From: Stefano Stabellini <sstabellini@kernel.org>

Wrap sysctl hypercall def and sysctl.o with CONFIG_SYSCTL, and since
PV_SHIM_EXCLUSIVE needs sorting in the future, we move them out of
PV_SHIM_EXCLUSIVE condition at the same time.

We need to make SYSCTL with prompt back, add help info and set default
value as y. We shall at least provide "# CONFIG_SYSCTL is not set" in preset
configs for PV shim on x86. With that, all dependent option get covered and
could be deleted.

Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
v1 -> v2:
- remove all transient "#ifdef CONFIG_SYSCTL"-s in sysctl.c
---
v2 -> v3:
- move out of CONFIG_PV_SHIM_EXCLUSIVE condition
---
v3 -> v4:
- make SYSCTL with prompt
- state unsetting SYSCTL in pvshim_defconfig
---
v4 -> v5:
- adapt to the new changes in commit "xen: introduce CONFIG_SYSCTL"
- expand help info also for PV shim
- refactor commit message
---
v7 -> v8
- remove TRACEBUFFER, PM_OP, PM_STATS, LIVEPATCH entry in pvshim_defconfig
---
 xen/arch/x86/configs/pvshim_defconfig | 5 +----
 xen/common/Kconfig                    | 6 +++++-
 xen/common/Makefile                   | 2 +-
 xen/include/hypercall-defs.c          | 8 ++++++--
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig
index 9dc91c33e3..c58c29adb0 100644
--- a/xen/arch/x86/configs/pvshim_defconfig
+++ b/xen/arch/x86/configs/pvshim_defconfig
@@ -19,12 +19,9 @@ CONFIG_EXPERT=y
 # CONFIG_SCHED_CREDIT2 is not set
 # CONFIG_SCHED_RTDS is not set
 # CONFIG_SCHED_ARINC653 is not set
-# CONFIG_LIVEPATCH is not set
 # CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS is not set
-# CONFIG_TRACEBUFFER is not set
 # CONFIG_AMD_IOMMU is not set
 # CONFIG_INTEL_IOMMU is not set
 # CONFIG_DEBUG is not set
 # CONFIG_GDBSX is not set
-# CONFIG_PM_OP is not set
-# CONFIG_PM_STATS is not set
+# CONFIG_SYSCTL is not set
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 65f07289dd..64865112a1 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -616,7 +616,11 @@ menu "Supported hypercall interfaces"
 	visible if EXPERT
 
 config SYSCTL
-	def_bool y
+	bool "Enable sysctl hypercall"
+	default y
+	help
+	  This option shall only be disabled on some dom0less systems, or
+	  PV shim on x86, to reduce Xen footprint.
 
 endmenu
 
diff --git a/xen/common/Makefile b/xen/common/Makefile
index 98f0873056..15ab048244 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -49,6 +49,7 @@ obj-y += spinlock.o
 obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o
 obj-y += stop_machine.o
 obj-y += symbols.o
+obj-$(CONFIG_SYSCTL) += sysctl.o
 obj-y += tasklet.o
 obj-y += time.o
 obj-y += timer.o
@@ -70,7 +71,6 @@ obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o memory.o multicall.o xlat.o
 ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
 obj-y += domctl.o
 obj-$(CONFIG_VM_EVENT) += monitor.o
-obj-y += sysctl.o
 endif
 
 extra-y := symbols-dummy.o
diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c
index 7720a29ade..c1081d87a2 100644
--- a/xen/include/hypercall-defs.c
+++ b/xen/include/hypercall-defs.c
@@ -194,8 +194,10 @@ kexec_op(unsigned long op, void *uarg)
 #ifdef CONFIG_IOREQ_SERVER
 dm_op(domid_t domid, unsigned int nr_bufs, xen_dm_op_buf_t *bufs)
 #endif
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_SYSCTL
 sysctl(xen_sysctl_t *u_sysctl)
+#endif
+#ifndef CONFIG_PV_SHIM_EXCLUSIVE
 domctl(xen_domctl_t *u_domctl)
 paging_domctl_cont(xen_domctl_t *u_domctl)
 platform_op(xen_platform_op_t *u_xenpf_op)
@@ -273,8 +275,10 @@ physdev_op                         compat   do       hvm      hvm      do_arm
 #ifdef CONFIG_HVM
 hvm_op                             do       do       do       do       do
 #endif
-#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+#ifdef CONFIG_SYSCTL
 sysctl                             do       do       do       do       do
+#endif
+#ifndef CONFIG_PV_SHIM_EXCLUSIVE
 domctl                             do       do       do       do       do
 #endif
 #ifdef CONFIG_KEXEC
-- 
2.34.1

On 11.07.2025 06:31, Penny Zheng wrote:
> --- a/xen/common/Makefile
> +++ b/xen/common/Makefile
> @@ -49,6 +49,7 @@ obj-y += spinlock.o
>  obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o
>  obj-y += stop_machine.o
>  obj-y += symbols.o
> +obj-$(CONFIG_SYSCTL) += sysctl.o
>  obj-y += tasklet.o
>  obj-y += time.o
>  obj-y += timer.o
> @@ -70,7 +71,6 @@ obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o memory.o multicall.o xlat.o
>  ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
>  obj-y += domctl.o
>  obj-$(CONFIG_VM_EVENT) += monitor.o
> -obj-y += sysctl.o
>  endif
>  
>  extra-y := symbols-dummy.o

CI demonstrates that this combination of changes is wrong. The job that failed
(debian-12-x86_64-gcc-ibt) is a randconfig one, and ended up picking both
SYSCTL=y and PV_SHIM_EXCLUSIVE=y. Which results in sysctl.c being built, but
domctl.c not being built. Which leaves getdomaininfo() undefined, causing
linking to fail. In case the next pipeline also ends up failing, I'll simply
revert that change. In case it succeeds, not reverting may be an option, as
long as a proper fix shows up pretty quickly.

Jan

[Public]

> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Thursday, July 17, 2025 4:55 PM
> To: Penny, Zheng <penny.zheng@amd.com>; Stabellini, Stefano
> <stefano.stabellini@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
> <sstabellini@kernel.org>; Andrew Cooper <andrew.cooper3@citrix.com>; Roger
> Pau Monné <roger.pau@citrix.com>; Anthony PERARD
> <anthony.perard@vates.tech>; Orzel, Michal <Michal.Orzel@amd.com>; Julien
> Grall <julien@xen.org>; Sergiy Kibrik <Sergiy_Kibrik@epam.com>; xen-
> devel@lists.xenproject.org
> Subject: Re: [PATCH v8 7/7] xen/sysctl: wrap around sysctl hypercall
>
> On 11.07.2025 06:31, Penny Zheng wrote:
> > --- a/xen/common/Makefile
> > +++ b/xen/common/Makefile
> > @@ -49,6 +49,7 @@ obj-y += spinlock.o
> >  obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o  obj-y +=
> > stop_machine.o  obj-y += symbols.o
> > +obj-$(CONFIG_SYSCTL) += sysctl.o
> >  obj-y += tasklet.o
> >  obj-y += time.o
> >  obj-y += timer.o
> > @@ -70,7 +71,6 @@ obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o
> > memory.o multicall.o xlat.o  ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
> > obj-y += domctl.o
> >  obj-$(CONFIG_VM_EVENT) += monitor.o
> > -obj-y += sysctl.o
> >  endif
> >
> >  extra-y := symbols-dummy.o
>
> CI demonstrates that this combination of changes is wrong. The job that failed
> (debian-12-x86_64-gcc-ibt) is a randconfig one, and ended up picking both
> SYSCTL=y and PV_SHIM_EXCLUSIVE=y. Which results in sysctl.c being built,
> but domctl.c not being built. Which leaves getdomaininfo() undefined, causing
> linking to fail. In case the next pipeline also ends up failing, I'll simply revert that
> change. In case it succeeds, not reverting may be an option, as long as a proper fix
> shows up pretty quickly.
>

I've push commit of " xen: move getdomaininfo() to domain.c " to try to fix the error.

> Jan

On 22.07.2025 07:05, Penny, Zheng wrote:
> [Public]
> 
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Thursday, July 17, 2025 4:55 PM
>> To: Penny, Zheng <penny.zheng@amd.com>; Stabellini, Stefano
>> <stefano.stabellini@amd.com>
>> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
>> <sstabellini@kernel.org>; Andrew Cooper <andrew.cooper3@citrix.com>; Roger
>> Pau Monné <roger.pau@citrix.com>; Anthony PERARD
>> <anthony.perard@vates.tech>; Orzel, Michal <Michal.Orzel@amd.com>; Julien
>> Grall <julien@xen.org>; Sergiy Kibrik <Sergiy_Kibrik@epam.com>; xen-
>> devel@lists.xenproject.org
>> Subject: Re: [PATCH v8 7/7] xen/sysctl: wrap around sysctl hypercall
>>
>> On 11.07.2025 06:31, Penny Zheng wrote:
>>> --- a/xen/common/Makefile
>>> +++ b/xen/common/Makefile
>>> @@ -49,6 +49,7 @@ obj-y += spinlock.o
>>>  obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o  obj-y +=
>>> stop_machine.o  obj-y += symbols.o
>>> +obj-$(CONFIG_SYSCTL) += sysctl.o
>>>  obj-y += tasklet.o
>>>  obj-y += time.o
>>>  obj-y += timer.o
>>> @@ -70,7 +71,6 @@ obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o
>>> memory.o multicall.o xlat.o  ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
>>> obj-y += domctl.o
>>>  obj-$(CONFIG_VM_EVENT) += monitor.o
>>> -obj-y += sysctl.o
>>>  endif
>>>
>>>  extra-y := symbols-dummy.o
>>
>> CI demonstrates that this combination of changes is wrong. The job that failed
>> (debian-12-x86_64-gcc-ibt) is a randconfig one, and ended up picking both
>> SYSCTL=y and PV_SHIM_EXCLUSIVE=y. Which results in sysctl.c being built,
>> but domctl.c not being built. Which leaves getdomaininfo() undefined, causing
>> linking to fail. In case the next pipeline also ends up failing, I'll simply revert that
>> change. In case it succeeds, not reverting may be an option, as long as a proper fix
>> shows up pretty quickly.
> 
> I've push commit of " xen: move getdomaininfo() to domain.c " to try to fix the error.

And you're reasonably certain that's the only issue? I ask because it is the
nature of randconfig to pick random combinations of settings; on a later
pipeline I had seen a different failure. I didn't look at that in detail (it
may have had to do with the domctl lock or something vaguely similar),
which perhaps was a mistake.

Jan

[Public]

> -----Original Message-----
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Tuesday, July 22, 2025 1:33 PM
> To: Penny, Zheng <penny.zheng@amd.com>
> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
> <sstabellini@kernel.org>; Andrew Cooper <andrew.cooper3@citrix.com>; Roger
> Pau Monné <roger.pau@citrix.com>; Anthony PERARD
> <anthony.perard@vates.tech>; Orzel, Michal <Michal.Orzel@amd.com>; Julien
> Grall <julien@xen.org>; Sergiy Kibrik <Sergiy_Kibrik@epam.com>; xen-
> devel@lists.xenproject.org; Stabellini, Stefano <stefano.stabellini@amd.com>
> Subject: Re: [PATCH v8 7/7] xen/sysctl: wrap around sysctl hypercall
>
> On 22.07.2025 07:05, Penny, Zheng wrote:
> > [Public]
> >
> >> -----Original Message-----
> >> From: Jan Beulich <jbeulich@suse.com>
> >> Sent: Thursday, July 17, 2025 4:55 PM
> >> To: Penny, Zheng <penny.zheng@amd.com>; Stabellini, Stefano
> >> <stefano.stabellini@amd.com>
> >> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
> >> <sstabellini@kernel.org>; Andrew Cooper <andrew.cooper3@citrix.com>;
> >> Roger Pau Monné <roger.pau@citrix.com>; Anthony PERARD
> >> <anthony.perard@vates.tech>; Orzel, Michal <Michal.Orzel@amd.com>;
> >> Julien Grall <julien@xen.org>; Sergiy Kibrik
> >> <Sergiy_Kibrik@epam.com>; xen- devel@lists.xenproject.org
> >> Subject: Re: [PATCH v8 7/7] xen/sysctl: wrap around sysctl hypercall
> >>
> >> On 11.07.2025 06:31, Penny Zheng wrote:
> >>> --- a/xen/common/Makefile
> >>> +++ b/xen/common/Makefile
> >>> @@ -49,6 +49,7 @@ obj-y += spinlock.o
> >>>  obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o  obj-y +=
> >>> stop_machine.o  obj-y += symbols.o
> >>> +obj-$(CONFIG_SYSCTL) += sysctl.o
> >>>  obj-y += tasklet.o
> >>>  obj-y += time.o
> >>>  obj-y += timer.o
> >>> @@ -70,7 +71,6 @@ obj-$(CONFIG_COMPAT) += $(addprefix
> >>> compat/,domain.o memory.o multicall.o xlat.o  ifneq
> >>> ($(CONFIG_PV_SHIM_EXCLUSIVE),y) obj-y += domctl.o
> >>>  obj-$(CONFIG_VM_EVENT) += monitor.o -obj-y += sysctl.o  endif
> >>>
> >>>  extra-y := symbols-dummy.o
> >>
> >> CI demonstrates that this combination of changes is wrong. The job
> >> that failed
> >> (debian-12-x86_64-gcc-ibt) is a randconfig one, and ended up picking
> >> both SYSCTL=y and PV_SHIM_EXCLUSIVE=y. Which results in sysctl.c
> >> being built, but domctl.c not being built. Which leaves
> >> getdomaininfo() undefined, causing linking to fail. In case the next
> >> pipeline also ends up failing, I'll simply revert that change. In
> >> case it succeeds, not reverting may be an option, as long as a proper fix shows
> up pretty quickly.
> >
> > I've push commit of " xen: move getdomaininfo() to domain.c " to try to fix the
> error.
>
> And you're reasonably certain that's the only issue? I ask because it is the nature of
> randconfig to pick random combinations of settings; on a later pipeline I had seen a
> different failure. I didn't look at that in detail (it may have had to do with the domctl
> lock or something vaguely similar), which perhaps was a mistake.
>

I turned on HVM, HYPERV_GUEST, and VGA when PV_SHIM_EXCLUSIVE is on to track down more linking issues
All undefined link failure is due to removing PV_SHIM_EXCLUSIVE dependency for CONFIG_HVM, like monitor_traps, domctl_lock_acquire/domctl_lock_release, etc
I suggest to move domctl_lock_acquire/domctl_lock_release out of domctl.c too, and also "obj-$(CONFIG_VM_EVENT) += monitor.o" out of PV_SHIM_EXCLUSIVE guard
And above change, fwit, is to fix commit of " xen/x86: remove "depends on !PV_SHIM_EXCLUSIVE"  "

> Jan

On 22.07.2025 08:59, Penny, Zheng wrote:
> [Public]
> 
>> -----Original Message-----
>> From: Jan Beulich <jbeulich@suse.com>
>> Sent: Tuesday, July 22, 2025 1:33 PM
>> To: Penny, Zheng <penny.zheng@amd.com>
>> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
>> <sstabellini@kernel.org>; Andrew Cooper <andrew.cooper3@citrix.com>; Roger
>> Pau Monné <roger.pau@citrix.com>; Anthony PERARD
>> <anthony.perard@vates.tech>; Orzel, Michal <Michal.Orzel@amd.com>; Julien
>> Grall <julien@xen.org>; Sergiy Kibrik <Sergiy_Kibrik@epam.com>; xen-
>> devel@lists.xenproject.org; Stabellini, Stefano <stefano.stabellini@amd.com>
>> Subject: Re: [PATCH v8 7/7] xen/sysctl: wrap around sysctl hypercall
>>
>> On 22.07.2025 07:05, Penny, Zheng wrote:
>>> [Public]
>>>
>>>> -----Original Message-----
>>>> From: Jan Beulich <jbeulich@suse.com>
>>>> Sent: Thursday, July 17, 2025 4:55 PM
>>>> To: Penny, Zheng <penny.zheng@amd.com>; Stabellini, Stefano
>>>> <stefano.stabellini@amd.com>
>>>> Cc: Huang, Ray <Ray.Huang@amd.com>; Stefano Stabellini
>>>> <sstabellini@kernel.org>; Andrew Cooper <andrew.cooper3@citrix.com>;
>>>> Roger Pau Monné <roger.pau@citrix.com>; Anthony PERARD
>>>> <anthony.perard@vates.tech>; Orzel, Michal <Michal.Orzel@amd.com>;
>>>> Julien Grall <julien@xen.org>; Sergiy Kibrik
>>>> <Sergiy_Kibrik@epam.com>; xen- devel@lists.xenproject.org
>>>> Subject: Re: [PATCH v8 7/7] xen/sysctl: wrap around sysctl hypercall
>>>>
>>>> On 11.07.2025 06:31, Penny Zheng wrote:
>>>>> --- a/xen/common/Makefile
>>>>> +++ b/xen/common/Makefile
>>>>> @@ -49,6 +49,7 @@ obj-y += spinlock.o
>>>>>  obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o  obj-y +=
>>>>> stop_machine.o  obj-y += symbols.o
>>>>> +obj-$(CONFIG_SYSCTL) += sysctl.o
>>>>>  obj-y += tasklet.o
>>>>>  obj-y += time.o
>>>>>  obj-y += timer.o
>>>>> @@ -70,7 +71,6 @@ obj-$(CONFIG_COMPAT) += $(addprefix
>>>>> compat/,domain.o memory.o multicall.o xlat.o  ifneq
>>>>> ($(CONFIG_PV_SHIM_EXCLUSIVE),y) obj-y += domctl.o
>>>>>  obj-$(CONFIG_VM_EVENT) += monitor.o -obj-y += sysctl.o  endif
>>>>>
>>>>>  extra-y := symbols-dummy.o
>>>>
>>>> CI demonstrates that this combination of changes is wrong. The job
>>>> that failed
>>>> (debian-12-x86_64-gcc-ibt) is a randconfig one, and ended up picking
>>>> both SYSCTL=y and PV_SHIM_EXCLUSIVE=y. Which results in sysctl.c
>>>> being built, but domctl.c not being built. Which leaves
>>>> getdomaininfo() undefined, causing linking to fail. In case the next
>>>> pipeline also ends up failing, I'll simply revert that change. In
>>>> case it succeeds, not reverting may be an option, as long as a proper fix shows
>> up pretty quickly.
>>>
>>> I've push commit of " xen: move getdomaininfo() to domain.c " to try to fix the
>> error.
>>
>> And you're reasonably certain that's the only issue? I ask because it is the nature of
>> randconfig to pick random combinations of settings; on a later pipeline I had seen a
>> different failure. I didn't look at that in detail (it may have had to do with the domctl
>> lock or something vaguely similar), which perhaps was a mistake.
> 
> I turned on HVM, HYPERV_GUEST, and VGA when PV_SHIM_EXCLUSIVE is on to track down more linking issues
> All undefined link failure is due to removing PV_SHIM_EXCLUSIVE dependency for CONFIG_HVM, like monitor_traps, domctl_lock_acquire/domctl_lock_release, etc
> I suggest to move domctl_lock_acquire/domctl_lock_release out of domctl.c too, and also "obj-$(CONFIG_VM_EVENT) += monitor.o" out of PV_SHIM_EXCLUSIVE guard

I'm not convinced of that approach; I'm curious what others think. One alternative
would appear to be to have SYSCTL depend on DOMCTL (the latter yet to be introduced).
As it stands, my vote would go towards reverting the final one or two patches. It's
not entirely clear to me though why you say ...

> And above change, fwit, is to fix commit of " xen/x86: remove "depends on !PV_SHIM_EXCLUSIVE"  "

... this. My understanding is that the issue became manifest with "xen/sysctl: wrap
around sysctl hypercall", i.e. reverting just that one would suffice at least for
the getdomaininfo() issue. Yet then "above" is ambiguous here, and hence may mean
the domctl lock issue. Which then would indeed suggest we need to revert both.

Jan

On 11.07.2025 06:31, Penny Zheng wrote:
> From: Stefano Stabellini <sstabellini@kernel.org>
> 
> Wrap sysctl hypercall def and sysctl.o with CONFIG_SYSCTL, and since
> PV_SHIM_EXCLUSIVE needs sorting in the future, we move them out of
> PV_SHIM_EXCLUSIVE condition at the same time.
> 
> We need to make SYSCTL with prompt back, add help info and set default
> value as y. We shall at least provide "# CONFIG_SYSCTL is not set" in preset
> configs for PV shim on x86. With that, all dependent option get covered and
> could be deleted.
> 
> Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>
> Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
> Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>

Reviewed-by: Jan Beulich <jbeulich@suse.com>