[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN][PATCH v2 4/4] x86: pvh: allow to disable 32-bit interface support

To: Grygorii Strashko <grygorii_strashko@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Jason Andryuk <jason.andryuk@xxxxxxx>
Date: Tue, 2 Dec 2025 14:56:12 -0500
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=epam.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T/jLf+4/m/GtFIA0NHSxkTyYmsW3Re9H5WpdqOIhZbw=; b=hrM96WCv99lKNZVqjYi3gRkRfWK2kPzw8WJ/XG/hg93cQrNByrEy2Jr83q/3EgmPZtPlOatG9tdErApkSWRt6v1pwfv0Hs1RGKzAg9V0alIl0jcMvqIXLJVDxdhLJ1yPxGnPtpdQVqF2/wV+yuwk7gSkR0RmBeOMOhyGwIaMrh9Axlpyf1xZwBfIFm+7Bg8hFez0pWJ4r8b0d/pU3WeoeUkRdr9agoWP9cr8z+7zgp/dBdDdhYlBdMgdXv9T+cocS2sW9gTA1xOXfKG6gS39d1zbJz10yJJ+kMkcpW5u8EAqoXOdsvVRju9z9mHo/XXKUAqAUsr6wIXuz25LdkU2uQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ASVR8zZqD8Wl5e6IZCquatBxJ/JJlh37UWilQL7P0ttpgfzUge+QMBjPr6enFHz9CdBYZ7IIJ6O91k+1vWVtdLTm97J3lFRmq14wUEA2L4aHiWp388otgN941GpeCQAei2JT5xqKzZfQXsYHwtR7Ls75K6QEUVeg7ihknyT3Ky5UQgsl9kSUcgfkv4/GHjxVtym52OT0IWHd1nOO5YnHnbbUx/bm8aTHweKhqP4PHM0uv9nJTAVkcprbDRBFm+HLGXSdB2Sj7gU4W8+XkGSPsyFzFLGSQslmScrv6NAsyDQGC+agxJueJcJ7Wo7H8+8CozclFbnwCnWwO8/tLHV1Vw==
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
Delivery-date: Tue, 02 Dec 2025 19:56:31 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2025-11-19 14:30, Grygorii Strashko wrote:

From: Grygorii Strashko <grygorii_strashko@xxxxxxxx>

For x86 Xen safety certification only PVH Gusts are selected to be allowed


s/Gusts/Guests/

which are started by using direct Direct Kernel Boot only. There is also an


s/direct Direct/direct/

assumption that x86 Guest's (OS) early boot code (which is running not in
64-bit mode) does not access Xen interfaces (hypercalls, shared_info, ..).

In this case the Xen HVM 32-bit COMPAT interface become unused and leaves
gaps in terms of coverage.

Hence now all prerequisite changes are in place, introduce a
CONFIG_HVM_COMPAT option through which HVM(PVH) 32-bit interface support on
64-bit Xen can be disabled.

By default, CONFIG_HVM_COMPAT is ("y") enabled and accessible only in
EXPERT mode.

Signed-off-by: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
---
changes in v2:
- fix format and move above HVM_FEP

  xen/arch/x86/hvm/Kconfig | 19 ++++++++++++++++++-
  1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/hvm/Kconfig b/xen/arch/x86/hvm/Kconfig
index c323d767e77c..88090f5b3965 100644
--- a/xen/arch/x86/hvm/Kconfig
+++ b/xen/arch/x86/hvm/Kconfig
@@ -2,7 +2,6 @@ menuconfig HVM
        bool "HVM support"
        depends on !PV_SHIM_EXCLUSIVE
        default !PV_SHIM
-       select COMPAT
        select IOREQ_SERVER
        select MEM_ACCESS_ALWAYS_ON
        help
@@ -35,6 +34,24 @@ config INTEL_VMX
          If your system includes a processor with Intel VT-x support, say Y.
          If in doubt, say Y.

+config HVM_COMPAT

+       bool "HVM 32-bit hypercalls interface support" if EXPERT

Maybe "HVM 32-bit compat hypercall support" to get "compat" in theuser-visible text?

+       select COMPAT
+       default y
+       help
+         The HVM 32-bit interface must be enabled for HVM domains to be able to
+         make hypercalls in 32bit mode. Non-PVH domains unconditionally need 
this
+         option so that hvmloader may issue hypercalls in 32bit mode.
+
+         The HVM 32-bit interface can be disabled if:
+         - Only PVH domains are used
+         - Guests (OS) are started by using direct Direct Kernel Boot
+         - Guests (OS) are 64-bit and Guest early boot code, which is running 
not
+           in 64-bit mode, does not access Xen interfaces
+           (hypercalls, shared_info, ..)
+
+         If unsure, say Y.
+


Maybe something like:
"""

Support HVM hypercalls from 32-bit code. Hypercalls from 64-bit codeare always supported.

Disabling 32-bit compat hypercalls reduces the hypervisor binary size.HVM guests require the 32-bit hvmloader, so they cannot run with thisdisabled. i.e. Xen will only run 64-bit PVH guests with this disabled.


If unsure, say Y.
"""

While what you wrote is correct, I tried to rephrase to highlight thethe implications.


Regards,
Jason

  config HVM_FEP
        bool "HVM Forced Emulation Prefix support (UNSUPPORTED)" if UNSUPPORTED
        default DEBUG

Prev by Date: [PATCH] xen/dom0less: Increase guest DTB size for high-vCPU guests
Next by Date: Re: [PATCH] xen/dom0less: Increase guest DTB size for high-vCPU guests
Previous by thread: [PATCH] xen/dom0less: Increase guest DTB size for high-vCPU guests
Next by thread: Re: [XEN][PATCH] xen/arm: restrict cpu_up_send_sgi() to arm32
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.