xen/arch/arm/Makefile | 10 +++++----- xen/arch/x86/Makefile | 6 +++--- xen/common/Kconfig | 29 +++++++++++++++++++++++++++++ xen/common/Makefile | 4 ++-- xen/include/hypercall-defs.c | 24 +++++++++++++++++------- xen/include/xen/domain.h | 2 +- 6 files changed, 57 insertions(+), 18 deletions(-)
From: Stefano Stabellini <stefano.stabellini@amd.com>
It can be beneficial for some dom0less systems to further reduce Xen footprint
and disable some hypercalls handling code, which may not to be used & required
in such systems. Each hypercall has a separate option to keep configuration
flexible.
Options to disable hypercalls:
- domctl, sysctl
- hvm
- physdev
- platform
Some of these options are forced to be configurable only when DOM0LESS is
enabled, so that system won't become accidentally un-bootable when any hypercall
is disabled.
domctl/sysctl/platform hypercalls also disabled by PV_SHIM_EXCLUSIVE config
option, so this is reflected by a dependency in kconfig and Makefiles are
changed accordingly.
Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
---
changes in v2:
- SYSCTL & DOMCTL config option dependency on !PV_SHIM_EXCLUSIVE
- replace build checks for CONFIG_PV_SHIM_EXCLUSIVE
- rename options PLATFORM_HYP -> PLATFORM_OP & PHYSDEV -> PHYSDEV_OP
- removed "arm" from subj, as patch becomes not really ARM-specific
- updated description
changes in v1:
- incorporated PV_SHIM_EXCLUSIVE check in Kconfig
- drop excessive ifeq from Makefile & #ifdef from code
- drop checks for CONFIG_HVM_OP & CONFIG_PLATFORM_HYP being off when !DOM0LESS
- description updated
v1 patch here: https://lore.kernel.org/xen-devel/20241216114358.2845447-1-Sergiy_Kibrik@epam.com/
---
xen/arch/arm/Makefile | 10 +++++-----
xen/arch/x86/Makefile | 6 +++---
xen/common/Kconfig | 29 +++++++++++++++++++++++++++++
xen/common/Makefile | 4 ++--
xen/include/hypercall-defs.c | 24 +++++++++++++++++-------
xen/include/xen/domain.h | 2 +-
6 files changed, 57 insertions(+), 18 deletions(-)
diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index e4ad1ce851..265498fdd2 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -18,7 +18,7 @@ obj-$(CONFIG_IOREQ_SERVER) += dm.o
obj-$(CONFIG_DOM0LESS_BOOT) += dom0less-build.init.o
obj-y += domain.o
obj-y += domain_build.init.o
-obj-y += domctl.o
+obj-$(CONFIG_DOMCTL) += domctl.o
obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
obj-y += efi/
obj-y += gic.o
@@ -29,7 +29,7 @@ obj-$(CONFIG_HAS_ITS) += gic-v3-lpi.o
obj-y += guestcopy.o
obj-y += guest_atomics.o
obj-y += guest_walk.o
-obj-y += hvm.o
+obj-$(CONFIG_HVM_OP) += hvm.o
obj-y += io.o
obj-$(CONFIG_IOREQ_SERVER) += ioreq.o
obj-y += irq.o
@@ -40,8 +40,8 @@ obj-y += mm.o
obj-y += monitor.o
obj-y += p2m.o
obj-y += platform.o
-obj-y += platform_hypercall.o
-obj-y += physdev.o
+obj-$(CONFIG_PLATFORM_OP) += platform_hypercall.o
+obj-$(CONFIG_PHYSDEV_OP) += physdev.o
obj-y += processor.o
obj-y += psci.o
obj-y += setup.o
@@ -51,7 +51,7 @@ obj-y += smpboot.o
obj-$(CONFIG_STATIC_EVTCHN) += static-evtchn.init.o
obj-$(CONFIG_STATIC_MEMORY) += static-memory.init.o
obj-$(CONFIG_STATIC_SHM) += static-shmem.init.o
-obj-y += sysctl.o
+obj-$(CONFIG_SYSCTL) += sysctl.o
obj-y += time.o
obj-y += traps.o
obj-y += vcpreg.o
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index b35fd5196c..f623bddb1d 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -74,12 +74,12 @@ obj-y += hpet.o
obj-y += vm_event.o
obj-y += xstate.o
-ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
-obj-y += domctl.o
+obj-$(CONFIG_DOMCTL) += domctl.o
+ifeq ($(CONFIG_PLATFORM_OP),y)
obj-y += platform_hypercall.o
obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o
-obj-y += sysctl.o
endif
+obj-$(CONFIG_SYSCTL) += sysctl.o
extra-y += asm-macros.i
extra-y += xen.lds
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 90268d9249..fd5f54356f 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -516,4 +516,33 @@ config TRACEBUFFER
to be collected at run time for debugging or performance analysis.
Memory and execution overhead when not active is minimal.
+menu "Supported hypercall interfaces"
+ visible if DOM0LESS_BOOT && EXPERT
+
+config SYSCTL
+ bool "Enable sysctl hypercall"
+ depends on !PV_SHIM_EXCLUSIVE
+ default y
+
+config DOMCTL
+ bool "Enable domctl hypercalls"
+ depends on !PV_SHIM_EXCLUSIVE
+ default y
+
+config HVM_OP
+ bool "Enable HVM hypercalls"
+ depends on HVM
+ default y
+
+config PLATFORM_OP
+ bool "Enable platform hypercalls"
+ depends on !PV_SHIM_EXCLUSIVE
+ default y
+
+config PHYSDEV_OP
+ bool "Enable physdev hypercall"
+ default y
+
+endmenu
+
endmenu
diff --git a/xen/common/Makefile b/xen/common/Makefile
index b279b09bfb..0893bed6ab 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -66,10 +66,10 @@ obj-bin-$(CONFIG_X86) += $(foreach n,decompress bunzip2 unxz unlzma lzo unlzo un
obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o memory.o multicall.o xlat.o)
ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
-obj-y += domctl.o
obj-y += monitor.o
-obj-y += sysctl.o
endif
+obj-$(CONFIG_DOMCTL) += domctl.o
+obj-$(CONFIG_SYSCTL) += sysctl.o
extra-y := symbols-dummy.o
diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c
index 7720a29ade..e4872e7e28 100644
--- a/xen/include/hypercall-defs.c
+++ b/xen/include/hypercall-defs.c
@@ -95,7 +95,7 @@ handle: const_char const char
#ifdef CONFIG_COMPAT
defhandle: multicall_entry_compat_t
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_PLATFORM_OP
defhandle: compat_platform_op_t
#endif
#endif
@@ -150,7 +150,7 @@ update_va_mapping(unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags)
physdev_op_compat(physdev_op_compat_t *uop)
update_va_mapping_otherdomain(unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid)
#endif
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_PLATFORM_OP
platform_op(compat_platform_op_t *u_xenpf_op)
#endif
#ifdef CONFIG_KEXEC
@@ -194,10 +194,14 @@ kexec_op(unsigned long op, void *uarg)
#ifdef CONFIG_IOREQ_SERVER
dm_op(domid_t domid, unsigned int nr_bufs, xen_dm_op_buf_t *bufs)
#endif
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_SYSCTL
sysctl(xen_sysctl_t *u_sysctl)
+#endif
+#ifdef CONFIG_DOMCTL
domctl(xen_domctl_t *u_domctl)
paging_domctl_cont(xen_domctl_t *u_domctl)
+#endif
+#ifdef CONFIG_PLATFORM_OP
platform_op(xen_platform_op_t *u_xenpf_op)
#endif
#ifdef CONFIG_HVM
@@ -234,7 +238,7 @@ stack_switch do:2 do:2 - - -
set_callbacks compat do - - -
fpu_taskswitch do do - - -
sched_op_compat do do - - dep
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_PLATFORM_OP
platform_op compat do compat do do
#endif
set_debugreg do do - - -
@@ -247,7 +251,9 @@ set_timer_op compat do compat do -
event_channel_op_compat do do - - dep
xen_version do do do do do
console_io do do do do do
+#ifdef CONFIG_PHYSDEV_OP
physdev_op_compat compat do - - dep
+#endif
#if defined(CONFIG_GRANT_TABLE)
grant_table_op compat do hvm hvm do
#elif defined(CONFIG_PV_SHIM)
@@ -269,12 +275,16 @@ callback_op compat do - - -
xenoprof_op compat do - - -
#endif
event_channel_op do do do:1 do:1 do:1
+#ifdef CONFIG_PHYSDEV_OP
physdev_op compat do hvm hvm do_arm
-#ifdef CONFIG_HVM
+#endif
+#ifdef CONFIG_HVM_OP
hvm_op do do do do do
#endif
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_SYSCTL
sysctl do do do do do
+#endif
+#ifdef CONFIG_DOMCTL
domctl do do do do do
#endif
#ifdef CONFIG_KEXEC
@@ -292,7 +302,7 @@ dm_op compat do compat do do
hypfs_op do do do do do
#endif
mca do do - - -
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_DOMCTL
paging_domctl_cont do do do do -
#endif
diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h
index 3de5635291..62b5d70a8a 100644
--- a/xen/include/xen/domain.h
+++ b/xen/include/xen/domain.h
@@ -161,7 +161,7 @@ struct vnuma_info {
struct xen_vmemrange *vmemrange;
};
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_DOMCTL
void vnuma_destroy(struct vnuma_info *vnuma);
#else
static inline void vnuma_destroy(struct vnuma_info *vnuma) { ASSERT(!vnuma); }
--
2.25.1On 19.12.2024 10:29, Sergiy Kibrik wrote: > --- a/xen/arch/x86/Makefile > +++ b/xen/arch/x86/Makefile > @@ -74,12 +74,12 @@ obj-y += hpet.o > obj-y += vm_event.o > obj-y += xstate.o > > -ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) > -obj-y += domctl.o > +obj-$(CONFIG_DOMCTL) += domctl.o > +ifeq ($(CONFIG_PLATFORM_OP),y) > obj-y += platform_hypercall.o > obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o > -obj-y += sysctl.o > endif Personally I'd prefer if we avoided ifeq here: obj-$(CONFIG_PLATFORM_OP) += platform_hypercall.o obj-$(filter $(CONFIG_COMPAT),$(CONFIG_PLATFORM_OP)) += x86_64/platform_hypercall.o Yet I realize this (once again) may be contentious. > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -516,4 +516,33 @@ config TRACEBUFFER > to be collected at run time for debugging or performance analysis. > Memory and execution overhead when not active is minimal. > > +menu "Supported hypercall interfaces" > + visible if DOM0LESS_BOOT && EXPERT > + > +config SYSCTL > + bool "Enable sysctl hypercall" > + depends on !PV_SHIM_EXCLUSIVE > + default y > + > +config DOMCTL > + bool "Enable domctl hypercalls" > + depends on !PV_SHIM_EXCLUSIVE > + default y > + > +config HVM_OP > + bool "Enable HVM hypercalls" > + depends on HVM > + default y > + > +config PLATFORM_OP > + bool "Enable platform hypercalls" > + depends on !PV_SHIM_EXCLUSIVE > + default y Just to re-iterate an earlier comment: Andrew (imo validly) raised concern of such negative dependencies. As said before, imo we'd better resolve that before extending the issue (whether by the patch I once sent or something else is then secondary). > --- a/xen/common/Makefile > +++ b/xen/common/Makefile > @@ -66,10 +66,10 @@ obj-bin-$(CONFIG_X86) += $(foreach n,decompress bunzip2 unxz unlzma lzo unlzo un > obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o memory.o multicall.o xlat.o) > > ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) > -obj-y += domctl.o > obj-y += monitor.o > -obj-y += sysctl.o > endif > +obj-$(CONFIG_DOMCTL) += domctl.o > +obj-$(CONFIG_SYSCTL) += sysctl.o These two then want to move back up into their normal slots. Jan
On Fri, 27 Dec 2024, Jan Beulich wrote: > On 19.12.2024 10:29, Sergiy Kibrik wrote: > > --- a/xen/arch/x86/Makefile > > +++ b/xen/arch/x86/Makefile > > @@ -74,12 +74,12 @@ obj-y += hpet.o > > obj-y += vm_event.o > > obj-y += xstate.o > > > > -ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) > > -obj-y += domctl.o > > +obj-$(CONFIG_DOMCTL) += domctl.o > > +ifeq ($(CONFIG_PLATFORM_OP),y) > > obj-y += platform_hypercall.o > > obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o > > -obj-y += sysctl.o > > endif > > Personally I'd prefer if we avoided ifeq here: > > obj-$(CONFIG_PLATFORM_OP) += platform_hypercall.o > obj-$(filter $(CONFIG_COMPAT),$(CONFIG_PLATFORM_OP)) += x86_64/platform_hypercall.o > > Yet I realize this (once again) may be contentious. > > > --- a/xen/common/Kconfig > > +++ b/xen/common/Kconfig > > @@ -516,4 +516,33 @@ config TRACEBUFFER > > to be collected at run time for debugging or performance analysis. > > Memory and execution overhead when not active is minimal. > > > > +menu "Supported hypercall interfaces" > > + visible if DOM0LESS_BOOT && EXPERT > > + > > +config SYSCTL > > + bool "Enable sysctl hypercall" > > + depends on !PV_SHIM_EXCLUSIVE > > + default y > > + > > +config DOMCTL > > + bool "Enable domctl hypercalls" > > + depends on !PV_SHIM_EXCLUSIVE > > + default y > > + > > +config HVM_OP > > + bool "Enable HVM hypercalls" > > + depends on HVM > > + default y > > + > > +config PLATFORM_OP > > + bool "Enable platform hypercalls" > > + depends on !PV_SHIM_EXCLUSIVE > > + default y > > Just to re-iterate an earlier comment: Andrew (imo validly) raised concern of > such negative dependencies. As said before, imo we'd better resolve that before > extending the issue (whether by the patch I once sent or something else is then > secondary). How would you express the !PV_SHIM_EXCLUSIVE dependency without using negative dependencies? > > --- a/xen/common/Makefile > > +++ b/xen/common/Makefile > > @@ -66,10 +66,10 @@ obj-bin-$(CONFIG_X86) += $(foreach n,decompress bunzip2 unxz unlzma lzo unlzo un > > obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o memory.o multicall.o xlat.o) > > > > ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) > > -obj-y += domctl.o > > obj-y += monitor.o > > -obj-y += sysctl.o > > endif > > +obj-$(CONFIG_DOMCTL) += domctl.o > > +obj-$(CONFIG_SYSCTL) += sysctl.o > > These two then want to move back up into their normal slots. > > Jan >
On 02.01.2025 19:33, Stefano Stabellini wrote: > On Fri, 27 Dec 2024, Jan Beulich wrote: >> On 19.12.2024 10:29, Sergiy Kibrik wrote: >>> --- a/xen/common/Kconfig >>> +++ b/xen/common/Kconfig >>> @@ -516,4 +516,33 @@ config TRACEBUFFER >>> to be collected at run time for debugging or performance analysis. >>> Memory and execution overhead when not active is minimal. >>> >>> +menu "Supported hypercall interfaces" >>> + visible if DOM0LESS_BOOT && EXPERT >>> + >>> +config SYSCTL >>> + bool "Enable sysctl hypercall" >>> + depends on !PV_SHIM_EXCLUSIVE >>> + default y >>> + >>> +config DOMCTL >>> + bool "Enable domctl hypercalls" >>> + depends on !PV_SHIM_EXCLUSIVE >>> + default y >>> + >>> +config HVM_OP >>> + bool "Enable HVM hypercalls" >>> + depends on HVM >>> + default y >>> + >>> +config PLATFORM_OP >>> + bool "Enable platform hypercalls" >>> + depends on !PV_SHIM_EXCLUSIVE >>> + default y >> >> Just to re-iterate an earlier comment: Andrew (imo validly) raised concern of >> such negative dependencies. As said before, imo we'd better resolve that before >> extending the issue (whether by the patch I once sent or something else is then >> secondary). > > How would you express the !PV_SHIM_EXCLUSIVE dependency without using > negative dependencies? By inverting the sense of the option (and renaming it), as (to a 1st approximation) requested by Andrew long ago, and as proposed in [1], which I think I pointed Sergiy at, and which continues to be lacking feedback. Jan [1] https://lists.xen.org/archives/html/xen-devel/2023-03/msg00040.html
© 2016 - 2025 Red Hat, Inc.