1. Patchew
  2. Xen
  3. [PATCH v5 00/24] Disable domctl-op via CONFIG_MGMT_HYPERCALLS
  4. View patch

[PATCH v5 23/24] xen/domctl: wrap common/domctl.c with CONFIG_MGMT_HYPERCALLS

Penny Zheng posted 24 patches 2 days, 1 hour ago
[PATCH v5 23/24] xen/domctl: wrap common/domctl.c with CONFIG_MGMT_HYPERCALLS
Posted by Penny Zheng 2 days, 1 hour ago 
Wrap domctl hypercall def and domctl.o with CONFIG_MGMT_HYPERCALLS.
Make CONFIG_MGMT_HYPERCALLS optional and expand help message

Signed-off-by: Penny Zheng <Penny.Zheng@amd.com>
---
v1 -> v2:
- remove stub in common/domctl.c
- combine the original commit of "xen/domctl: provide stub for
 domctl_lock_{acquire,release}"
- adapt to changes of "unify DOMCTL to MGMT_HYPERCALLS"
---
v2 -> v3:
- add pitfall warnning in Kconfig help
---
v3 -> v4:
- refine help message
---
- change to "say Y" to keep consistent
- add back default y
---
 xen/common/Kconfig           | 16 ++++++++++++----
 xen/common/Makefile          |  2 +-
 xen/include/hypercall-defs.c |  6 ++++--
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 64023703ae..d59e108652 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -653,12 +653,20 @@ menu "Supported hypercall interfaces"
 	visible if EXPERT
 
 config MGMT_HYPERCALLS
-	def_bool y
+	bool "Enable privileged hypercalls for system management"
 	depends on !PV_SHIM_EXCLUSIVE
+	default y
 	help
-	  This option shall only be disabled on some dom0less systems, or
-	  PV shim on x86, to reduce Xen footprint via managing unnessary
-	  hypercalls, like sysctl, etc.
+	  Management hypercalls provide the means for dom0 to manage the
+	  overall Xen system and other domains, including sysctl, domctl, etc.
+	  In a dom0less or pv-shim build, they can be omitted to cut down
+	  on the Xen binary's size. However, this comes at the loss of
+	  significant runtime functionality.
+	  So be cautious to disable it, as admins will face missing a few basic
+	  hypercalls like listdomains, getdomaininfo, etc, hence leading to
+	  have an impact on device-passthrough and DM.
+
+	  Unless you know what you are doing, say Y.
 
 endmenu
 
diff --git a/xen/common/Makefile b/xen/common/Makefile
index 4353ea59a4..9f59f141a8 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -71,7 +71,7 @@ obj-bin-$(CONFIG_X86) += $(foreach n,decompress bunzip2 unxz unlzma lzo unlzo un
 obj-$(CONFIG_COMPAT) += $(addprefix compat/,domain.o memory.o multicall.o xlat.o)
 
 ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y)
-obj-y += domctl.o
+obj-$(CONFIG_MGMT_HYPERCALLS) += domctl.o
 endif
 
 obj-$(CONFIG_COVERAGE) += coverage/
diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c
index a08e80ed59..c9ee5de99e 100644
--- a/xen/include/hypercall-defs.c
+++ b/xen/include/hypercall-defs.c
@@ -199,9 +199,11 @@ sysctl(xen_sysctl_t *u_sysctl)
 #if defined(CONFIG_X86) && defined(CONFIG_PAGING) && !defined(CONFIG_PV_SHIM_EXCLUSIVE)
 paging_domctl_cont(xen_domctl_t *u_domctl)
 #endif
-#endif
 #ifndef CONFIG_PV_SHIM_EXCLUSIVE
 domctl(xen_domctl_t *u_domctl)
+#endif
+#endif
+#ifndef CONFIG_PV_SHIM_EXCLUSIVE
 platform_op(xen_platform_op_t *u_xenpf_op)
 #endif
 #ifdef CONFIG_HVM
@@ -282,10 +284,10 @@ sysctl                             do       do       do       do       do
 #if defined(CONFIG_X86) && defined(CONFIG_PAGING) && !defined(CONFIG_PV_SHIM_EXCLUSIVE)
 paging_domctl_cont                 do       do       do       do       -
 #endif
-#endif
 #ifndef CONFIG_PV_SHIM_EXCLUSIVE
 domctl                             do       do       do       do       do
 #endif
+#endif
 #ifdef CONFIG_KEXEC
 kexec_op                           compat   do       -        -        -
 #endif
-- 
2.34.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.