Fix a few randconfig build breakages that started appearing after the
SYSCTL patch series.
First, reintroduce depends on !PV_SHIM_EXCLUSIVE for HVM, as it was
before 568f806cba4c.
Also, add depends on !PV_SHIM_EXCLUSIVE for SYSCTL, that way the
behavior goes back to what it was before 34317c508294.
These two changes are individual reverts, going back to the behavior
before SYSCTL was introduced.
Finally, change SHADOW_PAGING so that it depends on !PV_SHIM_EXCLUSIVE.
That is because xen/arch/x86/mm/paging.c:paging_domctl has a dependency
on domctl.c and domctl.c is disabled by PV_SHIM_EXCLUSIVE.
Alternatively, we could add #ifndef CONFIG_PV_SHIM_EXCLUSIVE around
paging_domctl.
Fixes: 568f806cba4c ("xen/x86: remove "depends on !PV_SHIM_EXCLUSIVE"")
Fixes: 34317c508294 ("xen/sysctl: wrap around sysctl hypercall")
Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>
CC: jbeulich@suse.com
CC: andrew.cooper3@citrix.com
CC: roger.pau@citrix.com
CC: Penny.Zheng@amd.com
---
The new domctl series resolves the !PV_SHIM_EXCLUSIVE dependencies in a
clean and comprehensive way. As an example, the paging_domctl issue is
resolved by patch #3 and #5.
---
xen/arch/x86/Kconfig | 3 +--
xen/arch/x86/hvm/Kconfig | 1 +
xen/common/Kconfig | 1 +
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 3f0f3a0f3a..c2689a3f1c 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -144,8 +144,7 @@ config XEN_IBT
config SHADOW_PAGING
bool "Shadow Paging"
- default !PV_SHIM_EXCLUSIVE
- depends on PV || HVM
+ depends on (PV || HVM) && !PV_SHIM_EXCLUSIVE
help
Shadow paging is a software alternative to hardware paging support
diff --git a/xen/arch/x86/hvm/Kconfig b/xen/arch/x86/hvm/Kconfig
index 5cb9f29042..f10a2b3744 100644
--- a/xen/arch/x86/hvm/Kconfig
+++ b/xen/arch/x86/hvm/Kconfig
@@ -1,5 +1,6 @@
menuconfig HVM
bool "HVM support"
+ depends on !PV_SHIM_EXCLUSIVE
default !PV_SHIM
select COMPAT
select IOREQ_SERVER
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 76f9ce705f..53f681bbb2 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -653,6 +653,7 @@ menu "Supported hypercall interfaces"
config SYSCTL
bool "Enable sysctl hypercall"
+ depends on !PV_SHIM_EXCLUSIVE
default y
help
This option shall only be disabled on some dom0less systems, or
--
2.25.1On 22.10.2025 06:39, Stefano Stabellini wrote: > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -144,8 +144,7 @@ config XEN_IBT > > config SHADOW_PAGING > bool "Shadow Paging" > - default !PV_SHIM_EXCLUSIVE > - depends on PV || HVM > + depends on (PV || HVM) && !PV_SHIM_EXCLUSIVE > help On top of what Andrew said, I fear this is an issue I introduced. I just sent a fix for it. Clearly with the pre-existing issues related to domctl_lock_*() I failed to realize that some of the randconfig failures were due to a change of mine rather than Penny's. > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -653,6 +653,7 @@ menu "Supported hypercall interfaces" > > config SYSCTL > bool "Enable sysctl hypercall" > + depends on !PV_SHIM_EXCLUSIVE > default y > help > This option shall only be disabled on some dom0less systems, or Didn't we say we'd drop the prompt? That would more cleanly be "going back to what it was before 34317c508294". Jan
On Wed, 22 Oct 2025, Jan Beulich wrote: > On 22.10.2025 06:39, Stefano Stabellini wrote: > > --- a/xen/arch/x86/Kconfig > > +++ b/xen/arch/x86/Kconfig > > @@ -144,8 +144,7 @@ config XEN_IBT > > > > config SHADOW_PAGING > > bool "Shadow Paging" > > - default !PV_SHIM_EXCLUSIVE > > - depends on PV || HVM > > + depends on (PV || HVM) && !PV_SHIM_EXCLUSIVE > > help > > On top of what Andrew said, I wasn't aware of it. I'll drop this change and... > I fear this is an issue I introduced. I just sent > a fix for it. Clearly with the pre-existing issues related to domctl_lock_*() > I failed to realize that some of the randconfig failures were due to a change > of mine rather than Penny's. ... and use your patch instead. > > --- a/xen/common/Kconfig > > +++ b/xen/common/Kconfig > > @@ -653,6 +653,7 @@ menu "Supported hypercall interfaces" > > > > config SYSCTL > > bool "Enable sysctl hypercall" > > + depends on !PV_SHIM_EXCLUSIVE > > default y > > help > > This option shall only be disabled on some dom0less systems, or > > Didn't we say we'd drop the prompt? That would more cleanly be "going back to > what it was before 34317c508294". I prefer this change as it looks simpler and less intrusive. I am OK with the alternative you suggested but I have tested this version. For our own convenience I'll resend the two patches that I tested together.
On 22/10/2025 5:39 am, Stefano Stabellini wrote: > diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig > index 3f0f3a0f3a..c2689a3f1c 100644 > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -144,8 +144,7 @@ config XEN_IBT > > config SHADOW_PAGING > bool "Shadow Paging" > - default !PV_SHIM_EXCLUSIVE > - depends on PV || HVM > + depends on (PV || HVM) && !PV_SHIM_EXCLUSIVE > help Committing this would need an XSA to revert it. As stated in the help text, shadow paging is needed for the PV-L1TF security mitigation. This includes PVShim. The default is wrong too. I ran out of energy trying to get it fixed. ~Andrew
© 2016 - 2025 Red Hat, Inc.