xen/arch/x86/hvm/Kconfig | 19 +++++++++++++++- xen/arch/x86/hvm/dm.c | 2 ++ xen/arch/x86/hvm/hvm.c | 22 +++++++++++++----- xen/arch/x86/hvm/hypercall.c | 37 +++++++++++++++++++++++-------- xen/arch/x86/hypercall.c | 6 +---- xen/arch/x86/include/asm/domain.h | 3 ++- xen/common/kernel.c | 2 +- xen/include/xen/sched.h | 9 ++++++++ 8 files changed, 78 insertions(+), 22 deletions(-)
From: Grygorii Strashko <grygorii_strashko@epam.com>
Hi
This series introduces possibility to disable 32-bit (COMPAT) interface support
in the following cases:
- Only PVH domains are used
- Guests (OS) are started by using direct Direct Kernel Boot
- Guests (OS) are 64-bit and Guest early boot code, which is running not
in 64-bit mode, does not access Xen interfaces
(hypercalls, shared_info, ..)
If above criterias are met the COMPAT HVM interface become unreachable and can be disabled.
Coverage reports analyze and adding guard (debug) exceptions in hvm_hypercall/hvm_do_multicall_call
and hvm_latch_shinfo_size() confirm that COMPAT HVM interface is unused for safety use-case.
Grygorii Strashko (5):
x86: hvm: dm: factor out compat code under ifdefs
x86: hvm: compat: introduce vcpu_is_hcall_compat() helper
x86: hvm: factor out compat code under ifdefs
x86: pvh: allow to disable 32-bit interface support
x86: constify has_32bit_shinfo() if !CONFIG_COMPAT
xen/arch/x86/hvm/Kconfig | 19 +++++++++++++++-
xen/arch/x86/hvm/dm.c | 2 ++
xen/arch/x86/hvm/hvm.c | 22 +++++++++++++-----
xen/arch/x86/hvm/hypercall.c | 37 +++++++++++++++++++++++--------
xen/arch/x86/hypercall.c | 6 +----
xen/arch/x86/include/asm/domain.h | 3 ++-
xen/common/kernel.c | 2 +-
xen/include/xen/sched.h | 9 ++++++++
8 files changed, 78 insertions(+), 22 deletions(-)
--
2.34.1
On 11.11.2025 18:54, Grygorii Strashko wrote: > This series introduces possibility to disable 32-bit (COMPAT) interface support > in the following cases: The use of plural here ... > - Only PVH domains are used > - Guests (OS) are started by using direct Direct Kernel Boot > - Guests (OS) are 64-bit and Guest early boot code, which is running not > in 64-bit mode, does not access Xen interfaces > (hypercalls, shared_info, ..) ... makes this an OR list, which I don't think would be correct. PVH domains, for example, can well be 32-bit ones, can't they? Otoh the latter two points look as if they really enumerate alternatives. Can you clarify please what is meant? Jan > If above criterias are met the COMPAT HVM interface become unreachable and can be disabled. > Coverage reports analyze and adding guard (debug) exceptions in hvm_hypercall/hvm_do_multicall_call > and hvm_latch_shinfo_size() confirm that COMPAT HVM interface is unused for safety use-case. > > Grygorii Strashko (5): > x86: hvm: dm: factor out compat code under ifdefs > x86: hvm: compat: introduce vcpu_is_hcall_compat() helper > x86: hvm: factor out compat code under ifdefs > x86: pvh: allow to disable 32-bit interface support > x86: constify has_32bit_shinfo() if !CONFIG_COMPAT > > xen/arch/x86/hvm/Kconfig | 19 +++++++++++++++- > xen/arch/x86/hvm/dm.c | 2 ++ > xen/arch/x86/hvm/hvm.c | 22 +++++++++++++----- > xen/arch/x86/hvm/hypercall.c | 37 +++++++++++++++++++++++-------- > xen/arch/x86/hypercall.c | 6 +---- > xen/arch/x86/include/asm/domain.h | 3 ++- > xen/common/kernel.c | 2 +- > xen/include/xen/sched.h | 9 ++++++++ > 8 files changed, 78 insertions(+), 22 deletions(-) >
On 12.11.25 08:50, Jan Beulich wrote: > On 11.11.2025 18:54, Grygorii Strashko wrote: >> This series introduces possibility to disable 32-bit (COMPAT) interface support >> in the following cases: > > The use of plural here ... should be "case" > >> - Only PVH domains are used >> - Guests (OS) are started by using direct Direct Kernel Boot >> - Guests (OS) are 64-bit and Guest early boot code, which is running not >> in 64-bit mode, does not access Xen interfaces >> (hypercalls, shared_info, ..) > > ... makes this an OR list, which I don't think would be correct. It is AND for all items. I think I worded it better in Patch 4 PVH domains, > for example, can well be 32-bit ones, can't they? Otoh the latter two points > look as if they really enumerate alternatives. Can you clarify please what is > meant? > > Jan > >> If above criterias are met the COMPAT HVM interface become unreachable and can be disabled. >> Coverage reports analyze and adding guard (debug) exceptions in hvm_hypercall/hvm_do_multicall_call >> and hvm_latch_shinfo_size() confirm that COMPAT HVM interface is unused for safety use-case. >> >> Grygorii Strashko (5): >> x86: hvm: dm: factor out compat code under ifdefs >> x86: hvm: compat: introduce vcpu_is_hcall_compat() helper >> x86: hvm: factor out compat code under ifdefs >> x86: pvh: allow to disable 32-bit interface support >> x86: constify has_32bit_shinfo() if !CONFIG_COMPAT >> >> xen/arch/x86/hvm/Kconfig | 19 +++++++++++++++- >> xen/arch/x86/hvm/dm.c | 2 ++ >> xen/arch/x86/hvm/hvm.c | 22 +++++++++++++----- >> xen/arch/x86/hvm/hypercall.c | 37 +++++++++++++++++++++++-------- >> xen/arch/x86/hypercall.c | 6 +---- >> xen/arch/x86/include/asm/domain.h | 3 ++- >> xen/common/kernel.c | 2 +- >> xen/include/xen/sched.h | 9 ++++++++ >> 8 files changed, 78 insertions(+), 22 deletions(-) >> > -- Best regards, -grygorii
Le 11/11/2025 à 18:55, Grygorii Strashko a écrit : > From: Grygorii Strashko <grygorii_strashko@epam.com> > > Hi > > This series introduces possibility to disable 32-bit (COMPAT) interface support > in the following cases: > - Only PVH domains are used I assume this one is mostly due to hvmloader being today running in protected mode 32-bits rather than a limitation "HVM" itself. I don't think of anything else preventing HVM (with 64-bits guests or 32-bits ones without Xen support) from working with COMPAT disabled. > - Guests (OS) are started by using direct Direct Kernel Boot > - Guests (OS) are 64-bit and Guest early boot code, which is running not > in 64-bit mode, does not access Xen interfaces > (hypercalls, shared_info, ..) > > If above criterias are met the COMPAT HVM interface become unreachable and can be disabled. > Coverage reports analyze and adding guard (debug) exceptions in hvm_hypercall/hvm_do_multicall_call > and hvm_latch_shinfo_size() confirm that COMPAT HVM interface is unused for safety use-case. > > Grygorii Strashko (5): > x86: hvm: dm: factor out compat code under ifdefs > x86: hvm: compat: introduce vcpu_is_hcall_compat() helper > x86: hvm: factor out compat code under ifdefs > x86: pvh: allow to disable 32-bit interface support > x86: constify has_32bit_shinfo() if !CONFIG_COMPAT > > xen/arch/x86/hvm/Kconfig | 19 +++++++++++++++- > xen/arch/x86/hvm/dm.c | 2 ++ > xen/arch/x86/hvm/hvm.c | 22 +++++++++++++----- > xen/arch/x86/hvm/hypercall.c | 37 +++++++++++++++++++++++-------- > xen/arch/x86/hypercall.c | 6 +---- > xen/arch/x86/include/asm/domain.h | 3 ++- > xen/common/kernel.c | 2 +- > xen/include/xen/sched.h | 9 ++++++++ > 8 files changed, 78 insertions(+), 22 deletions(-) > Teddy -- Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech
On Wed Nov 12, 2025 at 11:58 AM CET, Teddy Astie wrote: > Le 11/11/2025 à 18:55, Grygorii Strashko a écrit : >> From: Grygorii Strashko <grygorii_strashko@epam.com> >> >> Hi >> >> This series introduces possibility to disable 32-bit (COMPAT) interface support >> in the following cases: >> - Only PVH domains are used > > I assume this one is mostly due to hvmloader being today running in > protected mode 32-bits rather than a limitation "HVM" itself. I don't > think of anything else preventing HVM (with 64-bits guests or 32-bits > ones without Xen support) from working with COMPAT disabled. It is indeed because hvmloader makes hypercalls. Otherwise HVM would work too. Cheers, Alejandro
© 2016 - 2025 Red Hat, Inc.