32_t resource_to_perm(uint8_t access)
{
@@ -1208,12 +1208,12 @@ static int cf_check flask_resource_unplug_core(void)
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__UNPLUG, NULL);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static int flask_resource_use_core(void)
{
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__USE, NULL);
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check flask_resource_plug_pci(uint32_t machine_bdf)
{
@@ -1278,7 +1278,7 @@ static int cf_check flask_resource_setup_misc(void)
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_RESOURCE, RESOURCE__SETUP, NULL);
}
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int cf_check flask_page_offline(uint32_t cmd)
{
switch ( cmd )
@@ -1293,7 +1293,7 @@ static inline int cf_check flask_page_offline(uint32_t cmd)
return avc_unknown_permission("page_offline", cmd);
}
}
-#endif /* CONFIG_SYSCTL */
+#endif /* CONFIG_MGMT_HYPERCALLS */
static inline int cf_check flask_hypfs_op(void)
{
@@ -1889,12 +1889,12 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.domain_create = flask_domain_create,
.getdomaininfo = flask_getdomaininfo,
.domctl_scheduler_op = flask_domctl_scheduler_op,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl_scheduler_op = flask_sysctl_scheduler_op,
#endif
.set_target = flask_set_target,
.domctl = flask_domctl,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl = flask_sysctl,
.readconsole = flask_readconsole,
#endif
@@ -1956,7 +1956,7 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.resource_setup_gsi = flask_resource_setup_gsi,
.resource_setup_misc = flask_resource_setup_misc,
-#ifdef CONFIG_SYSCTL
+#ifdef CONFIG_MGMT_HYPERCALLS
.page_offline = flask_page_offline,
#endif
.hypfs_op = flask_hypfs_op,
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 02/26] xen/sysctl: replace CONFIG_SYSCTL with CONFIG_MGMT_DOMCTL
2025-09-10 7:38 ` [PATCH v2 02/26] xen/sysctl: replace CONFIG_SYSCTL with CONFIG_MGMT_DOMCTL Penny Zheng
@ 2025-09-11 1:34 ` Stefano Stabellini
2025-09-11 2:18 ` Stefano Stabellini
0 siblings, 1 reply; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 1:34 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, xen-devel, ray.huang, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini, Bertrand Marquis, Volodymyr Babchuk,
Alistair Francis, Bob Eshleman, Connor Davis, Oleksii Kurochko,
Nathan Studer, Stewart Hildebrand, Dario Faggioli, Juergen Gross,
George Dunlap, Daniel P. Smith
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Rename all the CONFIG_SYSCTL into a single CONFIG_MGMT_HYPERCALLS to help
> provide a single option to manage all unnecessary hypercalls, including
> sysctl, domctl, etc, in dom0less system and PV shim mode, which could also
> make it easier to support randconfigs.
>
> Suggested-by: Stefano Stabellini <sstabellini@kernel.org>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 02/26] xen/sysctl: replace CONFIG_SYSCTL with CONFIG_MGMT_DOMCTL
2025-09-11 1:34 ` Stefano Stabellini
@ 2025-09-11 2:18 ` Stefano Stabellini
0 siblings, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:18 UTC (permalink / raw)
To: Stefano Stabellini
Cc: Penny Zheng, xen-devel, xen-devel, ray.huang, Andrew Cooper,
Anthony PERARD, Michal Orzel, Jan Beulich, Julien Grall,
Roger Pau Monné, Bertrand Marquis, Volodymyr Babchuk,
Alistair Francis, Bob Eshleman, Connor Davis, Oleksii Kurochko,
Nathan Studer, Stewart Hildebrand, Dario Faggioli, Juergen Gross,
George Dunlap, Daniel P. Smith
On Wed, 10 Sep 2025, Stefano Stabellini wrote:
> On Wed, 10 Sep 2025, Penny Zheng wrote:
> > Rename all the CONFIG_SYSCTL into a single CONFIG_MGMT_HYPERCALLS to help
> > provide a single option to manage all unnecessary hypercalls, including
> > sysctl, domctl, etc, in dom0less system and PV shim mode, which could also
> > make it easier to support randconfigs.
> >
> > Suggested-by: Stefano Stabellini <sstabellini@kernel.org>
> > Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
>
> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
With one comment:
> -config SYSCTL
> - bool "Enable sysctl hypercall"
> +config MGMT_HYPERCALLS
> + bool "Enable hypercalls under management"
Please call it "Enable privileged hypercalls for system management"
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 03/26] xen/x86: consolidate vram tracking support
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
2025-09-10 7:38 ` [PATCH v2 01/26] xen/x86: move domctl.o out of PV_SHIM_EXCLUSIVE Penny Zheng
2025-09-10 7:38 ` [PATCH v2 02/26] xen/sysctl: replace CONFIG_SYSCTL with CONFIG_MGMT_DOMCTL Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 14:08 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT Penny Zheng
` (22 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Jan Beulich, Andrew Cooper,
Roger Pau Monné
Flag PG_log_dirty is for paging log dirty support, not vram tracking support.
However data structure sh_dirty_vram{} and function paging_log_dirty_range()
designed for vram tracking support, are guarded with PG_log_dirty.
We release both from PG_log_dirty, and also move paging_log_dirty_range(),
remamed with p2m_log_dirty_range(), into p2m.c, where it logically belongs.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- rename paging_log_dirty_range() into p2m_log_dirty_range(), and move it
to p2m.c, where it logically belongs
- remove #ifdef / #endif
- change int to unsigned int
---
xen/arch/x86/include/asm/p2m.h | 4 ++++
xen/arch/x86/include/asm/paging.h | 32 +++++++++++++------------------
xen/arch/x86/mm/hap/hap.c | 4 ++--
xen/arch/x86/mm/p2m.c | 28 +++++++++++++++++++++++++++
xen/arch/x86/mm/paging.c | 32 -------------------------------
5 files changed, 47 insertions(+), 53 deletions(-)
diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h
index 3b860e30c3..1856cc396c 100644
--- a/xen/arch/x86/include/asm/p2m.h
+++ b/xen/arch/x86/include/asm/p2m.h
@@ -1110,6 +1110,10 @@ static inline int p2m_entry_modify(struct p2m_domain *p2m, p2m_type_t nt,
#endif /* CONFIG_HVM */
+/* get the dirty bitmap for a specific range of pfns */
+void p2m_log_dirty_range(struct domain *d, unsigned long begin_pfn,
+ unsigned long nr, uint8_t *dirty_bitmap);
+
#endif /* _XEN_ASM_X86_P2M_H */
/*
diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h
index 768b077ebd..1b0694bb36 100644
--- a/xen/arch/x86/include/asm/paging.h
+++ b/xen/arch/x86/include/asm/paging.h
@@ -133,13 +133,20 @@ struct paging_mode {
(DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \
PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1)
-#if PG_log_dirty
+#ifdef CONFIG_HVM
+/* VRAM dirty tracking support */
+struct sh_dirty_vram {
+ unsigned long begin_pfn;
+ unsigned long end_pfn;
+#ifdef CONFIG_SHADOW_PAGING
+ paddr_t *sl1ma;
+ uint8_t *dirty_bitmap;
+ s_time_t last_dirty;
+#endif
+};
+#endif
-/* get the dirty bitmap for a specific range of pfns */
-void paging_log_dirty_range(struct domain *d,
- unsigned long begin_pfn,
- unsigned long nr,
- uint8_t *dirty_bitmap);
+#if PG_log_dirty
/* log dirty initialization */
void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops);
@@ -171,19 +178,6 @@ bool paging_mfn_is_dirty(const struct domain *d, mfn_t gmfn);
#define L4_LOGDIRTY_IDX(pfn) ((pfn_x(pfn) >> (PAGE_SHIFT + 3 + PAGETABLE_ORDER * 2)) & \
(LOGDIRTY_NODE_ENTRIES-1))
-#ifdef CONFIG_HVM
-/* VRAM dirty tracking support */
-struct sh_dirty_vram {
- unsigned long begin_pfn;
- unsigned long end_pfn;
-#ifdef CONFIG_SHADOW_PAGING
- paddr_t *sl1ma;
- uint8_t *dirty_bitmap;
- s_time_t last_dirty;
-#endif
-};
-#endif
-
#else /* !PG_log_dirty */
static inline void paging_log_dirty_init(struct domain *d,
diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c
index 4aec98109d..2f69ff9c7b 100644
--- a/xen/arch/x86/mm/hap/hap.c
+++ b/xen/arch/x86/mm/hap/hap.c
@@ -42,7 +42,7 @@
* Create a dirty vram range on demand when some [begin_pfn:begin_pfn+nr] is
* first encountered.
* Collect the guest_dirty bitmask, a bit mask of the dirty vram pages, by
- * calling paging_log_dirty_range(), which interrogates each vram
+ * calling p2m_log_dirty_range(), which interrogates each vram
* page's p2m type looking for pages that have been made writable.
*/
@@ -119,7 +119,7 @@ int hap_track_dirty_vram(struct domain *d,
p2m_flush_hardware_cached_dirty(d);
/* get the bitmap */
- paging_log_dirty_range(d, begin_pfn, nr_frames, dirty_bitmap);
+ p2m_log_dirty_range(d, begin_pfn, nr_frames, dirty_bitmap);
domain_unpause(d);
}
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index e802f2e4e6..e2a00a0efd 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2161,6 +2161,34 @@ int relinquish_p2m_mapping(struct domain *d)
return rc;
}
+void p2m_log_dirty_range(struct domain *d, unsigned long begin_pfn,
+ unsigned long nr, uint8_t *dirty_bitmap)
+{
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ unsigned int i;
+ unsigned long pfn;
+
+ /*
+ * Set l1e entries of P2M table to be read-only.
+ *
+ * On first write, it page faults, its entry is changed to read-write,
+ * and on retry the write succeeds.
+ *
+ * We populate dirty_bitmap by looking for entries that have been
+ * switched to read-write.
+ */
+
+ p2m_lock(p2m);
+
+ for ( i = 0, pfn = begin_pfn; pfn < begin_pfn + nr; i++, pfn++ )
+ if ( !p2m_change_type_one(d, pfn, p2m_ram_rw, p2m_ram_logdirty) )
+ dirty_bitmap[i >> 3] |= (1 << (i & 7));
+
+ p2m_unlock(p2m);
+
+ guest_flush_tlb_mask(d, d->dirty_cpumask);
+}
+
/*
* Local variables:
* mode: C
diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index 3aafb0990b..65455a6867 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -583,38 +583,6 @@ static int paging_log_dirty_op(struct domain *d,
return rv;
}
-#ifdef CONFIG_HVM
-void paging_log_dirty_range(struct domain *d,
- unsigned long begin_pfn,
- unsigned long nr,
- uint8_t *dirty_bitmap)
-{
- struct p2m_domain *p2m = p2m_get_hostp2m(d);
- int i;
- unsigned long pfn;
-
- /*
- * Set l1e entries of P2M table to be read-only.
- *
- * On first write, it page faults, its entry is changed to read-write,
- * and on retry the write succeeds.
- *
- * We populate dirty_bitmap by looking for entries that have been
- * switched to read-write.
- */
-
- p2m_lock(p2m);
-
- for ( i = 0, pfn = begin_pfn; pfn < begin_pfn + nr; i++, pfn++ )
- if ( !p2m_change_type_one(d, pfn, p2m_ram_rw, p2m_ram_logdirty) )
- dirty_bitmap[i >> 3] |= (1 << (i & 7));
-
- p2m_unlock(p2m);
-
- guest_flush_tlb_mask(d, d->dirty_cpumask);
-}
-#endif
-
/*
* Callers must supply log_dirty_ops for the log dirty code to call. This
* function usually is invoked when paging is enabled. Check shadow_enable()
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 03/26] xen/x86: consolidate vram tracking support
2025-09-10 7:38 ` [PATCH v2 03/26] xen/x86: consolidate vram tracking support Penny Zheng
@ 2025-09-10 14:08 ` Jan Beulich
2025-09-11 7:15 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 14:08 UTC (permalink / raw)
To: Penny Zheng; +Cc: ray.huang, Andrew Cooper, Roger Pau Monné, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> Flag PG_log_dirty is for paging log dirty support, not vram tracking support.
> However data structure sh_dirty_vram{} and function paging_log_dirty_range()
> designed for vram tracking support, are guarded with PG_log_dirty.
> We release both from PG_log_dirty, and also move paging_log_dirty_range(),
> remamed with p2m_log_dirty_range(), into p2m.c, where it logically belongs.
Aren't these two independent changes? One to deal with struct sh_dirty_vram,
the other to move and rename paging_log_dirty_range()? Irrespective, in the
interest of making progress:
Acked-by: Jan Beulich <jbeulich@suse.com>
with ...
> --- a/xen/arch/x86/include/asm/p2m.h
> +++ b/xen/arch/x86/include/asm/p2m.h
> @@ -1110,6 +1110,10 @@ static inline int p2m_entry_modify(struct p2m_domain *p2m, p2m_type_t nt,
>
> #endif /* CONFIG_HVM */
>
> +/* get the dirty bitmap for a specific range of pfns */
... comment style corrected here (happy to do so while committing).
Aiui the patch is independent of the earlier two, and hence could go in ahead
of them. Sadly once again nothing like this is stated anywhere, so please
confirm.
> --- a/xen/arch/x86/include/asm/paging.h
> +++ b/xen/arch/x86/include/asm/paging.h
> @@ -133,13 +133,20 @@ struct paging_mode {
> (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \
> PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1)
>
> -#if PG_log_dirty
> +#ifdef CONFIG_HVM
> +/* VRAM dirty tracking support */
> +struct sh_dirty_vram {
> + unsigned long begin_pfn;
> + unsigned long end_pfn;
> +#ifdef CONFIG_SHADOW_PAGING
> + paddr_t *sl1ma;
> + uint8_t *dirty_bitmap;
> + s_time_t last_dirty;
> +#endif
> +};
> +#endif
Subsequently I think we will want to do more cleanup here. Us using a shadow
mode struct also in HAP code is bogus and, afaics, wasteful. The three latter
members are used only by shadow code, so HAP could have its own, smaller
variant of the type. And each type could be private to the hap/ and shadow/
subtrees respectively.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 03/26] xen/x86: consolidate vram tracking support
2025-09-10 14:08 ` Jan Beulich
@ 2025-09-11 7:15 ` Penny, Zheng
2025-09-11 7:54 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-11 7:15 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Andrew Cooper, Roger Pau Monné,
xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Wednesday, September 10, 2025 10:09 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Roger Pau Monné <roger.pau@citrix.com>; xen-
> devel@lists.xenproject.org
> Subject: Re: [PATCH v2 03/26] xen/x86: consolidate vram tracking support
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > Flag PG_log_dirty is for paging log dirty support, not vram tracking support.
> > However data structure sh_dirty_vram{} and function
> > paging_log_dirty_range() designed for vram tracking support, are guarded with
> PG_log_dirty.
> > We release both from PG_log_dirty, and also move
> > paging_log_dirty_range(), remamed with p2m_log_dirty_range(), into p2m.c, where
> it logically belongs.
>
> Aren't these two independent changes? One to deal with struct sh_dirty_vram, the
> other to move and rename paging_log_dirty_range()? Irrespective, in the interest of
> making progress:
> Acked-by: Jan Beulich <jbeulich@suse.com> with ...
>
> > --- a/xen/arch/x86/include/asm/p2m.h
> > +++ b/xen/arch/x86/include/asm/p2m.h
> > @@ -1110,6 +1110,10 @@ static inline int p2m_entry_modify(struct
> > p2m_domain *p2m, p2m_type_t nt,
> >
> > #endif /* CONFIG_HVM */
> >
> > +/* get the dirty bitmap for a specific range of pfns */
>
> ... comment style corrected here (happy to do so while committing).
>
> Aiui the patch is independent of the earlier two, and hence could go in ahead of
> them. Sadly once again nothing like this is stated anywhere, so please confirm.
>
Yes, it could go in ahead of them. I'll split it into two commits, and I will do this immediately to send regardless of this patch serie.
> > --- a/xen/arch/x86/include/asm/paging.h
> > +++ b/xen/arch/x86/include/asm/paging.h
> > @@ -133,13 +133,20 @@ struct paging_mode {
> > (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \
> > PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1)
> >
> > -#if PG_log_dirty
> > +#ifdef CONFIG_HVM
> > +/* VRAM dirty tracking support */
> > +struct sh_dirty_vram {
> > + unsigned long begin_pfn;
> > + unsigned long end_pfn;
> > +#ifdef CONFIG_SHADOW_PAGING
> > + paddr_t *sl1ma;
> > + uint8_t *dirty_bitmap;
> > + s_time_t last_dirty;
> > +#endif
> > +};
> > +#endif
>
> Subsequently I think we will want to do more cleanup here. Us using a shadow
> mode struct also in HAP code is bogus and, afaics, wasteful. The three latter
> members are used only by shadow code, so HAP could have its own, smaller
> variant of the type. And each type could be private to the hap/ and shadow/
> subtrees respectively.
>
Understood.
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 03/26] xen/x86: consolidate vram tracking support
2025-09-11 7:15 ` Penny, Zheng
@ 2025-09-11 7:54 ` Penny, Zheng
2025-09-11 8:10 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-11 7:54 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Andrew Cooper, Roger Pau Monné,
xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Penny, Zheng
> Sent: Thursday, September 11, 2025 3:16 PM
> To: Jan Beulich <jbeulich@suse.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Roger Pau Monné <roger.pau@citrix.com>; xen-
> devel@lists.xenproject.org
> Subject: RE: [PATCH v2 03/26] xen/x86: consolidate vram tracking support
>
>
>
> > -----Original Message-----
> > From: Jan Beulich <jbeulich@suse.com>
> > Sent: Wednesday, September 10, 2025 10:09 PM
> > To: Penny, Zheng <penny.zheng@amd.com>
> > Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> > <andrew.cooper3@citrix.com>; Roger Pau Monné <roger.pau@citrix.com>;
> > xen- devel@lists.xenproject.org
> > Subject: Re: [PATCH v2 03/26] xen/x86: consolidate vram tracking
> > support
> >
> > On 10.09.2025 09:38, Penny Zheng wrote:
> > > Flag PG_log_dirty is for paging log dirty support, not vram tracking support.
> > > However data structure sh_dirty_vram{} and function
> > > paging_log_dirty_range() designed for vram tracking support, are
> > > guarded with
> > PG_log_dirty.
> > > We release both from PG_log_dirty, and also move
> > > paging_log_dirty_range(), remamed with p2m_log_dirty_range(), into
> > > p2m.c, where
> > it logically belongs.
> >
> > Aren't these two independent changes? One to deal with struct
> > sh_dirty_vram, the other to move and rename paging_log_dirty_range()?
> > Irrespective, in the interest of making progress:
> > Acked-by: Jan Beulich <jbeulich@suse.com> with ...
> >
> > > --- a/xen/arch/x86/include/asm/p2m.h
> > > +++ b/xen/arch/x86/include/asm/p2m.h
> > > @@ -1110,6 +1110,10 @@ static inline int p2m_entry_modify(struct
> > > p2m_domain *p2m, p2m_type_t nt,
> > >
> > > #endif /* CONFIG_HVM */
> > >
> > > +/* get the dirty bitmap for a specific range of pfns */
> >
> > ... comment style corrected here (happy to do so while committing).
> >
> > Aiui the patch is independent of the earlier two, and hence could go
> > in ahead of them. Sadly once again nothing like this is stated anywhere, so
> please confirm.
> >
>
> Yes, it could go in ahead of them. I'll split it into two commits, and I will do this
> immediately to send regardless of this patch serie.
>
> > > --- a/xen/arch/x86/include/asm/paging.h
> > > +++ b/xen/arch/x86/include/asm/paging.h
> > > @@ -133,13 +133,20 @@ struct paging_mode {
> > > (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \
> > > PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1)
> > >
> > > -#if PG_log_dirty
> > > +#ifdef CONFIG_HVM
> > > +/* VRAM dirty tracking support */
> > > +struct sh_dirty_vram {
> > > + unsigned long begin_pfn;
> > > + unsigned long end_pfn;
> > > +#ifdef CONFIG_SHADOW_PAGING
> > > + paddr_t *sl1ma;
> > > + uint8_t *dirty_bitmap;
> > > + s_time_t last_dirty;
> > > +#endif
> > > +};
> > > +#endif
> >
> > Subsequently I think we will want to do more cleanup here. Us using a
> > shadow mode struct also in HAP code is bogus and, afaics, wasteful.
> > The three latter members are used only by shadow code, so HAP could
> > have its own, smaller variant of the type. And each type could be
> > private to the hap/ and shadow/ subtrees respectively.
> >
>
> Understood.
Reading relative codes, found that we have a "struct sh_dirty_vram *dirty_vram" in "struct hvm_domain",
If we defined different type "struct hap_dirty_vram" and "struct sh_dirty_vram" private to the hap/ and shadow/ subtrees respectively, either we add different type in "struct hvm_domain", or we change it to the "void *" there and do the type casting on referring... maybe the former is safer or any better suggestion?
>
> > Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 03/26] xen/x86: consolidate vram tracking support
2025-09-11 7:54 ` Penny, Zheng
@ 2025-09-11 8:10 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 8:10 UTC (permalink / raw)
To: Penny, Zheng
Cc: Huang, Ray, Andrew Cooper, Roger Pau Monné,
xen-devel@lists.xenproject.org
On 11.09.2025 09:54, Penny, Zheng wrote:
>> -----Original Message-----
>> From: Penny, Zheng
>> Sent: Thursday, September 11, 2025 3:16 PM
>>
>>> -----Original Message-----
>>> From: Jan Beulich <jbeulich@suse.com>
>>> Sent: Wednesday, September 10, 2025 10:09 PM
>>>
>>> On 10.09.2025 09:38, Penny Zheng wrote:
>>>> --- a/xen/arch/x86/include/asm/paging.h
>>>> +++ b/xen/arch/x86/include/asm/paging.h
>>>> @@ -133,13 +133,20 @@ struct paging_mode {
>>>> (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \
>>>> PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1)
>>>>
>>>> -#if PG_log_dirty
>>>> +#ifdef CONFIG_HVM
>>>> +/* VRAM dirty tracking support */
>>>> +struct sh_dirty_vram {
>>>> + unsigned long begin_pfn;
>>>> + unsigned long end_pfn;
>>>> +#ifdef CONFIG_SHADOW_PAGING
>>>> + paddr_t *sl1ma;
>>>> + uint8_t *dirty_bitmap;
>>>> + s_time_t last_dirty;
>>>> +#endif
>>>> +};
>>>> +#endif
>>>
>>> Subsequently I think we will want to do more cleanup here. Us using a
>>> shadow mode struct also in HAP code is bogus and, afaics, wasteful.
>>> The three latter members are used only by shadow code, so HAP could
>>> have its own, smaller variant of the type. And each type could be
>>> private to the hap/ and shadow/ subtrees respectively.
>>
>> Understood.
>
> Reading relative codes, found that we have a "struct sh_dirty_vram *dirty_vram" in "struct hvm_domain",
> If we defined different type "struct hap_dirty_vram" and "struct sh_dirty_vram" private to the hap/ and shadow/ subtrees respectively, either we add different type in "struct hvm_domain", or we change it to the "void *" there and do the type casting on referring... maybe the former is safer or any better suggestion?
Yes, but I wasn't really meaning for you to do that further cleanup. I'm
intending to do that once your change has gone in.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (2 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 03/26] xen/x86: consolidate vram tracking support Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 14:56 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 05/26] xen/x86: make VM_EVENT depend on CONFIG_MGMT_HYPERCALLS Penny Zheng
` (21 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Jan Beulich, Andrew Cooper,
Roger Pau Monné, Tamas K Lengyel, Alexandru Isaila,
Petre Pircalabu, Daniel P. Smith
File hvm/vm_event.c and x86/vm_event.c are the extend to vm_event handling
routines, and its compilation shall be guarded by CONFIG_VM_EVENT too.
Futhermore, features about monitor_op and memory access are both based on
vm event subsystem, so monitor.o/mem_access.o shall be wrapped under
CONFIG_VM_EVENT.
Although CONFIG_VM_EVENT is forcibly enabled on x86, we could disable it
through disabling CONFIG_MGMT_HYPERCALLS in the future.
In consequence, a few functions, like the ones defined in hvm/monitor.h,
needs stub to pass compilation when CONFIG_VM_EVENT=n.
Remove the CONFIG_VM_EVENT wrapper for "#include <asm/mem_access.h>", as
we need stub of "p2m_mem_access_check()" to pass compilation on
CONFIG_VM_EVENT=n
The following functions are developed on the basis of vm event framework, or
only invoked by vm_event.c/monitor.c/mem_access.c, so they all shall be
wrapped with CONFIG_VM_EVENT:
- hvm_toggle_singlestep
- hvm_fast_singlestep
- hvm_enable_msr_interception
- hvm_function_table.enable_msr_interception
- hvm_has_set_descriptor_access_existing
- hvm_function_table.set_descriptor_access_existing
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- split out XSM changes
- remove unnecessary stubs
- move "struct p2m_domain" declaration ahead of the #ifdef
---
xen/arch/x86/Makefile | 2 +-
xen/arch/x86/hvm/Makefile | 4 +-
xen/arch/x86/hvm/hvm.c | 2 +
xen/arch/x86/hvm/svm/svm.c | 8 +++
xen/arch/x86/hvm/vmx/vmx.c | 10 ++++
xen/arch/x86/include/asm/hvm/hvm.h | 10 ++++
xen/arch/x86/include/asm/hvm/monitor.h | 65 ++++++++++++++++++++++++-
xen/arch/x86/include/asm/hvm/vm_event.h | 4 ++
xen/arch/x86/include/asm/mem_access.h | 9 ++++
xen/arch/x86/include/asm/monitor.h | 7 +++
xen/include/xen/mem_access.h | 35 +++++++++++--
xen/include/xen/monitor.h | 8 ++-
xen/include/xen/vm_event.h | 24 ++++++++-
13 files changed, 176 insertions(+), 12 deletions(-)
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index a9fdba0b4c..a7bfe4c0b1 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -76,7 +76,7 @@ obj-y += usercopy.o
obj-y += x86_emulate.o
obj-$(CONFIG_TBOOT) += tboot.o
obj-y += hpet.o
-obj-y += vm_event.o
+obj-$(CONFIG_VM_EVENT) += vm_event.o
obj-y += xstate.o
ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
diff --git a/xen/arch/x86/hvm/Makefile b/xen/arch/x86/hvm/Makefile
index 6ec2c8f2db..952db00dd7 100644
--- a/xen/arch/x86/hvm/Makefile
+++ b/xen/arch/x86/hvm/Makefile
@@ -16,7 +16,7 @@ obj-y += io.o
obj-y += ioreq.o
obj-y += irq.o
obj-y += mmio.o
-obj-y += monitor.o
+obj-$(CONFIG_VM_EVENT) += monitor.o
obj-y += mtrr.o
obj-y += nestedhvm.o
obj-y += pmtimer.o
@@ -26,7 +26,7 @@ obj-y += save.o
obj-y += stdvga.o
obj-y += vioapic.o
obj-y += vlapic.o
-obj-y += vm_event.o
+obj-$(CONFIG_VM_EVENT) += vm_event.o
obj-y += vmsi.o
obj-y += vpic.o
obj-y += vpt.o
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 23bd7f078a..b044dc2ecb 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -5266,6 +5266,7 @@ int hvm_debug_op(struct vcpu *v, int32_t op)
return rc;
}
+#ifdef CONFIG_VM_EVENT
void hvm_toggle_singlestep(struct vcpu *v)
{
ASSERT(atomic_read(&v->pause_count));
@@ -5275,6 +5276,7 @@ void hvm_toggle_singlestep(struct vcpu *v)
v->arch.hvm.single_step = !v->arch.hvm.single_step;
}
+#endif /* CONFIG_VM_EVENT */
#ifdef CONFIG_ALTP2M
void hvm_fast_singlestep(struct vcpu *v, uint16_t p2midx)
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index b54f9d9af5..b726d760d4 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -298,6 +298,7 @@ void svm_intercept_msr(struct vcpu *v, uint32_t msr, int flags)
__clear_bit(msr * 2 + 1, msr_bit);
}
+#ifdef CONFIG_VM_EVENT
static void cf_check svm_enable_msr_interception(struct domain *d, uint32_t msr)
{
struct vcpu *v;
@@ -305,6 +306,7 @@ static void cf_check svm_enable_msr_interception(struct domain *d, uint32_t msr)
for_each_vcpu ( d, v )
svm_intercept_msr(v, msr, MSR_INTERCEPT_WRITE);
}
+#endif /* CONFIG_VM_EVENT */
static void svm_save_dr(struct vcpu *v)
{
@@ -825,6 +827,7 @@ static void cf_check svm_set_rdtsc_exiting(struct vcpu *v, bool enable)
vmcb_set_general2_intercepts(vmcb, general2_intercepts);
}
+#ifdef CONFIG_VM_EVENT
static void cf_check svm_set_descriptor_access_exiting(
struct vcpu *v, bool enable)
{
@@ -842,6 +845,7 @@ static void cf_check svm_set_descriptor_access_exiting(
vmcb_set_general1_intercepts(vmcb, general1_intercepts);
}
+#endif /* CONFIG_VM_EVENT */
static unsigned int cf_check svm_get_insn_bytes(struct vcpu *v, uint8_t *buf)
{
@@ -2456,9 +2460,13 @@ static struct hvm_function_table __initdata_cf_clobber svm_function_table = {
.fpu_dirty_intercept = svm_fpu_dirty_intercept,
.msr_read_intercept = svm_msr_read_intercept,
.msr_write_intercept = svm_msr_write_intercept,
+#ifdef CONFIG_VM_EVENT
.enable_msr_interception = svm_enable_msr_interception,
+#endif
.set_rdtsc_exiting = svm_set_rdtsc_exiting,
+#ifdef CONFIG_VM_EVENT
.set_descriptor_access_exiting = svm_set_descriptor_access_exiting,
+#endif
.get_insn_bytes = svm_get_insn_bytes,
.nhvm_vcpu_initialise = nsvm_vcpu_initialise,
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index e2b5077654..4cf5da70ad 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -1519,6 +1519,7 @@ static void cf_check vmx_set_rdtsc_exiting(struct vcpu *v, bool enable)
vmx_vmcs_exit(v);
}
+#ifdef CONFIG_VM_EVENT
static void cf_check vmx_set_descriptor_access_exiting(
struct vcpu *v, bool enable)
{
@@ -1533,6 +1534,7 @@ static void cf_check vmx_set_descriptor_access_exiting(
vmx_update_secondary_exec_control(v);
vmx_vmcs_exit(v);
}
+#endif /* CONFIG_VM_EVENT */
static void cf_check vmx_init_hypercall_page(void *p)
{
@@ -2412,6 +2414,7 @@ static void cf_check vmx_handle_eoi(uint8_t vector, int isr)
printk_once(XENLOG_WARNING "EOI for %02x but SVI=%02x\n", vector, old_svi);
}
+#ifdef CONFIG_VM_EVENT
static void cf_check vmx_enable_msr_interception(struct domain *d, uint32_t msr)
{
struct vcpu *v;
@@ -2419,6 +2422,7 @@ static void cf_check vmx_enable_msr_interception(struct domain *d, uint32_t msr)
for_each_vcpu ( d, v )
vmx_set_msr_intercept(v, msr, VMX_MSR_W);
}
+#endif /* CONFIG_VM_EVENT */
#ifdef CONFIG_ALTP2M
@@ -2870,7 +2874,9 @@ static struct hvm_function_table __initdata_cf_clobber vmx_function_table = {
.nhvm_domain_relinquish_resources = nvmx_domain_relinquish_resources,
.update_vlapic_mode = vmx_vlapic_msr_changed,
.nhvm_hap_walk_L1_p2m = nvmx_hap_walk_L1_p2m,
+#ifdef CONFIG_VM_EVENT
.enable_msr_interception = vmx_enable_msr_interception,
+#endif
#ifdef CONFIG_ALTP2M
.altp2m_vcpu_update_p2m = vmx_vcpu_update_eptp,
.altp2m_vcpu_update_vmfunc_ve = vmx_vcpu_update_vmfunc_ve,
@@ -3078,9 +3084,11 @@ const struct hvm_function_table * __init start_vmx(void)
vmx_function_table.caps.singlestep = cpu_has_monitor_trap_flag;
+#ifdef CONFIG_VM_EVENT
if ( cpu_has_vmx_dt_exiting )
vmx_function_table.set_descriptor_access_exiting =
vmx_set_descriptor_access_exiting;
+#endif
/*
* Do not enable EPT when (!cpu_has_vmx_pat), to prevent security hole
@@ -3151,8 +3159,10 @@ void __init vmx_fill_funcs(void)
if ( !cpu_has_xen_ibt )
return;
+#ifdef CONFIG_VM_EVENT
vmx_function_table.set_descriptor_access_exiting =
vmx_set_descriptor_access_exiting;
+#endif
vmx_function_table.update_eoi_exit_bitmap = vmx_update_eoi_exit_bitmap;
vmx_function_table.process_isr = vmx_process_isr;
diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h
index f02183691e..b2c75b733e 100644
--- a/xen/arch/x86/include/asm/hvm/hvm.h
+++ b/xen/arch/x86/include/asm/hvm/hvm.h
@@ -192,7 +192,9 @@ struct hvm_function_table {
void (*handle_cd)(struct vcpu *v, unsigned long value);
void (*set_info_guest)(struct vcpu *v);
void (*set_rdtsc_exiting)(struct vcpu *v, bool enable);
+#ifdef CONFIG_VM_EVENT
void (*set_descriptor_access_exiting)(struct vcpu *v, bool enable);
+#endif
/* Nested HVM */
int (*nhvm_vcpu_initialise)(struct vcpu *v);
@@ -224,7 +226,9 @@ struct hvm_function_table {
paddr_t *L1_gpa, unsigned int *page_order,
uint8_t *p2m_acc, struct npfec npfec);
+#ifdef CONFIG_VM_EVENT
void (*enable_msr_interception)(struct domain *d, uint32_t msr);
+#endif
#ifdef CONFIG_ALTP2M
/* Alternate p2m */
@@ -435,7 +439,11 @@ static inline bool using_svm(void)
static inline bool hvm_has_set_descriptor_access_exiting(void)
{
+#ifdef CONFIG_VM_EVENT
return hvm_funcs.set_descriptor_access_exiting;
+#else
+ return false;
+#endif
}
static inline void hvm_domain_creation_finished(struct domain *d)
@@ -681,7 +689,9 @@ static inline int nhvm_hap_walk_L1_p2m(
static inline void hvm_enable_msr_interception(struct domain *d, uint32_t msr)
{
+#ifdef CONFIG_VM_EVENT
alternative_vcall(hvm_funcs.enable_msr_interception, d, msr);
+#endif
}
static inline bool hvm_is_singlestep_supported(void)
diff --git a/xen/arch/x86/include/asm/hvm/monitor.h b/xen/arch/x86/include/asm/hvm/monitor.h
index 02021be47b..561ca2e585 100644
--- a/xen/arch/x86/include/asm/hvm/monitor.h
+++ b/xen/arch/x86/include/asm/hvm/monitor.h
@@ -17,14 +17,16 @@ enum hvm_monitor_debug_type
HVM_MONITOR_DEBUG_EXCEPTION,
};
+#define hvm_monitor_crX(cr, new, old) \
+ hvm_monitor_cr(VM_EVENT_X86_##cr, new, old)
+
+#ifdef CONFIG_VM_EVENT
/*
* Called for current VCPU on crX/MSR changes by guest. Bool return signals
* whether emulation should be postponed.
*/
bool hvm_monitor_cr(unsigned int index, unsigned long value,
unsigned long old);
-#define hvm_monitor_crX(cr, new, old) \
- hvm_monitor_cr(VM_EVENT_X86_##cr, new, old)
bool hvm_monitor_msr(unsigned int msr, uint64_t new_value, uint64_t old_value);
void hvm_monitor_descriptor_access(uint64_t exit_info,
uint64_t vmx_exit_qualification,
@@ -45,6 +47,65 @@ int hvm_monitor_vmexit(unsigned long exit_reason,
int hvm_monitor_io(unsigned int port, unsigned int bytes,
bool in, bool str);
+#else
+static inline bool hvm_monitor_cr(unsigned int index, unsigned long value,
+ unsigned long old)
+{
+ return false;
+}
+
+static inline bool hvm_monitor_msr(unsigned int msr, uint64_t new_value,
+ uint64_t old_value)
+{
+ return false;
+}
+
+static inline void hvm_monitor_descriptor_access(uint64_t exit_info,
+ uint64_t vmx_exit_qualification,
+ uint8_t descriptor, bool is_write) {}
+
+static inline int hvm_monitor_debug(unsigned long rip,
+ enum hvm_monitor_debug_type type,
+ unsigned int trap_type,
+ unsigned int insn_length,
+ unsigned int pending_dbg)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline int hvm_monitor_cpuid(unsigned long insn_length,
+ unsigned int leaf, unsigned int subleaf)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline void hvm_monitor_interrupt(unsigned int vector,
+ unsigned int type,
+ unsigned int err, uint64_t cr2) {}
+
+static inline bool hvm_monitor_emul_unimplemented(void)
+{
+ return false;
+}
+
+static inline bool hvm_monitor_check_p2m(unsigned long gla, gfn_t gfn,
+ uint32_t pfec, uint16_t kind)
+{
+ return false;
+}
+
+static inline int hvm_monitor_vmexit(unsigned long exit_reason,
+ unsigned long exit_qualification)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline int hvm_monitor_io(unsigned int port, unsigned int bytes,
+ bool in, bool str)
+{
+ return -EOPNOTSUPP;
+}
+#endif /* CONFIG_VM_EVENT */
#endif /* __ASM_X86_HVM_MONITOR_H__ */
diff --git a/xen/arch/x86/include/asm/hvm/vm_event.h b/xen/arch/x86/include/asm/hvm/vm_event.h
index 506a85c774..1628230182 100644
--- a/xen/arch/x86/include/asm/hvm/vm_event.h
+++ b/xen/arch/x86/include/asm/hvm/vm_event.h
@@ -8,7 +8,11 @@
#ifndef __ASM_X86_HVM_VM_EVENT_H__
#define __ASM_X86_HVM_VM_EVENT_H__
+#ifdef CONFIG_VM_EVENT
void hvm_vm_event_do_resume(struct vcpu *v);
+#else
+static inline void hvm_vm_event_do_resume(struct vcpu *v) {}
+#endif /* CONFIG_VM_EVENT */
#endif /* __ASM_X86_HVM_VM_EVENT_H__ */
diff --git a/xen/arch/x86/include/asm/mem_access.h b/xen/arch/x86/include/asm/mem_access.h
index 1a52a10322..c786116310 100644
--- a/xen/arch/x86/include/asm/mem_access.h
+++ b/xen/arch/x86/include/asm/mem_access.h
@@ -14,6 +14,7 @@
#ifndef __ASM_X86_MEM_ACCESS_H__
#define __ASM_X86_MEM_ACCESS_H__
+#ifdef CONFIG_VM_EVENT
/*
* Setup vm_event request based on the access (gla is -1ull if not available).
* Handles the rw2rx conversion. Boolean return value indicates if event type
@@ -25,6 +26,14 @@
bool p2m_mem_access_check(paddr_t gpa, unsigned long gla,
struct npfec npfec,
struct vm_event_st **req_ptr);
+#else
+static inline bool p2m_mem_access_check(paddr_t gpa, unsigned long gla,
+ struct npfec npfec,
+ struct vm_event_st **req_ptr)
+{
+ return false;
+}
+#endif /* CONFIG_VM_EVENT */
/* Check for emulation and mark vcpu for skipping one instruction
* upon rescheduling if required. */
diff --git a/xen/arch/x86/include/asm/monitor.h b/xen/arch/x86/include/asm/monitor.h
index 3c64d8258f..850c0798d7 100644
--- a/xen/arch/x86/include/asm/monitor.h
+++ b/xen/arch/x86/include/asm/monitor.h
@@ -123,7 +123,14 @@ static inline void arch_monitor_cleanup_domain(struct domain *d) {}
#endif
+#ifdef CONFIG_VM_EVENT
bool monitored_msr(const struct domain *d, u32 msr);
+#else
+static inline bool monitored_msr(const struct domain *d, u32 msr)
+{
+ return false;
+}
+#endif
bool monitored_msr_onchangeonly(const struct domain *d, u32 msr);
#endif /* __ASM_X86_MONITOR_H__ */
diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h
index 4de651038d..efbb26b703 100644
--- a/xen/include/xen/mem_access.h
+++ b/xen/include/xen/mem_access.h
@@ -33,9 +33,7 @@
*/
struct vm_event_st;
-#ifdef CONFIG_VM_EVENT
#include <asm/mem_access.h>
-#endif
/*
* Additional access types, which are used to further restrict
@@ -74,6 +72,7 @@ typedef enum {
} p2m_access_t;
struct p2m_domain;
+#ifdef CONFIG_VM_EVENT
bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
xenmem_access_t xaccess,
p2m_access_t *paccess);
@@ -99,10 +98,40 @@ long p2m_set_mem_access_multi(struct domain *d,
int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access,
unsigned int altp2m_idx);
-#ifdef CONFIG_VM_EVENT
int mem_access_memop(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t) arg);
#else
+static inline bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
+ xenmem_access_t xaccess,
+ p2m_access_t *paccess)
+{
+ return false;
+}
+
+static inline long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr,
+ uint32_t start, uint32_t mask,
+ xenmem_access_t access,
+ unsigned int altp2m_idx)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline long p2m_set_mem_access_multi(struct domain *d,
+ const XEN_GUEST_HANDLE(const_uint64) pfn_list,
+ const XEN_GUEST_HANDLE(const_uint8) access_list,
+ uint32_t nr, uint32_t start, uint32_t mask,
+ unsigned int altp2m_idx)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline int p2m_get_mem_access(struct domain *d, gfn_t gfn,
+ xenmem_access_t *access,
+ unsigned int altp2m_idx)
+{
+ return -EOPNOTSUPP;
+}
+
static inline
int mem_access_memop(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t) arg)
diff --git a/xen/include/xen/monitor.h b/xen/include/xen/monitor.h
index c086c4390c..1b7984909e 100644
--- a/xen/include/xen/monitor.h
+++ b/xen/include/xen/monitor.h
@@ -30,6 +30,7 @@ struct xen_domctl_monitor_op;
#ifdef CONFIG_VM_EVENT
int monitor_domctl(struct domain *d, struct xen_domctl_monitor_op *mop);
void monitor_guest_request(void);
+int monitor_traps(struct vcpu *v, bool sync, vm_event_request_t *req);
#else /* !CONFIG_VM_EVENT */
static inline int monitor_domctl(struct domain *d,
struct xen_domctl_monitor_op *mop)
@@ -37,8 +38,11 @@ static inline int monitor_domctl(struct domain *d,
return -EOPNOTSUPP;
}
static inline void monitor_guest_request(void) {}
+static inline int monitor_traps(struct vcpu *v, bool sync,
+ vm_event_request_t *req)
+{
+ return -EOPNOTSUPP;
+}
#endif /* !CONFIG_VM_EVENT */
-int monitor_traps(struct vcpu *v, bool sync, vm_event_request_t *req);
-
#endif /* __XEN_MONITOR_H__ */
diff --git a/xen/include/xen/vm_event.h b/xen/include/xen/vm_event.h
index 27d0c74216..4b3d0d15ec 100644
--- a/xen/include/xen/vm_event.h
+++ b/xen/include/xen/vm_event.h
@@ -50,6 +50,7 @@ struct vm_event_domain
unsigned int last_vcpu_wake_up;
};
+#ifdef CONFIG_VM_EVENT
/* Returns whether a ring has been set up */
bool vm_event_check_ring(struct vm_event_domain *ved);
@@ -68,6 +69,20 @@ bool vm_event_check_ring(struct vm_event_domain *ved);
*/
int __vm_event_claim_slot(struct domain *d, struct vm_event_domain *ved,
bool allow_sleep);
+#else
+static inline bool vm_event_check_ring(struct vm_event_domain *ved)
+{
+ return false;
+}
+
+static inline int __vm_event_claim_slot(struct domain *d,
+ struct vm_event_domain *ved,
+ bool allow_sleep)
+{
+ return -EOPNOTSUPP;
+}
+#endif /* CONFIG_VM_EVENT */
+
static inline int vm_event_claim_slot(struct domain *d,
struct vm_event_domain *ved)
{
@@ -82,23 +97,28 @@ static inline int vm_event_claim_slot_nosleep(struct domain *d,
void vm_event_cancel_slot(struct domain *d, struct vm_event_domain *ved);
+#ifdef CONFIG_VM_EVENT
void vm_event_put_request(struct domain *d, struct vm_event_domain *ved,
vm_event_request_t *req);
-#ifdef CONFIG_VM_EVENT
/* Clean up on domain destruction */
void vm_event_cleanup(struct domain *d);
int vm_event_domctl(struct domain *d, struct xen_domctl_vm_event_op *vec);
+
+void vm_event_vcpu_pause(struct vcpu *v);
#else /* !CONFIG_VM_EVENT */
+static inline void vm_event_put_request(struct domain *d,
+ struct vm_event_domain *ved,
+ vm_event_request_t *req) {}
static inline void vm_event_cleanup(struct domain *d) {}
static inline int vm_event_domctl(struct domain *d,
struct xen_domctl_vm_event_op *vec)
{
return -EOPNOTSUPP;
}
+static inline void vm_event_vcpu_pause(struct vcpu *v) {};
#endif /* !CONFIG_VM_EVENT */
-void vm_event_vcpu_pause(struct vcpu *v);
void vm_event_vcpu_unpause(struct vcpu *v);
void vm_event_fill_regs(vm_event_request_t *req);
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
2025-09-10 7:38 ` [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT Penny Zheng
@ 2025-09-10 14:56 ` Jan Beulich
2025-09-11 9:20 ` Penny, Zheng
2025-09-13 23:31 ` Tamas K Lengyel
0 siblings, 2 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 14:56 UTC (permalink / raw)
To: Penny Zheng, Tamas K Lengyel
Cc: ray.huang, Andrew Cooper, Roger Pau Monné, Alexandru Isaila,
Petre Pircalabu, Daniel P. Smith, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> @@ -2456,9 +2460,13 @@ static struct hvm_function_table __initdata_cf_clobber svm_function_table = {
> .fpu_dirty_intercept = svm_fpu_dirty_intercept,
> .msr_read_intercept = svm_msr_read_intercept,
> .msr_write_intercept = svm_msr_write_intercept,
> +#ifdef CONFIG_VM_EVENT
> .enable_msr_interception = svm_enable_msr_interception,
> +#endif
> .set_rdtsc_exiting = svm_set_rdtsc_exiting,
> +#ifdef CONFIG_VM_EVENT
> .set_descriptor_access_exiting = svm_set_descriptor_access_exiting,
> +#endif
I think in such a case it would be preferable to move one of the existing
lines, so we can get away with just a single #ifdef.
> --- a/xen/arch/x86/include/asm/hvm/hvm.h
> +++ b/xen/arch/x86/include/asm/hvm/hvm.h
> @@ -192,7 +192,9 @@ struct hvm_function_table {
> void (*handle_cd)(struct vcpu *v, unsigned long value);
> void (*set_info_guest)(struct vcpu *v);
> void (*set_rdtsc_exiting)(struct vcpu *v, bool enable);
> +#ifdef CONFIG_VM_EVENT
> void (*set_descriptor_access_exiting)(struct vcpu *v, bool enable);
> +#endif
>
> /* Nested HVM */
> int (*nhvm_vcpu_initialise)(struct vcpu *v);
> @@ -224,7 +226,9 @@ struct hvm_function_table {
> paddr_t *L1_gpa, unsigned int *page_order,
> uint8_t *p2m_acc, struct npfec npfec);
>
> +#ifdef CONFIG_VM_EVENT
> void (*enable_msr_interception)(struct domain *d, uint32_t msr);
> +#endif
Possibly same here.
> @@ -435,7 +439,11 @@ static inline bool using_svm(void)
>
> static inline bool hvm_has_set_descriptor_access_exiting(void)
> {
> +#ifdef CONFIG_VM_EVENT
> return hvm_funcs.set_descriptor_access_exiting;
> +#else
> + return false;
> +#endif
> }
This is actively wrong. It being only monitor.[ch] which use the function,
I don't see why it can't just be wrapped in an #ifdef. With what you do,
some new caller might function fine until run in a VM_EVENT=n build.
> @@ -681,7 +689,9 @@ static inline int nhvm_hap_walk_L1_p2m(
>
> static inline void hvm_enable_msr_interception(struct domain *d, uint32_t msr)
> {
> +#ifdef CONFIG_VM_EVENT
> alternative_vcall(hvm_funcs.enable_msr_interception, d, msr);
> +#endif
> }
Mostly the same here.
> --- a/xen/arch/x86/include/asm/hvm/monitor.h
> +++ b/xen/arch/x86/include/asm/hvm/monitor.h
> @@ -17,14 +17,16 @@ enum hvm_monitor_debug_type
> HVM_MONITOR_DEBUG_EXCEPTION,
> };
>
> +#define hvm_monitor_crX(cr, new, old) \
> + hvm_monitor_cr(VM_EVENT_X86_##cr, new, old)
> +
> +#ifdef CONFIG_VM_EVENT
> /*
> * Called for current VCPU on crX/MSR changes by guest. Bool return signals
> * whether emulation should be postponed.
> */
> bool hvm_monitor_cr(unsigned int index, unsigned long value,
> unsigned long old);
> -#define hvm_monitor_crX(cr, new, old) \
> - hvm_monitor_cr(VM_EVENT_X86_##cr, new, old)
> bool hvm_monitor_msr(unsigned int msr, uint64_t new_value, uint64_t old_value);
> void hvm_monitor_descriptor_access(uint64_t exit_info,
> uint64_t vmx_exit_qualification,
> @@ -45,6 +47,65 @@ int hvm_monitor_vmexit(unsigned long exit_reason,
>
> int hvm_monitor_io(unsigned int port, unsigned int bytes,
> bool in, bool str);
> +#else
> +static inline bool hvm_monitor_cr(unsigned int index, unsigned long value,
> + unsigned long old)
> +{
> + return false;
> +}
> +
> +static inline bool hvm_monitor_msr(unsigned int msr, uint64_t new_value,
> + uint64_t old_value)
> +{
> + return false;
> +}
> +
> +static inline void hvm_monitor_descriptor_access(uint64_t exit_info,
> + uint64_t vmx_exit_qualification,
> + uint8_t descriptor, bool is_write) {}
> +
> +static inline int hvm_monitor_debug(unsigned long rip,
> + enum hvm_monitor_debug_type type,
> + unsigned int trap_type,
> + unsigned int insn_length,
> + unsigned int pending_dbg)
> +{
> + return -EOPNOTSUPP;
> +}
> +
> +static inline int hvm_monitor_cpuid(unsigned long insn_length,
> + unsigned int leaf, unsigned int subleaf)
> +{
> + return -EOPNOTSUPP;
> +}
> +
> +static inline void hvm_monitor_interrupt(unsigned int vector,
> + unsigned int type,
> + unsigned int err, uint64_t cr2) {}
> +
> +static inline bool hvm_monitor_emul_unimplemented(void)
> +{
> + return false;
> +}
> +
> +static inline bool hvm_monitor_check_p2m(unsigned long gla, gfn_t gfn,
> + uint32_t pfec, uint16_t kind)
> +{
> + return false;
> +}
> +
> +static inline int hvm_monitor_vmexit(unsigned long exit_reason,
> + unsigned long exit_qualification)
> +{
> + return -EOPNOTSUPP;
> +}
> +
> +static inline int hvm_monitor_io(unsigned int port, unsigned int bytes,
> + bool in, bool str)
> +{
> + return -EOPNOTSUPP;
> +}
For this one it's perhaps easiest to see that -EOPNOTSUPP (or in fact any
negative value) is wrong to return from the stub: Just go look at both
use sites. Guests wouldn't be able to use I/O insns anymore for intercepted
ports. Others look to have similar issues, while the ones returning "false"
look okay.
> --- a/xen/include/xen/mem_access.h
> +++ b/xen/include/xen/mem_access.h
> @@ -33,9 +33,7 @@
> */
> struct vm_event_st;
>
> -#ifdef CONFIG_VM_EVENT
> #include <asm/mem_access.h>
> -#endif
Aiui this breaks the build on PPC and RISC-V, which don't have such a
header. If this change is really needed (which I'm not convinced of, as
x86's hvm/hvm.c could as well include asm/mem_access.h directly), you'll
need to use has_include() here.
> @@ -74,6 +72,7 @@ typedef enum {
> } p2m_access_t;
>
> struct p2m_domain;
> +#ifdef CONFIG_VM_EVENT
> bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
> xenmem_access_t xaccess,
> p2m_access_t *paccess);
> @@ -99,10 +98,40 @@ long p2m_set_mem_access_multi(struct domain *d,
> int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access,
> unsigned int altp2m_idx);
>
> -#ifdef CONFIG_VM_EVENT
> int mem_access_memop(unsigned long cmd,
> XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t) arg);
> #else
> +static inline bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
> + xenmem_access_t xaccess,
> + p2m_access_t *paccess)
> +{
> + return false;
> +}
So this is needed when VM_EVENT=n and ALTP2M=y. Tamas, is this a configuration
which makes sense?
> +static inline long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr,
> + uint32_t start, uint32_t mask,
> + xenmem_access_t access,
> + unsigned int altp2m_idx)
> +{
> + return -EOPNOTSUPP;
> +}
> +
> +static inline long p2m_set_mem_access_multi(struct domain *d,
> + const XEN_GUEST_HANDLE(const_uint64) pfn_list,
> + const XEN_GUEST_HANDLE(const_uint8) access_list,
> + uint32_t nr, uint32_t start, uint32_t mask,
> + unsigned int altp2m_idx)
> +{
> + return -EOPNOTSUPP;
> +}
> +
> +static inline int p2m_get_mem_access(struct domain *d, gfn_t gfn,
> + xenmem_access_t *access,
> + unsigned int altp2m_idx)
> +{
> + return -EOPNOTSUPP;
> +}
Instead of these, I wonder whether a single #ifdef in do_altp2m_op()
wouldn't be more appropriate (assuming the above config makes some sense
in the first place). Actually, it would need to be two #ifdef-s, one in
each of the two switch() blocks.
> --- a/xen/include/xen/monitor.h
> +++ b/xen/include/xen/monitor.h
> @@ -30,6 +30,7 @@ struct xen_domctl_monitor_op;
> #ifdef CONFIG_VM_EVENT
> int monitor_domctl(struct domain *d, struct xen_domctl_monitor_op *mop);
> void monitor_guest_request(void);
> +int monitor_traps(struct vcpu *v, bool sync, vm_event_request_t *req);
> #else /* !CONFIG_VM_EVENT */
> static inline int monitor_domctl(struct domain *d,
> struct xen_domctl_monitor_op *mop)
> @@ -37,8 +38,11 @@ static inline int monitor_domctl(struct domain *d,
> return -EOPNOTSUPP;
> }
> static inline void monitor_guest_request(void) {}
> +static inline int monitor_traps(struct vcpu *v, bool sync,
> + vm_event_request_t *req)
> +{
> + return -EOPNOTSUPP;
> +}
Is this needed? There's only one call that needs taking care of afaics,
in hvm_hap_nested_page_fault(). That's gated on "req_ptr" being non-NULL
though, which isn't possible when p2m_mem_access_check() also is a stub.
Hence the compiler ought to be able to DCE the call.
> --- a/xen/include/xen/vm_event.h
> +++ b/xen/include/xen/vm_event.h
> @@ -50,6 +50,7 @@ struct vm_event_domain
> unsigned int last_vcpu_wake_up;
> };
>
> +#ifdef CONFIG_VM_EVENT
> /* Returns whether a ring has been set up */
> bool vm_event_check_ring(struct vm_event_domain *ved);
>
> @@ -68,6 +69,20 @@ bool vm_event_check_ring(struct vm_event_domain *ved);
> */
> int __vm_event_claim_slot(struct domain *d, struct vm_event_domain *ved,
> bool allow_sleep);
> +#else
> +static inline bool vm_event_check_ring(struct vm_event_domain *ved)
> +{
> + return false;
> +}
Which call site is in need of this stub? I was first considering
mem_paging_enabled(), but MEM_PAGING already now depends on VM_EVENT.
> +static inline int __vm_event_claim_slot(struct domain *d,
> + struct vm_event_domain *ved,
> + bool allow_sleep)
> +{
> + return -EOPNOTSUPP;
> +}
Sadly this looks to be needed when MEM_SHARING=y and VM_EVENT=n.
> @@ -82,23 +97,28 @@ static inline int vm_event_claim_slot_nosleep(struct domain *d,
>
> void vm_event_cancel_slot(struct domain *d, struct vm_event_domain *ved);
>
> +#ifdef CONFIG_VM_EVENT
> void vm_event_put_request(struct domain *d, struct vm_event_domain *ved,
> vm_event_request_t *req);
>
> -#ifdef CONFIG_VM_EVENT
> /* Clean up on domain destruction */
> void vm_event_cleanup(struct domain *d);
> int vm_event_domctl(struct domain *d, struct xen_domctl_vm_event_op *vec);
> +
> +void vm_event_vcpu_pause(struct vcpu *v);
> #else /* !CONFIG_VM_EVENT */
> +static inline void vm_event_put_request(struct domain *d,
> + struct vm_event_domain *ved,
> + vm_event_request_t *req) {}
Same here and ...
> static inline void vm_event_cleanup(struct domain *d) {}
> static inline int vm_event_domctl(struct domain *d,
> struct xen_domctl_vm_event_op *vec)
> {
> return -EOPNOTSUPP;
> }
> +static inline void vm_event_vcpu_pause(struct vcpu *v) {};
... here.
> #endif /* !CONFIG_VM_EVENT */
>
> -void vm_event_vcpu_pause(struct vcpu *v);
> void vm_event_vcpu_unpause(struct vcpu *v);
Please move vm_event_vcpu_unpause() as well (without adding a stub). The
two would better stay together.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
2025-09-10 14:56 ` Jan Beulich
@ 2025-09-11 9:20 ` Penny, Zheng
2025-09-11 9:52 ` Jan Beulich
2025-09-13 23:31 ` Tamas K Lengyel
1 sibling, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-11 9:20 UTC (permalink / raw)
To: Jan Beulich, Tamas K Lengyel
Cc: Huang, Ray, Andrew Cooper, Roger Pau Monné, Alexandru Isaila,
Petre Pircalabu, Daniel P. Smith, xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Wednesday, September 10, 2025 10:57 PM
> To: Penny, Zheng <penny.zheng@amd.com>; Tamas K Lengyel
> <tamas@tklengyel.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Roger Pau Monné <roger.pau@citrix.com>;
> Alexandru Isaila <aisaila@bitdefender.com>; Petre Pircalabu
> <ppircalabu@bitdefender.com>; Daniel P. Smith <dpsmith@apertussolutions.com>;
> xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
>
> On 10.09.2025 09:38, Penny Zheng wrote:
>
> > --- a/xen/include/xen/vm_event.h
> > +++ b/xen/include/xen/vm_event.h
> > @@ -50,6 +50,7 @@ struct vm_event_domain
> > unsigned int last_vcpu_wake_up;
> > };
> >
> > +#ifdef CONFIG_VM_EVENT
> > /* Returns whether a ring has been set up */ bool
> > vm_event_check_ring(struct vm_event_domain *ved);
> >
> > @@ -68,6 +69,20 @@ bool vm_event_check_ring(struct vm_event_domain
> *ved);
> > */
> > int __vm_event_claim_slot(struct domain *d, struct vm_event_domain *ved,
> > bool allow_sleep);
> > +#else
> > +static inline bool vm_event_check_ring(struct vm_event_domain *ved) {
> > + return false;
> > +}
>
> Which call site is in need of this stub? I was first considering
> mem_paging_enabled(), but MEM_PAGING already now depends on VM_EVENT.
>
It is used in hvm.c to check whether vm_event_share ring is empty. And it has the same problem as the below: whether we support the configuration: VM_EVENT=n and MEM_SHARING=y. I'm not very familiar with it and may need help on it.
If the combination is not supported, I suggest to make MEM_SHARING depend on VM_EVENT, most of the below stubs could be removed.
> > +static inline int __vm_event_claim_slot(struct domain *d,
> > + struct vm_event_domain *ved,
> > + bool allow_sleep) {
> > + return -EOPNOTSUPP;
> > +}
>
> Sadly this looks to be needed when MEM_SHARING=y and VM_EVENT=n.
>
> > @@ -82,23 +97,28 @@ static inline int
> > vm_event_claim_slot_nosleep(struct domain *d,
> >
> > void vm_event_cancel_slot(struct domain *d, struct vm_event_domain
> > *ved);
> >
> > +#ifdef CONFIG_VM_EVENT
> > void vm_event_put_request(struct domain *d, struct vm_event_domain *ved,
> > vm_event_request_t *req);
> >
> > -#ifdef CONFIG_VM_EVENT
> > /* Clean up on domain destruction */
> > void vm_event_cleanup(struct domain *d); int vm_event_domctl(struct
> > domain *d, struct xen_domctl_vm_event_op *vec);
> > +
> > +void vm_event_vcpu_pause(struct vcpu *v);
> > #else /* !CONFIG_VM_EVENT */
> > +static inline void vm_event_put_request(struct domain *d,
> > + struct vm_event_domain *ved,
> > + vm_event_request_t *req) {}
>
> Same here and ...
>
> > static inline void vm_event_cleanup(struct domain *d) {} static
> > inline int vm_event_domctl(struct domain *d,
> > struct xen_domctl_vm_event_op *vec)
> > {
> > return -EOPNOTSUPP;
> > }
> > +static inline void vm_event_vcpu_pause(struct vcpu *v) {};
>
> ... here.
>
> > #endif /* !CONFIG_VM_EVENT */
> >
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
2025-09-11 9:20 ` Penny, Zheng
@ 2025-09-11 9:52 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 9:52 UTC (permalink / raw)
To: Penny, Zheng, Tamas K Lengyel
Cc: Huang, Ray, Andrew Cooper, Roger Pau Monné, Alexandru Isaila,
Petre Pircalabu, Daniel P. Smith, xen-devel@lists.xenproject.org
On 11.09.2025 11:20, Penny, Zheng wrote:
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Wednesday, September 10, 2025 10:57 PM
>>
>> On 10.09.2025 09:38, Penny Zheng wrote:
>>> --- a/xen/include/xen/vm_event.h
>>> +++ b/xen/include/xen/vm_event.h
>>> @@ -50,6 +50,7 @@ struct vm_event_domain
>>> unsigned int last_vcpu_wake_up;
>>> };
>>>
>>> +#ifdef CONFIG_VM_EVENT
>>> /* Returns whether a ring has been set up */ bool
>>> vm_event_check_ring(struct vm_event_domain *ved);
>>>
>>> @@ -68,6 +69,20 @@ bool vm_event_check_ring(struct vm_event_domain
>> *ved);
>>> */
>>> int __vm_event_claim_slot(struct domain *d, struct vm_event_domain *ved,
>>> bool allow_sleep);
>>> +#else
>>> +static inline bool vm_event_check_ring(struct vm_event_domain *ved) {
>>> + return false;
>>> +}
>>
>> Which call site is in need of this stub? I was first considering
>> mem_paging_enabled(), but MEM_PAGING already now depends on VM_EVENT.
>>
>
> It is used in hvm.c to check whether vm_event_share ring is empty. And it has the same problem as the below: whether we support the configuration: VM_EVENT=n and MEM_SHARING=y.
Hmm, yes, I must have overlooked that. This needs to stay, I expect.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
2025-09-10 14:56 ` Jan Beulich
2025-09-11 9:20 ` Penny, Zheng
@ 2025-09-13 23:31 ` Tamas K Lengyel
2025-09-14 14:04 ` Jan Beulich
1 sibling, 1 reply; 102+ messages in thread
From: Tamas K Lengyel @ 2025-09-13 23:31 UTC (permalink / raw)
To: Jan Beulich
Cc: Penny Zheng, ray.huang, Andrew Cooper, Roger Pau Monné,
Alexandru Isaila, Petre Pircalabu, Daniel P. Smith, xen-devel
> > @@ -99,10 +98,40 @@ long p2m_set_mem_access_multi(struct domain *d,
> > int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access,
> > unsigned int altp2m_idx);
> >
> > -#ifdef CONFIG_VM_EVENT
> > int mem_access_memop(unsigned long cmd,
> > XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t) arg);
> > #else
> > +static inline bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
> > + xenmem_access_t xaccess,
> > + p2m_access_t *paccess)
> > +{
> > + return false;
> > +}
>
> So this is needed when VM_EVENT=n and ALTP2M=y. Tamas, is this a configuration
> which makes sense?
Yes, altp2m should be functional without vm_event being enabled. There
could very well be in-guest only use of altp2m via #VE. This function
is used in p2m_init_next_altp2m which means it being stubbed out like
this when vm_event is disabled breaks altp2m.
Tamas
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
2025-09-13 23:31 ` Tamas K Lengyel
@ 2025-09-14 14:04 ` Jan Beulich
2025-09-24 6:39 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-14 14:04 UTC (permalink / raw)
To: Tamas K Lengyel, Penny Zheng
Cc: ray.huang, Andrew Cooper, Roger Pau Monné, Alexandru Isaila,
Petre Pircalabu, Daniel P. Smith, xen-devel
On 14.09.2025 01:31, Tamas K Lengyel wrote:
>>> @@ -99,10 +98,40 @@ long p2m_set_mem_access_multi(struct domain *d,
>>> int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access,
>>> unsigned int altp2m_idx);
>>>
>>> -#ifdef CONFIG_VM_EVENT
>>> int mem_access_memop(unsigned long cmd,
>>> XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t) arg);
>>> #else
>>> +static inline bool xenmem_access_to_p2m_access(const struct p2m_domain *p2m,
>>> + xenmem_access_t xaccess,
>>> + p2m_access_t *paccess)
>>> +{
>>> + return false;
>>> +}
>>
>> So this is needed when VM_EVENT=n and ALTP2M=y. Tamas, is this a configuration
>> which makes sense?
>
> Yes, altp2m should be functional without vm_event being enabled. There
> could very well be in-guest only use of altp2m via #VE. This function
> is used in p2m_init_next_altp2m which means it being stubbed out like
> this when vm_event is disabled breaks altp2m.
Oh, indeed - the stub still needs to handle XENMEM_access_default. Of course
with MEM_ACCESS=n it's not quite clear to me what p2m->default_access ought
to be; imo in principle that field ought to also go away in that case
(becoming hard-coded p2m_access_rwx). While doing that will be a larger
patch, perhaps using the hard-coded value here should be done right away.
Once the code correctly handles MEM_ACCESS=n as an implication from
VM_EVENT=n, it's also questionable whether MEM_ACCESS_ALWAYS_ON should be
retained.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
2025-09-14 14:04 ` Jan Beulich
@ 2025-09-24 6:39 ` Penny, Zheng
2025-09-25 5:45 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-24 6:39 UTC (permalink / raw)
To: Jan Beulich, Tamas K Lengyel
Cc: Huang, Ray, Andrew Cooper, Roger Pau Monné, Alexandru Isaila,
Petre Pircalabu, Daniel P. Smith, xen-devel@lists.xenproject.org
[Public]
Hi,
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Sunday, September 14, 2025 10:04 PM
> To: Tamas K Lengyel <tamas@tklengyel.com>; Penny, Zheng
> <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Roger Pau Monné <roger.pau@citrix.com>;
> Alexandru Isaila <aisaila@bitdefender.com>; Petre Pircalabu
> <ppircalabu@bitdefender.com>; Daniel P. Smith <dpsmith@apertussolutions.com>;
> xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
>
> On 14.09.2025 01:31, Tamas K Lengyel wrote:
> >>> @@ -99,10 +98,40 @@ long p2m_set_mem_access_multi(struct domain *d,
> >>> int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t
> *access,
> >>> unsigned int altp2m_idx);
> >>>
> >>> -#ifdef CONFIG_VM_EVENT
> >>> int mem_access_memop(unsigned long cmd,
> >>> XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t)
> >>> arg); #else
> >>> +static inline bool xenmem_access_to_p2m_access(const struct p2m_domain
> *p2m,
> >>> + xenmem_access_t xaccess,
> >>> + p2m_access_t
> >>> +*paccess) {
> >>> + return false;
> >>> +}
> >>
> >> So this is needed when VM_EVENT=n and ALTP2M=y. Tamas, is this a
> >> configuration which makes sense?
> >
> > Yes, altp2m should be functional without vm_event being enabled. There
> > could very well be in-guest only use of altp2m via #VE. This function
> > is used in p2m_init_next_altp2m which means it being stubbed out like
> > this when vm_event is disabled breaks altp2m.
>
> Oh, indeed - the stub still needs to handle XENMEM_access_default. Of course
> with MEM_ACCESS=n it's not quite clear to me what p2m->default_access ought
> to be; imo in principle that field ought to also go away in that case (becoming hard-
> coded p2m_access_rwx). While doing that will be a larger patch, perhaps using the
> hard-coded value here should be done right away.
>
> Once the code correctly handles MEM_ACCESS=n as an implication from
> VM_EVENT=n, it's also questionable whether MEM_ACCESS_ALWAYS_ON
> should be retained.
>
If we intend to remove MEM_ACCESS_ALWAYS_ON, I suggest to do the following modification on VM_EVENT to still keep y on default on x86:
```
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 7bd8a04730..61d48a5120 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -170,13 +170,10 @@ config HAS_VMAP
config LIBFDT
bool
-config MEM_ACCESS_ALWAYS_ON
- bool
-
config VM_EVENT
- def_bool MEM_ACCESS_ALWAYS_ON
- prompt "Memory Access and VM events" if !MEM_ACCESS_ALWAYS_ON
+ bool "Memory Access and VM events"
depends on HVM
+ default X86
help
Framework to configure memory access types for guests and receive
```
> Jan
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
2025-09-24 6:39 ` Penny, Zheng
@ 2025-09-25 5:45 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-25 5:45 UTC (permalink / raw)
To: Penny, Zheng, Tamas K Lengyel
Cc: Huang, Ray, Andrew Cooper, Roger Pau Monné, Alexandru Isaila,
Petre Pircalabu, Daniel P. Smith, xen-devel@lists.xenproject.org
On 24.09.2025 08:39, Penny, Zheng wrote:
> [Public]
>
> Hi,
>
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Sunday, September 14, 2025 10:04 PM
>> To: Tamas K Lengyel <tamas@tklengyel.com>; Penny, Zheng
>> <penny.zheng@amd.com>
>> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
>> <andrew.cooper3@citrix.com>; Roger Pau Monné <roger.pau@citrix.com>;
>> Alexandru Isaila <aisaila@bitdefender.com>; Petre Pircalabu
>> <ppircalabu@bitdefender.com>; Daniel P. Smith <dpsmith@apertussolutions.com>;
>> xen-devel@lists.xenproject.org
>> Subject: Re: [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT
>>
>> On 14.09.2025 01:31, Tamas K Lengyel wrote:
>>>>> @@ -99,10 +98,40 @@ long p2m_set_mem_access_multi(struct domain *d,
>>>>> int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t
>> *access,
>>>>> unsigned int altp2m_idx);
>>>>>
>>>>> -#ifdef CONFIG_VM_EVENT
>>>>> int mem_access_memop(unsigned long cmd,
>>>>> XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t)
>>>>> arg); #else
>>>>> +static inline bool xenmem_access_to_p2m_access(const struct p2m_domain
>> *p2m,
>>>>> + xenmem_access_t xaccess,
>>>>> + p2m_access_t
>>>>> +*paccess) {
>>>>> + return false;
>>>>> +}
>>>>
>>>> So this is needed when VM_EVENT=n and ALTP2M=y. Tamas, is this a
>>>> configuration which makes sense?
>>>
>>> Yes, altp2m should be functional without vm_event being enabled. There
>>> could very well be in-guest only use of altp2m via #VE. This function
>>> is used in p2m_init_next_altp2m which means it being stubbed out like
>>> this when vm_event is disabled breaks altp2m.
>>
>> Oh, indeed - the stub still needs to handle XENMEM_access_default. Of course
>> with MEM_ACCESS=n it's not quite clear to me what p2m->default_access ought
>> to be; imo in principle that field ought to also go away in that case (becoming hard-
>> coded p2m_access_rwx). While doing that will be a larger patch, perhaps using the
>> hard-coded value here should be done right away.
>>
>> Once the code correctly handles MEM_ACCESS=n as an implication from
>> VM_EVENT=n, it's also questionable whether MEM_ACCESS_ALWAYS_ON
>> should be retained.
>>
>
> If we intend to remove MEM_ACCESS_ALWAYS_ON, I suggest to do the following modification on VM_EVENT to still keep y on default on x86:
> ```
> diff --git a/xen/common/Kconfig b/xen/common/Kconfig
> index 7bd8a04730..61d48a5120 100644
> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -170,13 +170,10 @@ config HAS_VMAP
> config LIBFDT
> bool
>
> -config MEM_ACCESS_ALWAYS_ON
> - bool
> -
> config VM_EVENT
> - def_bool MEM_ACCESS_ALWAYS_ON
> - prompt "Memory Access and VM events" if !MEM_ACCESS_ALWAYS_ON
> + bool "Memory Access and VM events"
> depends on HVM
> + default X86
> help
>
> Framework to configure memory access types for guests and receive
> ```
Yes (at least for the time being; eventually we may want to make this default N
even on x86).
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 05/26] xen/x86: make VM_EVENT depend on CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (3 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 04/26] xen: consolidate CONFIG_VM_EVENT Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 15:06 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT Penny Zheng
` (20 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
VM event could only be enabled/disabled via vm_event domctl-op, so
CONFIG_VM_EVENT shall depend on CONFIG_MGMT_HYPERCALLS
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
xen/common/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index c1571377d3..1aedd00b12 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -176,7 +176,7 @@ config MEM_ACCESS_ALWAYS_ON
config VM_EVENT
def_bool MEM_ACCESS_ALWAYS_ON
prompt "Memory Access and VM events" if !MEM_ACCESS_ALWAYS_ON
- depends on HVM
+ depends on HVM && MGMT_HYPERCALLS
help
Framework to configure memory access types for guests and receive
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 05/26] xen/x86: make VM_EVENT depend on CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 05/26] xen/x86: make VM_EVENT depend on CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 15:06 ` Jan Beulich
2025-09-13 23:21 ` Tamas K Lengyel
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 15:06 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Julien Grall, Roger Pau Monné, Stefano Stabellini, xen-devel,
Tamas K Lengyel
On 10.09.2025 09:38, Penny Zheng wrote:
> VM event could only be enabled/disabled via vm_event domctl-op, so
> CONFIG_VM_EVENT shall depend on CONFIG_MGMT_HYPERCALLS
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Looks plausible to me, so:
Acked-by: Jan Beulich <jbeulich@suse.com>
but really Tamas (now Cc-ed) should also get a chance to express possible
concerns.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 05/26] xen/x86: make VM_EVENT depend on CONFIG_MGMT_HYPERCALLS
2025-09-10 15:06 ` Jan Beulich
@ 2025-09-13 23:21 ` Tamas K Lengyel
0 siblings, 0 replies; 102+ messages in thread
From: Tamas K Lengyel @ 2025-09-13 23:21 UTC (permalink / raw)
To: Jan Beulich
Cc: Penny Zheng, ray.huang, Andrew Cooper, Anthony PERARD,
Michal Orzel, Julien Grall, Roger Pau Monné,
Stefano Stabellini, xen-devel
On Wed, Sep 10, 2025 at 11:06 AM Jan Beulich <jbeulich@suse.com> wrote:
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > VM event could only be enabled/disabled via vm_event domctl-op, so
> > CONFIG_VM_EVENT shall depend on CONFIG_MGMT_HYPERCALLS
> >
> > Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
>
> Looks plausible to me, so:
> Acked-by: Jan Beulich <jbeulich@suse.com>
> but really Tamas (now Cc-ed) should also get a chance to express possible
> concerns.
No concerns, thanks.
Tamas
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (4 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 05/26] xen/x86: make VM_EVENT depend on CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 13:51 ` Jan Beulich
` (2 more replies)
2025-09-10 7:38 ` [PATCH v2 07/26] xen/domctl: wrap domain_pause_by_systemcontroller() with MGMT_HYPERCALLS Penny Zheng
` (19 subsequent siblings)
25 siblings, 3 replies; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel; +Cc: ray.huang, Penny Zheng, Daniel P. Smith
Function xsm_vm_event_control() is only invoked under CONFIG_VM_EVENT, so
it shall be wrapped with it
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- new commit
---
xen/include/xsm/xsm.h | 4 ++--
xen/xsm/dummy.c | 2 +-
xen/xsm/flask/hooks.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 3c960ad909..1e4647f7db 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -155,9 +155,9 @@ struct xsm_ops {
int (*hvm_altp2mhvm_op)(struct domain *d, uint64_t mode, uint32_t op);
int (*get_vnumainfo)(struct domain *d);
+#ifdef CONFIG_VM_EVENT
int (*vm_event_control)(struct domain *d, int mode, int op);
-#ifdef CONFIG_VM_EVENT
int (*mem_access)(struct domain *d);
#endif
@@ -649,13 +649,13 @@ static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d)
return alternative_call(xsm_ops.get_vnumainfo, d);
}
+#ifdef CONFIG_VM_EVENT
static inline int xsm_vm_event_control(
xsm_default_t def, struct domain *d, int mode, int op)
{
return alternative_call(xsm_ops.vm_event_control, d, mode, op);
}
-#ifdef CONFIG_VM_EVENT
static inline int xsm_mem_access(xsm_default_t def, struct domain *d)
{
return alternative_call(xsm_ops.mem_access, d);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index f5483e0709..2c70b979d6 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -115,9 +115,9 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.remove_from_physmap = xsm_remove_from_physmap,
.map_gmfn_foreign = xsm_map_gmfn_foreign,
+#ifdef CONFIG_VM_EVENT
.vm_event_control = xsm_vm_event_control,
-#ifdef CONFIG_VM_EVENT
.mem_access = xsm_mem_access,
#endif
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 21914d3507..ec3880f631 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1365,12 +1365,12 @@ static int cf_check flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint
return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM_OP);
}
+#ifdef CONFIG_VM_EVENT
static int cf_check flask_vm_event_control(struct domain *d, int mode, int op)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__VM_EVENT);
}
-#ifdef CONFIG_VM_EVENT
static int cf_check flask_mem_access(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_ACCESS);
@@ -1967,9 +1967,9 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.do_xsm_op = do_flask_op,
.get_vnumainfo = flask_get_vnumainfo,
+#ifdef CONFIG_VM_EVENT
.vm_event_control = flask_vm_event_control,
-#ifdef CONFIG_VM_EVENT
.mem_access = flask_mem_access,
#endif
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT
2025-09-10 7:38 ` [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT Penny Zheng
@ 2025-09-10 13:51 ` Jan Beulich
2025-09-11 1:37 ` Stefano Stabellini
2025-09-11 2:08 ` Stefano Stabellini
2025-09-11 11:03 ` Jan Beulich
2 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 13:51 UTC (permalink / raw)
To: Penny Zheng; +Cc: ray.huang, Daniel P. Smith, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> Function xsm_vm_event_control() is only invoked under CONFIG_VM_EVENT, so
> it shall be wrapped with it
Isn't this addressing a Misra violation then? Whether it's "unreachable code"
or "dead code" I can't really tell; I don't think I have properly understood
when it is which of the two. (Change looks okay to me, apart from this aspect
of describing it.)
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT
2025-09-10 13:51 ` Jan Beulich
@ 2025-09-11 1:37 ` Stefano Stabellini
0 siblings, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 1:37 UTC (permalink / raw)
To: Jan Beulich; +Cc: Penny Zheng, ray.huang, Daniel P. Smith, xen-devel
On Wed, 10 Sep 2025, Jan Beulich wrote:
> On 10.09.2025 09:38, Penny Zheng wrote:
> > Function xsm_vm_event_control() is only invoked under CONFIG_VM_EVENT, so
> > it shall be wrapped with it
>
> Isn't this addressing a Misra violation then? Whether it's "unreachable code"
> or "dead code" I can't really tell; I don't think I have properly understood
> when it is which of the two. (Change looks okay to me, apart from this aspect
> of describing it.)
It would be "unreachable code". So yes, this patch helps address Rule
2.1.
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT
2025-09-10 7:38 ` [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT Penny Zheng
2025-09-10 13:51 ` Jan Beulich
@ 2025-09-11 2:08 ` Stefano Stabellini
2025-09-11 11:03 ` Jan Beulich
2 siblings, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:08 UTC (permalink / raw)
To: Penny Zheng; +Cc: xen-devel, ray.huang, Daniel P. Smith
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Function xsm_vm_event_control() is only invoked under CONFIG_VM_EVENT, so
> it shall be wrapped with it
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT
2025-09-10 7:38 ` [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT Penny Zheng
2025-09-10 13:51 ` Jan Beulich
2025-09-11 2:08 ` Stefano Stabellini
@ 2025-09-11 11:03 ` Jan Beulich
2 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 11:03 UTC (permalink / raw)
To: Penny Zheng; +Cc: ray.huang, Daniel P. Smith, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> Function xsm_vm_event_control() is only invoked under CONFIG_VM_EVENT, so
> it shall be wrapped with it
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - new commit
> ---
> xen/include/xsm/xsm.h | 4 ++--
> xen/xsm/dummy.c | 2 +-
> xen/xsm/flask/hooks.c | 4 ++--
> 3 files changed, 5 insertions(+), 5 deletions(-)
What about xen/include/xsm/dummy.h?
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 07/26] xen/domctl: wrap domain_pause_by_systemcontroller() with MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (5 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 06/26] xen/xsm: wrap xsm_vm_event_control() with CONFIG_VM_EVENT Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 15:08 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS Penny Zheng
` (18 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
Function domain_pause_by_systemcontroller() is responsible for
XEN_DOMCTL_pausedomain domctl-op, and shall be wrapped around with
CONFIG_MGMT_HYPERCALLS.
Provide transient wrapping around XEN_DOMCTL_pausedomain-case, and it
will be removed on introducing CONFIG_MGMT_HYPERCALLS on the common/domctl.c
in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- provide transient wrapping around XEN_DOMCTL_pausedomain-case
---
xen/common/domain.c | 2 ++
xen/common/domctl.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 775c339285..976172c7d3 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -1606,10 +1606,12 @@ static int _domain_pause_by_systemcontroller(struct domain *d, bool sync)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int domain_pause_by_systemcontroller(struct domain *d)
{
return _domain_pause_by_systemcontroller(d, true /* sync */);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
int domain_pause_by_systemcontroller_nosync(struct domain *d)
{
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 71e712c1f3..0061d7972a 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -390,11 +390,13 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_pausedomain:
ret = -EINVAL;
if ( d != current->domain )
ret = domain_pause_by_systemcontroller(d);
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_unpausedomain:
ret = domain_unpause_by_systemcontroller(d);
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 07/26] xen/domctl: wrap domain_pause_by_systemcontroller() with MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 07/26] xen/domctl: wrap domain_pause_by_systemcontroller() with MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 15:08 ` Jan Beulich
2025-09-24 7:11 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 15:08 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Julien Grall, Roger Pau Monné, Stefano Stabellini, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> --- a/xen/common/domain.c
> +++ b/xen/common/domain.c
> @@ -1606,10 +1606,12 @@ static int _domain_pause_by_systemcontroller(struct domain *d, bool sync)
> return 0;
> }
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> int domain_pause_by_systemcontroller(struct domain *d)
> {
> return _domain_pause_by_systemcontroller(d, true /* sync */);
> }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> int domain_pause_by_systemcontroller_nosync(struct domain *d)
> {
I would have ack-ed this if there was only this part, but ...
> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -390,11 +390,13 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
> break;
> }
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> case XEN_DOMCTL_pausedomain:
> ret = -EINVAL;
> if ( d != current->domain )
> ret = domain_pause_by_systemcontroller(d);
> break;
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> case XEN_DOMCTL_unpausedomain:
> ret = domain_unpause_by_systemcontroller(d);
... as expressed elsewhere I'm not happy about this one, as it'll need
undoing in a later patch of this same series.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 07/26] xen/domctl: wrap domain_pause_by_systemcontroller() with MGMT_HYPERCALLS
2025-09-10 15:08 ` Jan Beulich
@ 2025-09-24 7:11 ` Penny, Zheng
2025-09-25 5:47 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-24 7:11 UTC (permalink / raw)
To: Jan Beulich, Stefano Stabellini
Cc: Huang, Ray, Andrew Cooper, Anthony PERARD, Orzel, Michal,
Julien Grall, Roger Pau Monné,
xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Wednesday, September 10, 2025 11:09 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>;
> Orzel, Michal <Michal.Orzel@amd.com>; Julien Grall <julien@xen.org>; Roger Pau
> Monné <roger.pau@citrix.com>; Stefano Stabellini <sstabellini@kernel.org>; xen-
> devel@lists.xenproject.org
> Subject: Re: [PATCH v2 07/26] xen/domctl: wrap
> domain_pause_by_systemcontroller() with MGMT_HYPERCALLS
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > --- a/xen/common/domain.c
> > +++ b/xen/common/domain.c
> > @@ -1606,10 +1606,12 @@ static int
> _domain_pause_by_systemcontroller(struct domain *d, bool sync)
> > return 0;
> > }
> >
> > +#ifdef CONFIG_MGMT_HYPERCALLS
> > int domain_pause_by_systemcontroller(struct domain *d) {
> > return _domain_pause_by_systemcontroller(d, true /* sync */); }
> > +#endif /* CONFIG_MGMT_HYPERCALLS */
> >
> > int domain_pause_by_systemcontroller_nosync(struct domain *d)
> > {
>
> I would have ack-ed this if there was only this part, but ...
>
> > --- a/xen/common/domctl.c
> > +++ b/xen/common/domctl.c
> > @@ -390,11 +390,13 @@ long
> do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
> > break;
> > }
> >
> > +#ifdef CONFIG_MGMT_HYPERCALLS
> > case XEN_DOMCTL_pausedomain:
> > ret = -EINVAL;
> > if ( d != current->domain )
> > ret = domain_pause_by_systemcontroller(d);
> > break;
> > +#endif /* CONFIG_MGMT_HYPERCALLS */
> >
> > case XEN_DOMCTL_unpausedomain:
> > ret = domain_unpause_by_systemcontroller(d);
>
> ... as expressed elsewhere I'm not happy about this one, as it'll need
> undoing in a later patch of this same series.
>
I shall admit that this kind of stub really helps me test MGMT_HYPERCALLS=n for this big serie commit by commit at the very beginning. Otherwise, it could be only disabled (and tested) in the end, and accumulate the mistakes...
But, as you said, all this transient thing needs to be reversed in the last, and I could accidently missing something and leave dead code...
As CONFIG_SYSCTL is already a prompt option, then maybe I need to raise a new commit to make it as def_bool again only for this patch serie transiently or just address it in " xen/sysctl: replace CONFIG_SYSCTL with CONFIG_MGMT_DOMCTL " ?
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 07/26] xen/domctl: wrap domain_pause_by_systemcontroller() with MGMT_HYPERCALLS
2025-09-24 7:11 ` Penny, Zheng
@ 2025-09-25 5:47 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-25 5:47 UTC (permalink / raw)
To: Penny, Zheng, Stefano Stabellini
Cc: Huang, Ray, Andrew Cooper, Anthony PERARD, Orzel, Michal,
Julien Grall, Roger Pau Monné,
xen-devel@lists.xenproject.org
On 24.09.2025 09:11, Penny, Zheng wrote:
> [Public]
>
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Wednesday, September 10, 2025 11:09 PM
>> To: Penny, Zheng <penny.zheng@amd.com>
>> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
>> <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>;
>> Orzel, Michal <Michal.Orzel@amd.com>; Julien Grall <julien@xen.org>; Roger Pau
>> Monné <roger.pau@citrix.com>; Stefano Stabellini <sstabellini@kernel.org>; xen-
>> devel@lists.xenproject.org
>> Subject: Re: [PATCH v2 07/26] xen/domctl: wrap
>> domain_pause_by_systemcontroller() with MGMT_HYPERCALLS
>>
>> On 10.09.2025 09:38, Penny Zheng wrote:
>>> --- a/xen/common/domain.c
>>> +++ b/xen/common/domain.c
>>> @@ -1606,10 +1606,12 @@ static int
>> _domain_pause_by_systemcontroller(struct domain *d, bool sync)
>>> return 0;
>>> }
>>>
>>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>> int domain_pause_by_systemcontroller(struct domain *d) {
>>> return _domain_pause_by_systemcontroller(d, true /* sync */); }
>>> +#endif /* CONFIG_MGMT_HYPERCALLS */
>>>
>>> int domain_pause_by_systemcontroller_nosync(struct domain *d)
>>> {
>>
>> I would have ack-ed this if there was only this part, but ...
>>
>>> --- a/xen/common/domctl.c
>>> +++ b/xen/common/domctl.c
>>> @@ -390,11 +390,13 @@ long
>> do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
>>> break;
>>> }
>>>
>>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>> case XEN_DOMCTL_pausedomain:
>>> ret = -EINVAL;
>>> if ( d != current->domain )
>>> ret = domain_pause_by_systemcontroller(d);
>>> break;
>>> +#endif /* CONFIG_MGMT_HYPERCALLS */
>>>
>>> case XEN_DOMCTL_unpausedomain:
>>> ret = domain_unpause_by_systemcontroller(d);
>>
>> ... as expressed elsewhere I'm not happy about this one, as it'll need
>> undoing in a later patch of this same series.
>>
>
> I shall admit that this kind of stub really helps me test MGMT_HYPERCALLS=n for this big serie commit by commit at the very beginning. Otherwise, it could be only disabled (and tested) in the end, and accumulate the mistakes...
> But, as you said, all this transient thing needs to be reversed in the last, and I could accidently missing something and leave dead code...
> As CONFIG_SYSCTL is already a prompt option, then maybe I need to raise a new commit to make it as def_bool again only for this patch serie transiently or just address it in " xen/sysctl: replace CONFIG_SYSCTL with CONFIG_MGMT_DOMCTL " ?
Removing the prompt again (whether in a separate patch or in the renaming one I
wouldn't care much) was what I suggested from the very beginning, but which also
is what faced Stefano's opposition.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (6 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 07/26] xen/domctl: wrap domain_pause_by_systemcontroller() with MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 15:13 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 09/26] xen/domctl: wrap domain_resume() " Penny Zheng
` (17 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné,
Christopher Clark, Daniel P. Smith
Function domain_soft_reset() is responsible for domain soft reset domctl-op,
and shall be wrapped with CONFIG_MGMT_HYPERCALLS
Tracking its calling chain, and the following functions shall also be wrapped
with CONFIG_MGMT_HYPERCALLS:
- grant_table_warn_active_grants()
- argo_soft_reset()
- arch_domain_soft_reset()
Wrap XEN_DOMCTL_soft_reset-case transiently with CONFIG_MGMT_HYPERCALLS, and
it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- remove unnessary wrapping in stub.c
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_soft_reset-case transiently
---
xen/arch/arm/domain.c | 2 ++
xen/arch/x86/domain.c | 2 ++
xen/common/argo.c | 2 ++
xen/common/domain.c | 2 ++
xen/common/domctl.c | 2 ++
xen/common/grant_table.c | 2 ++
6 files changed, 12 insertions(+)
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 1a8585d02b..30ff9dac46 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -875,10 +875,12 @@ void arch_domain_unpause(struct domain *d)
{
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int arch_domain_soft_reset(struct domain *d)
{
return -ENOSYS;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void arch_domain_creation_finished(struct domain *d)
{
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 19fd86ce88..5b3c5e8caf 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -1030,6 +1030,7 @@ void arch_domain_unpause(struct domain *d)
viridian_time_domain_thaw(d);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int arch_domain_soft_reset(struct domain *d)
{
struct page_info *page = virt_to_page(d->shared_info), *new_page;
@@ -1131,6 +1132,7 @@ int arch_domain_soft_reset(struct domain *d)
return ret;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void arch_domain_creation_finished(struct domain *d)
{
diff --git a/xen/common/argo.c b/xen/common/argo.c
index cbe8911a43..a451546d57 100644
--- a/xen/common/argo.c
+++ b/xen/common/argo.c
@@ -2351,6 +2351,7 @@ argo_destroy(struct domain *d)
write_unlock(&L1_global_argo_rwlock);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
void
argo_soft_reset(struct domain *d)
{
@@ -2374,3 +2375,4 @@ argo_soft_reset(struct domain *d)
write_unlock(&L1_global_argo_rwlock);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 976172c7d3..678e81b400 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -1689,6 +1689,7 @@ void domain_unpause_except_self(struct domain *d)
domain_unpause(d);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int domain_soft_reset(struct domain *d, bool resuming)
{
struct vcpu *v;
@@ -1726,6 +1727,7 @@ int domain_soft_reset(struct domain *d, bool resuming)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
int vcpu_reset(struct vcpu *v)
{
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 0061d7972a..1c0bfd456e 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -467,6 +467,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_soft_reset:
case XEN_DOMCTL_soft_reset_cont:
if ( d == current->domain ) /* no domain_pause() */
@@ -485,6 +486,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = -EFAULT;
}
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_destroydomain:
ret = domain_kill(d);
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index cf131c43a1..24ef1205c9 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -3962,6 +3962,7 @@ int gnttab_release_mappings(struct domain *d)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
void grant_table_warn_active_grants(struct domain *d)
{
struct grant_table *gt = d->grant_table;
@@ -4006,6 +4007,7 @@ void grant_table_warn_active_grants(struct domain *d)
#undef WARN_GRANT_MAX
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void
grant_table_destroy(
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 15:13 ` Jan Beulich
2025-09-12 7:18 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 15:13 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Stefano Stabellini, Julien Grall, Bertrand Marquis,
Michal Orzel, Volodymyr Babchuk, Andrew Cooper, Anthony PERARD,
Roger Pau Monné, Christopher Clark, Daniel P. Smith,
xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> Function domain_soft_reset() is responsible for domain soft reset domctl-op,
> and shall be wrapped with CONFIG_MGMT_HYPERCALLS
> Tracking its calling chain, and the following functions shall also be wrapped
> with CONFIG_MGMT_HYPERCALLS:
> - grant_table_warn_active_grants()
> - argo_soft_reset()
> - arch_domain_soft_reset()
> Wrap XEN_DOMCTL_soft_reset-case transiently with CONFIG_MGMT_HYPERCALLS, and
> it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
> common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - remove unnessary wrapping in stub.c
> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> - wrap XEN_DOMCTL_soft_reset-case transiently
> ---
> xen/arch/arm/domain.c | 2 ++
> xen/arch/x86/domain.c | 2 ++
What about PPC and RISC-V? They have the function in stubs.c, but not adding
the #ifdef there increases the chance that when the stubs are replaced by
real functions, the intended #ifdef might then be forgotten to add.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* RE: [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS
2025-09-10 15:13 ` Jan Beulich
@ 2025-09-12 7:18 ` Penny, Zheng
2025-09-12 7:34 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-12 7:18 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Stefano Stabellini, Julien Grall, Bertrand Marquis,
Orzel, Michal, Volodymyr Babchuk, Andrew Cooper, Anthony PERARD,
Roger Pau Monné, Christopher Clark, Daniel P. Smith,
xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Wednesday, September 10, 2025 11:14 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
> <sstabellini@kernel.org>; Julien Grall <julien@xen.org>; Bertrand Marquis
> <bertrand.marquis@arm.com>; Orzel, Michal <Michal.Orzel@amd.com>;
> Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>;
> Roger Pau Monné <roger.pau@citrix.com>; Christopher Clark
> <christopher.w.clark@gmail.com>; Daniel P. Smith
> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with
> CONFIG_MGMT_HYPERCALLS
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > Function domain_soft_reset() is responsible for domain soft reset
> > domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS Tracking
> > its calling chain, and the following functions shall also be wrapped
> > with CONFIG_MGMT_HYPERCALLS:
> > - grant_table_warn_active_grants()
> > - argo_soft_reset()
> > - arch_domain_soft_reset()
> > Wrap XEN_DOMCTL_soft_reset-case transiently with
> > CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
> > CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
> >
> > Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> > ---
> > v1 -> v2:
> > - remove unnessary wrapping in stub.c
> > - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> > - wrap XEN_DOMCTL_soft_reset-case transiently
> > ---
> > xen/arch/arm/domain.c | 2 ++
> > xen/arch/x86/domain.c | 2 ++
>
> What about PPC and RISC-V? They have the function in stubs.c, but not adding the
> #ifdef there increases the chance that when the stubs are replaced by real
> functions, the intended #ifdef might then be forgotten to add.
>
As we are addressing concerns on the v1 about editing stubs.c files [1], I removed them all in this patch serie. If they are considered necessary now, I'll add them back in next version
[1] https://lists.xenproject.org/archives/html/xen-devel/2025-08/msg00135.html
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS
2025-09-12 7:18 ` Penny, Zheng
@ 2025-09-12 7:34 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-12 7:34 UTC (permalink / raw)
To: Penny, Zheng
Cc: Huang, Ray, Stefano Stabellini, Julien Grall, Bertrand Marquis,
Orzel, Michal, Volodymyr Babchuk, Andrew Cooper, Anthony PERARD,
Roger Pau Monné, Christopher Clark, Daniel P. Smith,
xen-devel@lists.xenproject.org
On 12.09.2025 09:18, Penny, Zheng wrote:
> [Public]
>
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Wednesday, September 10, 2025 11:14 PM
>> To: Penny, Zheng <penny.zheng@amd.com>
>> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
>> <sstabellini@kernel.org>; Julien Grall <julien@xen.org>; Bertrand Marquis
>> <bertrand.marquis@arm.com>; Orzel, Michal <Michal.Orzel@amd.com>;
>> Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>; Andrew Cooper
>> <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>;
>> Roger Pau Monné <roger.pau@citrix.com>; Christopher Clark
>> <christopher.w.clark@gmail.com>; Daniel P. Smith
>> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org
>> Subject: Re: [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with
>> CONFIG_MGMT_HYPERCALLS
>>
>> On 10.09.2025 09:38, Penny Zheng wrote:
>>> Function domain_soft_reset() is responsible for domain soft reset
>>> domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS Tracking
>>> its calling chain, and the following functions shall also be wrapped
>>> with CONFIG_MGMT_HYPERCALLS:
>>> - grant_table_warn_active_grants()
>>> - argo_soft_reset()
>>> - arch_domain_soft_reset()
>>> Wrap XEN_DOMCTL_soft_reset-case transiently with
>>> CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
>>> CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
>>>
>>> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
>>> ---
>>> v1 -> v2:
>>> - remove unnessary wrapping in stub.c
>>> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
>>> - wrap XEN_DOMCTL_soft_reset-case transiently
>>> ---
>>> xen/arch/arm/domain.c | 2 ++
>>> xen/arch/x86/domain.c | 2 ++
>>
>> What about PPC and RISC-V? They have the function in stubs.c, but not adding the
>> #ifdef there increases the chance that when the stubs are replaced by real
>> functions, the intended #ifdef might then be forgotten to add.
>
> As we are addressing concerns on the v1 about editing stubs.c files [1], I removed them all in this patch serie. If they are considered necessary now, I'll add them back in next version
> [1] https://lists.xenproject.org/archives/html/xen-devel/2025-08/msg00135.html
Hmm, looks like I changed my perspective, previously not having taken into account
the aspect mentioned above. I'm sorry for the back and forth. And yes, it is on
the edge, seeing also what Stefano said. I guess I should say "okay either way,
with (now) a slight preference to also adding the #ifdef-s there".
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 09/26] xen/domctl: wrap domain_resume() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (7 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 08/26] xen/domctl: wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:27 ` Stefano Stabellini
2025-09-10 7:38 ` [PATCH v2 10/26] xen/domctl: wrap domain_kill() " Penny Zheng
` (16 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
One usage of function domain_resume() is in domain resume domctl-op, and
the other is in domain_soft_reset(), which is already guarded with
CONFIG_MGMT_HYPERCALLS.
So we could wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS.
Wrap XEN_DOMCTL_resumedomain-case transiently with CONFIG_MGMT_HYPERCALLS, and
it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- new commit
---
xen/common/domain.c | 2 ++
xen/common/domctl.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 678e81b400..34e2e501dc 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -1351,6 +1351,7 @@ int domain_shutdown(struct domain *d, u8 reason)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
void domain_resume(struct domain *d)
{
struct vcpu *v;
@@ -1377,6 +1378,7 @@ void domain_resume(struct domain *d)
domain_unpause(d);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
int vcpu_start_shutdown_deferral(struct vcpu *v)
{
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 1c0bfd456e..278a00b141 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -402,12 +402,14 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = domain_unpause_by_systemcontroller(d);
break;
+#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_resumedomain:
if ( d == current->domain ) /* no domain_pause() */
ret = -EINVAL;
else
domain_resume(d);
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_createdomain:
{
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 09/26] xen/domctl: wrap domain_resume() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 09/26] xen/domctl: wrap domain_resume() " Penny Zheng
@ 2025-09-11 2:27 ` Stefano Stabellini
0 siblings, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:27 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
On Wed, 10 Sep 2025, Penny Zheng wrote:
> One usage of function domain_resume() is in domain resume domctl-op, and
> the other is in domain_soft_reset(), which is already guarded with
> CONFIG_MGMT_HYPERCALLS.
> So we could wrap domain_soft_reset() with CONFIG_MGMT_HYPERCALLS.
>
> Wrap XEN_DOMCTL_resumedomain-case transiently with CONFIG_MGMT_HYPERCALLS, and
> it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
> common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 10/26] xen/domctl: wrap domain_kill() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (8 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 09/26] xen/domctl: wrap domain_resume() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:29 ` Stefano Stabellini
2025-09-10 7:38 ` [PATCH v2 11/26] xen/domctl: wrap domain_set_node_affinity() " Penny Zheng
` (15 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné,
Tamas K Lengyel
Function domain_kill() is responsible for killing domain and relinquish
domain-held resources. and it is only invoked under
XEN_DOMCTL_destroydomain-case. So it shall be wrapped with
CONFIG_MGMT_HYPERCALLS.
Tracking its calling chain, the following functions could also be wrapped with
CONFIG_MGMT_HYPERCALLS:
- domain_relinquish_resource
- pci_release_device
- relinquish_shared_pages
- paging_teardown
- p2m_pod_empty_cache
- relinquish_memory
- pit_deinit
- iommu_release_dt_devices
- tee_relinquish_resources
- ffa_relinquish_resources/optee_relinquish_resources
- relinquish_p2m_mapping
- p2m_clear_root_pages
Wrap XEN_DOMCTL_destroydomain-case transiently with CONFIG_MGMT_HYPERCALLS,
and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_destroydomain-case transiently
---
xen/arch/arm/domain.c | 3 +++
xen/arch/arm/include/asm/tee/tee.h | 2 ++
xen/arch/arm/mmu/p2m.c | 4 ++++
xen/arch/arm/mpu/p2m.c | 2 ++
xen/arch/arm/tee/ffa.c | 4 ++++
xen/arch/arm/tee/optee.c | 4 ++++
xen/arch/arm/tee/tee.c | 2 ++
xen/arch/x86/domain.c | 2 ++
xen/arch/x86/emul-i8254.c | 2 ++
xen/arch/x86/mm/mem_sharing.c | 2 ++
xen/arch/x86/mm/p2m-pod.c | 2 ++
xen/arch/x86/mm/p2m.c | 2 ++
xen/arch/x86/mm/paging.c | 2 ++
xen/common/domain.c | 2 ++
xen/common/domctl.c | 2 +-
xen/drivers/passthrough/device_tree.c | 2 ++
xen/drivers/passthrough/pci.c | 2 ++
17 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 30ff9dac46..3e7f40ab01 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -995,6 +995,7 @@ int arch_vcpu_reset(struct vcpu *v)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int relinquish_memory(struct domain *d, struct page_list_head *list)
{
struct page_info *page, *tmp;
@@ -1145,6 +1146,8 @@ int domain_relinquish_resources(struct domain *d)
#undef PROGRESS
+#endif /* CONFIG_MGMT_HYPERCALLS */
+
void arch_dump_domain_info(struct domain *d)
{
p2m_dump_info(d);
diff --git a/xen/arch/arm/include/asm/tee/tee.h b/xen/arch/arm/include/asm/tee/tee.h
index 15d664e28d..f4187c5dc3 100644
--- a/xen/arch/arm/include/asm/tee/tee.h
+++ b/xen/arch/arm/include/asm/tee/tee.h
@@ -40,12 +40,14 @@ struct tee_mediator_ops {
int (*domain_teardown)(struct domain *d);
void (*free_domain_ctx)(struct domain *d);
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* Called during domain destruction to relinquish resources used
* by mediator itself. This function can return -ERESTART to indicate
* that it does not finished work and should be called again.
*/
int (*relinquish_resources)(struct domain *d);
+#endif
/* Handle SMCCC call for current domain. */
bool (*handle_call)(struct cpu_user_regs *regs);
diff --git a/xen/arch/arm/mmu/p2m.c b/xen/arch/arm/mmu/p2m.c
index 51abf3504f..30d6071e91 100644
--- a/xen/arch/arm/mmu/p2m.c
+++ b/xen/arch/arm/mmu/p2m.c
@@ -1243,6 +1243,7 @@ static void p2m_invalidate_table(struct p2m_domain *p2m, mfn_t mfn)
p2m->need_flush = true;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* The domain will not be scheduled anymore, so in theory we should
* not need to flush the TLBs. Do it for safety purpose.
@@ -1262,6 +1263,7 @@ void p2m_clear_root_pages(struct p2m_domain *p2m)
p2m_write_unlock(p2m);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Invalidate all entries in the root page-tables. This is
@@ -1556,6 +1558,7 @@ int p2m_init(struct domain *d)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* The function will go through the p2m and remove page reference when it
* is required. The mapping will be removed from the p2m.
@@ -1626,6 +1629,7 @@ int relinquish_p2m_mapping(struct domain *d)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Clean & invalidate RAM associated to the guest vCPU.
diff --git a/xen/arch/arm/mpu/p2m.c b/xen/arch/arm/mpu/p2m.c
index f7fb58ab6a..c44297a9e3 100644
--- a/xen/arch/arm/mpu/p2m.c
+++ b/xen/arch/arm/mpu/p2m.c
@@ -57,10 +57,12 @@ bool p2m_resolve_translation_fault(struct domain *d, gfn_t gfn)
void p2m_flush_vm(struct vcpu *v) {}
+#ifdef CONFIG_MGMT_HYPERCALLS
int relinquish_p2m_mapping(struct domain *d)
{
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void p2m_domain_creation_finished(struct domain *d) {}
diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
index 1d0239cf69..f9ba9b60bf 100644
--- a/xen/arch/arm/tee/ffa.c
+++ b/xen/arch/arm/tee/ffa.c
@@ -469,10 +469,12 @@ static void ffa_free_domain_ctx(struct domain *d)
XFREE(d->arch.tee);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int ffa_relinquish_resources(struct domain *d)
{
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void ffa_init_secondary(void)
{
@@ -623,7 +625,9 @@ static const struct tee_mediator_ops ffa_ops =
.domain_init = ffa_domain_init,
.domain_teardown = ffa_domain_teardown,
.free_domain_ctx = ffa_free_domain_ctx,
+#ifdef CONFIG_MGMT_HYPERCALLS
.relinquish_resources = ffa_relinquish_resources,
+#endif
.handle_call = ffa_handle_call,
};
diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
index 5151bd90ed..1ed0fd231d 100644
--- a/xen/arch/arm/tee/optee.c
+++ b/xen/arch/arm/tee/optee.c
@@ -632,6 +632,7 @@ static void free_optee_shm_buf_pg_list(struct optee_domain *ctx,
cookie);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int optee_relinquish_resources(struct domain *d)
{
struct arm_smccc_res resp;
@@ -693,6 +694,7 @@ static int optee_relinquish_resources(struct domain *d)
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
#define PAGELIST_ENTRIES_PER_PAGE \
((OPTEE_MSG_NONCONTIG_PAGE_SIZE / sizeof(u64)) - 1)
@@ -1727,7 +1729,9 @@ static const struct tee_mediator_ops optee_ops =
.probe = optee_probe,
.domain_init = optee_domain_init,
.domain_teardown = optee_domain_teardown,
+#ifdef CONFIG_MGMT_HYPERCALLS
.relinquish_resources = optee_relinquish_resources,
+#endif
.handle_call = optee_handle_call,
};
diff --git a/xen/arch/arm/tee/tee.c b/xen/arch/arm/tee/tee.c
index 8501443c8e..a8e160700f 100644
--- a/xen/arch/arm/tee/tee.c
+++ b/xen/arch/arm/tee/tee.c
@@ -65,6 +65,7 @@ int tee_domain_teardown(struct domain *d)
return cur_mediator->ops->domain_teardown(d);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int tee_relinquish_resources(struct domain *d)
{
if ( !cur_mediator )
@@ -72,6 +73,7 @@ int tee_relinquish_resources(struct domain *d)
return cur_mediator->ops->relinquish_resources(d);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
uint16_t tee_get_type(void)
{
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 5b3c5e8caf..314de75d8e 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -2298,6 +2298,7 @@ void sync_vcpu_execstate(struct vcpu *v)
read_atomic(&v->dirty_cpu) != dirty_cpu);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int relinquish_memory(
struct domain *d, struct page_list_head *list, unsigned long type)
{
@@ -2622,6 +2623,7 @@ int domain_relinquish_resources(struct domain *d)
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void arch_dump_domain_info(struct domain *d)
{
diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c
index 144aa168a3..f106ab794c 100644
--- a/xen/arch/x86/emul-i8254.c
+++ b/xen/arch/x86/emul-i8254.c
@@ -651,6 +651,7 @@ void pit_init(struct domain *d)
pit_reset(d);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
void pit_deinit(struct domain *d)
{
PITState *pit = domain_vpit(d);
@@ -664,6 +665,7 @@ void pit_deinit(struct domain *d)
destroy_periodic_time(&pit->pt0);
}
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Local variables:
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 4787b27964..d7cbf2047b 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -1393,6 +1393,7 @@ int __mem_sharing_unshare_page(struct domain *d,
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int relinquish_shared_pages(struct domain *d)
{
int rc = 0;
@@ -1449,6 +1450,7 @@ int relinquish_shared_pages(struct domain *d)
p2m_unlock(p2m);
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int range_share(struct domain *d, struct domain *cd,
struct mem_sharing_op_range *range)
diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c
index 05633fe2ac..4e915808f4 100644
--- a/xen/arch/x86/mm/p2m-pod.c
+++ b/xen/arch/x86/mm/p2m-pod.c
@@ -366,6 +366,7 @@ void p2m_pod_get_mem_target(const struct domain *d, xen_pod_target_t *target)
pod_unlock(p2m);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int p2m_pod_empty_cache(struct domain *d)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d);
@@ -409,6 +410,7 @@ int p2m_pod_empty_cache(struct domain *d)
unlock_page_alloc(p2m);
return p2m->pod.count ? -ERESTART : 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
int
p2m_pod_offline_or_broken_hit(struct page_info *p)
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index e2a00a0efd..c1a87cde27 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2097,6 +2097,7 @@ int xenmem_add_to_physmap_one(
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* Remove foreign mappings from the p2m, as that drops the page reference taken
* when mapped.
@@ -2160,6 +2161,7 @@ int relinquish_p2m_mapping(struct domain *d)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void p2m_log_dirty_range(struct domain *d, unsigned long begin_pfn,
unsigned long nr, uint8_t *dirty_bitmap)
diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index 65455a6867..116389d4e9 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -768,6 +768,7 @@ void paging_vcpu_teardown(struct vcpu *v)
shadow_vcpu_teardown(v);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
/* Call when destroying a domain */
int paging_teardown(struct domain *d)
{
@@ -794,6 +795,7 @@ int paging_teardown(struct domain *d)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/* Call once all of the references to the domain have gone away */
void paging_final_teardown(struct domain *d)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 34e2e501dc..5d81ab3045 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -1230,6 +1230,7 @@ int rcu_lock_live_remote_domain_by_id(domid_t dom, struct domain **d)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int domain_kill(struct domain *d)
{
int rc = 0;
@@ -1280,6 +1281,7 @@ int domain_kill(struct domain *d)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void __domain_crash(struct domain *d)
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 278a00b141..0f20e8941b 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -488,7 +488,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = -EFAULT;
}
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_destroydomain:
ret = domain_kill(d);
@@ -496,6 +495,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = hypercall_create_continuation(
__HYPERVISOR_domctl, "h", u_domctl);
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_setnodeaffinity:
{
diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c
index f5850a2607..015ffa15d4 100644
--- a/xen/drivers/passthrough/device_tree.c
+++ b/xen/drivers/passthrough/device_tree.c
@@ -108,6 +108,7 @@ int iommu_dt_domain_init(struct domain *d)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int iommu_release_dt_devices(struct domain *d)
{
const struct domain_iommu *hd = dom_iommu(d);
@@ -136,6 +137,7 @@ int iommu_release_dt_devices(struct domain *d)
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int iommu_dt_xlate(struct device *dev,
const struct dt_phandle_args *iommu_spec,
diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c
index 3edcfa8a04..cd855108c2 100644
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -945,6 +945,7 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus,
return ret;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int pci_release_devices(struct domain *d)
{
int combined_ret;
@@ -1003,6 +1004,7 @@ int pci_release_devices(struct domain *d)
return combined_ret;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
#define PCI_CLASS_BRIDGE_HOST 0x0600
#define PCI_CLASS_BRIDGE_PCI 0x0604
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 10/26] xen/domctl: wrap domain_kill() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 10/26] xen/domctl: wrap domain_kill() " Penny Zheng
@ 2025-09-11 2:29 ` Stefano Stabellini
0 siblings, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:29 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné,
Tamas K Lengyel
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Function domain_kill() is responsible for killing domain and relinquish
> domain-held resources. and it is only invoked under
> XEN_DOMCTL_destroydomain-case. So it shall be wrapped with
> CONFIG_MGMT_HYPERCALLS.
> Tracking its calling chain, the following functions could also be wrapped with
> CONFIG_MGMT_HYPERCALLS:
> - domain_relinquish_resource
> - pci_release_device
> - relinquish_shared_pages
> - paging_teardown
> - p2m_pod_empty_cache
> - relinquish_memory
> - pit_deinit
> - iommu_release_dt_devices
> - tee_relinquish_resources
> - ffa_relinquish_resources/optee_relinquish_resources
> - relinquish_p2m_mapping
> - p2m_clear_root_pages
> Wrap XEN_DOMCTL_destroydomain-case transiently with CONFIG_MGMT_HYPERCALLS,
> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
> common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
There are RISC-V and PPC functions we could #ifdef out, although they are
only stubs. Given that:
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 11/26] xen/domctl: wrap domain_set_node_affinity() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (9 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 10/26] xen/domctl: wrap domain_kill() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:29 ` Stefano Stabellini
2025-09-10 7:38 ` [PATCH v2 12/26] xen/domctl: wrap vcpu_affinity_domctl() " Penny Zheng
` (14 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
Function domain_set_node_affinity() is responsible for
XEN_DOMCTL_setnodeaffinity domctl-op, and shall be wrapped with
CONFIG_MGMT_HYPERCALLS
Wrap XEN_DOMCTL_setnodeaffinity-case and xenctl_bitmap_to_nodemask()
transiently with CONFIG_MGMT_HYPERCALLS, and it will be removed when
introducing CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_setnodeaffinity-case and xenctl_bitmap_to_nodemask()
transiently
---
xen/common/domain.c | 2 ++
xen/common/domctl.c | 4 +++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 5d81ab3045..6778dc388c 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -1105,6 +1105,7 @@ void __init setup_system_domains(void)
#endif
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int domain_set_node_affinity(struct domain *d, const nodemask_t *affinity)
{
/* Being disjoint with the system is just wrong. */
@@ -1133,6 +1134,7 @@ out:
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/* rcu_read_lock(&domlist_read_lock) must be held. */
static struct domain *domid_to_domain(domid_t dom)
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 0f20e8941b..fb6fe90888 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -44,12 +44,14 @@ static int nodemask_to_xenctl_bitmap(struct xenctl_bitmap *xenctl_nodemap,
MAX_NUMNODES);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int xenctl_bitmap_to_nodemask(nodemask_t *nodemask,
const struct xenctl_bitmap *xenctl_nodemap)
{
return xenctl_bitmap_to_bitmap(nodemask_bits(nodemask), xenctl_nodemap,
MAX_NUMNODES);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
{
@@ -495,7 +497,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = hypercall_create_continuation(
__HYPERVISOR_domctl, "h", u_domctl);
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_setnodeaffinity:
{
@@ -507,6 +508,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = domain_set_node_affinity(d, &new_affinity);
break;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_getnodeaffinity:
ret = nodemask_to_xenctl_bitmap(&op->u.nodeaffinity.nodemap,
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 11/26] xen/domctl: wrap domain_set_node_affinity() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 11/26] xen/domctl: wrap domain_set_node_affinity() " Penny Zheng
@ 2025-09-11 2:29 ` Stefano Stabellini
0 siblings, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:29 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Function domain_set_node_affinity() is responsible for
> XEN_DOMCTL_setnodeaffinity domctl-op, and shall be wrapped with
> CONFIG_MGMT_HYPERCALLS
> Wrap XEN_DOMCTL_setnodeaffinity-case and xenctl_bitmap_to_nodemask()
> transiently with CONFIG_MGMT_HYPERCALLS, and it will be removed when
> introducing CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 12/26] xen/domctl: wrap vcpu_affinity_domctl() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (10 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 11/26] xen/domctl: wrap domain_set_node_affinity() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 15:52 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 13/26] xen/domctl: wrap sched_adjust() " Penny Zheng
` (13 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini, Dario Faggioli, Juergen Gross, George Dunlap
Function vcpu_affinity_domctl() is responsible for
XEN_DOMCTL_{getvcpuaffinity,setvcpuaffinity} domctl-op, and shall be
wrapped with CONFIG_MGMT_HYPERCALLS.
Tracking its calling chain, the following function shall be wrapped with
CONFIG_MGMT_HYPERCALLS too:
- vcpu_set_soft_affinity
Wrap XEN_DOMCTL_{getvcpuaffinity,setvcpuaffinity}-case transiently with
CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_{getvcpuaffinity,setvcpuaffinity}-case transiently
---
xen/common/domctl.c | 2 ++
xen/common/sched/core.c | 4 ++++
2 files changed, 6 insertions(+)
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index fb6fe90888..4a35c17060 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -515,10 +515,12 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
&d->node_affinity);
break;
+#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_setvcpuaffinity:
case XEN_DOMCTL_getvcpuaffinity:
ret = vcpu_affinity_domctl(d, op->cmd, &op->u.vcpuaffinity);
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_scheduler_op:
ret = sched_adjust(d, &op->u.scheduler_op);
diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c
index a0faddcb92..69972147db 100644
--- a/xen/common/sched/core.c
+++ b/xen/common/sched/core.c
@@ -1402,10 +1402,12 @@ int vcpu_set_hard_affinity(struct vcpu *v, const cpumask_t *affinity)
return vcpu_set_affinity(v, affinity, v->sched_unit->cpu_hard_affinity);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int vcpu_set_soft_affinity(struct vcpu *v, const cpumask_t *affinity)
{
return vcpu_set_affinity(v, affinity, v->sched_unit->cpu_soft_affinity);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/* Block the currently-executing domain until a pertinent event occurs. */
void vcpu_block(void)
@@ -1693,6 +1695,7 @@ int vcpuaffinity_params_invalid(const struct xen_domctl_vcpuaffinity *vcpuaff)
guest_handle_is_null(vcpuaff->cpumap_soft.bitmap));
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int vcpu_affinity_domctl(struct domain *d, uint32_t cmd,
struct xen_domctl_vcpuaffinity *vcpuaff)
{
@@ -1802,6 +1805,7 @@ int vcpu_affinity_domctl(struct domain *d, uint32_t cmd,
return ret;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
bool alloc_affinity_masks(struct affinity_masks *affinity)
{
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 12/26] xen/domctl: wrap vcpu_affinity_domctl() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 12/26] xen/domctl: wrap vcpu_affinity_domctl() " Penny Zheng
@ 2025-09-10 15:52 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 15:52 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Julien Grall, Roger Pau Monné, Stefano Stabellini,
Dario Faggioli, Juergen Gross, George Dunlap, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> --- a/xen/common/sched/core.c
> +++ b/xen/common/sched/core.c
> @@ -1402,10 +1402,12 @@ int vcpu_set_hard_affinity(struct vcpu *v, const cpumask_t *affinity)
> return vcpu_set_affinity(v, affinity, v->sched_unit->cpu_hard_affinity);
> }
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> static int vcpu_set_soft_affinity(struct vcpu *v, const cpumask_t *affinity)
> {
> return vcpu_set_affinity(v, affinity, v->sched_unit->cpu_soft_affinity);
> }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
Again preferable to get away with just a single #ifdef (i.e. ...
> @@ -1693,6 +1695,7 @@ int vcpuaffinity_params_invalid(const struct xen_domctl_vcpuaffinity *vcpuaff)
> guest_handle_is_null(vcpuaff->cpumap_soft.bitmap));
> }
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
... this one) here. In fact I question the value of the helper: It has
a single caller, so what the helper does could easily be expanded at
the sole call site ...
> int vcpu_affinity_domctl(struct domain *d, uint32_t cmd,
> struct xen_domctl_vcpuaffinity *vcpuaff)
> {
... below from here.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 13/26] xen/domctl: wrap sched_adjust() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (11 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 12/26] xen/domctl: wrap vcpu_affinity_domctl() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:30 ` Stefano Stabellini
2025-09-11 10:42 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 14/26] xen/domctl: wrap arch-specific arch_get_info_guest() " Penny Zheng
` (12 subsequent siblings)
25 siblings, 2 replies; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel, xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini, Nathan Studer, Stewart Hildebrand,
Dario Faggioli, Juergen Gross, George Dunlap, Meng Xu,
Daniel P. Smith
Function sched_adjust() is responsible for XEN_DOMCTL_scheduler_op domctl-op,
so it could be wrapped with CONFIG_MGMT_HYPERCALLS.
Tracing its calling chain, the following functions shall be wrapped with
CONFIG_MGMT_HYPERCALLS too:
- sched_adjust_dom()
- scheduler-specific .adjust() callback
- xsm_sysctl_scheduler_op()
Wrap XEN_DOMCTL_scheduler_op-case transiently with CONFIG_MGMT_HYPERCALLS,
and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_scheduler_op-case transiently
---
xen/common/domctl.c | 2 +-
xen/common/sched/arinc653.c | 2 +-
xen/common/sched/core.c | 2 --
xen/common/sched/credit.c | 4 ++++
xen/common/sched/credit2.c | 4 ++++
xen/common/sched/private.h | 4 +++-
xen/common/sched/rt.c | 4 ++++
xen/include/xsm/xsm.h | 4 ++--
xen/xsm/dummy.c | 2 +-
xen/xsm/flask/hooks.c | 4 ++--
10 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 4a35c17060..6660f13e9e 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -520,12 +520,12 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
case XEN_DOMCTL_getvcpuaffinity:
ret = vcpu_affinity_domctl(d, op->cmd, &op->u.vcpuaffinity);
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_scheduler_op:
ret = sched_adjust(d, &op->u.scheduler_op);
copyback = 1;
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_getdomaininfo:
ret = xsm_getdomaininfo(XSM_XS_PRIV, d);
diff --git a/xen/common/sched/arinc653.c b/xen/common/sched/arinc653.c
index 7d6c40d800..484591a977 100644
--- a/xen/common/sched/arinc653.c
+++ b/xen/common/sched/arinc653.c
@@ -735,8 +735,8 @@ static const struct scheduler sched_arinc653_def = {
.switch_sched = a653_switch_sched,
- .adjust = NULL,
#ifdef CONFIG_MGMT_HYPERCALLS
+ .adjust = NULL,
.adjust_global = a653sched_adjust_global,
#endif
diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c
index 69972147db..8a3251ce5f 100644
--- a/xen/common/sched/core.c
+++ b/xen/common/sched/core.c
@@ -2078,7 +2078,6 @@ int scheduler_id(void)
{
return operations.sched_id;
}
-#endif
/* Adjust scheduling parameter for a given domain. */
long sched_adjust(struct domain *d, struct xen_domctl_scheduler_op *op)
@@ -2115,7 +2114,6 @@ long sched_adjust(struct domain *d, struct xen_domctl_scheduler_op *op)
return ret;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
long sched_adjust_global(struct xen_sysctl_scheduler_op *op)
{
struct cpupool *pool;
diff --git a/xen/common/sched/credit.c b/xen/common/sched/credit.c
index 0cbec2a9c0..da57350cae 100644
--- a/xen/common/sched/credit.c
+++ b/xen/common/sched/credit.c
@@ -1183,6 +1183,7 @@ csched_unit_yield(const struct scheduler *ops, struct sched_unit *unit)
set_bit(CSCHED_FLAG_UNIT_YIELD, &svc->flags);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check
csched_dom_cntl(
const struct scheduler *ops,
@@ -1227,6 +1228,7 @@ csched_dom_cntl(
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void cf_check
csched_aff_cntl(const struct scheduler *ops, struct sched_unit *unit,
@@ -2288,7 +2290,9 @@ static const struct scheduler sched_credit_def = {
.wake = csched_unit_wake,
.yield = csched_unit_yield,
+#ifdef CONFIG_MGMT_HYPERCALLS
.adjust = csched_dom_cntl,
+#endif
.adjust_affinity= csched_aff_cntl,
#ifdef CONFIG_MGMT_HYPERCALLS
.adjust_global = csched_sys_cntl,
diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c
index 307e63ebd8..73df429b42 100644
--- a/xen/common/sched/credit2.c
+++ b/xen/common/sched/credit2.c
@@ -2909,6 +2909,7 @@ static void cf_check csched2_unit_migrate(
sched_set_res(unit, get_sched_res(new_cpu));
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check
csched2_dom_cntl(
const struct scheduler *ops,
@@ -3114,6 +3115,7 @@ csched2_dom_cntl(
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void cf_check
csched2_aff_cntl(const struct scheduler *ops, struct sched_unit *unit,
@@ -4246,7 +4248,9 @@ static const struct scheduler sched_credit2_def = {
.wake = csched2_unit_wake,
.yield = csched2_unit_yield,
+#ifdef CONFIG_MGMT_HYPERCALLS
.adjust = csched2_dom_cntl,
+#endif
.adjust_affinity= csched2_aff_cntl,
#ifdef CONFIG_MGMT_HYPERCALLS
.adjust_global = csched2_sys_cntl,
diff --git a/xen/common/sched/private.h b/xen/common/sched/private.h
index b7ff67200b..15e69f5c2d 100644
--- a/xen/common/sched/private.h
+++ b/xen/common/sched/private.h
@@ -349,9 +349,11 @@ struct scheduler {
void (*migrate) (const struct scheduler *ops,
struct sched_unit *unit,
unsigned int new_cpu);
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*adjust) (const struct scheduler *ops,
struct domain *d,
struct xen_domctl_scheduler_op *op);
+#endif
void (*adjust_affinity)(const struct scheduler *ops,
struct sched_unit *unit,
const struct cpumask *hard,
@@ -506,13 +508,13 @@ static inline void sched_adjust_affinity(const struct scheduler *s,
s->adjust_affinity(s, unit, hard, soft);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int sched_adjust_dom(const struct scheduler *s, struct domain *d,
struct xen_domctl_scheduler_op *op)
{
return s->adjust ? s->adjust(s, d, op) : 0;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static inline int sched_adjust_cpupool(const struct scheduler *s,
struct xen_sysctl_scheduler_op *op)
{
diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c
index 7b1f64a779..a42040b259 100644
--- a/xen/common/sched/rt.c
+++ b/xen/common/sched/rt.c
@@ -1362,6 +1362,7 @@ out:
unit_schedule_unlock_irq(lock, unit);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* set/get each unit info of each domain
*/
@@ -1471,6 +1472,7 @@ rt_dom_cntl(
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* The replenishment timer handler picks units
@@ -1572,7 +1574,9 @@ static const struct scheduler sched_rtds_def = {
.insert_unit = rt_unit_insert,
.remove_unit = rt_unit_remove,
+#ifdef CONFIG_MGMT_HYPERCALLS
.adjust = rt_dom_cntl,
+#endif
.pick_resource = rt_res_pick,
.do_schedule = rt_schedule,
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 1e4647f7db..4d332ceca2 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -56,8 +56,8 @@ struct xsm_ops {
struct xen_domctl_getdomaininfo *info);
int (*domain_create)(struct domain *d, uint32_t ssidref);
int (*getdomaininfo)(struct domain *d);
- int (*domctl_scheduler_op)(struct domain *d, int op);
#ifdef CONFIG_MGMT_HYPERCALLS
+ int (*domctl_scheduler_op)(struct domain *d, int op);
int (*sysctl_scheduler_op)(int op);
#endif
int (*set_target)(struct domain *d, struct domain *e);
@@ -240,13 +240,13 @@ static inline int xsm_get_domain_state(xsm_default_t def, struct domain *d)
return alternative_call(xsm_ops.get_domain_state, d);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int xsm_domctl_scheduler_op(
xsm_default_t def, struct domain *d, int cmd)
{
return alternative_call(xsm_ops.domctl_scheduler_op, d, cmd);
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
{
return alternative_call(xsm_ops.sysctl_scheduler_op, cmd);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 2c70b979d6..2c878999a3 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -18,8 +18,8 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.security_domaininfo = xsm_security_domaininfo,
.domain_create = xsm_domain_create,
.getdomaininfo = xsm_getdomaininfo,
- .domctl_scheduler_op = xsm_domctl_scheduler_op,
#ifdef CONFIG_MGMT_HYPERCALLS
+ .domctl_scheduler_op = xsm_domctl_scheduler_op,
.sysctl_scheduler_op = xsm_sysctl_scheduler_op,
#endif
.set_target = xsm_set_target,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index ec3880f631..e8a4deb2ea 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -609,6 +609,7 @@ static int cf_check flask_getdomaininfo(struct domain *d)
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_domctl_scheduler_op(struct domain *d, int op)
{
switch ( op )
@@ -626,7 +627,6 @@ static int cf_check flask_domctl_scheduler_op(struct domain *d, int op)
}
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_sysctl_scheduler_op(int op)
{
switch ( op )
@@ -1888,8 +1888,8 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.security_domaininfo = flask_security_domaininfo,
.domain_create = flask_domain_create,
.getdomaininfo = flask_getdomaininfo,
- .domctl_scheduler_op = flask_domctl_scheduler_op,
#ifdef CONFIG_MGMT_HYPERCALLS
+ .domctl_scheduler_op = flask_domctl_scheduler_op,
.sysctl_scheduler_op = flask_sysctl_scheduler_op,
#endif
.set_target = flask_set_target,
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 13/26] xen/domctl: wrap sched_adjust() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 13/26] xen/domctl: wrap sched_adjust() " Penny Zheng
@ 2025-09-11 2:30 ` Stefano Stabellini
2025-09-11 10:42 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:30 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, xen-devel, ray.huang, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini, Nathan Studer, Stewart Hildebrand,
Dario Faggioli, Juergen Gross, George Dunlap, Meng Xu,
Daniel P. Smith
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Function sched_adjust() is responsible for XEN_DOMCTL_scheduler_op domctl-op,
> so it could be wrapped with CONFIG_MGMT_HYPERCALLS.
> Tracing its calling chain, the following functions shall be wrapped with
> CONFIG_MGMT_HYPERCALLS too:
> - sched_adjust_dom()
> - scheduler-specific .adjust() callback
> - xsm_sysctl_scheduler_op()
> Wrap XEN_DOMCTL_scheduler_op-case transiently with CONFIG_MGMT_HYPERCALLS,
> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
> common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 13/26] xen/domctl: wrap sched_adjust() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 13/26] xen/domctl: wrap sched_adjust() " Penny Zheng
2025-09-11 2:30 ` Stefano Stabellini
@ 2025-09-11 10:42 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 10:42 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Julien Grall, Roger Pau Monné, Stefano Stabellini,
Nathan Studer, Stewart Hildebrand, Dario Faggioli, Juergen Gross,
George Dunlap, Meng Xu, Daniel P. Smith, xen-devel, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> --- a/xen/common/sched/arinc653.c
> +++ b/xen/common/sched/arinc653.c
> @@ -735,8 +735,8 @@ static const struct scheduler sched_arinc653_def = {
>
> .switch_sched = a653_switch_sched,
>
> - .adjust = NULL,
This line can just be dropped, can't it? It doesn't need ...
> #ifdef CONFIG_MGMT_HYPERCALLS
> + .adjust = NULL,
... re-adding here.
> @@ -2288,7 +2290,9 @@ static const struct scheduler sched_credit_def = {
> .wake = csched_unit_wake,
> .yield = csched_unit_yield,
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> .adjust = csched_dom_cntl,
> +#endif
> .adjust_affinity= csched_aff_cntl,
> #ifdef CONFIG_MGMT_HYPERCALLS
> .adjust_global = csched_sys_cntl,
Again better to get away with just a single #ifdef, I suppose.
> @@ -4246,7 +4248,9 @@ static const struct scheduler sched_credit2_def = {
> .wake = csched2_unit_wake,
> .yield = csched2_unit_yield,
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> .adjust = csched2_dom_cntl,
> +#endif
> .adjust_affinity= csched2_aff_cntl,
> #ifdef CONFIG_MGMT_HYPERCALLS
> .adjust_global = csched2_sys_cntl,
Same here.
> --- a/xen/common/sched/private.h
> +++ b/xen/common/sched/private.h
> @@ -349,9 +349,11 @@ struct scheduler {
> void (*migrate) (const struct scheduler *ops,
> struct sched_unit *unit,
> unsigned int new_cpu);
> +#ifdef CONFIG_MGMT_HYPERCALLS
> int (*adjust) (const struct scheduler *ops,
> struct domain *d,
> struct xen_domctl_scheduler_op *op);
> +#endif
> void (*adjust_affinity)(const struct scheduler *ops,
> struct sched_unit *unit,
> const struct cpumask *hard,
And here, even if the other #ifdef is (just) out of context.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 14/26] xen/domctl: wrap arch-specific arch_get_info_guest() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (12 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 13/26] xen/domctl: wrap sched_adjust() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:31 ` Stefano Stabellini
2025-09-10 7:38 ` [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} " Penny Zheng
` (11 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné
Arch-specific function arch_get_info_guest() is responsible for
XEN_DOMCTL_getvcpucontext domctl-op, and shall be wrapped with
CONFIG_MGMT_HYPERCALLS
Wrap XEN_DOMCTL_getvcpucontext-case transiently with CONFIG_MGMT_HYPERCALLS,
and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_getvcpucontext-case transiently
---
xen/arch/arm/domctl.c | 2 ++
xen/arch/x86/domctl.c | 2 ++
xen/common/domctl.c | 2 ++
3 files changed, 6 insertions(+)
diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
index ad914c915f..d3263e4d03 100644
--- a/xen/arch/arm/domctl.c
+++ b/xen/arch/arm/domctl.c
@@ -184,6 +184,7 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
}
}
+#ifdef CONFIG_MGMT_HYPERCALLS
void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c)
{
struct vcpu_guest_context *ctxt = c.nat;
@@ -199,6 +200,7 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c)
if ( !test_bit(_VPF_down, &v->pause_flags) )
ctxt->flags |= VGCF_online;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Local variables:
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 6153e3c07e..ea5f5b20cf 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1370,6 +1370,7 @@ long arch_do_domctl(
return ret;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
#ifdef CONFIG_COMPAT
#define xen_vcpu_guest_context vcpu_guest_context
#define fpu_ctxt fpu_ctxt.x
@@ -1562,6 +1563,7 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c)
c(vm_assist = d->vm_assist);
#undef c
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Local variables:
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 6660f13e9e..6048a87826 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -538,6 +538,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
copyback = 1;
break;
+#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_getvcpucontext:
{
vcpu_guest_context_u c = { .nat = NULL };
@@ -586,6 +587,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
xfree(c.nat);
break;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_getvcpuinfo:
{
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 14/26] xen/domctl: wrap arch-specific arch_get_info_guest() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 14/26] xen/domctl: wrap arch-specific arch_get_info_guest() " Penny Zheng
@ 2025-09-11 2:31 ` Stefano Stabellini
2025-09-11 10:45 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:31 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Arch-specific function arch_get_info_guest() is responsible for
> XEN_DOMCTL_getvcpucontext domctl-op, and shall be wrapped with
> CONFIG_MGMT_HYPERCALLS
> Wrap XEN_DOMCTL_getvcpucontext-case transiently with CONFIG_MGMT_HYPERCALLS,
> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
> common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
There is arch_get_info_guest under riscv but it is only a stub so:
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 14/26] xen/domctl: wrap arch-specific arch_get_info_guest() with CONFIG_MGMT_HYPERCALLS
2025-09-11 2:31 ` Stefano Stabellini
@ 2025-09-11 10:45 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 10:45 UTC (permalink / raw)
To: Stefano Stabellini, Penny Zheng
Cc: xen-devel, ray.huang, Julien Grall, Bertrand Marquis,
Michal Orzel, Volodymyr Babchuk, Andrew Cooper, Anthony PERARD,
Roger Pau Monné
On 11.09.2025 04:31, Stefano Stabellini wrote:
> On Wed, 10 Sep 2025, Penny Zheng wrote:
>> Arch-specific function arch_get_info_guest() is responsible for
>> XEN_DOMCTL_getvcpucontext domctl-op, and shall be wrapped with
>> CONFIG_MGMT_HYPERCALLS
>> Wrap XEN_DOMCTL_getvcpucontext-case transiently with CONFIG_MGMT_HYPERCALLS,
>> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
>> common/domctl.c in the last.
>>
>> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
>
> There is arch_get_info_guest under riscv but it is only a stub so:
As said in reply to other patches, I think those stubs want covering nevertheless.
And btw, this is an example of a patch which would have been entirely unnecessary
(afaict) if the Kconfig setting didn't have a prompt (yet / anymore).
Jan
> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (13 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 14/26] xen/domctl: wrap arch-specific arch_get_info_guest() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:34 ` Stefano Stabellini
2025-09-11 11:02 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 16/26] xen/domctl: wrap arch-specific domain_set_time_offset() " Penny Zheng
` (10 subsequent siblings)
25 siblings, 2 replies; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel; +Cc: ray.huang, Penny Zheng, Daniel P. Smith
The following functions are invoked only under
XEN_DOMCTL_{irq_permission,iomem_permission} domctl-op, and shall be wrapped
with CONFIG_MGMT_HYPERCALLS:
- xsm_irq_permission
- xsm_iomem_permission
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
xen/include/xsm/xsm.h | 10 ++++++++++
xen/xsm/dummy.c | 2 ++
xen/xsm/flask/hooks.c | 4 ++++
3 files changed, 16 insertions(+)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4d332ceca2..1fcd945336 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -113,9 +113,11 @@ struct xsm_ops {
int (*unmap_domain_irq)(struct domain *d, int irq, const void *data);
int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*irq_permission)(struct domain *d, int pirq, uint8_t allow);
int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e,
uint8_t allow);
+#endif
int (*iomem_mapping)(struct domain *d, uint64_t s, uint64_t e,
uint8_t allow);
int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
@@ -508,13 +510,21 @@ static inline int xsm_unbind_pt_irq(
static inline int xsm_irq_permission(
xsm_default_t def, struct domain *d, int pirq, uint8_t allow)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.irq_permission, d, pirq, allow);
+#else
+ return -EOPNOTSUPP;
+#endif
}
static inline int xsm_iomem_permission(
xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.iomem_permission, d, s, e, allow);
+#else
+ return -EOPNOTSUPP;
+#endif
}
static inline int xsm_iomem_mapping(
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 2c878999a3..b216894579 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -73,8 +73,10 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.unmap_domain_irq = xsm_unmap_domain_irq,
.bind_pt_irq = xsm_bind_pt_irq,
.unbind_pt_irq = xsm_unbind_pt_irq,
+#ifdef CONFIG_MGMT_HYPERCALLS
.irq_permission = xsm_irq_permission,
.iomem_permission = xsm_iomem_permission,
+#endif
.iomem_mapping = xsm_iomem_mapping,
.pci_config_permission = xsm_pci_config_permission,
.get_vnumainfo = xsm_get_vnumainfo,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index e8a4deb2ea..198053be77 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1111,12 +1111,14 @@ static int cf_check flask_unbind_pt_irq(
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_irq_permission(
struct domain *d, int pirq, uint8_t access)
{
/* the PIRQ number is not useful; real IRQ is checked during mapping */
return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
struct iomem_has_perm_data {
uint32_t ssid;
@@ -1943,8 +1945,10 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.unmap_domain_irq = flask_unmap_domain_irq,
.bind_pt_irq = flask_bind_pt_irq,
.unbind_pt_irq = flask_unbind_pt_irq,
+#ifdef CONFIG_MGMT_HYPERCALLS
.irq_permission = flask_irq_permission,
.iomem_permission = flask_iomem_permission,
+#endif
.iomem_mapping = flask_iomem_mapping,
.pci_config_permission = flask_pci_config_permission,
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} " Penny Zheng
@ 2025-09-11 2:34 ` Stefano Stabellini
2025-09-11 11:02 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:34 UTC (permalink / raw)
To: Penny Zheng; +Cc: xen-devel, ray.huang, Daniel P. Smith
On Wed, 10 Sep 2025, Penny Zheng wrote:
> The following functions are invoked only under
> XEN_DOMCTL_{irq_permission,iomem_permission} domctl-op, and shall be wrapped
> with CONFIG_MGMT_HYPERCALLS:
> - xsm_irq_permission
> - xsm_iomem_permission
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> ---
> xen/include/xsm/xsm.h | 10 ++++++++++
> xen/xsm/dummy.c | 2 ++
> xen/xsm/flask/hooks.c | 4 ++++
> 3 files changed, 16 insertions(+)
there is no change to domctl.c ?
> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index 4d332ceca2..1fcd945336 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -113,9 +113,11 @@ struct xsm_ops {
> int (*unmap_domain_irq)(struct domain *d, int irq, const void *data);
> int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
> int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
> +#ifdef CONFIG_MGMT_HYPERCALLS
> int (*irq_permission)(struct domain *d, int pirq, uint8_t allow);
> int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e,
> uint8_t allow);
> +#endif
> int (*iomem_mapping)(struct domain *d, uint64_t s, uint64_t e,
> uint8_t allow);
> int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
> @@ -508,13 +510,21 @@ static inline int xsm_unbind_pt_irq(
> static inline int xsm_irq_permission(
> xsm_default_t def, struct domain *d, int pirq, uint8_t allow)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> return alternative_call(xsm_ops.irq_permission, d, pirq, allow);
> +#else
> + return -EOPNOTSUPP;
> +#endif
> }
>
> static inline int xsm_iomem_permission(
> xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> return alternative_call(xsm_ops.iomem_permission, d, s, e, allow);
> +#else
> + return -EOPNOTSUPP;
> +#endif
> }
>
> static inline int xsm_iomem_mapping(
> diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
> index 2c878999a3..b216894579 100644
> --- a/xen/xsm/dummy.c
> +++ b/xen/xsm/dummy.c
> @@ -73,8 +73,10 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
> .unmap_domain_irq = xsm_unmap_domain_irq,
> .bind_pt_irq = xsm_bind_pt_irq,
> .unbind_pt_irq = xsm_unbind_pt_irq,
> +#ifdef CONFIG_MGMT_HYPERCALLS
> .irq_permission = xsm_irq_permission,
> .iomem_permission = xsm_iomem_permission,
> +#endif
> .iomem_mapping = xsm_iomem_mapping,
> .pci_config_permission = xsm_pci_config_permission,
> .get_vnumainfo = xsm_get_vnumainfo,
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index e8a4deb2ea..198053be77 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -1111,12 +1111,14 @@ static int cf_check flask_unbind_pt_irq(
> return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
> }
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> static int cf_check flask_irq_permission(
> struct domain *d, int pirq, uint8_t access)
> {
> /* the PIRQ number is not useful; real IRQ is checked during mapping */
> return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
> }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> struct iomem_has_perm_data {
> uint32_t ssid;
> @@ -1943,8 +1945,10 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
> .unmap_domain_irq = flask_unmap_domain_irq,
> .bind_pt_irq = flask_bind_pt_irq,
> .unbind_pt_irq = flask_unbind_pt_irq,
> +#ifdef CONFIG_MGMT_HYPERCALLS
> .irq_permission = flask_irq_permission,
> .iomem_permission = flask_iomem_permission,
> +#endif
> .iomem_mapping = flask_iomem_mapping,
> .pci_config_permission = flask_pci_config_permission,
>
> --
> 2.34.1
>
>
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} " Penny Zheng
2025-09-11 2:34 ` Stefano Stabellini
@ 2025-09-11 11:02 ` Jan Beulich
2025-09-25 7:43 ` Penny, Zheng
1 sibling, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 11:02 UTC (permalink / raw)
To: Penny Zheng, Daniel P. Smith; +Cc: ray.huang, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> @@ -508,13 +510,21 @@ static inline int xsm_unbind_pt_irq(
> static inline int xsm_irq_permission(
> xsm_default_t def, struct domain *d, int pirq, uint8_t allow)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> return alternative_call(xsm_ops.irq_permission, d, pirq, allow);
> +#else
> + return -EOPNOTSUPP;
> +#endif
> }
>
> static inline int xsm_iomem_permission(
> xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> return alternative_call(xsm_ops.iomem_permission, d, s, e, allow);
> +#else
> + return -EOPNOTSUPP;
> +#endif
> }
Along the lines of Stefano's comment - why would these inline functions stay
around? Them returning an error in the MGMT_HYPERCALLS=n case is actually a
problem: For xsm_iomem_permission() it's only a conceptual one, but for
xsm_irq_permission() you break x86's handling of XEN_DOMCTL_gsi_permission.
I would have added "transiently", but from the titles of later patches I
can't spot where to expect that one to be taken care of.
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -1111,12 +1111,14 @@ static int cf_check flask_unbind_pt_irq(
> return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
> }
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> static int cf_check flask_irq_permission(
> struct domain *d, int pirq, uint8_t access)
> {
> /* the PIRQ number is not useful; real IRQ is checked during mapping */
> return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
> }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> struct iomem_has_perm_data {
> uint32_t ssid;
> @@ -1943,8 +1945,10 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
> .unmap_domain_irq = flask_unmap_domain_irq,
> .bind_pt_irq = flask_bind_pt_irq,
> .unbind_pt_irq = flask_unbind_pt_irq,
> +#ifdef CONFIG_MGMT_HYPERCALLS
> .irq_permission = flask_irq_permission,
> .iomem_permission = flask_iomem_permission,
> +#endif
> .iomem_mapping = flask_iomem_mapping,
> .pci_config_permission = flask_pci_config_permission,
>
It's odd that flask_iomem_permission() remains as a function, but for the
moment that looks to be necessary, as it's (oddly enough) called from
flask_iomem_mapping(). However, for that one I again can't drive from
titles of subsequent patches where it would be taken care of.
Daniel - is this layering actually helpful? Can't we either drop
flask_iomem_mapping() (with the benefit of a cf_check disappearing), or
have it do directly what it wants done, rather than calling the other
hook function?
Having reached the bottom of the patch - what about xsm/dummy.h?
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS
2025-09-11 11:02 ` Jan Beulich
@ 2025-09-25 7:43 ` Penny, Zheng
0 siblings, 0 replies; 102+ messages in thread
From: Penny, Zheng @ 2025-09-25 7:43 UTC (permalink / raw)
To: Jan Beulich, Daniel P. Smith; +Cc: Huang, Ray, xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Thursday, September 11, 2025 7:02 PM
> To: Penny, Zheng <penny.zheng@amd.com>; Daniel P. Smith
> <dpsmith@apertussolutions.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 15/26] xen/domctl: wrap
> xsm_{irq_permission,iomem_permission} with CONFIG_MGMT_HYPERCALLS
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > --- a/xen/xsm/flask/hooks.c
> > +++ b/xen/xsm/flask/hooks.c
> > @@ -1111,12 +1111,14 @@ static int cf_check flask_unbind_pt_irq(
> > return current_has_perm(d, SECCLASS_RESOURCE,
> RESOURCE__REMOVE);
> > }
> >
> > +#ifdef CONFIG_MGMT_HYPERCALLS
> > static int cf_check flask_irq_permission(
> > struct domain *d, int pirq, uint8_t access) {
> > /* the PIRQ number is not useful; real IRQ is checked during mapping */
> > return current_has_perm(d, SECCLASS_RESOURCE,
> > resource_to_perm(access)); }
> > +#endif /* CONFIG_MGMT_HYPERCALLS */
> >
> > struct iomem_has_perm_data {
> > uint32_t ssid;
> > @@ -1943,8 +1945,10 @@ static const struct xsm_ops __initconst_cf_clobber
> flask_ops = {
> > .unmap_domain_irq = flask_unmap_domain_irq,
> > .bind_pt_irq = flask_bind_pt_irq,
> > .unbind_pt_irq = flask_unbind_pt_irq,
> > +#ifdef CONFIG_MGMT_HYPERCALLS
> > .irq_permission = flask_irq_permission,
> > .iomem_permission = flask_iomem_permission,
> > +#endif
> > .iomem_mapping = flask_iomem_mapping,
> > .pci_config_permission = flask_pci_config_permission,
> >
>
> It's odd that flask_iomem_permission() remains as a function, but for the moment
> that looks to be necessary, as it's (oddly enough) called from
> flask_iomem_mapping(). However, for that one I again can't drive from titles of
> subsequent patches where it would be taken care of.
>
> Daniel - is this layering actually helpful? Can't we either drop
> flask_iomem_mapping() (with the benefit of a cf_check disappearing), or have it do
> directly what it wants done, rather than calling the other hook function?
>
If with no explicit worries, I'll create a new commit in next serie to remove redundant xsm_iomem_mapping(). Then here, we only shall take care of xsm_irq_permission()
> Having reached the bottom of the patch - what about xsm/dummy.h?
>
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 16/26] xen/domctl: wrap arch-specific domain_set_time_offset() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (14 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 15/26] xen/domctl: wrap xsm_{irq_permission,iomem_permission} " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:36 ` Stefano Stabellini
2025-09-11 11:27 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 17/26] xen/domctl: wrap xsm_set_target() " Penny Zheng
` (9 subsequent siblings)
25 siblings, 2 replies; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné
Arch-specific domain_set_time_offset() is responisble for
XEN_DOMCTL_settimeoffset domctl-op, and shall be wrapped with
CONFIG_MGMT_HYPERCALLS
Wrap XEN_DOMCTL_settimeoffset-case transiently with CONFIG_MGMT_HYPERCALLS,
and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_settimeoffset-case transiently
---
xen/arch/arm/time.c | 2 ++
xen/arch/x86/time.c | 2 ++
xen/common/domctl.c | 2 ++
3 files changed, 6 insertions(+)
diff --git a/xen/arch/arm/time.c b/xen/arch/arm/time.c
index e74d30d258..dfed0b0ab8 100644
--- a/xen/arch/arm/time.c
+++ b/xen/arch/arm/time.c
@@ -365,12 +365,14 @@ void force_update_vcpu_system_time(struct vcpu *v)
update_vcpu_system_time(v);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
void domain_set_time_offset(struct domain *d, int64_t time_offset_seconds)
{
d->time_offset.seconds = time_offset_seconds;
d->time_offset.set = true;
/* XXX update guest visible wallclock time */
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int cpu_time_callback(struct notifier_block *nfb,
unsigned long action,
diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c
index 59129f419d..e7394ce8cf 100644
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -1841,6 +1841,7 @@ static void update_domain_rtc(void)
rcu_read_unlock(&domlist_read_lock);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
void domain_set_time_offset(struct domain *d, int64_t time_offset_seconds)
{
d->time_offset.seconds = time_offset_seconds;
@@ -1849,6 +1850,7 @@ void domain_set_time_offset(struct domain *d, int64_t time_offset_seconds)
rtc_update_clock(d);
update_domain_wallclock_time(d);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
int cpu_frequency_change(u64 freq)
{
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 6048a87826..776bf7b8e2 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -748,9 +748,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_settimeoffset:
domain_set_time_offset(d, op->u.settimeoffset.time_offset_seconds);
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_set_target:
{
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 16/26] xen/domctl: wrap arch-specific domain_set_time_offset() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 16/26] xen/domctl: wrap arch-specific domain_set_time_offset() " Penny Zheng
@ 2025-09-11 2:36 ` Stefano Stabellini
2025-09-11 11:27 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:36 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Arch-specific domain_set_time_offset() is responisble for
> XEN_DOMCTL_settimeoffset domctl-op, and shall be wrapped with
> CONFIG_MGMT_HYPERCALLS
> Wrap XEN_DOMCTL_settimeoffset-case transiently with CONFIG_MGMT_HYPERCALLS,
> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
> common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
riscv has only a stub so:
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 16/26] xen/domctl: wrap arch-specific domain_set_time_offset() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 16/26] xen/domctl: wrap arch-specific domain_set_time_offset() " Penny Zheng
2025-09-11 2:36 ` Stefano Stabellini
@ 2025-09-11 11:27 ` Jan Beulich
2025-09-25 8:01 ` Penny, Zheng
1 sibling, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 11:27 UTC (permalink / raw)
To: Penny Zheng, Stefano Stabellini
Cc: ray.huang, Julien Grall, Bertrand Marquis, Michal Orzel,
Volodymyr Babchuk, Andrew Cooper, Anthony PERARD,
Roger Pau Monné, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> Arch-specific domain_set_time_offset() is responisble for
> XEN_DOMCTL_settimeoffset domctl-op, and shall be wrapped with
> CONFIG_MGMT_HYPERCALLS
> Wrap XEN_DOMCTL_settimeoffset-case transiently with CONFIG_MGMT_HYPERCALLS,
> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
> common/domctl.c in the last.
As I keep seeing this same wording, I finally have to say something there as
well: For one, the last patch doesn't introduce CONFIG_MGMT_HYPERCALLS on
common/domctl.c. In instead makes the building of common/domctl.o conditional
upon that control being set. And then, "in the last" (btw - last what?) is as
unhelpful as "in the next patch" or "in the previous patch". When writing
commit messages, you want to make sure they make sense all on their own, no
matter in what order patches are committed (in particular possibly piecemeal
and interspersed with other patches). Possible replacement wording:
"Wrap XEN_DOMCTL_settimeoffset-case transiently with CONFIG_MGMT_HYPERCALLS,
which will be removed again once common/domctl.o's building as a whole
becomes dependent upon that setting."
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Acked-by: Jan Beulich <jbeulich@suse.com> # x86
(i.e. specifically _not_ the common code change)
I also wonder what our (Misra related) position is towards leaving declarations
around in cases like this one, where they're not in support of DCE-ing of code.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* RE: [PATCH v2 16/26] xen/domctl: wrap arch-specific domain_set_time_offset() with CONFIG_MGMT_HYPERCALLS
2025-09-11 11:27 ` Jan Beulich
@ 2025-09-25 8:01 ` Penny, Zheng
0 siblings, 0 replies; 102+ messages in thread
From: Penny, Zheng @ 2025-09-25 8:01 UTC (permalink / raw)
To: Jan Beulich, Stefano Stabellini
Cc: Huang, Ray, Julien Grall, Bertrand Marquis, Orzel, Michal,
Volodymyr Babchuk, Andrew Cooper, Anthony PERARD,
Roger Pau Monné, xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Thursday, September 11, 2025 7:28 PM
> To: Penny, Zheng <penny.zheng@amd.com>; Stefano Stabellini
> <sstabellini@kernel.org>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Julien Grall <julien@xen.org>; Bertrand
> Marquis <bertrand.marquis@arm.com>; Orzel, Michal <Michal.Orzel@amd.com>;
> Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>;
> Roger Pau Monné <roger.pau@citrix.com>; xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 16/26] xen/domctl: wrap arch-specific
> domain_set_time_offset() with CONFIG_MGMT_HYPERCALLS
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > Arch-specific domain_set_time_offset() is responisble for
> > XEN_DOMCTL_settimeoffset domctl-op, and shall be wrapped with
> > CONFIG_MGMT_HYPERCALLS Wrap XEN_DOMCTL_settimeoffset-case
> transiently
> > with CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
> > CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
>
> As I keep seeing this same wording, I finally have to say something there as
> well: For one, the last patch doesn't introduce CONFIG_MGMT_HYPERCALLS on
> common/domctl.c. In instead makes the building of common/domctl.o conditional
> upon that control being set. And then, "in the last" (btw - last what?) is as unhelpful
> as "in the next patch" or "in the previous patch". When writing commit messages,
> you want to make sure they make sense all on their own, no matter in what order
> patches are committed (in particular possibly piecemeal and interspersed with other
> patches). Possible replacement wording:
>
Thanks for the detailed clarification! Learned and will fix
>
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 17/26] xen/domctl: wrap xsm_set_target() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (15 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 16/26] xen/domctl: wrap arch-specific domain_set_time_offset() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:37 ` Stefano Stabellini
2025-09-10 7:38 ` [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() " Penny Zheng
` (8 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel; +Cc: ray.huang, Penny Zheng, Daniel P. Smith
Function xsm_set_target() is only invoked under XEN_DOMCTL_set_target
domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
xen/include/xsm/xsm.h | 6 +++++-
xen/xsm/dummy.c | 2 +-
xen/xsm/flask/hooks.c | 4 ++--
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 1fcd945336..678cb0f346 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -59,8 +59,8 @@ struct xsm_ops {
#ifdef CONFIG_MGMT_HYPERCALLS
int (*domctl_scheduler_op)(struct domain *d, int op);
int (*sysctl_scheduler_op)(int op);
-#endif
int (*set_target)(struct domain *d, struct domain *e);
+#endif
int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
int (*sysctl)(int cmd);
int (*readconsole)(uint32_t clear);
@@ -258,7 +258,11 @@ static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
static inline int xsm_set_target(
xsm_default_t def, struct domain *d, struct domain *e)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.set_target, d, e);
+#else
+ return -EOPNOTSUPP;
+#endif
}
static inline int xsm_domctl(xsm_default_t def, struct domain *d,
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index b216894579..f6986dd2bb 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -21,8 +21,8 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
#ifdef CONFIG_MGMT_HYPERCALLS
.domctl_scheduler_op = xsm_domctl_scheduler_op,
.sysctl_scheduler_op = xsm_sysctl_scheduler_op,
-#endif
.set_target = xsm_set_target,
+#endif
.domctl = xsm_domctl,
#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl = xsm_sysctl,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 198053be77..ed4e466302 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -641,7 +641,6 @@ static int cf_check flask_sysctl_scheduler_op(int op)
return avc_unknown_permission("sysctl_scheduler_op", op);
}
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check flask_set_target(struct domain *d, struct domain *t)
{
@@ -666,6 +665,7 @@ static int cf_check flask_set_target(struct domain *d, struct domain *t)
&dsec->target_sid);
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
uint32_t ssidref)
@@ -1893,8 +1893,8 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
#ifdef CONFIG_MGMT_HYPERCALLS
.domctl_scheduler_op = flask_domctl_scheduler_op,
.sysctl_scheduler_op = flask_sysctl_scheduler_op,
-#endif
.set_target = flask_set_target,
+#endif
.domctl = flask_domctl,
#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl = flask_sysctl,
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 17/26] xen/domctl: wrap xsm_set_target() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 17/26] xen/domctl: wrap xsm_set_target() " Penny Zheng
@ 2025-09-11 2:37 ` Stefano Stabellini
2025-09-11 11:33 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:37 UTC (permalink / raw)
To: Penny Zheng; +Cc: xen-devel, ray.huang, Daniel P. Smith
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Function xsm_set_target() is only invoked under XEN_DOMCTL_set_target
> domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> ---
> xen/include/xsm/xsm.h | 6 +++++-
> xen/xsm/dummy.c | 2 +-
> xen/xsm/flask/hooks.c | 4 ++--
> 3 files changed, 8 insertions(+), 4 deletions(-)
No change to domctl.c ?
> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index 1fcd945336..678cb0f346 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -59,8 +59,8 @@ struct xsm_ops {
> #ifdef CONFIG_MGMT_HYPERCALLS
> int (*domctl_scheduler_op)(struct domain *d, int op);
> int (*sysctl_scheduler_op)(int op);
> -#endif
> int (*set_target)(struct domain *d, struct domain *e);
> +#endif
> int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
> int (*sysctl)(int cmd);
> int (*readconsole)(uint32_t clear);
> @@ -258,7 +258,11 @@ static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
> static inline int xsm_set_target(
> xsm_default_t def, struct domain *d, struct domain *e)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> return alternative_call(xsm_ops.set_target, d, e);
> +#else
> + return -EOPNOTSUPP;
> +#endif
> }
>
> static inline int xsm_domctl(xsm_default_t def, struct domain *d,
> diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
> index b216894579..f6986dd2bb 100644
> --- a/xen/xsm/dummy.c
> +++ b/xen/xsm/dummy.c
> @@ -21,8 +21,8 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
> #ifdef CONFIG_MGMT_HYPERCALLS
> .domctl_scheduler_op = xsm_domctl_scheduler_op,
> .sysctl_scheduler_op = xsm_sysctl_scheduler_op,
> -#endif
> .set_target = xsm_set_target,
> +#endif
> .domctl = xsm_domctl,
> #ifdef CONFIG_MGMT_HYPERCALLS
> .sysctl = xsm_sysctl,
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index 198053be77..ed4e466302 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -641,7 +641,6 @@ static int cf_check flask_sysctl_scheduler_op(int op)
> return avc_unknown_permission("sysctl_scheduler_op", op);
> }
> }
> -#endif /* CONFIG_MGMT_HYPERCALLS */
>
> static int cf_check flask_set_target(struct domain *d, struct domain *t)
> {
> @@ -666,6 +665,7 @@ static int cf_check flask_set_target(struct domain *d, struct domain *t)
> &dsec->target_sid);
> return rc;
> }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
> uint32_t ssidref)
> @@ -1893,8 +1893,8 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
> #ifdef CONFIG_MGMT_HYPERCALLS
> .domctl_scheduler_op = flask_domctl_scheduler_op,
> .sysctl_scheduler_op = flask_sysctl_scheduler_op,
> -#endif
> .set_target = flask_set_target,
> +#endif
> .domctl = flask_domctl,
> #ifdef CONFIG_MGMT_HYPERCALLS
> .sysctl = flask_sysctl,
> --
> 2.34.1
>
>
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 17/26] xen/domctl: wrap xsm_set_target() with CONFIG_MGMT_HYPERCALLS
2025-09-11 2:37 ` Stefano Stabellini
@ 2025-09-11 11:33 ` Jan Beulich
2025-09-25 8:10 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 11:33 UTC (permalink / raw)
To: Penny Zheng; +Cc: xen-devel, ray.huang, Daniel P. Smith, Stefano Stabellini
On 11.09.2025 04:37, Stefano Stabellini wrote:
> On Wed, 10 Sep 2025, Penny Zheng wrote:
>> Function xsm_set_target() is only invoked under XEN_DOMCTL_set_target
>> domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
>>
>> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
>> ---
>> v1 -> v2:
>> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
>> ---
>> xen/include/xsm/xsm.h | 6 +++++-
>> xen/xsm/dummy.c | 2 +-
>> xen/xsm/flask/hooks.c | 4 ++--
>> 3 files changed, 8 insertions(+), 4 deletions(-)
>
> No change to domctl.c ?
And xsm/dummy.h ?
>> --- a/xen/include/xsm/xsm.h
>> +++ b/xen/include/xsm/xsm.h
>> @@ -59,8 +59,8 @@ struct xsm_ops {
>> #ifdef CONFIG_MGMT_HYPERCALLS
>> int (*domctl_scheduler_op)(struct domain *d, int op);
>> int (*sysctl_scheduler_op)(int op);
>> -#endif
>> int (*set_target)(struct domain *d, struct domain *e);
>> +#endif
>> int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
>> int (*sysctl)(int cmd);
>> int (*readconsole)(uint32_t clear);
>> @@ -258,7 +258,11 @@ static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
>> static inline int xsm_set_target(
>> xsm_default_t def, struct domain *d, struct domain *e)
>> {
>> +#ifdef CONFIG_MGMT_HYPERCALLS
>> return alternative_call(xsm_ops.set_target, d, e);
>> +#else
>> + return -EOPNOTSUPP;
>> +#endif
>> }
Again I would have expected for this inline function to be wrapped as a whole;
the title says exactly that, imo.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 17/26] xen/domctl: wrap xsm_set_target() with CONFIG_MGMT_HYPERCALLS
2025-09-11 11:33 ` Jan Beulich
@ 2025-09-25 8:10 ` Penny, Zheng
0 siblings, 0 replies; 102+ messages in thread
From: Penny, Zheng @ 2025-09-25 8:10 UTC (permalink / raw)
To: Jan Beulich, Stefano Stabellini
Cc: xen-devel@lists.xenproject.org, Huang, Ray, Daniel P. Smith,
Stefano Stabellini
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Thursday, September 11, 2025 7:34 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: xen-devel@lists.xenproject.org; Huang, Ray <Ray.Huang@amd.com>; Daniel
> P. Smith <dpsmith@apertussolutions.com>; Stefano Stabellini
> <sstabellini@kernel.org>
> Subject: Re: [PATCH v2 17/26] xen/domctl: wrap xsm_set_target() with
> CONFIG_MGMT_HYPERCALLS
>
> On 11.09.2025 04:37, Stefano Stabellini wrote:
> > On Wed, 10 Sep 2025, Penny Zheng wrote:
> >> Function xsm_set_target() is only invoked under XEN_DOMCTL_set_target
> >> domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
> >>
> >> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> >> ---
> >> v1 -> v2:
> >> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> >> ---
> >> xen/include/xsm/xsm.h | 6 +++++-
> >> xen/xsm/dummy.c | 2 +-
> >> xen/xsm/flask/hooks.c | 4 ++--
> >> 3 files changed, 8 insertions(+), 4 deletions(-)
> >
> > No change to domctl.c ?
>
Use in-function #ifdef-else, like ...
>
> >> --- a/xen/include/xsm/xsm.h
> >> +++ b/xen/include/xsm/xsm.h
> >> @@ -59,8 +59,8 @@ struct xsm_ops {
> >> #ifdef CONFIG_MGMT_HYPERCALLS
> >> int (*domctl_scheduler_op)(struct domain *d, int op);
> >> int (*sysctl_scheduler_op)(int op); -#endif
> >> int (*set_target)(struct domain *d, struct domain *e);
> >> +#endif
> >> int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
> >> int (*sysctl)(int cmd);
> >> int (*readconsole)(uint32_t clear); @@ -258,7 +258,11 @@ static
> >> inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd)
> >> static inline int xsm_set_target(
> >> xsm_default_t def, struct domain *d, struct domain *e) {
> >> +#ifdef CONFIG_MGMT_HYPERCALLS
> >> return alternative_call(xsm_ops.set_target, d, e);
> >> +#else
> >> + return -EOPNOTSUPP;
> >> +#endif
> >> }
>
> Again I would have expected for this inline function to be wrapped as a whole; the
> title says exactly that, imo.
>
... could avoid adding in-place stub in domctl.c. That's my original intent. But, as jan said in other similar commits, it will leave unreachable codes when MGMT_HYPERCALLS=n.
The whole inline function must be wrapped as a whole.
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (16 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 17/26] xen/domctl: wrap xsm_set_target() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 13:30 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 19/26] xen/domctl: wrap set_global_virq_handler() " Penny Zheng
` (7 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel; +Cc: ray.huang, Penny Zheng, Daniel P. Smith
Function xsm_getdomaininfo() is only invoked in XEN_DOMCTL_getdomaininfo
domctl-op, and it shall be wrapped with CONFIG_MGMT_HYPERCALLS
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
xen/include/xsm/xsm.h | 6 +++++-
xen/xsm/dummy.c | 2 +-
xen/xsm/flask/hooks.c | 4 ++--
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 678cb0f346..2a107b2cde 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -55,8 +55,8 @@ struct xsm_ops {
void (*security_domaininfo)(struct domain *d,
struct xen_domctl_getdomaininfo *info);
int (*domain_create)(struct domain *d, uint32_t ssidref);
- int (*getdomaininfo)(struct domain *d);
#ifdef CONFIG_MGMT_HYPERCALLS
+ int (*getdomaininfo)(struct domain *d);
int (*domctl_scheduler_op)(struct domain *d, int op);
int (*sysctl_scheduler_op)(int op);
int (*set_target)(struct domain *d, struct domain *e);
@@ -234,7 +234,11 @@ static inline int xsm_domain_create(
static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.getdomaininfo, d);
+#else
+ return -EOPNOTSUPP;
+#endif
}
static inline int xsm_get_domain_state(xsm_default_t def, struct domain *d)
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index f6986dd2bb..7c4e6176aa 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -17,8 +17,8 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.set_system_active = xsm_set_system_active,
.security_domaininfo = xsm_security_domaininfo,
.domain_create = xsm_domain_create,
- .getdomaininfo = xsm_getdomaininfo,
#ifdef CONFIG_MGMT_HYPERCALLS
+ .getdomaininfo = xsm_getdomaininfo,
.domctl_scheduler_op = xsm_domctl_scheduler_op,
.sysctl_scheduler_op = xsm_sysctl_scheduler_op,
.set_target = xsm_set_target,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index ed4e466302..7392e95e55 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -604,12 +604,12 @@ static int cf_check flask_domain_create(struct domain *d, uint32_t ssidref)
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_getdomaininfo(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_domctl_scheduler_op(struct domain *d, int op)
{
switch ( op )
@@ -1889,8 +1889,8 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.set_system_active = flask_set_system_active,
.security_domaininfo = flask_security_domaininfo,
.domain_create = flask_domain_create,
- .getdomaininfo = flask_getdomaininfo,
#ifdef CONFIG_MGMT_HYPERCALLS
+ .getdomaininfo = flask_getdomaininfo,
.domctl_scheduler_op = flask_domctl_scheduler_op,
.sysctl_scheduler_op = flask_sysctl_scheduler_op,
.set_target = flask_set_target,
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() " Penny Zheng
@ 2025-09-11 13:30 ` Jan Beulich
2025-09-25 9:41 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 13:30 UTC (permalink / raw)
To: Penny Zheng; +Cc: ray.huang, Daniel P. Smith, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -55,8 +55,8 @@ struct xsm_ops {
> void (*security_domaininfo)(struct domain *d,
> struct xen_domctl_getdomaininfo *info);
> int (*domain_create)(struct domain *d, uint32_t ssidref);
> - int (*getdomaininfo)(struct domain *d);
> #ifdef CONFIG_MGMT_HYPERCALLS
> + int (*getdomaininfo)(struct domain *d);
> int (*domctl_scheduler_op)(struct domain *d, int op);
> int (*sysctl_scheduler_op)(int op);
> int (*set_target)(struct domain *d, struct domain *e);
> @@ -234,7 +234,11 @@ static inline int xsm_domain_create(
>
> static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> return alternative_call(xsm_ops.getdomaininfo, d);
> +#else
> + return -EOPNOTSUPP;
> +#endif
> }
This is in use by a Xenstore sysctl and a Xenstore domctl. The sysctl is
hence already broken with the earlier series. Now the domctl is also being
screwed up. I don't think MGMT_HYPERCALLS really ought to extend to any
operations available to other than the core toolstack. That's the Xenstore
ones here, but also the ones used by qemu (whether run in Dom0 or a stubdom).
IOW I think there's a conceptual issue with this work which needs resolving
first.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-11 13:30 ` Jan Beulich
@ 2025-09-25 9:41 ` Penny, Zheng
2025-09-25 14:28 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-25 9:41 UTC (permalink / raw)
To: Jan Beulich, Andryuk, Jason, Stabellini, Stefano
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Thursday, September 11, 2025 9:30 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
> CONFIG_MGMT_HYPERCALLS
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > --- a/xen/include/xsm/xsm.h
> > +++ b/xen/include/xsm/xsm.h
> > @@ -55,8 +55,8 @@ struct xsm_ops {
> > void (*security_domaininfo)(struct domain *d,
> > struct xen_domctl_getdomaininfo *info);
> > int (*domain_create)(struct domain *d, uint32_t ssidref);
> > - int (*getdomaininfo)(struct domain *d);
> > #ifdef CONFIG_MGMT_HYPERCALLS
> > + int (*getdomaininfo)(struct domain *d);
> > int (*domctl_scheduler_op)(struct domain *d, int op);
> > int (*sysctl_scheduler_op)(int op);
> > int (*set_target)(struct domain *d, struct domain *e); @@ -234,7
> > +234,11 @@ static inline int xsm_domain_create(
> >
> > static inline int xsm_getdomaininfo(xsm_default_t def, struct domain
> > *d) {
> > +#ifdef CONFIG_MGMT_HYPERCALLS
> > return alternative_call(xsm_ops.getdomaininfo, d);
> > +#else
> > + return -EOPNOTSUPP;
> > +#endif
> > }
>
> This is in use by a Xenstore sysctl and a Xenstore domctl. The sysctl is hence
> already broken with the earlier series. Now the domctl is also being screwed up. I
> don't think MGMT_HYPERCALLS really ought to extend to any operations available
> to other than the core toolstack. That's the Xenstore ones here, but also the ones
> used by qemu (whether run in Dom0 or a stubdom).
Maybe not only limited to the core toolstack. In dom0less/hyperlaunched scenarios, hypercalls are strictly limited. QEMU is also limited to pvh machine type and with very restricted functionality(, only acting as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini, Stefano Am I understanding correctly and thoroughly about our scenario here for upstream?
Tracking the codes, if Xenstore is created as a stub domain, it requires getdomaininfo-domctl to acquire related info. Sorry, I haven't found how it was called in QEMU...
> IOW I think there's a conceptual issue with this work which needs resolving first.
>
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-25 9:41 ` Penny, Zheng
@ 2025-09-25 14:28 ` Jan Beulich
2025-09-26 4:41 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-25 14:28 UTC (permalink / raw)
To: Penny, Zheng
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Andryuk, Jason, Stabellini, Stefano
On 25.09.2025 11:41, Penny, Zheng wrote:
> [Public]
>
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Thursday, September 11, 2025 9:30 PM
>> To: Penny, Zheng <penny.zheng@amd.com>
>> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
>> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org
>> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
>> CONFIG_MGMT_HYPERCALLS
>>
>> On 10.09.2025 09:38, Penny Zheng wrote:
>>> --- a/xen/include/xsm/xsm.h
>>> +++ b/xen/include/xsm/xsm.h
>>> @@ -55,8 +55,8 @@ struct xsm_ops {
>>> void (*security_domaininfo)(struct domain *d,
>>> struct xen_domctl_getdomaininfo *info);
>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
>>> - int (*getdomaininfo)(struct domain *d);
>>> #ifdef CONFIG_MGMT_HYPERCALLS
>>> + int (*getdomaininfo)(struct domain *d);
>>> int (*domctl_scheduler_op)(struct domain *d, int op);
>>> int (*sysctl_scheduler_op)(int op);
>>> int (*set_target)(struct domain *d, struct domain *e); @@ -234,7
>>> +234,11 @@ static inline int xsm_domain_create(
>>>
>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct domain
>>> *d) {
>>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>> return alternative_call(xsm_ops.getdomaininfo, d);
>>> +#else
>>> + return -EOPNOTSUPP;
>>> +#endif
>>> }
>>
>> This is in use by a Xenstore sysctl and a Xenstore domctl. The sysctl is hence
>> already broken with the earlier series. Now the domctl is also being screwed up. I
>> don't think MGMT_HYPERCALLS really ought to extend to any operations available
>> to other than the core toolstack. That's the Xenstore ones here, but also the ones
>> used by qemu (whether run in Dom0 or a stubdom).
>
> Maybe not only limited to the core toolstack. In dom0less/hyperlaunched scenarios, hypercalls are strictly limited. QEMU is also limited to pvh machine type and with very restricted functionality(, only acting as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini, Stefano Am I understanding correctly and thoroughly about our scenario here for upstream?
> Tracking the codes, if Xenstore is created as a stub domain, it requires getdomaininfo-domctl to acquire related info. Sorry, I haven't found how it was called in QEMU...
It's not "it"; it's different ones. First and foremost I was thinking of
* XEN_DOMCTL_ioport_mapping
* XEN_DOMCTL_memory_mapping
* XEN_DOMCTL_bind_pt_irq
* XEN_DOMCTL_unbind_pt_irq
but there may be others (albeit per the dummy xsm_domctl() this is the full
set). As a general criteria, anything using XSM_DM_PRIV checking can in
principle be called by qemu.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-25 14:28 ` Jan Beulich
@ 2025-09-26 4:41 ` Penny, Zheng
2025-09-26 6:53 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-26 4:41 UTC (permalink / raw)
To: Jan Beulich, Stabellini, Stefano, Andryuk, Jason
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Andryuk, Jason, Stabellini, Stefano
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Thursday, September 25, 2025 10:29 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org; Andryuk, Jason
> <Jason.Andryuk@amd.com>; Stabellini, Stefano <stefano.stabellini@amd.com>
> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
> CONFIG_MGMT_HYPERCALLS
>
> On 25.09.2025 11:41, Penny, Zheng wrote:
> > [Public]
> >
> >> -----Original Message-----
> >> From: Jan Beulich <jbeulich@suse.com>
> >> Sent: Thursday, September 11, 2025 9:30 PM
> >> To: Penny, Zheng <penny.zheng@amd.com>
> >> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
> >> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org
> >> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo()
> >> with CONFIG_MGMT_HYPERCALLS
> >>
> >> On 10.09.2025 09:38, Penny Zheng wrote:
> >>> --- a/xen/include/xsm/xsm.h
> >>> +++ b/xen/include/xsm/xsm.h
> >>> @@ -55,8 +55,8 @@ struct xsm_ops {
> >>> void (*security_domaininfo)(struct domain *d,
> >>> struct xen_domctl_getdomaininfo *info);
> >>> int (*domain_create)(struct domain *d, uint32_t ssidref);
> >>> - int (*getdomaininfo)(struct domain *d);
> >>> #ifdef CONFIG_MGMT_HYPERCALLS
> >>> + int (*getdomaininfo)(struct domain *d);
> >>> int (*domctl_scheduler_op)(struct domain *d, int op);
> >>> int (*sysctl_scheduler_op)(int op);
> >>> int (*set_target)(struct domain *d, struct domain *e); @@
> >>> -234,7
> >>> +234,11 @@ static inline int xsm_domain_create(
> >>>
> >>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
> >>> domain
> >>> *d) {
> >>> +#ifdef CONFIG_MGMT_HYPERCALLS
> >>> return alternative_call(xsm_ops.getdomaininfo, d);
> >>> +#else
> >>> + return -EOPNOTSUPP;
> >>> +#endif
> >>> }
> >>
> >> This is in use by a Xenstore sysctl and a Xenstore domctl. The sysctl
> >> is hence already broken with the earlier series. Now the domctl is
> >> also being screwed up. I don't think MGMT_HYPERCALLS really ought to
> >> extend to any operations available to other than the core toolstack.
> >> That's the Xenstore ones here, but also the ones used by qemu (whether run in
> Dom0 or a stubdom).
> >
> > Maybe not only limited to the core toolstack. In dom0less/hyperlaunched
> scenarios, hypercalls are strictly limited. QEMU is also limited to pvh machine type
> and with very restricted functionality(, only acting as a few virtio-pci devices
> backend). @Andryuk, Jason @Stabellini, Stefano Am I understanding correctly and
> thoroughly about our scenario here for upstream?
> > Tracking the codes, if Xenstore is created as a stub domain, it requires
> getdomaininfo-domctl to acquire related info. Sorry, I haven't found how it was
> called in QEMU...
>
> It's not "it"; it's different ones. First and foremost I was thinking of
> * XEN_DOMCTL_ioport_mapping
> * XEN_DOMCTL_memory_mapping
> * XEN_DOMCTL_bind_pt_irq
> * XEN_DOMCTL_unbind_pt_irq
> but there may be others (albeit per the dummy xsm_domctl() this is the full set). As
> a general criteria, anything using XSM_DM_PRIV checking can in principle be
> called by qemu.
>
Understood.
I assume that they are all for device passthrough. We are not accepting device passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has developed device passthrough through device tree to only accept "static configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still internal , it may be the only accept way to do device passthrough in dom0less/hyperlaunch-ed scenario.
The major role of QEMU in dom0less/hyperlaunch-ed scenario is to provide limited virtio-pci devices backend. So we need hypercalls majorly involving ioreq server, event channel, virtual interrupt injection and foreign memory mapping, which shall not use XSM_DM_PRIV(xsm_iomem_permission()/xsm_irq_permission()/xsm_iomem_mapping()) checking, I assume.
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-26 4:41 ` Penny, Zheng
@ 2025-09-26 6:53 ` Jan Beulich
2025-09-26 6:57 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-26 6:53 UTC (permalink / raw)
To: Penny, Zheng
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Stabellini, Stefano, Andryuk, Jason
On 26.09.2025 06:41, Penny, Zheng wrote:
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Thursday, September 25, 2025 10:29 PM
>>
>> On 25.09.2025 11:41, Penny, Zheng wrote:
>>>> -----Original Message-----
>>>> From: Jan Beulich <jbeulich@suse.com>
>>>> Sent: Thursday, September 11, 2025 9:30 PM
>>>>
>>>> On 10.09.2025 09:38, Penny Zheng wrote:
>>>>> --- a/xen/include/xsm/xsm.h
>>>>> +++ b/xen/include/xsm/xsm.h
>>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
>>>>> void (*security_domaininfo)(struct domain *d,
>>>>> struct xen_domctl_getdomaininfo *info);
>>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
>>>>> - int (*getdomaininfo)(struct domain *d);
>>>>> #ifdef CONFIG_MGMT_HYPERCALLS
>>>>> + int (*getdomaininfo)(struct domain *d);
>>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
>>>>> int (*sysctl_scheduler_op)(int op);
>>>>> int (*set_target)(struct domain *d, struct domain *e); @@
>>>>> -234,7
>>>>> +234,11 @@ static inline int xsm_domain_create(
>>>>>
>>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
>>>>> domain
>>>>> *d) {
>>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>>>> return alternative_call(xsm_ops.getdomaininfo, d);
>>>>> +#else
>>>>> + return -EOPNOTSUPP;
>>>>> +#endif
>>>>> }
>>>>
>>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The sysctl
>>>> is hence already broken with the earlier series. Now the domctl is
>>>> also being screwed up. I don't think MGMT_HYPERCALLS really ought to
>>>> extend to any operations available to other than the core toolstack.
>>>> That's the Xenstore ones here, but also the ones used by qemu (whether run in
>> Dom0 or a stubdom).
>>>
>>> Maybe not only limited to the core toolstack. In dom0less/hyperlaunched
>> scenarios, hypercalls are strictly limited. QEMU is also limited to pvh machine type
>> and with very restricted functionality(, only acting as a few virtio-pci devices
>> backend). @Andryuk, Jason @Stabellini, Stefano Am I understanding correctly and
>> thoroughly about our scenario here for upstream?
>>> Tracking the codes, if Xenstore is created as a stub domain, it requires
>> getdomaininfo-domctl to acquire related info. Sorry, I haven't found how it was
>> called in QEMU...
>>
>> It's not "it"; it's different ones. First and foremost I was thinking of
>> * XEN_DOMCTL_ioport_mapping
>> * XEN_DOMCTL_memory_mapping
>> * XEN_DOMCTL_bind_pt_irq
>> * XEN_DOMCTL_unbind_pt_irq
>> but there may be others (albeit per the dummy xsm_domctl() this is the full set). As
>> a general criteria, anything using XSM_DM_PRIV checking can in principle be
>> called by qemu.
>>
>
> Understood.
> I assume that they are all for device passthrough. We are not accepting device passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has developed device passthrough through device tree to only accept "static configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still internal , it may be the only accept way to do device passthrough in dom0less/hyperlaunch-ed scenario.
Right, but no matter what your goals, the upstream contributions need to be self-
consistent. I.e. not (risk to) break other functionality. (Really the four domctl-s
mentioned above might better have been put elsewhere, e.g. as dm-ops. Moving them
may be an option here.)
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-26 6:53 ` Jan Beulich
@ 2025-09-26 6:57 ` Penny, Zheng
2025-09-26 7:14 ` Jan Beulich
2025-09-26 19:24 ` Stefano Stabellini
0 siblings, 2 replies; 102+ messages in thread
From: Penny, Zheng @ 2025-09-26 6:57 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Stabellini, Stefano, Andryuk, Jason
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Friday, September 26, 2025 2:53 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org; Stabellini,
> Stefano <stefano.stabellini@amd.com>; Andryuk, Jason
> <Jason.Andryuk@amd.com>
> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
> CONFIG_MGMT_HYPERCALLS
>
> On 26.09.2025 06:41, Penny, Zheng wrote:
> >> -----Original Message-----
> >> From: Jan Beulich <jbeulich@suse.com>
> >> Sent: Thursday, September 25, 2025 10:29 PM
> >>
> >> On 25.09.2025 11:41, Penny, Zheng wrote:
> >>>> -----Original Message-----
> >>>> From: Jan Beulich <jbeulich@suse.com>
> >>>> Sent: Thursday, September 11, 2025 9:30 PM
> >>>>
> >>>> On 10.09.2025 09:38, Penny Zheng wrote:
> >>>>> --- a/xen/include/xsm/xsm.h
> >>>>> +++ b/xen/include/xsm/xsm.h
> >>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
> >>>>> void (*security_domaininfo)(struct domain *d,
> >>>>> struct xen_domctl_getdomaininfo *info);
> >>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
> >>>>> - int (*getdomaininfo)(struct domain *d);
> >>>>> #ifdef CONFIG_MGMT_HYPERCALLS
> >>>>> + int (*getdomaininfo)(struct domain *d);
> >>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
> >>>>> int (*sysctl_scheduler_op)(int op);
> >>>>> int (*set_target)(struct domain *d, struct domain *e); @@
> >>>>> -234,7
> >>>>> +234,11 @@ static inline int xsm_domain_create(
> >>>>>
> >>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
> >>>>> domain
> >>>>> *d) {
> >>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
> >>>>> return alternative_call(xsm_ops.getdomaininfo, d);
> >>>>> +#else
> >>>>> + return -EOPNOTSUPP;
> >>>>> +#endif
> >>>>> }
> >>>>
> >>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
> >>>> sysctl is hence already broken with the earlier series. Now the
> >>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
> >>>> really ought to extend to any operations available to other than the core
> toolstack.
> >>>> That's the Xenstore ones here, but also the ones used by qemu
> >>>> (whether run in
> >> Dom0 or a stubdom).
> >>>
> >>> Maybe not only limited to the core toolstack. In
> >>> dom0less/hyperlaunched
> >> scenarios, hypercalls are strictly limited. QEMU is also limited to
> >> pvh machine type and with very restricted functionality(, only acting
> >> as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini,
> >> Stefano Am I understanding correctly and thoroughly about our scenario here for
> upstream?
> >>> Tracking the codes, if Xenstore is created as a stub domain, it
> >>> requires
> >> getdomaininfo-domctl to acquire related info. Sorry, I haven't found
> >> how it was called in QEMU...
> >>
> >> It's not "it"; it's different ones. First and foremost I was thinking
> >> of
> >> * XEN_DOMCTL_ioport_mapping
> >> * XEN_DOMCTL_memory_mapping
> >> * XEN_DOMCTL_bind_pt_irq
> >> * XEN_DOMCTL_unbind_pt_irq
> >> but there may be others (albeit per the dummy xsm_domctl() this is
> >> the full set). As a general criteria, anything using XSM_DM_PRIV
> >> checking can in principle be called by qemu.
> >>
> >
> > Understood.
> > I assume that they are all for device passthrough. We are not accepting device
> passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has
> developed device passthrough through device tree to only accept "static
> configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still
> internal , it may be the only accept way to do device passthrough in
> dom0less/hyperlaunch-ed scenario.
>
> Right, but no matter what your goals, the upstream contributions need to be self-
> consistent. I.e. not (risk to) break other functionality. (Really the four domctl-s
> mentioned above might better have been put elsewhere, e.g. as dm-ops. Moving
> them may be an option here.)
Understood.
I'll move them all to the dm-ops
>
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-26 6:57 ` Penny, Zheng
@ 2025-09-26 7:14 ` Jan Beulich
2025-09-26 8:22 ` Penny, Zheng
2025-09-29 15:41 ` Oleksii Kurochko
2025-09-26 19:24 ` Stefano Stabellini
1 sibling, 2 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-26 7:14 UTC (permalink / raw)
To: Penny, Zheng
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Andryuk, Jason, Andrew Cooper, Julien Grall, Stefano Stabellini,
Anthony PERARD, Michal Orzel, Roger Pau Monné,
Oleksii Kurochko
On 26.09.2025 08:57, Penny, Zheng wrote:
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Friday, September 26, 2025 2:53 PM
>>
>> On 26.09.2025 06:41, Penny, Zheng wrote:
>>>> -----Original Message-----
>>>> From: Jan Beulich <jbeulich@suse.com>
>>>> Sent: Thursday, September 25, 2025 10:29 PM
>>>>
>>>> On 25.09.2025 11:41, Penny, Zheng wrote:
>>>>>> -----Original Message-----
>>>>>> From: Jan Beulich <jbeulich@suse.com>
>>>>>> Sent: Thursday, September 11, 2025 9:30 PM
>>>>>>
>>>>>> On 10.09.2025 09:38, Penny Zheng wrote:
>>>>>>> --- a/xen/include/xsm/xsm.h
>>>>>>> +++ b/xen/include/xsm/xsm.h
>>>>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
>>>>>>> void (*security_domaininfo)(struct domain *d,
>>>>>>> struct xen_domctl_getdomaininfo *info);
>>>>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
>>>>>>> - int (*getdomaininfo)(struct domain *d);
>>>>>>> #ifdef CONFIG_MGMT_HYPERCALLS
>>>>>>> + int (*getdomaininfo)(struct domain *d);
>>>>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
>>>>>>> int (*sysctl_scheduler_op)(int op);
>>>>>>> int (*set_target)(struct domain *d, struct domain *e); @@
>>>>>>> -234,7
>>>>>>> +234,11 @@ static inline int xsm_domain_create(
>>>>>>>
>>>>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
>>>>>>> domain
>>>>>>> *d) {
>>>>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>>>>>> return alternative_call(xsm_ops.getdomaininfo, d);
>>>>>>> +#else
>>>>>>> + return -EOPNOTSUPP;
>>>>>>> +#endif
>>>>>>> }
>>>>>>
>>>>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
>>>>>> sysctl is hence already broken with the earlier series. Now the
>>>>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
>>>>>> really ought to extend to any operations available to other than the core
>> toolstack.
>>>>>> That's the Xenstore ones here, but also the ones used by qemu
>>>>>> (whether run in
>>>> Dom0 or a stubdom).
>>>>>
>>>>> Maybe not only limited to the core toolstack. In
>>>>> dom0less/hyperlaunched
>>>> scenarios, hypercalls are strictly limited. QEMU is also limited to
>>>> pvh machine type and with very restricted functionality(, only acting
>>>> as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini,
>>>> Stefano Am I understanding correctly and thoroughly about our scenario here for
>> upstream?
>>>>> Tracking the codes, if Xenstore is created as a stub domain, it
>>>>> requires
>>>> getdomaininfo-domctl to acquire related info. Sorry, I haven't found
>>>> how it was called in QEMU...
>>>>
>>>> It's not "it"; it's different ones. First and foremost I was thinking
>>>> of
>>>> * XEN_DOMCTL_ioport_mapping
>>>> * XEN_DOMCTL_memory_mapping
>>>> * XEN_DOMCTL_bind_pt_irq
>>>> * XEN_DOMCTL_unbind_pt_irq
>>>> but there may be others (albeit per the dummy xsm_domctl() this is
>>>> the full set). As a general criteria, anything using XSM_DM_PRIV
>>>> checking can in principle be called by qemu.
>>>>
>>>
>>> Understood.
>>> I assume that they are all for device passthrough. We are not accepting device
>> passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has
>> developed device passthrough through device tree to only accept "static
>> configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still
>> internal , it may be the only accept way to do device passthrough in
>> dom0less/hyperlaunch-ed scenario.
>>
>> Right, but no matter what your goals, the upstream contributions need to be self-
>> consistent. I.e. not (risk to) break other functionality. (Really the four domctl-s
>> mentioned above might better have been put elsewhere, e.g. as dm-ops. Moving
>> them may be an option here.)
>
> Understood.
> I'll move them all to the dm-ops
Before you do so, please consider the consequences, though (I said "may" for a
reason). Also please allow others to chime in. (In this context I notice that
several REST maintainers weren't even Cc-ed here, and hence may not have seen
the earlier discussion.)
One thing seems pretty clear to me: This work likely isn't going to be suitable
for 4.21 anymore. Hence we're back to considering alternatives to address the
still pending build issue. (My take on it remains: Revert the tail of the
sysctl work.) Adding Oleksii to Cc as well.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-26 7:14 ` Jan Beulich
@ 2025-09-26 8:22 ` Penny, Zheng
2025-09-26 8:30 ` Jan Beulich
2025-09-29 15:41 ` Oleksii Kurochko
1 sibling, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-09-26 8:22 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Andryuk, Jason, Andrew Cooper, Julien Grall, Stefano Stabellini,
Anthony PERARD, Orzel, Michal, Roger Pau Monné,
Oleksii Kurochko
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Friday, September 26, 2025 3:14 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org; Andryuk, Jason
> <Jason.Andryuk@amd.com>; Andrew Cooper <andrew.cooper3@citrix.com>;
> Julien Grall <julien@xen.org>; Stefano Stabellini <sstabellini@kernel.org>; Anthony
> PERARD <anthony.perard@vates.tech>; Orzel, Michal <Michal.Orzel@amd.com>;
> Roger Pau Monné <roger.pau@citrix.com>; Oleksii Kurochko
> <oleksii.kurochko@gmail.com>
> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
> CONFIG_MGMT_HYPERCALLS
>
> On 26.09.2025 08:57, Penny, Zheng wrote:
> >> -----Original Message-----
> >> From: Jan Beulich <jbeulich@suse.com>
> >> Sent: Friday, September 26, 2025 2:53 PM
> >>
> >> On 26.09.2025 06:41, Penny, Zheng wrote:
> >>>> -----Original Message-----
> >>>> From: Jan Beulich <jbeulich@suse.com>
> >>>> Sent: Thursday, September 25, 2025 10:29 PM
> >>>>
> >>>> On 25.09.2025 11:41, Penny, Zheng wrote:
> >>>>>> -----Original Message-----
> >>>>>> From: Jan Beulich <jbeulich@suse.com>
> >>>>>> Sent: Thursday, September 11, 2025 9:30 PM
> >>>>>>
> >>>>>> On 10.09.2025 09:38, Penny Zheng wrote:
> >>>>>>> --- a/xen/include/xsm/xsm.h
> >>>>>>> +++ b/xen/include/xsm/xsm.h
> >>>>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
> >>>>>>> void (*security_domaininfo)(struct domain *d,
> >>>>>>> struct xen_domctl_getdomaininfo *info);
> >>>>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
> >>>>>>> - int (*getdomaininfo)(struct domain *d);
> >>>>>>> #ifdef CONFIG_MGMT_HYPERCALLS
> >>>>>>> + int (*getdomaininfo)(struct domain *d);
> >>>>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
> >>>>>>> int (*sysctl_scheduler_op)(int op);
> >>>>>>> int (*set_target)(struct domain *d, struct domain *e); @@
> >>>>>>> -234,7
> >>>>>>> +234,11 @@ static inline int xsm_domain_create(
> >>>>>>>
> >>>>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
> >>>>>>> domain
> >>>>>>> *d) {
> >>>>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
> >>>>>>> return alternative_call(xsm_ops.getdomaininfo, d);
> >>>>>>> +#else
> >>>>>>> + return -EOPNOTSUPP;
> >>>>>>> +#endif
> >>>>>>> }
> >>>>>>
> >>>>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
> >>>>>> sysctl is hence already broken with the earlier series. Now the
> >>>>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
> >>>>>> really ought to extend to any operations available to other than
> >>>>>> the core
> >> toolstack.
> >>>>>> That's the Xenstore ones here, but also the ones used by qemu
> >>>>>> (whether run in
> >>>> Dom0 or a stubdom).
> >>>>>
> >>>>> Maybe not only limited to the core toolstack. In
> >>>>> dom0less/hyperlaunched
> >>>> scenarios, hypercalls are strictly limited. QEMU is also limited to
> >>>> pvh machine type and with very restricted functionality(, only
> >>>> acting as a few virtio-pci devices backend). @Andryuk, Jason
> >>>> @Stabellini, Stefano Am I understanding correctly and thoroughly
> >>>> about our scenario here for
> >> upstream?
> >>>>> Tracking the codes, if Xenstore is created as a stub domain, it
> >>>>> requires
> >>>> getdomaininfo-domctl to acquire related info. Sorry, I haven't
> >>>> found how it was called in QEMU...
> >>>>
> >>>> It's not "it"; it's different ones. First and foremost I was
> >>>> thinking of
> >>>> * XEN_DOMCTL_ioport_mapping
> >>>> * XEN_DOMCTL_memory_mapping
> >>>> * XEN_DOMCTL_bind_pt_irq
> >>>> * XEN_DOMCTL_unbind_pt_irq
> >>>> but there may be others (albeit per the dummy xsm_domctl() this is
> >>>> the full set). As a general criteria, anything using XSM_DM_PRIV
> >>>> checking can in principle be called by qemu.
> >>>>
> >>>
> >>> Understood.
> >>> I assume that they are all for device passthrough. We are not
> >>> accepting device
> >> passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios.
> >> Jason has developed device passthrough through device tree to only
> >> accept "static configured" passthrough in dom0less/hyperlaunch-ed
> >> scenario, while it is still internal , it may be the only accept way
> >> to do device passthrough in dom0less/hyperlaunch-ed scenario.
> >>
> >> Right, but no matter what your goals, the upstream contributions need
> >> to be self- consistent. I.e. not (risk to) break other functionality.
> >> (Really the four domctl-s mentioned above might better have been put
> >> elsewhere, e.g. as dm-ops. Moving them may be an option here.)
> >
> > Understood.
> > I'll move them all to the dm-ops
>
> Before you do so, please consider the consequences, though (I said "may" for a
> reason). Also please allow others to chime in. (In this context I notice that several
> REST maintainers weren't even Cc-ed here, and hence may not have seen the
> earlier discussion.)
>
Sorry, what I really mean is that I'm going to investigate the actual work required for moving these four hypercalls to dm-ops. Then I could go back to the discussion to have a clearer view. To be clear, you are suggesting ABI change, like XEN_DOMCTL_ioport_mapping to XEN_DMOP_ioport_mapping, or new ABI added?
> One thing seems pretty clear to me: This work likely isn't going to be suitable for
> 4.21 anymore. Hence we're back to considering alternatives to address the still
> pending build issue. (My take on it remains: Revert the tail of the sysctl work.)
> Adding Oleksii to Cc as well.
>
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-26 8:22 ` Penny, Zheng
@ 2025-09-26 8:30 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-26 8:30 UTC (permalink / raw)
To: Penny, Zheng
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Andryuk, Jason, Andrew Cooper, Julien Grall, Stefano Stabellini,
Anthony PERARD, Orzel, Michal, Roger Pau Monné,
Oleksii Kurochko
On 26.09.2025 10:22, Penny, Zheng wrote:
> [Public]
>
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Friday, September 26, 2025 3:14 PM
>> To: Penny, Zheng <penny.zheng@amd.com>
>> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
>> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org; Andryuk, Jason
>> <Jason.Andryuk@amd.com>; Andrew Cooper <andrew.cooper3@citrix.com>;
>> Julien Grall <julien@xen.org>; Stefano Stabellini <sstabellini@kernel.org>; Anthony
>> PERARD <anthony.perard@vates.tech>; Orzel, Michal <Michal.Orzel@amd.com>;
>> Roger Pau Monné <roger.pau@citrix.com>; Oleksii Kurochko
>> <oleksii.kurochko@gmail.com>
>> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
>> CONFIG_MGMT_HYPERCALLS
>>
>> On 26.09.2025 08:57, Penny, Zheng wrote:
>>>> -----Original Message-----
>>>> From: Jan Beulich <jbeulich@suse.com>
>>>> Sent: Friday, September 26, 2025 2:53 PM
>>>>
>>>> On 26.09.2025 06:41, Penny, Zheng wrote:
>>>>>> -----Original Message-----
>>>>>> From: Jan Beulich <jbeulich@suse.com>
>>>>>> Sent: Thursday, September 25, 2025 10:29 PM
>>>>>>
>>>>>> On 25.09.2025 11:41, Penny, Zheng wrote:
>>>>>>>> -----Original Message-----
>>>>>>>> From: Jan Beulich <jbeulich@suse.com>
>>>>>>>> Sent: Thursday, September 11, 2025 9:30 PM
>>>>>>>>
>>>>>>>> On 10.09.2025 09:38, Penny Zheng wrote:
>>>>>>>>> --- a/xen/include/xsm/xsm.h
>>>>>>>>> +++ b/xen/include/xsm/xsm.h
>>>>>>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
>>>>>>>>> void (*security_domaininfo)(struct domain *d,
>>>>>>>>> struct xen_domctl_getdomaininfo *info);
>>>>>>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
>>>>>>>>> - int (*getdomaininfo)(struct domain *d);
>>>>>>>>> #ifdef CONFIG_MGMT_HYPERCALLS
>>>>>>>>> + int (*getdomaininfo)(struct domain *d);
>>>>>>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
>>>>>>>>> int (*sysctl_scheduler_op)(int op);
>>>>>>>>> int (*set_target)(struct domain *d, struct domain *e); @@
>>>>>>>>> -234,7
>>>>>>>>> +234,11 @@ static inline int xsm_domain_create(
>>>>>>>>>
>>>>>>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
>>>>>>>>> domain
>>>>>>>>> *d) {
>>>>>>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>>>>>>>> return alternative_call(xsm_ops.getdomaininfo, d);
>>>>>>>>> +#else
>>>>>>>>> + return -EOPNOTSUPP;
>>>>>>>>> +#endif
>>>>>>>>> }
>>>>>>>>
>>>>>>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
>>>>>>>> sysctl is hence already broken with the earlier series. Now the
>>>>>>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
>>>>>>>> really ought to extend to any operations available to other than
>>>>>>>> the core
>>>> toolstack.
>>>>>>>> That's the Xenstore ones here, but also the ones used by qemu
>>>>>>>> (whether run in
>>>>>> Dom0 or a stubdom).
>>>>>>>
>>>>>>> Maybe not only limited to the core toolstack. In
>>>>>>> dom0less/hyperlaunched
>>>>>> scenarios, hypercalls are strictly limited. QEMU is also limited to
>>>>>> pvh machine type and with very restricted functionality(, only
>>>>>> acting as a few virtio-pci devices backend). @Andryuk, Jason
>>>>>> @Stabellini, Stefano Am I understanding correctly and thoroughly
>>>>>> about our scenario here for
>>>> upstream?
>>>>>>> Tracking the codes, if Xenstore is created as a stub domain, it
>>>>>>> requires
>>>>>> getdomaininfo-domctl to acquire related info. Sorry, I haven't
>>>>>> found how it was called in QEMU...
>>>>>>
>>>>>> It's not "it"; it's different ones. First and foremost I was
>>>>>> thinking of
>>>>>> * XEN_DOMCTL_ioport_mapping
>>>>>> * XEN_DOMCTL_memory_mapping
>>>>>> * XEN_DOMCTL_bind_pt_irq
>>>>>> * XEN_DOMCTL_unbind_pt_irq
>>>>>> but there may be others (albeit per the dummy xsm_domctl() this is
>>>>>> the full set). As a general criteria, anything using XSM_DM_PRIV
>>>>>> checking can in principle be called by qemu.
>>>>>>
>>>>>
>>>>> Understood.
>>>>> I assume that they are all for device passthrough. We are not
>>>>> accepting device
>>>> passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios.
>>>> Jason has developed device passthrough through device tree to only
>>>> accept "static configured" passthrough in dom0less/hyperlaunch-ed
>>>> scenario, while it is still internal , it may be the only accept way
>>>> to do device passthrough in dom0less/hyperlaunch-ed scenario.
>>>>
>>>> Right, but no matter what your goals, the upstream contributions need
>>>> to be self- consistent. I.e. not (risk to) break other functionality.
>>>> (Really the four domctl-s mentioned above might better have been put
>>>> elsewhere, e.g. as dm-ops. Moving them may be an option here.)
>>>
>>> Understood.
>>> I'll move them all to the dm-ops
>>
>> Before you do so, please consider the consequences, though (I said "may" for a
>> reason). Also please allow others to chime in. (In this context I notice that several
>> REST maintainers weren't even Cc-ed here, and hence may not have seen the
>> earlier discussion.)
>>
>
> Sorry, what I really mean is that I'm going to investigate the actual work required for moving these four hypercalls to dm-ops. Then I could go back to the discussion to have a clearer view. To be clear, you are suggesting ABI change, like XEN_DOMCTL_ioport_mapping to XEN_DMOP_ioport_mapping, or new ABI added?
Well, merely adding new ABIs wouldn't address the problem, would it? You'd
need to make sure the old ABIs aren't used anymore by up-to-date code, at
which point the old domctl sub-ops could as well go away. A follow-on
question then would be whether retaining the wrappers in libxc is
appropriate; aiui dm-ops are rather intended to be dealt with in
libxendevicemodel. Yet moving things between libraries can (will?) break
consumers of the libraries.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-26 7:14 ` Jan Beulich
2025-09-26 8:22 ` Penny, Zheng
@ 2025-09-29 15:41 ` Oleksii Kurochko
1 sibling, 0 replies; 102+ messages in thread
From: Oleksii Kurochko @ 2025-09-29 15:41 UTC (permalink / raw)
To: Jan Beulich, Penny, Zheng
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Andryuk, Jason, Andrew Cooper, Julien Grall, Stefano Stabellini,
Anthony PERARD, Michal Orzel, Roger Pau Monné
[-- Attachment #1: Type: text/plain, Size: 4748 bytes --]
On 9/26/25 9:14 AM, Jan Beulich wrote:
> On 26.09.2025 08:57, Penny, Zheng wrote:
>>> -----Original Message-----
>>> From: Jan Beulich<jbeulich@suse.com>
>>> Sent: Friday, September 26, 2025 2:53 PM
>>>
>>> On 26.09.2025 06:41, Penny, Zheng wrote:
>>>>> -----Original Message-----
>>>>> From: Jan Beulich<jbeulich@suse.com>
>>>>> Sent: Thursday, September 25, 2025 10:29 PM
>>>>>
>>>>> On 25.09.2025 11:41, Penny, Zheng wrote:
>>>>>>> -----Original Message-----
>>>>>>> From: Jan Beulich<jbeulich@suse.com>
>>>>>>> Sent: Thursday, September 11, 2025 9:30 PM
>>>>>>>
>>>>>>> On 10.09.2025 09:38, Penny Zheng wrote:
>>>>>>>> --- a/xen/include/xsm/xsm.h
>>>>>>>> +++ b/xen/include/xsm/xsm.h
>>>>>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
>>>>>>>> void (*security_domaininfo)(struct domain *d,
>>>>>>>> struct xen_domctl_getdomaininfo *info);
>>>>>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
>>>>>>>> - int (*getdomaininfo)(struct domain *d);
>>>>>>>> #ifdef CONFIG_MGMT_HYPERCALLS
>>>>>>>> + int (*getdomaininfo)(struct domain *d);
>>>>>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
>>>>>>>> int (*sysctl_scheduler_op)(int op);
>>>>>>>> int (*set_target)(struct domain *d, struct domain *e); @@
>>>>>>>> -234,7
>>>>>>>> +234,11 @@ static inline int xsm_domain_create(
>>>>>>>>
>>>>>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
>>>>>>>> domain
>>>>>>>> *d) {
>>>>>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>>>>>>> return alternative_call(xsm_ops.getdomaininfo, d);
>>>>>>>> +#else
>>>>>>>> + return -EOPNOTSUPP;
>>>>>>>> +#endif
>>>>>>>> }
>>>>>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
>>>>>>> sysctl is hence already broken with the earlier series. Now the
>>>>>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
>>>>>>> really ought to extend to any operations available to other than the core
>>> toolstack.
>>>>>>> That's the Xenstore ones here, but also the ones used by qemu
>>>>>>> (whether run in
>>>>> Dom0 or a stubdom).
>>>>>> Maybe not only limited to the core toolstack. In
>>>>>> dom0less/hyperlaunched
>>>>> scenarios, hypercalls are strictly limited. QEMU is also limited to
>>>>> pvh machine type and with very restricted functionality(, only acting
>>>>> as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini,
>>>>> Stefano Am I understanding correctly and thoroughly about our scenario here for
>>> upstream?
>>>>>> Tracking the codes, if Xenstore is created as a stub domain, it
>>>>>> requires
>>>>> getdomaininfo-domctl to acquire related info. Sorry, I haven't found
>>>>> how it was called in QEMU...
>>>>>
>>>>> It's not "it"; it's different ones. First and foremost I was thinking
>>>>> of
>>>>> * XEN_DOMCTL_ioport_mapping
>>>>> * XEN_DOMCTL_memory_mapping
>>>>> * XEN_DOMCTL_bind_pt_irq
>>>>> * XEN_DOMCTL_unbind_pt_irq
>>>>> but there may be others (albeit per the dummy xsm_domctl() this is
>>>>> the full set). As a general criteria, anything using XSM_DM_PRIV
>>>>> checking can in principle be called by qemu.
>>>>>
>>>> Understood.
>>>> I assume that they are all for device passthrough. We are not accepting device
>>> passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has
>>> developed device passthrough through device tree to only accept "static
>>> configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still
>>> internal , it may be the only accept way to do device passthrough in
>>> dom0less/hyperlaunch-ed scenario.
>>>
>>> Right, but no matter what your goals, the upstream contributions need to be self-
>>> consistent. I.e. not (risk to) break other functionality. (Really the four domctl-s
>>> mentioned above might better have been put elsewhere, e.g. as dm-ops. Moving
>>> them may be an option here.)
>> Understood.
>> I'll move them all to the dm-ops
> Before you do so, please consider the consequences, though (I said "may" for a
> reason). Also please allow others to chime in. (In this context I notice that
> several REST maintainers weren't even Cc-ed here, and hence may not have seen
> the earlier discussion.)
>
> One thing seems pretty clear to me: This work likely isn't going to be suitable
> for 4.21 anymore. Hence we're back to considering alternatives to address the
> still pending build issue. (My take on it remains: Revert the tail of the
> sysctl work.) Adding Oleksii to Cc as well.
I agree, the patch series is still quite far from being ready to merge.
So let’s consider it for the next release.
As mentioned in the earlier (related) patch series, reverting the tail of the
sysctl work is still, in my opinion, the best option.
~ Oleksii
[-- Attachment #2: Type: text/html, Size: 6680 bytes --]
^ permalink raw reply [flat|nested] 102+ messages in thread
* RE: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-26 6:57 ` Penny, Zheng
2025-09-26 7:14 ` Jan Beulich
@ 2025-09-26 19:24 ` Stefano Stabellini
2025-09-28 14:38 ` Jan Beulich
1 sibling, 1 reply; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-26 19:24 UTC (permalink / raw)
To: Penny, Zheng
Cc: Jan Beulich, Huang, Ray, Daniel P. Smith,
xen-devel@lists.xenproject.org, Stabellini, Stefano,
Andryuk, Jason
On Thu, 25 Sep 2025, Penny, Zheng wrote:
> > -----Original Message-----
> > From: Jan Beulich <jbeulich@suse.com>
> > Sent: Friday, September 26, 2025 2:53 PM
> > To: Penny, Zheng <penny.zheng@amd.com>
> > Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
> > <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org; Stabellini,
> > Stefano <stefano.stabellini@amd.com>; Andryuk, Jason
> > <Jason.Andryuk@amd.com>
> > Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
> > CONFIG_MGMT_HYPERCALLS
> >
> > On 26.09.2025 06:41, Penny, Zheng wrote:
> > >> -----Original Message-----
> > >> From: Jan Beulich <jbeulich@suse.com>
> > >> Sent: Thursday, September 25, 2025 10:29 PM
> > >>
> > >> On 25.09.2025 11:41, Penny, Zheng wrote:
> > >>>> -----Original Message-----
> > >>>> From: Jan Beulich <jbeulich@suse.com>
> > >>>> Sent: Thursday, September 11, 2025 9:30 PM
> > >>>>
> > >>>> On 10.09.2025 09:38, Penny Zheng wrote:
> > >>>>> --- a/xen/include/xsm/xsm.h
> > >>>>> +++ b/xen/include/xsm/xsm.h
> > >>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
> > >>>>> void (*security_domaininfo)(struct domain *d,
> > >>>>> struct xen_domctl_getdomaininfo *info);
> > >>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
> > >>>>> - int (*getdomaininfo)(struct domain *d);
> > >>>>> #ifdef CONFIG_MGMT_HYPERCALLS
> > >>>>> + int (*getdomaininfo)(struct domain *d);
> > >>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
> > >>>>> int (*sysctl_scheduler_op)(int op);
> > >>>>> int (*set_target)(struct domain *d, struct domain *e); @@
> > >>>>> -234,7
> > >>>>> +234,11 @@ static inline int xsm_domain_create(
> > >>>>>
> > >>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
> > >>>>> domain
> > >>>>> *d) {
> > >>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
> > >>>>> return alternative_call(xsm_ops.getdomaininfo, d);
> > >>>>> +#else
> > >>>>> + return -EOPNOTSUPP;
> > >>>>> +#endif
> > >>>>> }
> > >>>>
> > >>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
> > >>>> sysctl is hence already broken with the earlier series. Now the
> > >>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
> > >>>> really ought to extend to any operations available to other than the core
> > toolstack.
> > >>>> That's the Xenstore ones here, but also the ones used by qemu
> > >>>> (whether run in
> > >> Dom0 or a stubdom).
> > >>>
> > >>> Maybe not only limited to the core toolstack. In
> > >>> dom0less/hyperlaunched
> > >> scenarios, hypercalls are strictly limited. QEMU is also limited to
> > >> pvh machine type and with very restricted functionality(, only acting
> > >> as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini,
> > >> Stefano Am I understanding correctly and thoroughly about our scenario here for
> > upstream?
> > >>> Tracking the codes, if Xenstore is created as a stub domain, it
> > >>> requires
> > >> getdomaininfo-domctl to acquire related info. Sorry, I haven't found
> > >> how it was called in QEMU...
> > >>
> > >> It's not "it"; it's different ones. First and foremost I was thinking
> > >> of
> > >> * XEN_DOMCTL_ioport_mapping
> > >> * XEN_DOMCTL_memory_mapping
> > >> * XEN_DOMCTL_bind_pt_irq
> > >> * XEN_DOMCTL_unbind_pt_irq
> > >> but there may be others (albeit per the dummy xsm_domctl() this is
> > >> the full set). As a general criteria, anything using XSM_DM_PRIV
> > >> checking can in principle be called by qemu.
> > >>
> > >
> > > Understood.
> > > I assume that they are all for device passthrough. We are not accepting device
> > passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has
> > developed device passthrough through device tree to only accept "static
> > configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still
> > internal , it may be the only accept way to do device passthrough in
> > dom0less/hyperlaunch-ed scenario.
> >
> > Right, but no matter what your goals, the upstream contributions need to be self-
> > consistent. I.e. not (risk to) break other functionality. (Really the four domctl-s
> > mentioned above might better have been put elsewhere, e.g. as dm-ops. Moving
> > them may be an option here.)
>
> Understood.
> I'll move them all to the dm-ops
Hi Penny, Jan, I advise against this.
I think it is clear that there are open questions on how to deal with
the safety scenarios. I briefly mentioned some of the issues last week
at Xen Summit. One example is the listdomains hypercall that should be
available to the control domain. We cannot resolve all problems with
this patch series. I think we should follow a simpler plan:
1) introduce CONFIG_MGMT_HYPERCALLS the way this patch series does,
removing all domctls and sysctls
2) make further adjustments, such as making available the listdomains
hypercall and/or the hypercalls listed by Jan as a second step after
it
This is because 1) is already a major improvement that might even be
enough in the simpler deployment scenarios.
So I advise against making this series more complex and instead just
focusing on removing all sysctls and domctls the way it is already
doing. This is regardless of the Xen release schedule.
As it happens, my suggestion would also make it more suitable for 4.21.
At the same time, I realize it is coming later than expected so I
understand if Oleksii and Jan prefer to postpone it after the 4.21
release regardless.
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-26 19:24 ` Stefano Stabellini
@ 2025-09-28 14:38 ` Jan Beulich
2025-09-29 16:59 ` Stefano Stabellini
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-28 14:38 UTC (permalink / raw)
To: Stefano Stabellini, Penny, Zheng
Cc: Huang, Ray, Daniel P. Smith, xen-devel@lists.xenproject.org,
Stabellini, Stefano, Andryuk, Jason
On 26.09.2025 21:24, Stefano Stabellini wrote:
> On Thu, 25 Sep 2025, Penny, Zheng wrote:
>>> -----Original Message-----
>>> From: Jan Beulich <jbeulich@suse.com>
>>> Sent: Friday, September 26, 2025 2:53 PM
>>> To: Penny, Zheng <penny.zheng@amd.com>
>>> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
>>> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org; Stabellini,
>>> Stefano <stefano.stabellini@amd.com>; Andryuk, Jason
>>> <Jason.Andryuk@amd.com>
>>> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
>>> CONFIG_MGMT_HYPERCALLS
>>>
>>> On 26.09.2025 06:41, Penny, Zheng wrote:
>>>>> -----Original Message-----
>>>>> From: Jan Beulich <jbeulich@suse.com>
>>>>> Sent: Thursday, September 25, 2025 10:29 PM
>>>>>
>>>>> On 25.09.2025 11:41, Penny, Zheng wrote:
>>>>>>> -----Original Message-----
>>>>>>> From: Jan Beulich <jbeulich@suse.com>
>>>>>>> Sent: Thursday, September 11, 2025 9:30 PM
>>>>>>>
>>>>>>> On 10.09.2025 09:38, Penny Zheng wrote:
>>>>>>>> --- a/xen/include/xsm/xsm.h
>>>>>>>> +++ b/xen/include/xsm/xsm.h
>>>>>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
>>>>>>>> void (*security_domaininfo)(struct domain *d,
>>>>>>>> struct xen_domctl_getdomaininfo *info);
>>>>>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
>>>>>>>> - int (*getdomaininfo)(struct domain *d);
>>>>>>>> #ifdef CONFIG_MGMT_HYPERCALLS
>>>>>>>> + int (*getdomaininfo)(struct domain *d);
>>>>>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
>>>>>>>> int (*sysctl_scheduler_op)(int op);
>>>>>>>> int (*set_target)(struct domain *d, struct domain *e); @@
>>>>>>>> -234,7
>>>>>>>> +234,11 @@ static inline int xsm_domain_create(
>>>>>>>>
>>>>>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
>>>>>>>> domain
>>>>>>>> *d) {
>>>>>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
>>>>>>>> return alternative_call(xsm_ops.getdomaininfo, d);
>>>>>>>> +#else
>>>>>>>> + return -EOPNOTSUPP;
>>>>>>>> +#endif
>>>>>>>> }
>>>>>>>
>>>>>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
>>>>>>> sysctl is hence already broken with the earlier series. Now the
>>>>>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
>>>>>>> really ought to extend to any operations available to other than the core
>>> toolstack.
>>>>>>> That's the Xenstore ones here, but also the ones used by qemu
>>>>>>> (whether run in
>>>>> Dom0 or a stubdom).
>>>>>>
>>>>>> Maybe not only limited to the core toolstack. In
>>>>>> dom0less/hyperlaunched
>>>>> scenarios, hypercalls are strictly limited. QEMU is also limited to
>>>>> pvh machine type and with very restricted functionality(, only acting
>>>>> as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini,
>>>>> Stefano Am I understanding correctly and thoroughly about our scenario here for
>>> upstream?
>>>>>> Tracking the codes, if Xenstore is created as a stub domain, it
>>>>>> requires
>>>>> getdomaininfo-domctl to acquire related info. Sorry, I haven't found
>>>>> how it was called in QEMU...
>>>>>
>>>>> It's not "it"; it's different ones. First and foremost I was thinking
>>>>> of
>>>>> * XEN_DOMCTL_ioport_mapping
>>>>> * XEN_DOMCTL_memory_mapping
>>>>> * XEN_DOMCTL_bind_pt_irq
>>>>> * XEN_DOMCTL_unbind_pt_irq
>>>>> but there may be others (albeit per the dummy xsm_domctl() this is
>>>>> the full set). As a general criteria, anything using XSM_DM_PRIV
>>>>> checking can in principle be called by qemu.
>>>>>
>>>>
>>>> Understood.
>>>> I assume that they are all for device passthrough. We are not accepting device
>>> passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has
>>> developed device passthrough through device tree to only accept "static
>>> configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still
>>> internal , it may be the only accept way to do device passthrough in
>>> dom0less/hyperlaunch-ed scenario.
>>>
>>> Right, but no matter what your goals, the upstream contributions need to be self-
>>> consistent. I.e. not (risk to) break other functionality. (Really the four domctl-s
>>> mentioned above might better have been put elsewhere, e.g. as dm-ops. Moving
>>> them may be an option here.)
>>
>> Understood.
>> I'll move them all to the dm-ops
>
> Hi Penny, Jan, I advise against this.
>
> I think it is clear that there are open questions on how to deal with
> the safety scenarios. I briefly mentioned some of the issues last week
> at Xen Summit. One example is the listdomains hypercall that should be
> available to the control domain. We cannot resolve all problems with
> this patch series. I think we should follow a simpler plan:
>
> 1) introduce CONFIG_MGMT_HYPERCALLS the way this patch series does,
> removing all domctls and sysctls
>
> 2) make further adjustments, such as making available the listdomains
> hypercall and/or the hypercalls listed by Jan as a second step after
> it
I'm going to be okay-ish with that as long as the help text of the Kconfig
option clearly mentions those extra pitfalls.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-28 14:38 ` Jan Beulich
@ 2025-09-29 16:59 ` Stefano Stabellini
2025-09-29 17:04 ` Stefano Stabellini
0 siblings, 1 reply; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-29 16:59 UTC (permalink / raw)
To: Jan Beulich
Cc: Stefano Stabellini, Penny, Zheng, Huang, Ray, Daniel P. Smith,
xen-devel@lists.xenproject.org, Stabellini, Stefano,
Andryuk, Jason
On Sun, 28 Sep 2025, Jan Beulich wrote:
> On 26.09.2025 21:24, Stefano Stabellini wrote:
> > On Thu, 25 Sep 2025, Penny, Zheng wrote:
> >>> -----Original Message-----
> >>> From: Jan Beulich <jbeulich@suse.com>
> >>> Sent: Friday, September 26, 2025 2:53 PM
> >>> To: Penny, Zheng <penny.zheng@amd.com>
> >>> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
> >>> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org; Stabellini,
> >>> Stefano <stefano.stabellini@amd.com>; Andryuk, Jason
> >>> <Jason.Andryuk@amd.com>
> >>> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
> >>> CONFIG_MGMT_HYPERCALLS
> >>>
> >>> On 26.09.2025 06:41, Penny, Zheng wrote:
> >>>>> -----Original Message-----
> >>>>> From: Jan Beulich <jbeulich@suse.com>
> >>>>> Sent: Thursday, September 25, 2025 10:29 PM
> >>>>>
> >>>>> On 25.09.2025 11:41, Penny, Zheng wrote:
> >>>>>>> -----Original Message-----
> >>>>>>> From: Jan Beulich <jbeulich@suse.com>
> >>>>>>> Sent: Thursday, September 11, 2025 9:30 PM
> >>>>>>>
> >>>>>>> On 10.09.2025 09:38, Penny Zheng wrote:
> >>>>>>>> --- a/xen/include/xsm/xsm.h
> >>>>>>>> +++ b/xen/include/xsm/xsm.h
> >>>>>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
> >>>>>>>> void (*security_domaininfo)(struct domain *d,
> >>>>>>>> struct xen_domctl_getdomaininfo *info);
> >>>>>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
> >>>>>>>> - int (*getdomaininfo)(struct domain *d);
> >>>>>>>> #ifdef CONFIG_MGMT_HYPERCALLS
> >>>>>>>> + int (*getdomaininfo)(struct domain *d);
> >>>>>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
> >>>>>>>> int (*sysctl_scheduler_op)(int op);
> >>>>>>>> int (*set_target)(struct domain *d, struct domain *e); @@
> >>>>>>>> -234,7
> >>>>>>>> +234,11 @@ static inline int xsm_domain_create(
> >>>>>>>>
> >>>>>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
> >>>>>>>> domain
> >>>>>>>> *d) {
> >>>>>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
> >>>>>>>> return alternative_call(xsm_ops.getdomaininfo, d);
> >>>>>>>> +#else
> >>>>>>>> + return -EOPNOTSUPP;
> >>>>>>>> +#endif
> >>>>>>>> }
> >>>>>>>
> >>>>>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
> >>>>>>> sysctl is hence already broken with the earlier series. Now the
> >>>>>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
> >>>>>>> really ought to extend to any operations available to other than the core
> >>> toolstack.
> >>>>>>> That's the Xenstore ones here, but also the ones used by qemu
> >>>>>>> (whether run in
> >>>>> Dom0 or a stubdom).
> >>>>>>
> >>>>>> Maybe not only limited to the core toolstack. In
> >>>>>> dom0less/hyperlaunched
> >>>>> scenarios, hypercalls are strictly limited. QEMU is also limited to
> >>>>> pvh machine type and with very restricted functionality(, only acting
> >>>>> as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini,
> >>>>> Stefano Am I understanding correctly and thoroughly about our scenario here for
> >>> upstream?
> >>>>>> Tracking the codes, if Xenstore is created as a stub domain, it
> >>>>>> requires
> >>>>> getdomaininfo-domctl to acquire related info. Sorry, I haven't found
> >>>>> how it was called in QEMU...
> >>>>>
> >>>>> It's not "it"; it's different ones. First and foremost I was thinking
> >>>>> of
> >>>>> * XEN_DOMCTL_ioport_mapping
> >>>>> * XEN_DOMCTL_memory_mapping
> >>>>> * XEN_DOMCTL_bind_pt_irq
> >>>>> * XEN_DOMCTL_unbind_pt_irq
> >>>>> but there may be others (albeit per the dummy xsm_domctl() this is
> >>>>> the full set). As a general criteria, anything using XSM_DM_PRIV
> >>>>> checking can in principle be called by qemu.
> >>>>>
> >>>>
> >>>> Understood.
> >>>> I assume that they are all for device passthrough. We are not accepting device
> >>> passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has
> >>> developed device passthrough through device tree to only accept "static
> >>> configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still
> >>> internal , it may be the only accept way to do device passthrough in
> >>> dom0less/hyperlaunch-ed scenario.
> >>>
> >>> Right, but no matter what your goals, the upstream contributions need to be self-
> >>> consistent. I.e. not (risk to) break other functionality. (Really the four domctl-s
> >>> mentioned above might better have been put elsewhere, e.g. as dm-ops. Moving
> >>> them may be an option here.)
> >>
> >> Understood.
> >> I'll move them all to the dm-ops
> >
> > Hi Penny, Jan, I advise against this.
> >
> > I think it is clear that there are open questions on how to deal with
> > the safety scenarios. I briefly mentioned some of the issues last week
> > at Xen Summit. One example is the listdomains hypercall that should be
> > available to the control domain. We cannot resolve all problems with
> > this patch series. I think we should follow a simpler plan:
> >
> > 1) introduce CONFIG_MGMT_HYPERCALLS the way this patch series does,
> > removing all domctls and sysctls
> >
> > 2) make further adjustments, such as making available the listdomains
> > hypercall and/or the hypercalls listed by Jan as a second step after
> > it
>
> I'm going to be okay-ish with that as long as the help text of the Kconfig
> option clearly mentions those extra pitfalls.
+0
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with CONFIG_MGMT_HYPERCALLS
2025-09-29 16:59 ` Stefano Stabellini
@ 2025-09-29 17:04 ` Stefano Stabellini
0 siblings, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-29 17:04 UTC (permalink / raw)
To: Stefano Stabellini
Cc: Jan Beulich, Penny, Zheng, Huang, Ray, Daniel P. Smith,
xen-devel@lists.xenproject.org, Stabellini, Stefano,
Andryuk, Jason
On Mon, 29 Sep 2025, Stefano Stabellini wrote:
> On Sun, 28 Sep 2025, Jan Beulich wrote:
> > On 26.09.2025 21:24, Stefano Stabellini wrote:
> > > On Thu, 25 Sep 2025, Penny, Zheng wrote:
> > >>> -----Original Message-----
> > >>> From: Jan Beulich <jbeulich@suse.com>
> > >>> Sent: Friday, September 26, 2025 2:53 PM
> > >>> To: Penny, Zheng <penny.zheng@amd.com>
> > >>> Cc: Huang, Ray <Ray.Huang@amd.com>; Daniel P. Smith
> > >>> <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org; Stabellini,
> > >>> Stefano <stefano.stabellini@amd.com>; Andryuk, Jason
> > >>> <Jason.Andryuk@amd.com>
> > >>> Subject: Re: [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() with
> > >>> CONFIG_MGMT_HYPERCALLS
> > >>>
> > >>> On 26.09.2025 06:41, Penny, Zheng wrote:
> > >>>>> -----Original Message-----
> > >>>>> From: Jan Beulich <jbeulich@suse.com>
> > >>>>> Sent: Thursday, September 25, 2025 10:29 PM
> > >>>>>
> > >>>>> On 25.09.2025 11:41, Penny, Zheng wrote:
> > >>>>>>> -----Original Message-----
> > >>>>>>> From: Jan Beulich <jbeulich@suse.com>
> > >>>>>>> Sent: Thursday, September 11, 2025 9:30 PM
> > >>>>>>>
> > >>>>>>> On 10.09.2025 09:38, Penny Zheng wrote:
> > >>>>>>>> --- a/xen/include/xsm/xsm.h
> > >>>>>>>> +++ b/xen/include/xsm/xsm.h
> > >>>>>>>> @@ -55,8 +55,8 @@ struct xsm_ops {
> > >>>>>>>> void (*security_domaininfo)(struct domain *d,
> > >>>>>>>> struct xen_domctl_getdomaininfo *info);
> > >>>>>>>> int (*domain_create)(struct domain *d, uint32_t ssidref);
> > >>>>>>>> - int (*getdomaininfo)(struct domain *d);
> > >>>>>>>> #ifdef CONFIG_MGMT_HYPERCALLS
> > >>>>>>>> + int (*getdomaininfo)(struct domain *d);
> > >>>>>>>> int (*domctl_scheduler_op)(struct domain *d, int op);
> > >>>>>>>> int (*sysctl_scheduler_op)(int op);
> > >>>>>>>> int (*set_target)(struct domain *d, struct domain *e); @@
> > >>>>>>>> -234,7
> > >>>>>>>> +234,11 @@ static inline int xsm_domain_create(
> > >>>>>>>>
> > >>>>>>>> static inline int xsm_getdomaininfo(xsm_default_t def, struct
> > >>>>>>>> domain
> > >>>>>>>> *d) {
> > >>>>>>>> +#ifdef CONFIG_MGMT_HYPERCALLS
> > >>>>>>>> return alternative_call(xsm_ops.getdomaininfo, d);
> > >>>>>>>> +#else
> > >>>>>>>> + return -EOPNOTSUPP;
> > >>>>>>>> +#endif
> > >>>>>>>> }
> > >>>>>>>
> > >>>>>>> This is in use by a Xenstore sysctl and a Xenstore domctl. The
> > >>>>>>> sysctl is hence already broken with the earlier series. Now the
> > >>>>>>> domctl is also being screwed up. I don't think MGMT_HYPERCALLS
> > >>>>>>> really ought to extend to any operations available to other than the core
> > >>> toolstack.
> > >>>>>>> That's the Xenstore ones here, but also the ones used by qemu
> > >>>>>>> (whether run in
> > >>>>> Dom0 or a stubdom).
> > >>>>>>
> > >>>>>> Maybe not only limited to the core toolstack. In
> > >>>>>> dom0less/hyperlaunched
> > >>>>> scenarios, hypercalls are strictly limited. QEMU is also limited to
> > >>>>> pvh machine type and with very restricted functionality(, only acting
> > >>>>> as a few virtio-pci devices backend). @Andryuk, Jason @Stabellini,
> > >>>>> Stefano Am I understanding correctly and thoroughly about our scenario here for
> > >>> upstream?
> > >>>>>> Tracking the codes, if Xenstore is created as a stub domain, it
> > >>>>>> requires
> > >>>>> getdomaininfo-domctl to acquire related info. Sorry, I haven't found
> > >>>>> how it was called in QEMU...
> > >>>>>
> > >>>>> It's not "it"; it's different ones. First and foremost I was thinking
> > >>>>> of
> > >>>>> * XEN_DOMCTL_ioport_mapping
> > >>>>> * XEN_DOMCTL_memory_mapping
> > >>>>> * XEN_DOMCTL_bind_pt_irq
> > >>>>> * XEN_DOMCTL_unbind_pt_irq
> > >>>>> but there may be others (albeit per the dummy xsm_domctl() this is
> > >>>>> the full set). As a general criteria, anything using XSM_DM_PRIV
> > >>>>> checking can in principle be called by qemu.
> > >>>>>
> > >>>>
> > >>>> Understood.
> > >>>> I assume that they are all for device passthrough. We are not accepting device
> > >>> passthrough via core toolstack in dom0less/hyperlaunch-ed scenarios. Jason has
> > >>> developed device passthrough through device tree to only accept "static
> > >>> configured" passthrough in dom0less/hyperlaunch-ed scenario, while it is still
> > >>> internal , it may be the only accept way to do device passthrough in
> > >>> dom0less/hyperlaunch-ed scenario.
> > >>>
> > >>> Right, but no matter what your goals, the upstream contributions need to be self-
> > >>> consistent. I.e. not (risk to) break other functionality. (Really the four domctl-s
> > >>> mentioned above might better have been put elsewhere, e.g. as dm-ops. Moving
> > >>> them may be an option here.)
> > >>
> > >> Understood.
> > >> I'll move them all to the dm-ops
> > >
> > > Hi Penny, Jan, I advise against this.
> > >
> > > I think it is clear that there are open questions on how to deal with
> > > the safety scenarios. I briefly mentioned some of the issues last week
> > > at Xen Summit. One example is the listdomains hypercall that should be
> > > available to the control domain. We cannot resolve all problems with
> > > this patch series. I think we should follow a simpler plan:
> > >
> > > 1) introduce CONFIG_MGMT_HYPERCALLS the way this patch series does,
> > > removing all domctls and sysctls
> > >
> > > 2) make further adjustments, such as making available the listdomains
> > > hypercall and/or the hypercalls listed by Jan as a second step after
> > > it
> >
> > I'm going to be okay-ish with that as long as the help text of the Kconfig
> > option clearly mentions those extra pitfalls.
>
> +0
Ahah I mistyped this :-)
I meant +1 in the sense that I am happy with the idea of kconfig clearly
mentioning the pitfalls.
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 19/26] xen/domctl: wrap set_global_virq_handler() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (17 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 18/26] xen/domctl: wrap xsm_getdomaininfo() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 2:40 ` Stefano Stabellini
2025-09-10 7:38 ` [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op " Penny Zheng
` (6 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
Function set_global_virq_handler() is reponsible for
XEN_DOMCTL_set_virq_handler domctl-op, and shall be wrapped with
CONFIG_MGMT_HYPERCALLS.
Wrap XEN_DOMCTL_set_virq_handler-case transiently with CONFIG_MGMT_HYPERCALLS,
and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_set_virq_handler-case transiently
---
xen/common/domctl.c | 2 ++
xen/common/event_channel.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 776bf7b8e2..736ad52265 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -808,9 +808,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
#endif
+#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_set_virq_handler:
ret = set_global_virq_handler(d, op->u.set_virq_handler.virq);
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_setvnumainfo:
{
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index 67700b050a..bb53dc1fb0 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -1006,6 +1006,7 @@ void send_global_virq(uint32_t virq)
send_guest_domain_virq(get_global_virq_handler(virq), virq);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int set_global_virq_handler(struct domain *d, uint32_t virq)
{
struct domain *old, *hdl;
@@ -1068,6 +1069,7 @@ int set_global_virq_handler(struct domain *d, uint32_t virq)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void clear_global_virq_handlers(struct domain *d)
{
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 19/26] xen/domctl: wrap set_global_virq_handler() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 19/26] xen/domctl: wrap set_global_virq_handler() " Penny Zheng
@ 2025-09-11 2:40 ` Stefano Stabellini
0 siblings, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 2:40 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Function set_global_virq_handler() is reponsible for
> XEN_DOMCTL_set_virq_handler domctl-op, and shall be wrapped with
> CONFIG_MGMT_HYPERCALLS.
> Wrap XEN_DOMCTL_set_virq_handler-case transiently with CONFIG_MGMT_HYPERCALLS,
> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the
> common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> - wrap XEN_DOMCTL_set_virq_handler-case transiently
> ---
> xen/common/domctl.c | 2 ++
> xen/common/event_channel.c | 2 ++
> 2 files changed, 4 insertions(+)
There is a call to set_global_virq_handler in
xen/common/device-tree/dom0less-build.c
ld: prelink.o: in function `set_xs_domain':
/local/repos/xen-upstream/xen/common/device-tree/dom0less-build.c:45: undefined reference to `set_global_virq_handler'
/local/repos/xen-upstream/xen/common/device-tree/dom0less-build.c:45:(.init.text+0x2eb0): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `set_global_virq_handler'
ld: ./.xen-syms.0: hidden symbol `set_global_virq_handler' isn't defined
ld: final link failed: bad value
> diff --git a/xen/common/domctl.c b/xen/common/domctl.c
> index 776bf7b8e2..736ad52265 100644
> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -808,9 +808,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
> break;
> #endif
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> case XEN_DOMCTL_set_virq_handler:
> ret = set_global_virq_handler(d, op->u.set_virq_handler.virq);
> break;
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> case XEN_DOMCTL_setvnumainfo:
> {
> diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
> index 67700b050a..bb53dc1fb0 100644
> --- a/xen/common/event_channel.c
> +++ b/xen/common/event_channel.c
> @@ -1006,6 +1006,7 @@ void send_global_virq(uint32_t virq)
> send_guest_domain_virq(get_global_virq_handler(virq), virq);
> }
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> int set_global_virq_handler(struct domain *d, uint32_t virq)
> {
> struct domain *old, *hdl;
> @@ -1068,6 +1069,7 @@ int set_global_virq_handler(struct domain *d, uint32_t virq)
>
> return rc;
> }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> static void clear_global_virq_handlers(struct domain *d)
> {
> --
> 2.34.1
>
>
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (18 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 19/26] xen/domctl: wrap set_global_virq_handler() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 3:12 ` Stefano Stabellini
2025-09-11 11:58 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 21/26] xen/xsm: wrap xsm-iommu-related functions " Penny Zheng
` (5 subsequent siblings)
25 siblings, 2 replies; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Andrew Cooper, Anthony PERARD,
Jan Beulich, Roger Pau Monné, Volodymyr Babchuk, Rahul Singh
Function iommu_do_domctl() is the main entry for all iommu-related domctl-op,
and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
Tracking its calling chain, the following functions shall all be wrapped
with CONFIG_MGMT_HYPERCALLS:
- iommu_do_pci_domctl
- iommu_get_device_group
- amd_iommu_group_id/intel_iommu_group_id
- device_assigned
- assign_device
- intel_iommu_assign_device/amd_iommu_assign_device
- deassign_device
- reassign_device_ownership/reassign_device
- iommu_do_dt_domctl
- iommu_deassign_dt_device
- arm_smmu_reassign_dev/arm_smmu_reassign_dev
- ipmmu_reassign_dev
- ipmmu_deassign_dev
- ipmmu_detach_dev
- dt_find_node_by_gpath
Wrap XEN_DOMCTL_assign_device{test_assign_device,deassign_device,
get_device_group}-case transiently with CONFIG_MGMT_HYPERCALLS,
and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the whole
domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_assign_device{test_assign_device,deassign_device,
get_device_group}-case transiently
---
xen/common/device-tree/device-tree.c | 2 ++
xen/common/domctl.c | 2 ++
xen/drivers/passthrough/amd/pci_amd_iommu.c | 8 ++++++++
xen/drivers/passthrough/arm/ipmmu-vmsa.c | 6 ++++++
xen/drivers/passthrough/arm/smmu-v3.c | 4 ++++
xen/drivers/passthrough/arm/smmu.c | 4 ++++
xen/drivers/passthrough/device_tree.c | 4 ++++
xen/drivers/passthrough/iommu.c | 2 ++
xen/drivers/passthrough/pci.c | 6 +++++-
xen/drivers/passthrough/vtd/iommu.c | 6 ++++++
10 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/xen/common/device-tree/device-tree.c b/xen/common/device-tree/device-tree.c
index 0b5375f151..70bd8e7da5 100644
--- a/xen/common/device-tree/device-tree.c
+++ b/xen/common/device-tree/device-tree.c
@@ -371,6 +371,7 @@ struct dt_device_node *dt_find_node_by_path_from(struct dt_device_node *from,
return np;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int dt_find_node_by_gpath(XEN_GUEST_HANDLE(char) u_path, uint32_t u_plen,
struct dt_device_node **node)
{
@@ -386,6 +387,7 @@ int dt_find_node_by_gpath(XEN_GUEST_HANDLE(char) u_path, uint32_t u_plen,
return (*node == NULL) ? -ESRCH : 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
struct dt_device_node *dt_find_node_by_alias(const char *alias)
{
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 736ad52265..d36885aeea 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -840,12 +840,14 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
copyback = 1;
break;
+#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_assign_device:
case XEN_DOMCTL_test_assign_device:
case XEN_DOMCTL_deassign_device:
case XEN_DOMCTL_get_device_group:
ret = iommu_do_domctl(op, d, u_domctl);
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_get_paging_mempool_size:
ret = arch_get_paging_mempool_size(d, &op->u.paging_mempool.size);
diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index 3a14770855..5786bf0c59 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -461,6 +461,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain,
spin_unlock_irqrestore(&iommu->lock, flags);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check reassign_device(
struct domain *source, struct domain *target, u8 devfn,
struct pci_dev *pdev)
@@ -550,6 +551,7 @@ static int cf_check amd_iommu_assign_device(
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static void cf_check amd_iommu_clear_root_pgtable(struct domain *d)
{
@@ -698,12 +700,14 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check amd_iommu_group_id(u16 seg, u8 bus, u8 devfn)
{
unsigned int bdf = PCI_BDF(bus, devfn);
return (bdf < ivrs_bdf_entries) ? get_dma_requestor_id(seg, bdf) : bdf;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
#include <asm/io_apic.h>
@@ -772,14 +776,18 @@ static const struct iommu_ops __initconst_cf_clobber _iommu_ops = {
.quarantine_init = amd_iommu_quarantine_init,
.add_device = amd_iommu_add_device,
.remove_device = amd_iommu_remove_device,
+#ifdef CONFIG_MGMT_HYPERCALLS
.assign_device = amd_iommu_assign_device,
+#endif
.teardown = amd_iommu_domain_destroy,
.clear_root_pgtable = amd_iommu_clear_root_pgtable,
.map_page = amd_iommu_map_page,
.unmap_page = amd_iommu_unmap_page,
.iotlb_flush = amd_iommu_flush_iotlb_pages,
+#ifdef CONFIG_MGMT_HYPERCALLS
.reassign_device = reassign_device,
.get_device_group_id = amd_iommu_group_id,
+#endif
.enable_x2apic = iov_enable_xt,
.update_ire_from_apic = amd_iommu_ioapic_update_ire,
.update_ire_from_msi = amd_iommu_msi_msg_update_ire,
diff --git a/xen/drivers/passthrough/arm/ipmmu-vmsa.c b/xen/drivers/passthrough/arm/ipmmu-vmsa.c
index ea9fa9ddf3..ec85b2fbdd 100644
--- a/xen/drivers/passthrough/arm/ipmmu-vmsa.c
+++ b/xen/drivers/passthrough/arm/ipmmu-vmsa.c
@@ -739,6 +739,7 @@ static int ipmmu_attach_device(struct ipmmu_vmsa_domain *domain,
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static void ipmmu_detach_device(struct ipmmu_vmsa_domain *domain,
struct device *dev)
{
@@ -748,6 +749,7 @@ static void ipmmu_detach_device(struct ipmmu_vmsa_domain *domain,
for ( i = 0; i < fwspec->num_ids; ++i )
ipmmu_utlb_disable(domain, fwspec->ids[i]);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int ipmmu_init_platform_device(struct device *dev,
const struct dt_phandle_args *args)
@@ -1254,6 +1256,7 @@ out:
return ret;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int ipmmu_deassign_device(struct domain *d, struct device *dev)
{
struct ipmmu_vmsa_xen_domain *xen_domain = dom_iommu(d)->arch.priv;
@@ -1309,6 +1312,7 @@ static int ipmmu_reassign_device(struct domain *s, struct domain *t,
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int ipmmu_dt_xlate(struct device *dev,
const struct dt_phandle_args *spec)
@@ -1487,7 +1491,9 @@ static const struct iommu_ops ipmmu_iommu_ops =
.teardown = ipmmu_iommu_domain_teardown,
.iotlb_flush = ipmmu_iotlb_flush,
.assign_device = ipmmu_assign_device,
+#ifdef CONFIG_MGMT_HYPERCALLS
.reassign_device = ipmmu_reassign_device,
+#endif
.map_page = arm_iommu_map_page,
.unmap_page = arm_iommu_unmap_page,
.dt_xlate = ipmmu_dt_xlate,
diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c
index bf153227db..49cd37ff57 100644
--- a/xen/drivers/passthrough/arm/smmu-v3.c
+++ b/xen/drivers/passthrough/arm/smmu-v3.c
@@ -2799,6 +2799,7 @@ static int arm_smmu_deassign_dev(struct domain *d, uint8_t devfn, struct device
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int arm_smmu_reassign_dev(struct domain *s, struct domain *t,
u8 devfn, struct device *dev)
{
@@ -2826,6 +2827,7 @@ static int arm_smmu_reassign_dev(struct domain *s, struct domain *t,
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int arm_smmu_iommu_xen_domain_init(struct domain *d)
{
@@ -2862,7 +2864,9 @@ static const struct iommu_ops arm_smmu_iommu_ops = {
.teardown = arm_smmu_iommu_xen_domain_teardown,
.iotlb_flush = arm_smmu_iotlb_flush,
.assign_device = arm_smmu_assign_dev,
+#ifdef CONFIG_MGMT_HYPERCALLS
.reassign_device = arm_smmu_reassign_dev,
+#endif
.map_page = arm_iommu_map_page,
.unmap_page = arm_iommu_unmap_page,
.dt_xlate = arm_smmu_dt_xlate,
diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c
index 22d306d0cb..b7f01fbf89 100644
--- a/xen/drivers/passthrough/arm/smmu.c
+++ b/xen/drivers/passthrough/arm/smmu.c
@@ -2891,6 +2891,7 @@ static int arm_smmu_deassign_dev(struct domain *d, uint8_t devfn,
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int arm_smmu_reassign_dev(struct domain *s, struct domain *t,
u8 devfn, struct device *dev)
{
@@ -2918,6 +2919,7 @@ static int arm_smmu_reassign_dev(struct domain *s, struct domain *t,
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int arm_smmu_iommu_domain_init(struct domain *d)
{
@@ -2956,7 +2958,9 @@ static const struct iommu_ops arm_smmu_iommu_ops = {
.teardown = arm_smmu_iommu_domain_teardown,
.iotlb_flush = arm_smmu_iotlb_flush,
.assign_device = arm_smmu_assign_dev,
+#ifdef CONFIG_MGMT_HYPERCALLS
.reassign_device = arm_smmu_reassign_dev,
+#endif
.map_page = arm_iommu_map_page,
.unmap_page = arm_iommu_unmap_page,
.dt_xlate = arm_smmu_dt_xlate_generic,
diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c
index 015ffa15d4..5c2122ba9f 100644
--- a/xen/drivers/passthrough/device_tree.c
+++ b/xen/drivers/passthrough/device_tree.c
@@ -59,6 +59,7 @@ fail:
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int iommu_deassign_dt_device(struct domain *d, struct dt_device_node *dev)
{
const struct domain_iommu *hd = dom_iommu(d);
@@ -86,6 +87,7 @@ fail:
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static bool iommu_dt_device_is_assigned_locked(const struct dt_device_node *dev)
{
@@ -320,6 +322,7 @@ int iommu_add_dt_device(struct dt_device_node *np)
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d,
XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
{
@@ -431,3 +434,4 @@ int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d,
return ret;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index c9425d6971..8812e38174 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -625,6 +625,7 @@ void iommu_resume(void)
iommu_vcall(iommu_get_ops(), resume);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int iommu_do_domctl(
struct xen_domctl *domctl, struct domain *d,
XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
@@ -645,6 +646,7 @@ int iommu_do_domctl(
return ret;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void iommu_crash_shutdown(void)
{
diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c
index cd855108c2..aa07a7e748 100644
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -877,6 +877,7 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn)
return ret;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
/* Caller should hold the pcidevs_lock */
static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus,
uint8_t devfn)
@@ -945,7 +946,6 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus,
return ret;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
int pci_release_devices(struct domain *d)
{
int combined_ret;
@@ -1483,6 +1483,7 @@ static int iommu_remove_device(struct pci_dev *pdev)
return iommu_call(hd->platform_ops, remove_device, devfn, pci_to_dev(pdev));
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int device_assigned(u16 seg, u8 bus, u8 devfn)
{
struct pci_dev *pdev;
@@ -1646,6 +1647,7 @@ static int iommu_get_device_group(
return i;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void iommu_dev_iotlb_flush_timeout(struct domain *d, struct pci_dev *pdev)
{
@@ -1671,6 +1673,7 @@ void iommu_dev_iotlb_flush_timeout(struct domain *d, struct pci_dev *pdev)
pcidevs_unlock();
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int iommu_do_pci_domctl(
struct xen_domctl *domctl, struct domain *d,
XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
@@ -1804,6 +1807,7 @@ int iommu_do_pci_domctl(
return ret;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
struct segment_iter {
int (*handler)(struct pci_dev *pdev, void *arg);
diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
index b4105163cc..8913dd4d5f 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -2731,6 +2731,7 @@ static int __init cf_check vtd_setup(void)
return ret;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check reassign_device_ownership(
struct domain *source,
struct domain *target,
@@ -2926,6 +2927,7 @@ static int cf_check intel_iommu_group_id(u16 seg, u8 bus, u8 devfn)
return PCI_BDF(bus, devfn);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int __must_check cf_check vtd_suspend(void)
{
@@ -3234,14 +3236,18 @@ static const struct iommu_ops __initconst_cf_clobber vtd_ops = {
.add_device = intel_iommu_add_device,
.enable_device = intel_iommu_enable_device,
.remove_device = intel_iommu_remove_device,
+#ifdef CONFIG_MGMT_HYPERCALLS
.assign_device = intel_iommu_assign_device,
+#endif
.teardown = iommu_domain_teardown,
.clear_root_pgtable = iommu_clear_root_pgtable,
.map_page = intel_iommu_map_page,
.unmap_page = intel_iommu_unmap_page,
.lookup_page = intel_iommu_lookup_page,
+#ifdef CONFIG_MGMT_HYPERCALLS
.reassign_device = reassign_device_ownership,
.get_device_group_id = intel_iommu_group_id,
+#endif
.enable_x2apic = intel_iommu_enable_eim,
.disable_x2apic = intel_iommu_disable_eim,
.update_ire_from_apic = io_apic_write_remap_rte,
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op " Penny Zheng
@ 2025-09-11 3:12 ` Stefano Stabellini
2025-09-11 11:58 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 3:12 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Andrew Cooper, Anthony PERARD,
Jan Beulich, Roger Pau Monné, Volodymyr Babchuk, Rahul Singh
[-- Attachment #1: Type: text/plain, Size: 1340 bytes --]
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Function iommu_do_domctl() is the main entry for all iommu-related domctl-op,
> and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
> Tracking its calling chain, the following functions shall all be wrapped
> with CONFIG_MGMT_HYPERCALLS:
> - iommu_do_pci_domctl
> - iommu_get_device_group
> - amd_iommu_group_id/intel_iommu_group_id
> - device_assigned
> - assign_device
> - intel_iommu_assign_device/amd_iommu_assign_device
> - deassign_device
> - reassign_device_ownership/reassign_device
> - iommu_do_dt_domctl
> - iommu_deassign_dt_device
> - arm_smmu_reassign_dev/arm_smmu_reassign_dev
> - ipmmu_reassign_dev
> - ipmmu_deassign_dev
> - ipmmu_detach_dev
> - dt_find_node_by_gpath
> Wrap XEN_DOMCTL_assign_device{test_assign_device,deassign_device,
> get_device_group}-case transiently with CONFIG_MGMT_HYPERCALLS,
> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the whole
> domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
drivers/passthrough/arm/smmu.c:2852:12: error: ‘arm_smmu_deassign_dev’ defined but not used [-Werror=unused-function]
2852 | static int arm_smmu_deassign_dev(struct domain *d, uint8_t devfn,
| ^~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op " Penny Zheng
2025-09-11 3:12 ` Stefano Stabellini
@ 2025-09-11 11:58 ` Jan Beulich
2025-09-26 9:45 ` Penny, Zheng
1 sibling, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 11:58 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Stefano Stabellini, Julien Grall, Bertrand Marquis,
Michal Orzel, Andrew Cooper, Anthony PERARD, Roger Pau Monné,
Volodymyr Babchuk, Rahul Singh, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> Function iommu_do_domctl() is the main entry for all iommu-related domctl-op,
> and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
> Tracking its calling chain, the following functions shall all be wrapped
> with CONFIG_MGMT_HYPERCALLS:
> - iommu_do_pci_domctl
> - iommu_get_device_group
> - amd_iommu_group_id/intel_iommu_group_id
> - device_assigned
> - assign_device
> - intel_iommu_assign_device/amd_iommu_assign_device
> - deassign_device
> - reassign_device_ownership/reassign_device
> - iommu_do_dt_domctl
> - iommu_deassign_dt_device
> - arm_smmu_reassign_dev/arm_smmu_reassign_dev
> - ipmmu_reassign_dev
> - ipmmu_deassign_dev
> - ipmmu_detach_dev
> - dt_find_node_by_gpath
> Wrap XEN_DOMCTL_assign_device{test_assign_device,deassign_device,
> get_device_group}-case transiently with CONFIG_MGMT_HYPERCALLS,
> and it will be removed when introducing CONFIG_MGMT_HYPERCALLS on the whole
> domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Apart from all of the above another aspect becomes apparent here: Some code is
called at boot time only once management hypercalls are compiled out. Such
code should then move to .init.text, so we may need to gain something like
__init_or_mgmt. Imo that would want dealing with right here, but I can imagine
opinions to differ on this.
Furthermore, while looking around, I noticed that there's dt_overlay_sysctl(),
entirely unguarded despite the earlier sysctl series. Yet if that work (and
Misra checking) assumed OVERLAY_DTB=n, then there's iommu_remove_dt_device()
which is only used when OVERLAY_DTB=y.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op with CONFIG_MGMT_HYPERCALLS
2025-09-11 11:58 ` Jan Beulich
@ 2025-09-26 9:45 ` Penny, Zheng
0 siblings, 0 replies; 102+ messages in thread
From: Penny, Zheng @ 2025-09-26 9:45 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Stefano Stabellini, Julien Grall, Bertrand Marquis,
Orzel, Michal, Andrew Cooper, Anthony PERARD,
Roger Pau Monné, Volodymyr Babchuk, Rahul Singh,
xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Thursday, September 11, 2025 7:59 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
> <sstabellini@kernel.org>; Julien Grall <julien@xen.org>; Bertrand Marquis
> <bertrand.marquis@arm.com>; Orzel, Michal <Michal.Orzel@amd.com>; Andrew
> Cooper <andrew.cooper3@citrix.com>; Anthony PERARD
> <anthony.perard@vates.tech>; Roger Pau Monné <roger.pau@citrix.com>;
> Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>; Rahul Singh
> <rahul.singh@arm.com>; xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op with
> CONFIG_MGMT_HYPERCALLS
>
> On 10.09.2025 09:38, Penny Zheng wrote:
> > Function iommu_do_domctl() is the main entry for all iommu-related
> > domctl-op, and shall be wrapped with CONFIG_MGMT_HYPERCALLS.
> > Tracking its calling chain, the following functions shall all be
> > wrapped with CONFIG_MGMT_HYPERCALLS:
> > - iommu_do_pci_domctl
> > - iommu_get_device_group
> > - amd_iommu_group_id/intel_iommu_group_id
> > - device_assigned
> > - assign_device
> > - intel_iommu_assign_device/amd_iommu_assign_device
> > - deassign_device
> > - reassign_device_ownership/reassign_device
> > - iommu_do_dt_domctl
> > - iommu_deassign_dt_device
> > - arm_smmu_reassign_dev/arm_smmu_reassign_dev
> > - ipmmu_reassign_dev
> > - ipmmu_deassign_dev
> > - ipmmu_detach_dev
> > - dt_find_node_by_gpath
> > Wrap XEN_DOMCTL_assign_device{test_assign_device,deassign_device,
> > get_device_group}-case transiently with CONFIG_MGMT_HYPERCALLS, and it
> > will be removed when introducing CONFIG_MGMT_HYPERCALLS on the whole
> > domctl.c in the last.
> >
> > Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
>
> Apart from all of the above another aspect becomes apparent here: Some code is
> called at boot time only once management hypercalls are compiled out. Such code
> should then move to .init.text, so we may need to gain something like
> __init_or_mgmt. Imo that would want dealing with right here, but I can imagine
> opinions to differ on this.
>
Like handle_device() -> iommu_assign_dt_device(), once MGMT_HYPERCALLS=n compiled out toolstack scenario, we only have usage at boot time for dom0less on arm. And also set_global_virq_handler() in the previous commit... And domain_create()/domain_teardown()...
I remembered that when checking each switch-case-block under do_domctl(), for some of it, the references could be simply divided into two ways: toolstack and boot-time. I suggest to do it on a follow-up patch serie to go through do_domctl() all over again.
> Furthermore, while looking around, I noticed that there's dt_overlay_sysctl(), entirely
> unguarded despite the earlier sysctl series. Yet if that work (and Misra checking)
> assumed OVERLAY_DTB=n, then there's iommu_remove_dt_device() which is only
> used when OVERLAY_DTB=y.
>
The whole file dt-overlay.c is guarded by CONFIG_SYSCTL, as it is compiled under CONFIG_OVERLAY_DTB which depends on CONFIG_SYSCTL. So, dt_overlay_sysctl() is guarded.
While, yes, I forgot iommu_remove_dt_device().
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 21/26] xen/xsm: wrap xsm-iommu-related functions with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (19 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 20/26] xen/domctl: wrap iommu-related domctl op " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 12:05 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 22/26] xen/domctl: wrap arch_{get,set}_paging_mempool_size() " Penny Zheng
` (4 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel; +Cc: ray.huang, Penny Zheng, Daniel P. Smith
The following functions are xsm-related and only invoked under iommu-related
domctl-op and shall all be wrapped with CONFIG_MGMT_HYPERCALLS:
- xsm_get_device_group
- xsm_assign_device
- xsm_deassign_device
- xsm_assign_dtdevice
- xsm_deassign_dtdevice
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- new commit
---
xen/include/xsm/xsm.h | 12 ++++++------
xen/xsm/dummy.c | 4 ++--
xen/xsm/flask/hooks.c | 12 ++++++------
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 2a107b2cde..542488bd44 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -123,13 +123,13 @@ struct xsm_ops {
int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access);
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) && defined(CONFIG_MGMT_HYPERCALLS)
int (*get_device_group)(uint32_t machine_bdf);
int (*assign_device)(struct domain *d, uint32_t machine_bdf);
int (*deassign_device)(struct domain *d, uint32_t machine_bdf);
#endif
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY) && defined(CONFIG_MGMT_HYPERCALLS)
int (*assign_dtdevice)(struct domain *d, const char *dtpath);
int (*deassign_dtdevice)(struct domain *d, const char *dtpath);
#endif
@@ -548,7 +548,7 @@ static inline int xsm_pci_config_permission(
return alternative_call(xsm_ops.pci_config_permission, d, machine_bdf, start, end, access);
}
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) && defined(CONFIG_MGMT_HYPERCALLS)
static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf)
{
return alternative_call(xsm_ops.get_device_group, machine_bdf);
@@ -565,9 +565,9 @@ static inline int xsm_deassign_device(
{
return alternative_call(xsm_ops.deassign_device, d, machine_bdf);
}
-#endif /* HAS_PASSTHROUGH && HAS_PCI) */
+#endif /* HAS_PASSTHROUGH && HAS_PCI && CONFIG_MGMT_HYPERCALLS */
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY) && defined(CONFIG_MGMT_HYPERCALLS)
static inline int xsm_assign_dtdevice(
xsm_default_t def, struct domain *d, const char *dtpath)
{
@@ -580,7 +580,7 @@ static inline int xsm_deassign_dtdevice(
return alternative_call(xsm_ops.deassign_dtdevice, d, dtpath);
}
-#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE_DISCOVERY */
+#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE_DISCOVERY && CONFIG_MGMT_HYPERCALLS */
static inline int xsm_resource_plug_pci(xsm_default_t def, uint32_t machine_bdf)
{
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 7c4e6176aa..2c8e0725b6 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -81,13 +81,13 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.pci_config_permission = xsm_pci_config_permission,
.get_vnumainfo = xsm_get_vnumainfo,
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) && defined(CONFIG_MGMT_HYPERCALLS)
.get_device_group = xsm_get_device_group,
.assign_device = xsm_assign_device,
.deassign_device = xsm_deassign_device,
#endif
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY) && defined(CONFIG_MGMT_HYPERCALLS)
.assign_dtdevice = xsm_assign_dtdevice,
.deassign_dtdevice = xsm_deassign_dtdevice,
#endif
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 7392e95e55..66d8bfda3a 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1393,7 +1393,7 @@ static int cf_check flask_mem_sharing(struct domain *d)
}
#endif
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) && defined(CONFIG_MGMT_HYPERCALLS)
static int cf_check flask_get_device_group(uint32_t machine_bdf)
{
uint32_t rsid;
@@ -1464,9 +1464,9 @@ static int cf_check flask_deassign_device(
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, NULL);
}
-#endif /* HAS_PASSTHROUGH && HAS_PCI */
+#endif /* HAS_PASSTHROUGH && HAS_PCI && MGMT_HYPERCALLS */
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY) && defined(CONFIG_MGMT_HYPERCALLS)
static int flask_test_assign_dtdevice(const char *dtpath)
{
uint32_t rsid;
@@ -1527,7 +1527,7 @@ static int cf_check flask_deassign_dtdevice(
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE,
NULL);
}
-#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE_DISCOVERY */
+#endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE_DISCOVERY && MGMT_HYPERCALLS */
static int cf_check flask_platform_op(uint32_t op)
{
@@ -1993,13 +1993,13 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.remove_from_physmap = flask_remove_from_physmap,
.map_gmfn_foreign = flask_map_gmfn_foreign,
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) && defined(CONFIG_MGMT_HYPERCALLS)
.get_device_group = flask_get_device_group,
.assign_device = flask_assign_device,
.deassign_device = flask_deassign_device,
#endif
-#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY)
+#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY) && defined(CONFIG_MGMT_HYPERCALLS)
.assign_dtdevice = flask_assign_dtdevice,
.deassign_dtdevice = flask_deassign_dtdevice,
#endif
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 21/26] xen/xsm: wrap xsm-iommu-related functions with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 21/26] xen/xsm: wrap xsm-iommu-related functions " Penny Zheng
@ 2025-09-11 12:05 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 12:05 UTC (permalink / raw)
To: Penny Zheng; +Cc: ray.huang, Daniel P. Smith, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> The following functions are xsm-related and only invoked under iommu-related
> domctl-op and shall all be wrapped with CONFIG_MGMT_HYPERCALLS:
> - xsm_get_device_group
> - xsm_assign_device
> - xsm_deassign_device
> - xsm_assign_dtdevice
> - xsm_deassign_dtdevice
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
First - aren't you dealing with unreachable code issues here that the earlier
patch introduced? I.e. would both patches need folding.
Then same question again as to xsm/dummy.h.
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -123,13 +123,13 @@ struct xsm_ops {
> int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf,
> uint16_t start, uint16_t end, uint8_t access);
>
> -#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI)
> +#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) && defined(CONFIG_MGMT_HYPERCALLS)
Here and elsewhere below you're introducing overly long lines. This may be
helped some by having
#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_MGMT_HYPERCALLS)
#ifdef CONFIG_HAS_PCI
...
> int (*get_device_group)(uint32_t machine_bdf);
> int (*assign_device)(struct domain *d, uint32_t machine_bdf);
> int (*deassign_device)(struct domain *d, uint32_t machine_bdf);
> #endif
>
> -#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY)
> +#if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE_DISCOVERY) && defined(CONFIG_MGMT_HYPERCALLS)
#ifdef CONFIG_HAS_DEVICE_TREE_DISCOVERY
> int (*assign_dtdevice)(struct domain *d, const char *dtpath);
> int (*deassign_dtdevice)(struct domain *d, const char *dtpath);
> #endif
And a double #endif here (and then similarly elsewhere).
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 22/26] xen/domctl: wrap arch_{get,set}_paging_mempool_size() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (20 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 21/26] xen/xsm: wrap xsm-iommu-related functions " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 3:18 ` Stefano Stabellini
2025-09-11 12:12 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 23/26] xen/x86: make CONFIG_X86_PSR depend on CONFIG_MGMT_HYPERCALLS Penny Zheng
` (3 subsequent siblings)
25 siblings, 2 replies; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné
Arch-specific arch_{get,set}_paging_mempool_size() is responsible for
XEN_DOMCTL_{get,set}_paging_mempool_size domctl-op, and shall be wrapped
with CONFIG_MGMT_HYPERCALLS
Wrap XEN_DOMCTL_{get,set}_paging_mempool_size-case transiently with
CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap XEN_DOMCTL_{get,set}_paging_mempool_size-case transiently
---
xen/arch/arm/mmu/p2m.c | 4 ++++
xen/arch/x86/mm/paging.c | 2 ++
xen/common/domctl.c | 2 +-
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/mmu/p2m.c b/xen/arch/arm/mmu/p2m.c
index 30d6071e91..4caa5844e4 100644
--- a/xen/arch/arm/mmu/p2m.c
+++ b/xen/arch/arm/mmu/p2m.c
@@ -58,12 +58,14 @@ static void p2m_free_page(struct domain *d, struct page_info *pg)
}
}
+#ifdef CONFIG_MGMT_HYPERCALLS
/* Return the size of the pool, in bytes. */
int arch_get_paging_mempool_size(struct domain *d, uint64_t *size)
{
*size = (uint64_t)ACCESS_ONCE(d->arch.paging.p2m_total_pages) << PAGE_SHIFT;
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Set the pool of pages to the required number of pages.
@@ -122,6 +124,7 @@ int p2m_set_allocation(struct domain *d, unsigned long pages, bool *preempted)
return 0;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int arch_set_paging_mempool_size(struct domain *d, uint64_t size)
{
unsigned long pages = size >> PAGE_SHIFT;
@@ -140,6 +143,7 @@ int arch_set_paging_mempool_size(struct domain *d, uint64_t size)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
int p2m_teardown_allocation(struct domain *d)
{
diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index 116389d4e9..c6e3996093 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -949,6 +949,7 @@ int __init paging_set_allocation(struct domain *d, unsigned int pages,
}
#endif
+#ifdef CONFIG_MGMT_HYPERCALLS
int arch_get_paging_mempool_size(struct domain *d, uint64_t *size)
{
unsigned long pages;
@@ -991,6 +992,7 @@ int arch_set_paging_mempool_size(struct domain *d, uint64_t size)
return preempted ? -ERESTART : rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Local variables:
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index d36885aeea..c87c28cea2 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -847,7 +847,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
case XEN_DOMCTL_get_device_group:
ret = iommu_do_domctl(op, d, u_domctl);
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_get_paging_mempool_size:
ret = arch_get_paging_mempool_size(d, &op->u.paging_mempool.size);
@@ -862,6 +861,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = hypercall_create_continuation(
__HYPERVISOR_domctl, "h", u_domctl);
break;
+#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_set_llc_colors:
if ( op->u.set_llc_colors.pad )
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 22/26] xen/domctl: wrap arch_{get,set}_paging_mempool_size() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 22/26] xen/domctl: wrap arch_{get,set}_paging_mempool_size() " Penny Zheng
@ 2025-09-11 3:18 ` Stefano Stabellini
2025-09-11 12:12 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 3:18 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Stefano Stabellini, Julien Grall,
Bertrand Marquis, Michal Orzel, Volodymyr Babchuk, Andrew Cooper,
Anthony PERARD, Jan Beulich, Roger Pau Monné
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Arch-specific arch_{get,set}_paging_mempool_size() is responsible for
> XEN_DOMCTL_{get,set}_paging_mempool_size domctl-op, and shall be wrapped
> with CONFIG_MGMT_HYPERCALLS
> Wrap XEN_DOMCTL_{get,set}_paging_mempool_size-case transiently with
> CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
> CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 22/26] xen/domctl: wrap arch_{get,set}_paging_mempool_size() with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 22/26] xen/domctl: wrap arch_{get,set}_paging_mempool_size() " Penny Zheng
2025-09-11 3:18 ` Stefano Stabellini
@ 2025-09-11 12:12 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 12:12 UTC (permalink / raw)
To: Penny Zheng, xen-devel
Cc: ray.huang, Stefano Stabellini, Julien Grall, Bertrand Marquis,
Michal Orzel, Volodymyr Babchuk, Andrew Cooper, Anthony PERARD,
Roger Pau Monné
On 10.09.2025 09:38, Penny Zheng wrote:
> Arch-specific arch_{get,set}_paging_mempool_size() is responsible for
> XEN_DOMCTL_{get,set}_paging_mempool_size domctl-op, and shall be wrapped
> with CONFIG_MGMT_HYPERCALLS
> Wrap XEN_DOMCTL_{get,set}_paging_mempool_size-case transiently with
> CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
> CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Acked-by: Jan Beulich <jbeulich@suse.com> # x86
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 23/26] xen/x86: make CONFIG_X86_PSR depend on CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (21 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 22/26] xen/domctl: wrap arch_{get,set}_paging_mempool_size() " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 3:22 ` Stefano Stabellini
2025-09-10 7:38 ` [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS Penny Zheng
` (2 subsequent siblings)
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Jan Beulich, Andrew Cooper,
Roger Pau Monné
Users control/monitor Intel Platform Shared Resource (PSR) through
related domctl-op or sysctl-op, so CONFIG_X86_PSR can be put under
MGMT_HYPERCALLS. With this change, we could remove MGMT_HYPERCALLS-wrapping
in psr.c
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
xen/arch/x86/Kconfig | 1 +
xen/arch/x86/psr.c | 18 ------------------
2 files changed, 1 insertion(+), 18 deletions(-)
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 3f0f3a0f3a..21da8c1a69 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -190,6 +190,7 @@ config TBOOT
config X86_PSR
bool "Platform Shared Resource support" if EXPERT
default INTEL
+ depends on MGMT_HYPERCALLS
help
Support of Platform Shared Resource technology, which is basis for
monitoring and control of resources like cache and memory bandwidth.
diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c
index 80ce5804b4..4f2c2d0042 100644
--- a/xen/arch/x86/psr.c
+++ b/xen/arch/x86/psr.c
@@ -135,11 +135,9 @@ static const struct feat_props {
*/
enum psr_type alt_type;
-#ifdef CONFIG_MGMT_HYPERCALLS
/* get_feat_info is used to return feature HW info through sysctl. */
bool (*get_feat_info)(const struct feat_node *feat,
uint32_t data[], unsigned int array_len);
-#endif
/* write_msr is used to write out feature MSR register. */
void (*write_msr)(unsigned int cos, uint32_t val, enum psr_type type);
@@ -422,7 +420,6 @@ static bool mba_init_feature(const struct cpuid_leaf *regs,
return true;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static bool cf_check cat_get_feat_info(
const struct feat_node *feat, uint32_t data[], unsigned int array_len)
{
@@ -435,7 +432,6 @@ static bool cf_check cat_get_feat_info(
return true;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
/* L3 CAT props */
static void cf_check l3_cat_write_msr(
@@ -448,14 +444,11 @@ static const struct feat_props l3_cat_props = {
.cos_num = 1,
.type[0] = PSR_TYPE_L3_CBM,
.alt_type = PSR_TYPE_UNKNOWN,
-#ifdef CONFIG_MGMT_HYPERCALLS
.get_feat_info = cat_get_feat_info,
-#endif
.write_msr = l3_cat_write_msr,
.sanitize = cat_check_cbm,
};
-#ifdef CONFIG_MGMT_HYPERCALLS
/* L3 CDP props */
static bool cf_check l3_cdp_get_feat_info(
const struct feat_node *feat, uint32_t data[], uint32_t array_len)
@@ -467,7 +460,6 @@ static bool cf_check l3_cdp_get_feat_info(
return true;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
static void cf_check l3_cdp_write_msr(
unsigned int cos, uint32_t val, enum psr_type type)
@@ -483,9 +475,7 @@ static const struct feat_props l3_cdp_props = {
.type[0] = PSR_TYPE_L3_DATA,
.type[1] = PSR_TYPE_L3_CODE,
.alt_type = PSR_TYPE_L3_CBM,
-#ifdef CONFIG_MGMT_HYPERCALLS
.get_feat_info = l3_cdp_get_feat_info,
-#endif
.write_msr = l3_cdp_write_msr,
.sanitize = cat_check_cbm,
};
@@ -501,14 +491,11 @@ static const struct feat_props l2_cat_props = {
.cos_num = 1,
.type[0] = PSR_TYPE_L2_CBM,
.alt_type = PSR_TYPE_UNKNOWN,
-#ifdef CONFIG_MGMT_HYPERCALLS
.get_feat_info = cat_get_feat_info,
-#endif
.write_msr = l2_cat_write_msr,
.sanitize = cat_check_cbm,
};
-#ifdef CONFIG_MGMT_HYPERCALLS
/* MBA props */
static bool cf_check mba_get_feat_info(
const struct feat_node *feat, uint32_t data[], unsigned int array_len)
@@ -523,7 +510,6 @@ static bool cf_check mba_get_feat_info(
return true;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
static void cf_check mba_write_msr(
unsigned int cos, uint32_t val, enum psr_type type)
@@ -561,9 +547,7 @@ static const struct feat_props mba_props = {
.cos_num = 1,
.type[0] = PSR_TYPE_MBA_THRTL,
.alt_type = PSR_TYPE_UNKNOWN,
-#ifdef CONFIG_MGMT_HYPERCALLS
.get_feat_info = mba_get_feat_info,
-#endif
.write_msr = mba_write_msr,
.sanitize = mba_sanitize_thrtl,
};
@@ -826,7 +810,6 @@ static struct psr_socket_info *get_socket_info(unsigned int socket)
return socket_info + socket;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
int psr_get_info(unsigned int socket, enum psr_type type,
uint32_t data[], unsigned int array_len)
{
@@ -858,7 +841,6 @@ int psr_get_info(unsigned int socket, enum psr_type type,
return -EINVAL;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
int psr_get_val(struct domain *d, unsigned int socket,
uint32_t *val, enum psr_type type)
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 23/26] xen/x86: make CONFIG_X86_PSR depend on CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 23/26] xen/x86: make CONFIG_X86_PSR depend on CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-11 3:22 ` Stefano Stabellini
2025-09-11 12:19 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Stefano Stabellini @ 2025-09-11 3:22 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Jan Beulich, Andrew Cooper,
Roger Pau Monné
On Wed, 10 Sep 2025, Penny Zheng wrote:
> Users control/monitor Intel Platform Shared Resource (PSR) through
> related domctl-op or sysctl-op, so CONFIG_X86_PSR can be put under
> MGMT_HYPERCALLS. With this change, we could remove MGMT_HYPERCALLS-wrapping
> in psr.c
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 23/26] xen/x86: make CONFIG_X86_PSR depend on CONFIG_MGMT_HYPERCALLS
2025-09-11 3:22 ` Stefano Stabellini
@ 2025-09-11 12:19 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 12:19 UTC (permalink / raw)
To: Penny Zheng
Cc: xen-devel, ray.huang, Andrew Cooper, Roger Pau Monné,
Stefano Stabellini
On 11.09.2025 05:22, Stefano Stabellini wrote:
> On Wed, 10 Sep 2025, Penny Zheng wrote:
>> Users control/monitor Intel Platform Shared Resource (PSR) through
>> related domctl-op or sysctl-op, so CONFIG_X86_PSR can be put under
>> MGMT_HYPERCALLS. With this change, we could remove MGMT_HYPERCALLS-wrapping
>> in psr.c
>>
>> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
>
> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Acked-by: Jan Beulich <jbeulich@suse.com>
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (22 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 23/26] xen/x86: make CONFIG_X86_PSR depend on CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 13:02 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 25/26] xen/xsm: wrap xsm functions " Penny Zheng
2025-09-10 7:38 ` [PATCH v2 26/26] xen/domctl: wrap common/domctl.c " Penny Zheng
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini, Bertrand Marquis, Volodymyr Babchuk,
Tamas K Lengyel, Daniel P. Smith
Function arch_do_domctl() is responsible for arch-specific domctl-op,
and shall be wrapped with CONFIG_MGMT_HYPERCALLS
Tracking its calling chain and the following functions shall be wrapped with
CONFIG_MGMT_HYPERCALLS:
For x86:
- hvm_save_one
- hvm_acpi_power_button
- hvm_acpi_sleep_button
- hvm_debug_op
- mem_sharing_domctl
- make P2M_AUDIT depend on CONFIG_MGMT_HYPERCALLS
- make PG_log_dirty depend on CONFIG_MGMT_HYPERCALLS
- make policy.o depend on CONFIG_MGMT_HYPERCALLS
- do_vmtrace_op
- hvm_vmtrace_control
- hvm_funcs.vmtrace_control
- hvm_vmtrace_get_option
- hvm_funcs.vmtrace_get_option
- hvm_vmtrace_set_option
- hvm_funcs.vmtrace_set_option
- paging_domctl_cont
For ARM:
- subarch_do_domctl
Also, remove all #ifdef CONFIG_MGMT_HYPERCALLS-s in arch-specific domctl.c, as
we put the guardian in Makefile for the whole file.
Wrap default-case and arch_get_domain_info() transiently with
CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- split out xsm parts
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
- wrap default-case and arch_get_domain_info() transiently
---
xen/Kconfig.debug | 2 +-
xen/arch/arm/arm32/Makefile | 2 +-
xen/arch/arm/arm64/Makefile | 2 +-
xen/arch/arm/domctl.c | 2 --
xen/arch/x86/Makefile | 2 +-
xen/arch/x86/domctl.c | 2 --
xen/arch/x86/hvm/hvm.c | 2 ++
xen/arch/x86/hvm/pmtimer.c | 2 ++
xen/arch/x86/hvm/save.c | 2 ++
xen/arch/x86/hvm/vmx/vmx.c | 6 ++++++
xen/arch/x86/include/asm/hvm/hvm.h | 10 ++++++++++
xen/arch/x86/include/asm/p2m.h | 2 +-
xen/arch/x86/include/asm/paging.h | 2 +-
xen/arch/x86/mm/mem_sharing.c | 2 ++
xen/common/domctl.c | 6 ++++++
xen/include/hypercall-defs.c | 4 ++--
xen/lib/x86/Makefile | 2 +-
17 files changed, 39 insertions(+), 13 deletions(-)
diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
index a69615cd63..0dd44d2b10 100644
--- a/xen/Kconfig.debug
+++ b/xen/Kconfig.debug
@@ -15,7 +15,7 @@ if DEBUG || EXPERT
config GDBSX
bool "Guest debugging with gdbsx"
- depends on X86
+ depends on X86 && MGMT_HYPERCALLS
default y
help
If you want to enable support for debugging guests from dom0 via
diff --git a/xen/arch/arm/arm32/Makefile b/xen/arch/arm/arm32/Makefile
index 531168f58a..f8cbf14211 100644
--- a/xen/arch/arm/arm32/Makefile
+++ b/xen/arch/arm/arm32/Makefile
@@ -4,7 +4,7 @@ obj-$(CONFIG_MPU) += mpu/
obj-y += cache.o
obj-$(CONFIG_EARLY_PRINTK) += debug.o
-obj-y += domctl.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += domctl.o
obj-y += domain.o
obj-y += entry.o
obj-y += head.o
diff --git a/xen/arch/arm/arm64/Makefile b/xen/arch/arm/arm64/Makefile
index 6491c5350b..6b77a15abe 100644
--- a/xen/arch/arm/arm64/Makefile
+++ b/xen/arch/arm/arm64/Makefile
@@ -6,7 +6,7 @@ obj-y += cache.o
obj-y += cpufeature.o
obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o
obj-$(CONFIG_EARLY_PRINTK) += debug.o
-obj-y += domctl.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += domctl.o
obj-y += domain.o
obj-y += entry.o
obj-y += head.o
diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
index d3263e4d03..ad914c915f 100644
--- a/xen/arch/arm/domctl.c
+++ b/xen/arch/arm/domctl.c
@@ -184,7 +184,6 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
}
}
-#ifdef CONFIG_MGMT_HYPERCALLS
void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c)
{
struct vcpu_guest_context *ctxt = c.nat;
@@ -200,7 +199,6 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c)
if ( !test_bit(_VPF_down, &v->pause_flags) )
ctxt->flags |= VGCF_online;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Local variables:
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index a7bfe4c0b1..8427dc52fd 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -28,7 +28,7 @@ obj-y += delay.o
obj-y += desc.o
obj-bin-y += dmi_scan.init.o
obj-y += domain.o
-obj-y += domctl.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += domctl.o
obj-bin-y += dom0_build.init.o
obj-y += domain_page.o
obj-y += e820.o
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index ea5f5b20cf..6153e3c07e 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1370,7 +1370,6 @@ long arch_do_domctl(
return ret;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
#ifdef CONFIG_COMPAT
#define xen_vcpu_guest_context vcpu_guest_context
#define fpu_ctxt fpu_ctxt.x
@@ -1563,7 +1562,6 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c)
c(vm_assist = d->vm_assist);
#undef c
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Local variables:
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index b044dc2ecb..08bb1ba857 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -5223,6 +5223,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg)
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int hvm_debug_op(struct vcpu *v, int32_t op)
{
int rc = 0;
@@ -5265,6 +5266,7 @@ int hvm_debug_op(struct vcpu *v, int32_t op)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
#ifdef CONFIG_VM_EVENT
void hvm_toggle_singlestep(struct vcpu *v)
diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c
index 87a7a01c9f..f080f7561d 100644
--- a/xen/arch/x86/hvm/pmtimer.c
+++ b/xen/arch/x86/hvm/pmtimer.c
@@ -56,6 +56,7 @@ static void pmt_update_sci(PMTState *s)
hvm_isa_irq_deassert(s->vcpu->domain, SCI_IRQ);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
void hvm_acpi_power_button(struct domain *d)
{
PMTState *s = &d->arch.hvm.pl_time->vpmt;
@@ -81,6 +82,7 @@ void hvm_acpi_sleep_button(struct domain *d)
pmt_update_sci(s);
spin_unlock(&s->lock);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/* Set the correct value in the timer, accounting for time elapsed
* since the last time we did that. */
diff --git a/xen/arch/x86/hvm/save.c b/xen/arch/x86/hvm/save.c
index 8ab6405706..0d966911a2 100644
--- a/xen/arch/x86/hvm/save.c
+++ b/xen/arch/x86/hvm/save.c
@@ -121,6 +121,7 @@ size_t hvm_save_size(struct domain *d)
return sz;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
/*
* Extract a single instance of a save record, by marshalling all records of
* that type and copying out the one we need.
@@ -195,6 +196,7 @@ int hvm_save_one(struct domain *d, unsigned int typecode, unsigned int instance,
xfree(ctxt.data);
return rv;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
int hvm_save(struct domain *d, hvm_domain_context_t *h)
{
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 4cf5da70ad..056f46673e 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2585,6 +2585,7 @@ static bool cf_check vmx_get_pending_event(
(RTIT_STATUS_FILTER_EN | RTIT_STATUS_CONTEXT_EN | RTIT_STATUS_TRIGGER_EN | \
RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED)
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check vmtrace_get_option(
struct vcpu *v, uint64_t key, uint64_t *output)
{
@@ -2693,6 +2694,7 @@ static int cf_check vmtrace_control(struct vcpu *v, bool enable, bool reset)
return 0;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check vmtrace_output_position(struct vcpu *v, uint64_t *pos)
{
@@ -2883,10 +2885,14 @@ static struct hvm_function_table __initdata_cf_clobber vmx_function_table = {
.altp2m_vcpu_emulate_ve = vmx_vcpu_emulate_ve,
.altp2m_vcpu_emulate_vmfunc = vmx_vcpu_emulate_vmfunc,
#endif
+#ifdef CONFIG_MGMT_HYPERCALLS
.vmtrace_control = vmtrace_control,
+#endif
.vmtrace_output_position = vmtrace_output_position,
+#ifdef CONFIG_MGMT_HYPERCALLS
.vmtrace_set_option = vmtrace_set_option,
.vmtrace_get_option = vmtrace_get_option,
+#endif
.vmtrace_reset = vmtrace_reset,
.get_reg = vmx_get_reg,
diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h
index b2c75b733e..6e5ec65a8e 100644
--- a/xen/arch/x86/include/asm/hvm/hvm.h
+++ b/xen/arch/x86/include/asm/hvm/hvm.h
@@ -239,10 +239,14 @@ struct hvm_function_table {
#endif
/* vmtrace */
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*vmtrace_control)(struct vcpu *v, bool enable, bool reset);
+#endif
int (*vmtrace_output_position)(struct vcpu *v, uint64_t *pos);
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*vmtrace_set_option)(struct vcpu *v, uint64_t key, uint64_t value);
int (*vmtrace_get_option)(struct vcpu *v, uint64_t key, uint64_t *value);
+#endif
int (*vmtrace_reset)(struct vcpu *v);
uint64_t (*get_reg)(struct vcpu *v, unsigned int reg);
@@ -747,8 +751,10 @@ bool altp2m_vcpu_emulate_ve(struct vcpu *v);
static inline int hvm_vmtrace_control(struct vcpu *v, bool enable, bool reset)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
if ( hvm_funcs.vmtrace_control )
return alternative_call(hvm_funcs.vmtrace_control, v, enable, reset);
+#endif
return -EOPNOTSUPP;
}
@@ -765,8 +771,10 @@ static inline int hvm_vmtrace_output_position(struct vcpu *v, uint64_t *pos)
static inline int hvm_vmtrace_set_option(
struct vcpu *v, uint64_t key, uint64_t value)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
if ( hvm_funcs.vmtrace_set_option )
return alternative_call(hvm_funcs.vmtrace_set_option, v, key, value);
+#endif
return -EOPNOTSUPP;
}
@@ -774,8 +782,10 @@ static inline int hvm_vmtrace_set_option(
static inline int hvm_vmtrace_get_option(
struct vcpu *v, uint64_t key, uint64_t *value)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
if ( hvm_funcs.vmtrace_get_option )
return alternative_call(hvm_funcs.vmtrace_get_option, v, key, value);
+#endif
return -EOPNOTSUPP;
}
diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h
index 1856cc396c..f29605df54 100644
--- a/xen/arch/x86/include/asm/p2m.h
+++ b/xen/arch/x86/include/asm/p2m.h
@@ -20,7 +20,7 @@
#include <asm/page.h> /* for pagetable_t */
/* Debugging and auditing of the P2M code? */
-#if !defined(NDEBUG) && defined(CONFIG_HVM)
+#if !defined(NDEBUG) && defined(CONFIG_HVM) && defined(CONFIG_MGMT_HYPERCALLS)
#define P2M_AUDIT 1
#else
#define P2M_AUDIT 0
diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h
index 1b0694bb36..db3e5b8f31 100644
--- a/xen/arch/x86/include/asm/paging.h
+++ b/xen/arch/x86/include/asm/paging.h
@@ -55,7 +55,7 @@
#define PG_translate 0
#define PG_external 0
#endif
-#ifdef CONFIG_PAGING
+#if defined(CONFIG_PAGING) && defined(CONFIG_MGMT_HYPERCALLS)
/* Enable log dirty mode */
#define PG_log_dirty (XEN_DOMCTL_SHADOW_ENABLE_LOG_DIRTY << PG_mode_shift)
#else
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index d7cbf2047b..3210cf5553 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -2319,6 +2319,7 @@ out:
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
int mem_sharing_domctl(struct domain *d, struct xen_domctl_mem_sharing_op *mec)
{
int rc;
@@ -2336,6 +2337,7 @@ int mem_sharing_domctl(struct domain *d, struct xen_domctl_mem_sharing_op *mec)
return rc;
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
void arch_dump_shared_mem_info(void)
{
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index c87c28cea2..5657b95089 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -114,7 +114,9 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
memcpy(info->handle, d->handle, sizeof(xen_domain_handle_t));
+#ifdef CONFIG_MGMT_HYPERCALLS
arch_get_domain_info(d, info);
+#endif
}
bool domctl_lock_acquire(void)
@@ -882,7 +884,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
default:
+#ifdef CONFIG_MGMT_HYPERCALLS
ret = arch_do_domctl(op, d, u_domctl);
+#else
+ ret = -EOPNOTSUPP;
+#endif /* CONFIG_MGMT_HYPERCALLS */
break;
}
diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c
index cd2c801af6..02d7b93e80 100644
--- a/xen/include/hypercall-defs.c
+++ b/xen/include/hypercall-defs.c
@@ -197,7 +197,7 @@ dm_op(domid_t domid, unsigned int nr_bufs, xen_dm_op_buf_t *bufs)
#ifdef CONFIG_MGMT_HYPERCALLS
sysctl(xen_sysctl_t *u_sysctl)
#endif
-#if defined(CONFIG_X86) && defined(CONFIG_PAGING)
+#if defined(CONFIG_X86) && defined(CONFIG_PAGING) && defined(CONFIG_MGMT_HYPERCALLS)
paging_domctl_cont(xen_domctl_t *u_domctl)
#endif
domctl(xen_domctl_t *u_domctl)
@@ -296,7 +296,7 @@ dm_op compat do compat do do
hypfs_op do do do do do
#endif
mca do do - - -
-#if defined(CONFIG_X86) && defined(CONFIG_PAGING)
+#if defined(CONFIG_X86) && defined(CONFIG_PAGING) && defined(CONFIG_MGMT_HYPERCALLS)
paging_domctl_cont do do do do -
#endif
diff --git a/xen/lib/x86/Makefile b/xen/lib/x86/Makefile
index 780ea05db1..ee5bec225e 100644
--- a/xen/lib/x86/Makefile
+++ b/xen/lib/x86/Makefile
@@ -1,3 +1,3 @@
obj-y += cpuid.o
obj-y += msr.o
-obj-y += policy.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += policy.o
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-11 13:02 ` Jan Beulich
2025-10-11 6:44 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 13:02 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Julien Grall, Roger Pau Monné, Stefano Stabellini,
Bertrand Marquis, Volodymyr Babchuk, Tamas K Lengyel,
Daniel P. Smith, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> Function arch_do_domctl() is responsible for arch-specific domctl-op,
> and shall be wrapped with CONFIG_MGMT_HYPERCALLS
> Tracking its calling chain and the following functions shall be wrapped with
> CONFIG_MGMT_HYPERCALLS:
> For x86:
> - hvm_save_one
> - hvm_acpi_power_button
> - hvm_acpi_sleep_button
> - hvm_debug_op
> - mem_sharing_domctl
> - make P2M_AUDIT depend on CONFIG_MGMT_HYPERCALLS
> - make PG_log_dirty depend on CONFIG_MGMT_HYPERCALLS
> - make policy.o depend on CONFIG_MGMT_HYPERCALLS
> - do_vmtrace_op
> - hvm_vmtrace_control
> - hvm_funcs.vmtrace_control
> - hvm_vmtrace_get_option
> - hvm_funcs.vmtrace_get_option
> - hvm_vmtrace_set_option
> - hvm_funcs.vmtrace_set_option
> - paging_domctl_cont
> For ARM:
> - subarch_do_domctl
>
> Also, remove all #ifdef CONFIG_MGMT_HYPERCALLS-s in arch-specific domctl.c, as
> we put the guardian in Makefile for the whole file.
> Wrap default-case and arch_get_domain_info() transiently with
> CONFIG_MGMT_HYPERCALLS, and it will be removed when introducing
> CONFIG_MGMT_HYPERCALLS on the common/domctl.c in the last.
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - split out xsm parts
> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> - wrap default-case and arch_get_domain_info() transiently
> ---
> xen/Kconfig.debug | 2 +-
> xen/arch/arm/arm32/Makefile | 2 +-
> xen/arch/arm/arm64/Makefile | 2 +-
> xen/arch/arm/domctl.c | 2 --
Isn't there a change missing to arm/Makefile? Or else, how can ...
> --- a/xen/arch/arm/domctl.c
> +++ b/xen/arch/arm/domctl.c
> @@ -184,7 +184,6 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
> }
> }
>
> -#ifdef CONFIG_MGMT_HYPERCALLS
> void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c)
> {
> struct vcpu_guest_context *ctxt = c.nat;
> @@ -200,7 +199,6 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c)
> if ( !test_bit(_VPF_down, &v->pause_flags) )
> ctxt->flags |= VGCF_online;
> }
> -#endif /* CONFIG_MGMT_HYPERCALLS */
... this be correct?
> --- a/xen/arch/x86/hvm/save.c
> +++ b/xen/arch/x86/hvm/save.c
> @@ -121,6 +121,7 @@ size_t hvm_save_size(struct domain *d)
> return sz;
> }
Both this and ...
> +#ifdef CONFIG_MGMT_HYPERCALLS
> /*
> * Extract a single instance of a save record, by marshalling all records of
> * that type and copying out the one we need.
> @@ -195,6 +196,7 @@ int hvm_save_one(struct domain *d, unsigned int typecode, unsigned int instance,
> xfree(ctxt.data);
> return rv;
> }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> int hvm_save(struct domain *d, hvm_domain_context_t *h)
> {
... this and hvm_load() (and some others) will end up unreachable when
MGMT_HYPERCALLS=n and MEM_SHARING=n.
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -2585,6 +2585,7 @@ static bool cf_check vmx_get_pending_event(
> (RTIT_STATUS_FILTER_EN | RTIT_STATUS_CONTEXT_EN | RTIT_STATUS_TRIGGER_EN | \
> RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED)
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> static int cf_check vmtrace_get_option(
> struct vcpu *v, uint64_t key, uint64_t *output)
> {
This #ifdef wants to move up a few lines, to also cover the two #define-s.
> @@ -2693,6 +2694,7 @@ static int cf_check vmtrace_control(struct vcpu *v, bool enable, bool reset)
>
> return 0;
> }
> +#endif /* CONFIG_MGMT_HYPERCALLS */
>
> static int cf_check vmtrace_output_position(struct vcpu *v, uint64_t *pos)
> {
> @@ -2883,10 +2885,14 @@ static struct hvm_function_table __initdata_cf_clobber vmx_function_table = {
> .altp2m_vcpu_emulate_ve = vmx_vcpu_emulate_ve,
> .altp2m_vcpu_emulate_vmfunc = vmx_vcpu_emulate_vmfunc,
> #endif
> +#ifdef CONFIG_MGMT_HYPERCALLS
> .vmtrace_control = vmtrace_control,
> +#endif
> .vmtrace_output_position = vmtrace_output_position,
Why would this remain? Patch 05 makes VM_EVENT dependent upon MGMT_HYPERCALLS,
and outside of domctl.c the only other caller is in vm_event.c.
> @@ -747,8 +751,10 @@ bool altp2m_vcpu_emulate_ve(struct vcpu *v);
>
> static inline int hvm_vmtrace_control(struct vcpu *v, bool enable, bool reset)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> if ( hvm_funcs.vmtrace_control )
> return alternative_call(hvm_funcs.vmtrace_control, v, enable, reset);
> +#endif
>
> return -EOPNOTSUPP;
> }
> @@ -765,8 +771,10 @@ static inline int hvm_vmtrace_output_position(struct vcpu *v, uint64_t *pos)
> static inline int hvm_vmtrace_set_option(
> struct vcpu *v, uint64_t key, uint64_t value)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> if ( hvm_funcs.vmtrace_set_option )
> return alternative_call(hvm_funcs.vmtrace_set_option, v, key, value);
> +#endif
>
> return -EOPNOTSUPP;
> }
> @@ -774,8 +782,10 @@ static inline int hvm_vmtrace_set_option(
> static inline int hvm_vmtrace_get_option(
> struct vcpu *v, uint64_t key, uint64_t *value)
> {
> +#ifdef CONFIG_MGMT_HYPERCALLS
> if ( hvm_funcs.vmtrace_get_option )
> return alternative_call(hvm_funcs.vmtrace_get_option, v, key, value);
> +#endif
>
> return -EOPNOTSUPP;
> }
Why #ifdef inside the functions? The sole users each are in domctl.c.
> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -114,7 +114,9 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
>
> memcpy(info->handle, d->handle, sizeof(xen_domain_handle_t));
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> arch_get_domain_info(d, info);
> +#endif
> }
This shouldn't be necessary; instead imo patch 18 should be extended to cover
getdomainfo() altogether.
> --- a/xen/lib/x86/Makefile
> +++ b/xen/lib/x86/Makefile
> @@ -1,3 +1,3 @@
> obj-y += cpuid.o
> obj-y += msr.o
> -obj-y += policy.o
> +obj-$(CONFIG_MGMT_HYPERCALLS) += policy.o
Fair parts of cpuid.c also become unreachable. And all of msr.c afaics.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* RE: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS
2025-09-11 13:02 ` Jan Beulich
@ 2025-10-11 6:44 ` Penny, Zheng
2025-10-13 6:41 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-10-11 6:44 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Andrew Cooper, Anthony PERARD, Orzel, Michal,
Julien Grall, Roger Pau Monné, Stefano Stabellini,
Bertrand Marquis, Volodymyr Babchuk, Tamas K Lengyel,
Daniel P. Smith, xen-devel@lists.xenproject.org
[Public]
Hi,
Sorry for the late reply. Just come back from national holiday.
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Thursday, September 11, 2025 9:03 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>;
> Orzel, Michal <Michal.Orzel@amd.com>; Julien Grall <julien@xen.org>; Roger
> Pau Monné <roger.pau@citrix.com>; Stefano Stabellini <sstabellini@kernel.org>;
> Bertrand Marquis <bertrand.marquis@arm.com>; Volodymyr Babchuk
> <Volodymyr_Babchuk@epam.com>; Tamas K Lengyel <tamas@tklengyel.com>;
> Daniel P. Smith <dpsmith@apertussolutions.com>; xen-
> devel@lists.xenproject.org
> Subject: Re: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with
> CONFIG_MGMT_HYPERCALLS
>
> > --- a/xen/lib/x86/Makefile
> > +++ b/xen/lib/x86/Makefile
> > @@ -1,3 +1,3 @@
> > obj-y += cpuid.o
> > obj-y += msr.o
> > -obj-y += policy.o
> > +obj-$(CONFIG_MGMT_HYPERCALLS) += policy.o
>
> Fair parts of cpuid.c also become unreachable. And all of msr.c afaics.
>
I just found that the functions defined here, as helpers/libraries, are used in tools/libs/guest/xg_cpuid_x86.c too. Emmm, to make compiler happy, I still need to provide stubs for them when MGMT_HYPERCALLS=n. Or any better suggestion?
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS
2025-10-11 6:44 ` Penny, Zheng
@ 2025-10-13 6:41 ` Jan Beulich
2025-10-13 7:18 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-10-13 6:41 UTC (permalink / raw)
To: Penny, Zheng
Cc: Huang, Ray, Andrew Cooper, Anthony PERARD, Orzel, Michal,
Julien Grall, Roger Pau Monné, Stefano Stabellini,
Bertrand Marquis, Volodymyr Babchuk, Tamas K Lengyel,
Daniel P. Smith, xen-devel@lists.xenproject.org
On 11.10.2025 08:44, Penny, Zheng wrote:
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Thursday, September 11, 2025 9:03 PM
>>
>>> --- a/xen/lib/x86/Makefile
>>> +++ b/xen/lib/x86/Makefile
>>> @@ -1,3 +1,3 @@
>>> obj-y += cpuid.o
>>> obj-y += msr.o
>>> -obj-y += policy.o
>>> +obj-$(CONFIG_MGMT_HYPERCALLS) += policy.o
>>
>> Fair parts of cpuid.c also become unreachable. And all of msr.c afaics.
>>
>
> I just found that the functions defined here, as helpers/libraries, are used in tools/libs/guest/xg_cpuid_x86.c too. Emmm, to make compiler happy, I still need to provide stubs for them when MGMT_HYPERCALLS=n. Or any better suggestion?
How does the Makefile change here affect tools/libs/guest/? What would you
need stubs for there?
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* RE: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS
2025-10-13 6:41 ` Jan Beulich
@ 2025-10-13 7:18 ` Penny, Zheng
2025-10-13 8:30 ` Jan Beulich
0 siblings, 1 reply; 102+ messages in thread
From: Penny, Zheng @ 2025-10-13 7:18 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Andrew Cooper, Anthony PERARD, Orzel, Michal,
Julien Grall, Roger Pau Monné, Stefano Stabellini,
Bertrand Marquis, Volodymyr Babchuk, Tamas K Lengyel,
Daniel P. Smith, xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Monday, October 13, 2025 2:41 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>;
> Orzel, Michal <Michal.Orzel@amd.com>; Julien Grall <julien@xen.org>; Roger Pau
> Monné <roger.pau@citrix.com>; Stefano Stabellini <sstabellini@kernel.org>;
> Bertrand Marquis <bertrand.marquis@arm.com>; Volodymyr Babchuk
> <Volodymyr_Babchuk@epam.com>; Tamas K Lengyel <tamas@tklengyel.com>;
> Daniel P. Smith <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with
> CONFIG_MGMT_HYPERCALLS
>
> On 11.10.2025 08:44, Penny, Zheng wrote:
> >> -----Original Message-----
> >> From: Jan Beulich <jbeulich@suse.com>
> >> Sent: Thursday, September 11, 2025 9:03 PM
> >>
> >>> --- a/xen/lib/x86/Makefile
> >>> +++ b/xen/lib/x86/Makefile
> >>> @@ -1,3 +1,3 @@
> >>> obj-y += cpuid.o
> >>> obj-y += msr.o
> >>> -obj-y += policy.o
> >>> +obj-$(CONFIG_MGMT_HYPERCALLS) += policy.o
> >>
> >> Fair parts of cpuid.c also become unreachable. And all of msr.c afaics.
> >>
> >
> > I just found that the functions defined here, as helpers/libraries, are used in
> tools/libs/guest/xg_cpuid_x86.c too. Emmm, to make compiler happy, I still need to
> provide stubs for them when MGMT_HYPERCALLS=n. Or any better suggestion?
>
> How does the Makefile change here affect tools/libs/guest/? What would you need
> stubs for there?
>
Like Function xc_cpu_policy_is_compatible() in tools/libs/guest/xg_cpuid_x86.c is also using x86_cpu_policies_are_compatible() to do the comparison between host and guest. If making xen/lib/x86/plocy.o guarded by MGMT_HYPERCALLS, we will have "undefined reference " error. Imo, it is not suitable to guard files tools/libs/guest/xg_cpuid_x86.o with MGMT_HYPERCALLS.
So it we still want to have the Makefile change here, we need to provide stubs. Or we remove the Makefile change here, as the role of these functions is more of the library,
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* Re: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS
2025-10-13 7:18 ` Penny, Zheng
@ 2025-10-13 8:30 ` Jan Beulich
2025-10-13 9:25 ` Penny, Zheng
0 siblings, 1 reply; 102+ messages in thread
From: Jan Beulich @ 2025-10-13 8:30 UTC (permalink / raw)
To: Penny, Zheng
Cc: Huang, Ray, Andrew Cooper, Anthony PERARD, Orzel, Michal,
Julien Grall, Roger Pau Monné, Stefano Stabellini,
Bertrand Marquis, Volodymyr Babchuk, Tamas K Lengyel,
Daniel P. Smith, xen-devel@lists.xenproject.org
On 13.10.2025 09:18, Penny, Zheng wrote:
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Monday, October 13, 2025 2:41 PM
>>
>> On 11.10.2025 08:44, Penny, Zheng wrote:
>>>> -----Original Message-----
>>>> From: Jan Beulich <jbeulich@suse.com>
>>>> Sent: Thursday, September 11, 2025 9:03 PM
>>>>
>>>>> --- a/xen/lib/x86/Makefile
>>>>> +++ b/xen/lib/x86/Makefile
>>>>> @@ -1,3 +1,3 @@
>>>>> obj-y += cpuid.o
>>>>> obj-y += msr.o
>>>>> -obj-y += policy.o
>>>>> +obj-$(CONFIG_MGMT_HYPERCALLS) += policy.o
>>>>
>>>> Fair parts of cpuid.c also become unreachable. And all of msr.c afaics.
>>>>
>>>
>>> I just found that the functions defined here, as helpers/libraries, are used in
>> tools/libs/guest/xg_cpuid_x86.c too. Emmm, to make compiler happy, I still need to
>> provide stubs for them when MGMT_HYPERCALLS=n. Or any better suggestion?
>>
>> How does the Makefile change here affect tools/libs/guest/? What would you need
>> stubs for there?
>>
>
> Like Function xc_cpu_policy_is_compatible() in tools/libs/guest/xg_cpuid_x86.c is also using x86_cpu_policies_are_compatible() to do the comparison between host and guest. If making xen/lib/x86/plocy.o guarded by MGMT_HYPERCALLS, we will have "undefined reference " error. Imo, it is not suitable to guard files tools/libs/guest/xg_cpuid_x86.o with MGMT_HYPERCALLS.
Correct, but I still don't see what you're getting at. This Makefile is used in
the hypervisor build only. In tools/libs/guest/Makefile.common we have
ifeq ($(CONFIG_X86),y) # Add libx86 to the build
vpath %.c ../../../xen/lib/x86
OBJS-y += cpuid.o msr.o policy.o
endif
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* RE: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS
2025-10-13 8:30 ` Jan Beulich
@ 2025-10-13 9:25 ` Penny, Zheng
0 siblings, 0 replies; 102+ messages in thread
From: Penny, Zheng @ 2025-10-13 9:25 UTC (permalink / raw)
To: Jan Beulich
Cc: Huang, Ray, Andrew Cooper, Anthony PERARD, Orzel, Michal,
Julien Grall, Roger Pau Monné, Stefano Stabellini,
Bertrand Marquis, Volodymyr Babchuk, Tamas K Lengyel,
Daniel P. Smith, xen-devel@lists.xenproject.org
[Public]
> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Monday, October 13, 2025 4:30 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Andrew Cooper
> <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>;
> Orzel, Michal <Michal.Orzel@amd.com>; Julien Grall <julien@xen.org>; Roger Pau
> Monné <roger.pau@citrix.com>; Stefano Stabellini <sstabellini@kernel.org>;
> Bertrand Marquis <bertrand.marquis@arm.com>; Volodymyr Babchuk
> <Volodymyr_Babchuk@epam.com>; Tamas K Lengyel <tamas@tklengyel.com>;
> Daniel P. Smith <dpsmith@apertussolutions.com>; xen-devel@lists.xenproject.org
> Subject: Re: [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with
> CONFIG_MGMT_HYPERCALLS
>
> On 13.10.2025 09:18, Penny, Zheng wrote:
> >> -----Original Message-----
> >> From: Jan Beulich <jbeulich@suse.com>
> >> Sent: Monday, October 13, 2025 2:41 PM
> >>
> >> On 11.10.2025 08:44, Penny, Zheng wrote:
> >>>> -----Original Message-----
> >>>> From: Jan Beulich <jbeulich@suse.com>
> >>>> Sent: Thursday, September 11, 2025 9:03 PM
> >>>>
> >>>>> --- a/xen/lib/x86/Makefile
> >>>>> +++ b/xen/lib/x86/Makefile
> >>>>> @@ -1,3 +1,3 @@
> >>>>> obj-y += cpuid.o
> >>>>> obj-y += msr.o
> >>>>> -obj-y += policy.o
> >>>>> +obj-$(CONFIG_MGMT_HYPERCALLS) += policy.o
> >>>>
> >>>> Fair parts of cpuid.c also become unreachable. And all of msr.c afaics.
> >>>>
> >>>
> >>> I just found that the functions defined here, as helpers/libraries,
> >>> are used in
> >> tools/libs/guest/xg_cpuid_x86.c too. Emmm, to make compiler happy, I
> >> still need to provide stubs for them when MGMT_HYPERCALLS=n. Or any
> better suggestion?
> >>
> >> How does the Makefile change here affect tools/libs/guest/? What
> >> would you need stubs for there?
> >>
> >
> > Like Function xc_cpu_policy_is_compatible() in tools/libs/guest/xg_cpuid_x86.c
> is also using x86_cpu_policies_are_compatible() to do the comparison between
> host and guest. If making xen/lib/x86/plocy.o guarded by MGMT_HYPERCALLS,
> we will have "undefined reference " error. Imo, it is not suitable to guard files
> tools/libs/guest/xg_cpuid_x86.o with MGMT_HYPERCALLS.
>
> Correct, but I still don't see what you're getting at. This Makefile is used in the
> hypervisor build only. In tools/libs/guest/Makefile.common we have
>
> ifeq ($(CONFIG_X86),y) # Add libx86 to the build vpath %.c ../../../xen/lib/x86
>
> OBJS-y += cpuid.o msr.o policy.o
> endif
>
Oh, true...
They are separately compiled with different Makefile.
It is fair parts of cpuid.c(x86_cpuid_copy_to{,from}_buffer) which got "undefined reference". Lets omit this part of change.
> Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 25/26] xen/xsm: wrap xsm functions with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (23 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 24/26] xen/domctl: wrap arch-specific domctl-op with CONFIG_MGMT_HYPERCALLS Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-11 13:13 ` Jan Beulich
2025-09-10 7:38 ` [PATCH v2 26/26] xen/domctl: wrap common/domctl.c " Penny Zheng
25 siblings, 1 reply; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel; +Cc: ray.huang, Penny Zheng, Daniel P. Smith
The following functions are xsm-related and only invoked under arch-specific
domctl-op, so they shall all be wrapped with CONFIG_MGMT_HYPERCALLS:
- xsm_domctl
- xsm_{bind,unbind}_pt_irq
- xsm_ioport_permission
- xsm_ioport_mapping
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- new commit
---
xen/include/xsm/xsm.h | 14 ++++++++++++--
xen/xsm/dummy.c | 6 +++---
xen/xsm/flask/hooks.c | 12 ++++++------
3 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 542488bd44..0539e3bf10 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -60,8 +60,8 @@ struct xsm_ops {
int (*domctl_scheduler_op)(struct domain *d, int op);
int (*sysctl_scheduler_op)(int op);
int (*set_target)(struct domain *d, struct domain *e);
-#endif
int (*domctl)(struct domain *d, unsigned int cmd, uint32_t ssidref);
+#endif
int (*sysctl)(int cmd);
int (*readconsole)(uint32_t clear);
@@ -111,9 +111,9 @@ struct xsm_ops {
int (*map_domain_irq)(struct domain *d, int irq, const void *data);
int (*unmap_domain_pirq)(struct domain *d);
int (*unmap_domain_irq)(struct domain *d, int irq, const void *data);
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind);
-#ifdef CONFIG_MGMT_HYPERCALLS
int (*irq_permission)(struct domain *d, int pirq, uint8_t allow);
int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e,
uint8_t allow);
@@ -190,10 +190,12 @@ struct xsm_ops {
int (*update_va_mapping)(struct domain *d, struct domain *f,
l1_pgentry_t pte);
int (*priv_mapping)(struct domain *d, struct domain *t);
+#ifdef CONFIG_MGMT_HYPERCALLS
int (*ioport_permission)(struct domain *d, uint32_t s, uint32_t e,
uint8_t allow);
int (*ioport_mapping)(struct domain *d, uint32_t s, uint32_t e,
uint8_t allow);
+#endif
int (*pmu_op)(struct domain *d, unsigned int op);
#endif
int (*dm_op)(struct domain *d);
@@ -272,7 +274,11 @@ static inline int xsm_set_target(
static inline int xsm_domctl(xsm_default_t def, struct domain *d,
unsigned int cmd, uint32_t ssidref)
{
+#ifdef CONFIG_MGMT_HYPERCALLS
return alternative_call(xsm_ops.domctl, d, cmd, ssidref);
+#else
+ return -EOPNOTSUPP;
+#endif
}
static inline int xsm_sysctl(xsm_default_t def, int cmd)
@@ -503,6 +509,7 @@ static inline int xsm_unmap_domain_irq(
return alternative_call(xsm_ops.unmap_domain_irq, d, irq, data);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int xsm_bind_pt_irq(
xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
@@ -514,6 +521,7 @@ static inline int xsm_unbind_pt_irq(
{
return alternative_call(xsm_ops.unbind_pt_irq, d, bind);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static inline int xsm_irq_permission(
xsm_default_t def, struct domain *d, int pirq, uint8_t allow)
@@ -757,6 +765,7 @@ static inline int xsm_priv_mapping(
return alternative_call(xsm_ops.priv_mapping, d, t);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static inline int xsm_ioport_permission(
xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow)
{
@@ -768,6 +777,7 @@ static inline int xsm_ioport_mapping(
{
return alternative_call(xsm_ops.ioport_mapping, d, s, e, allow);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static inline int xsm_pmu_op(
xsm_default_t def, struct domain *d, unsigned int op)
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 2c8e0725b6..48ed724f86 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -22,9 +22,7 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.domctl_scheduler_op = xsm_domctl_scheduler_op,
.sysctl_scheduler_op = xsm_sysctl_scheduler_op,
.set_target = xsm_set_target,
-#endif
.domctl = xsm_domctl,
-#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl = xsm_sysctl,
.readconsole = xsm_readconsole,
#endif
@@ -71,9 +69,9 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.map_domain_irq = xsm_map_domain_irq,
.unmap_domain_pirq = xsm_unmap_domain_pirq,
.unmap_domain_irq = xsm_unmap_domain_irq,
+#ifdef CONFIG_MGMT_HYPERCALLS
.bind_pt_irq = xsm_bind_pt_irq,
.unbind_pt_irq = xsm_unbind_pt_irq,
-#ifdef CONFIG_MGMT_HYPERCALLS
.irq_permission = xsm_irq_permission,
.iomem_permission = xsm_iomem_permission,
#endif
@@ -143,8 +141,10 @@ static const struct xsm_ops __initconst_cf_clobber dummy_ops = {
.mmuext_op = xsm_mmuext_op,
.update_va_mapping = xsm_update_va_mapping,
.priv_mapping = xsm_priv_mapping,
+#ifdef CONFIG_MGMT_HYPERCALLS
.ioport_permission = xsm_ioport_permission,
.ioport_mapping = xsm_ioport_mapping,
+#endif
.pmu_op = xsm_pmu_op,
#endif
.dm_op = xsm_dm_op,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 66d8bfda3a..76bf1b5240 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -665,7 +665,6 @@ static int cf_check flask_set_target(struct domain *d, struct domain *t)
&dsec->target_sid);
return rc;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
uint32_t ssidref)
@@ -858,7 +857,6 @@ static int cf_check flask_domctl(struct domain *d, unsigned int cmd,
}
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_sysctl(int cmd)
{
switch ( cmd )
@@ -1078,6 +1076,7 @@ static int cf_check flask_unmap_domain_irq(
return rc;
}
+#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_bind_pt_irq(
struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
@@ -1111,7 +1110,6 @@ static int cf_check flask_unbind_pt_irq(
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static int cf_check flask_irq_permission(
struct domain *d, int pirq, uint8_t access)
{
@@ -1634,6 +1632,7 @@ static int cf_check flask_shadow_control(struct domain *d, uint32_t op)
return current_has_perm(d, SECCLASS_SHADOW, perm);
}
+#ifdef CONFIG_MGMT_HYPERCALLS
struct ioport_has_perm_data {
uint32_t ssid;
uint32_t dsid;
@@ -1689,6 +1688,7 @@ static int cf_check flask_ioport_mapping(
{
return flask_ioport_permission(d, start, end, access);
}
+#endif /* CONFIG_MGMT_HYPERCALLS */
static int cf_check flask_mem_sharing_op(
struct domain *d, struct domain *cd, int op)
@@ -1894,9 +1894,7 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.domctl_scheduler_op = flask_domctl_scheduler_op,
.sysctl_scheduler_op = flask_sysctl_scheduler_op,
.set_target = flask_set_target,
-#endif
.domctl = flask_domctl,
-#ifdef CONFIG_MGMT_HYPERCALLS
.sysctl = flask_sysctl,
.readconsole = flask_readconsole,
#endif
@@ -1943,9 +1941,9 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.map_domain_irq = flask_map_domain_irq,
.unmap_domain_pirq = flask_unmap_domain_pirq,
.unmap_domain_irq = flask_unmap_domain_irq,
+#ifdef CONFIG_MGMT_HYPERCALLS
.bind_pt_irq = flask_bind_pt_irq,
.unbind_pt_irq = flask_unbind_pt_irq,
-#ifdef CONFIG_MGMT_HYPERCALLS
.irq_permission = flask_irq_permission,
.iomem_permission = flask_iomem_permission,
#endif
@@ -2016,8 +2014,10 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = {
.mmuext_op = flask_mmuext_op,
.update_va_mapping = flask_update_va_mapping,
.priv_mapping = flask_priv_mapping,
+#ifdef CONFIG_MGMT_HYPERCALLS
.ioport_permission = flask_ioport_permission,
.ioport_mapping = flask_ioport_mapping,
+#endif
.pmu_op = flask_pmu_op,
#endif
.dm_op = flask_dm_op,
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 25/26] xen/xsm: wrap xsm functions with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 25/26] xen/xsm: wrap xsm functions " Penny Zheng
@ 2025-09-11 13:13 ` Jan Beulich
0 siblings, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 13:13 UTC (permalink / raw)
To: Penny Zheng; +Cc: ray.huang, Daniel P. Smith, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> The following functions are xsm-related and only invoked under arch-specific
> domctl-op, so they shall all be wrapped with CONFIG_MGMT_HYPERCALLS:
> - xsm_domctl
Doesn't this come too early (reflected by you putting #ifdef inside the
function), while ...
> - xsm_{bind,unbind}_pt_irq
> - xsm_ioport_permission
> - xsm_ioport_mapping
... these fix unreachable code issues introduced by the previous patch?
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread
* [PATCH v2 26/26] xen/domctl: wrap common/domctl.c with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 [PATCH v2 00/26] Disable domctl-op via CONFIG_MGMT_HYPERCALLS Penny Zheng
` (24 preceding siblings ...)
2025-09-10 7:38 ` [PATCH v2 25/26] xen/xsm: wrap xsm functions " Penny Zheng
@ 2025-09-10 7:38 ` Penny Zheng
2025-09-10 13:43 ` Jan Beulich
2025-09-11 13:26 ` Jan Beulich
25 siblings, 2 replies; 102+ messages in thread
From: Penny Zheng @ 2025-09-10 7:38 UTC (permalink / raw)
To: xen-devel
Cc: ray.huang, Penny Zheng, Andrew Cooper, Anthony PERARD,
Michal Orzel, Jan Beulich, Julien Grall, Roger Pau Monné,
Stefano Stabellini
Wrap domctl hypercall def and domctl.o with CONFIG_MGMT_HYPERCALLS,
and remove all #ifdef CONFIG_MGMT_HYPERCALLS wrappings in common/domctl.c
With MGMT_HYPERCALLS=n, we need to provide stub for
domctl_lock_{acquire,release}(), as it may be invoked by hvm_set_param().
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- remove stub in common/domctl.c
- combine the original commit of "xen/domctl: provide stub for
domctl_lock_{acquire,release}"
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
xen/common/Kconfig | 2 +-
xen/common/Makefile | 2 +-
xen/common/domctl.c | 24 ------------------------
xen/include/hypercall-defs.c | 4 +++-
xen/include/xen/domain.h | 9 +++++++++
5 files changed, 14 insertions(+), 27 deletions(-)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 1aedd00b12..da207a7183 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -654,7 +654,7 @@ config MGMT_HYPERCALLS
help
This option shall only be disabled on some dom0less systems, or
PV shim on x86, to reduce Xen footprint via managing unnessary
- hypercalls, like sysctl, etc.
+ hypercalls, like sysctl, domctl, etc.
config PM_OP
bool "Enable Performance Management Operation"
diff --git a/xen/common/Makefile b/xen/common/Makefile
index fdf826f218..45c0bda000 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -11,7 +11,7 @@ obj-$(filter-out $(CONFIG_X86),$(CONFIG_ACPI)) += device.o
obj-$(CONFIG_DEVICE_TREE_PARSE) += device-tree/
obj-$(CONFIG_IOREQ_SERVER) += dm.o
obj-y += domain.o
-obj-y += domctl.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += domctl.o
obj-y += domid.o
obj-y += event_2l.o
obj-y += event_channel.o
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 5657b95089..71e712c1f3 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -44,14 +44,12 @@ static int nodemask_to_xenctl_bitmap(struct xenctl_bitmap *xenctl_nodemap,
MAX_NUMNODES);
}
-#ifdef CONFIG_MGMT_HYPERCALLS
static int xenctl_bitmap_to_nodemask(nodemask_t *nodemask,
const struct xenctl_bitmap *xenctl_nodemap)
{
return xenctl_bitmap_to_bitmap(nodemask_bits(nodemask), xenctl_nodemap,
MAX_NUMNODES);
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
{
@@ -114,9 +112,7 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
memcpy(info->handle, d->handle, sizeof(xen_domain_handle_t));
-#ifdef CONFIG_MGMT_HYPERCALLS
arch_get_domain_info(d, info);
-#endif
}
bool domctl_lock_acquire(void)
@@ -394,26 +390,22 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_pausedomain:
ret = -EINVAL;
if ( d != current->domain )
ret = domain_pause_by_systemcontroller(d);
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_unpausedomain:
ret = domain_unpause_by_systemcontroller(d);
break;
-#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_resumedomain:
if ( d == current->domain ) /* no domain_pause() */
ret = -EINVAL;
else
domain_resume(d);
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_createdomain:
{
@@ -473,7 +465,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_soft_reset:
case XEN_DOMCTL_soft_reset_cont:
if ( d == current->domain ) /* no domain_pause() */
@@ -510,14 +501,12 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = domain_set_node_affinity(d, &new_affinity);
break;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_getnodeaffinity:
ret = nodemask_to_xenctl_bitmap(&op->u.nodeaffinity.nodemap,
&d->node_affinity);
break;
-#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_setvcpuaffinity:
case XEN_DOMCTL_getvcpuaffinity:
ret = vcpu_affinity_domctl(d, op->cmd, &op->u.vcpuaffinity);
@@ -527,7 +516,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = sched_adjust(d, &op->u.scheduler_op);
copyback = 1;
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_getdomaininfo:
ret = xsm_getdomaininfo(XSM_XS_PRIV, d);
@@ -540,7 +528,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
copyback = 1;
break;
-#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_getvcpucontext:
{
vcpu_guest_context_u c = { .nat = NULL };
@@ -589,7 +576,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
xfree(c.nat);
break;
}
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_getvcpuinfo:
{
@@ -750,11 +736,9 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
}
-#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_settimeoffset:
domain_set_time_offset(d, op->u.settimeoffset.time_offset_seconds);
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_set_target:
{
@@ -810,11 +794,9 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
#endif
-#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_set_virq_handler:
ret = set_global_virq_handler(d, op->u.set_virq_handler.virq);
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_setvnumainfo:
{
@@ -842,7 +824,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
copyback = 1;
break;
-#ifdef CONFIG_MGMT_HYPERCALLS
case XEN_DOMCTL_assign_device:
case XEN_DOMCTL_test_assign_device:
case XEN_DOMCTL_deassign_device:
@@ -863,7 +844,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
ret = hypercall_create_continuation(
__HYPERVISOR_domctl, "h", u_domctl);
break;
-#endif /* CONFIG_MGMT_HYPERCALLS */
case XEN_DOMCTL_set_llc_colors:
if ( op->u.set_llc_colors.pad )
@@ -884,11 +864,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
default:
-#ifdef CONFIG_MGMT_HYPERCALLS
ret = arch_do_domctl(op, d, u_domctl);
-#else
- ret = -EOPNOTSUPP;
-#endif /* CONFIG_MGMT_HYPERCALLS */
break;
}
diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c
index 02d7b93e80..cbd547f724 100644
--- a/xen/include/hypercall-defs.c
+++ b/xen/include/hypercall-defs.c
@@ -200,7 +200,9 @@ sysctl(xen_sysctl_t *u_sysctl)
#if defined(CONFIG_X86) && defined(CONFIG_PAGING) && defined(CONFIG_MGMT_HYPERCALLS)
paging_domctl_cont(xen_domctl_t *u_domctl)
#endif
+#ifdef CONFIG_MGMT_HYPERCALLS
domctl(xen_domctl_t *u_domctl)
+#endif
#ifndef CONFIG_PV_SHIM_EXCLUSIVE
platform_op(xen_platform_op_t *u_xenpf_op)
#endif
@@ -279,8 +281,8 @@ hvm_op do do do do do
#endif
#ifdef CONFIG_MGMT_HYPERCALLS
sysctl do do do do do
-#endif
domctl do do do do do
+#endif
#ifdef CONFIG_KEXEC
kexec_op compat do - - -
#endif
diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h
index 11d2505420..19dd85150a 100644
--- a/xen/include/xen/domain.h
+++ b/xen/include/xen/domain.h
@@ -151,8 +151,17 @@ void arch_dump_domain_info(struct domain *d);
int arch_vcpu_reset(struct vcpu *v);
+#ifdef CONFIG_MGMT_HYPERCALLS
bool domctl_lock_acquire(void);
void domctl_lock_release(void);
+#else
+static inline bool domctl_lock_acquire(void)
+{
+ return false;
+}
+
+static inline void domctl_lock_release(void) {}
+#endif /* CONFIG_MGMT_HYPERCALLS */
/*
* Continue the current hypercall via func(data) on specified cpu.
--
2.34.1
^ permalink raw reply related [flat|nested] 102+ messages in thread* Re: [PATCH v2 26/26] xen/domctl: wrap common/domctl.c with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 26/26] xen/domctl: wrap common/domctl.c " Penny Zheng
@ 2025-09-10 13:43 ` Jan Beulich
2025-09-11 13:26 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-10 13:43 UTC (permalink / raw)
To: Stefano Stabellini
Cc: ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Julien Grall, Roger Pau Monné, xen-devel, Penny Zheng
On 10.09.2025 09:38, Penny Zheng wrote:
> Wrap domctl hypercall def and domctl.o with CONFIG_MGMT_HYPERCALLS,
> and remove all #ifdef CONFIG_MGMT_HYPERCALLS wrappings in common/domctl.c
> With MGMT_HYPERCALLS=n, we need to provide stub for
> domctl_lock_{acquire,release}(), as it may be invoked by hvm_set_param().
>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> ---
> v1 -> v2:
> - remove stub in common/domctl.c
> - combine the original commit of "xen/domctl: provide stub for
> domctl_lock_{acquire,release}"
> - adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
> ---
> xen/common/Kconfig | 2 +-
> xen/common/Makefile | 2 +-
> xen/common/domctl.c | 24 ------------------------
> xen/include/hypercall-defs.c | 4 +++-
> xen/include/xen/domain.h | 9 +++++++++
> 5 files changed, 14 insertions(+), 27 deletions(-)
Please see all the removals of #ifdef-s below for why I was arguing towards
the Kconfig control wanting to (re)gain its prompt last. These #ifdef-s will
have been added by earlier patches in the series (which I didn't look at
yet), and that kind of churn could have been avoided.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread* Re: [PATCH v2 26/26] xen/domctl: wrap common/domctl.c with CONFIG_MGMT_HYPERCALLS
2025-09-10 7:38 ` [PATCH v2 26/26] xen/domctl: wrap common/domctl.c " Penny Zheng
2025-09-10 13:43 ` Jan Beulich
@ 2025-09-11 13:26 ` Jan Beulich
1 sibling, 0 replies; 102+ messages in thread
From: Jan Beulich @ 2025-09-11 13:26 UTC (permalink / raw)
To: Penny Zheng
Cc: ray.huang, Andrew Cooper, Anthony PERARD, Michal Orzel,
Julien Grall, Roger Pau Monné, Stefano Stabellini, xen-devel
On 10.09.2025 09:38, Penny Zheng wrote:
> --- a/xen/include/xen/domain.h
> +++ b/xen/include/xen/domain.h
> @@ -151,8 +151,17 @@ void arch_dump_domain_info(struct domain *d);
>
> int arch_vcpu_reset(struct vcpu *v);
>
> +#ifdef CONFIG_MGMT_HYPERCALLS
> bool domctl_lock_acquire(void);
> void domctl_lock_release(void);
> +#else
> +static inline bool domctl_lock_acquire(void)
> +{
> + return false;
I.e. a someone invoking hvm_set_param() with HVM_PARAM_IDENT_PT will loop
indefinitely on getting back -ERESTART? Imo you simply cannot get things
right here with a stub: Either you have the above issue, or you put some
future new user of the function at risk.
Setting HVM_PARAM_IDENT_PT being a toolstack-only operation, I think that
needs making conditional upon CONFIG_MGMT_HYPERCALLS right in this series,
such that the last caller of these lock/unlock functions disappears.
Jan
^ permalink raw reply [flat|nested] 102+ messages in thread