1. Patchew
  2. Xen
  3. View series

[PATCH] x86/hvm: short-circuit HVM shadow guest creation earlier

Roger Pau Monne posted 1 patch 6 hours ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20260209144049.86535-1-roger.pau@citrix.com
xen/arch/x86/domain.c | 6 ++++++
1 file changed, 6 insertions(+)
[PATCH] x86/hvm: short-circuit HVM shadow guest creation earlier
Posted by Roger Pau Monne 6 hours ago 
If shadow paging has been compiled out short circuit the creation of HVM
guests that attempt to use shadow paging at arch_sanitise_domain_config().
There's no need to further build the domain when creation is doomed to fail
later on.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
 xen/arch/x86/domain.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 8b2f33f1a06c..8eb1509782ef 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -627,6 +627,12 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
         return -EINVAL;
     }
 
+    if ( hvm && !hap && !IS_ENABLED(CONFIG_SHADOW_PAGING) )
+    {
+        dprintk(XENLOG_INFO, "Shadow paging requested but not available\n");
+        return -EINVAL;
+    }
+
     if ( !hvm )
         /*
          * It is only meaningful for XEN_DOMCTL_CDF_oos_off to be clear
-- 
2.51.0
Re: [PATCH] x86/hvm: short-circuit HVM shadow guest creation earlier
Posted by Alejandro Vallejo 5 hours ago 
On Mon Feb 9, 2026 at 3:40 PM CET, Roger Pau Monne wrote:
> If shadow paging has been compiled out short circuit the creation of HVM
> guests that attempt to use shadow paging at arch_sanitise_domain_config().
> There's no need to further build the domain when creation is doomed to fail
> later on.
>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> ---
>  xen/arch/x86/domain.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
> index 8b2f33f1a06c..8eb1509782ef 100644
> --- a/xen/arch/x86/domain.c
> +++ b/xen/arch/x86/domain.c
> @@ -627,6 +627,12 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
>          return -EINVAL;
>      }
>  
> +    if ( hvm && !hap && !IS_ENABLED(CONFIG_SHADOW_PAGING) )
> +    {
> +        dprintk(XENLOG_INFO, "Shadow paging requested but not available\n");

nit: s/requested/required/, maybe?

Also, with this in place can't we get rid of the panic in create_dom0() that
checks an identical condition?

Cheers,
Alejandro
Re: [PATCH] x86/hvm: short-circuit HVM shadow guest creation earlier
Posted by Roger Pau Monné 5 hours ago 
On Mon, Feb 09, 2026 at 05:02:26PM +0100, Alejandro Vallejo wrote:
> On Mon Feb 9, 2026 at 3:40 PM CET, Roger Pau Monne wrote:
> > If shadow paging has been compiled out short circuit the creation of HVM
> > guests that attempt to use shadow paging at arch_sanitise_domain_config().
> > There's no need to further build the domain when creation is doomed to fail
> > later on.
> >
> > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> > ---
> >  xen/arch/x86/domain.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> >
> > diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
> > index 8b2f33f1a06c..8eb1509782ef 100644
> > --- a/xen/arch/x86/domain.c
> > +++ b/xen/arch/x86/domain.c
> > @@ -627,6 +627,12 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
> >          return -EINVAL;
> >      }
> >  
> > +    if ( hvm && !hap && !IS_ENABLED(CONFIG_SHADOW_PAGING) )
> > +    {
> > +        dprintk(XENLOG_INFO, "Shadow paging requested but not available\n");
> 
> nit: s/requested/required/, maybe?

The wording matches the rest of the messages in
arch_sanitise_domain_config().  I'm not saying that makes it correct,
but if we word this differently we should also change the others
IMO.

> Also, with this in place can't we get rid of the panic in create_dom0() that
> checks an identical condition?

Hm, I would possibly leave that one, as I think it's clearer for the
dom0 case.  Otherwise someone using a build without HAP or shadow and
attempting to boot in PVH mode will get a message saying: "Shadow
paging requested but not available", which is IMO less clear than
getting a "Neither HAP nor Shadow available for PVH domain" error
message.

Just my thinking, both checks achieve the same result, but the error
message in the create_dom0() instance is more helpful in the context
of dom0 creation.

Thanks, Roger.
Re: [PATCH] x86/hvm: short-circuit HVM shadow guest creation earlier
Posted by Alejandro Vallejo 4 hours ago 
On Mon Feb 9, 2026 at 5:11 PM CET, Roger Pau Monné wrote:
> On Mon, Feb 09, 2026 at 05:02:26PM +0100, Alejandro Vallejo wrote:
>> On Mon Feb 9, 2026 at 3:40 PM CET, Roger Pau Monne wrote:
>> > If shadow paging has been compiled out short circuit the creation of HVM
>> > guests that attempt to use shadow paging at arch_sanitise_domain_config().
>> > There's no need to further build the domain when creation is doomed to fail
>> > later on.
>> >
>> > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>> > ---
>> >  xen/arch/x86/domain.c | 6 ++++++
>> >  1 file changed, 6 insertions(+)
>> >
>> > diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
>> > index 8b2f33f1a06c..8eb1509782ef 100644
>> > --- a/xen/arch/x86/domain.c
>> > +++ b/xen/arch/x86/domain.c
>> > @@ -627,6 +627,12 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
>> >          return -EINVAL;
>> >      }
>> >  
>> > +    if ( hvm && !hap && !IS_ENABLED(CONFIG_SHADOW_PAGING) )
>> > +    {
>> > +        dprintk(XENLOG_INFO, "Shadow paging requested but not available\n");
>> 
>> nit: s/requested/required/, maybe?
>
> The wording matches the rest of the messages in
> arch_sanitise_domain_config().  I'm not saying that makes it correct,
> but if we word this differently we should also change the others
> IMO.

My point is rather that HAP, or relaxed MSRs, or other settings are actively
requested via createdomain flags. Shadow is instead the consequence of not
setting HAP. You don't request shadow, you either requested something else or
you hit the error.

It's not terrible wording, just imprecise.

>> Also, with this in place can't we get rid of the panic in create_dom0() that
>> checks an identical condition?
>
> Hm, I would possibly leave that one, as I think it's clearer for the
> dom0 case.  Otherwise someone using a build without HAP or shadow and
> attempting to boot in PVH mode will get a message saying: "Shadow
> paging requested but not available", which is IMO less clear than
> getting a "Neither HAP nor Shadow available for PVH domain" error
> message.
>
> Just my thinking, both checks achieve the same result, but the error
> message in the create_dom0() instance is more helpful in the context
> of dom0 creation.

Fair enough. It doesn't matter much anyway. With or without the adjusted printk.

  Reviewed-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>

Cheers,
Alejandro
Re: [PATCH] x86/hvm: short-circuit HVM shadow guest creation earlier
Posted by Jan Beulich 4 hours ago 
On 09.02.2026 17:11, Roger Pau Monné wrote:
> On Mon, Feb 09, 2026 at 05:02:26PM +0100, Alejandro Vallejo wrote:
>> On Mon Feb 9, 2026 at 3:40 PM CET, Roger Pau Monne wrote:
>>> If shadow paging has been compiled out short circuit the creation of HVM
>>> guests that attempt to use shadow paging at arch_sanitise_domain_config().
>>> There's no need to further build the domain when creation is doomed to fail
>>> later on.
>>>
>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>>> ---
>>>  xen/arch/x86/domain.c | 6 ++++++
>>>  1 file changed, 6 insertions(+)
>>>
>>> diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
>>> index 8b2f33f1a06c..8eb1509782ef 100644
>>> --- a/xen/arch/x86/domain.c
>>> +++ b/xen/arch/x86/domain.c
>>> @@ -627,6 +627,12 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config)
>>>          return -EINVAL;
>>>      }
>>>  
>>> +    if ( hvm && !hap && !IS_ENABLED(CONFIG_SHADOW_PAGING) )
>>> +    {
>>> +        dprintk(XENLOG_INFO, "Shadow paging requested but not available\n");
>>
>> nit: s/requested/required/, maybe?
> 
> The wording matches the rest of the messages in
> arch_sanitise_domain_config().  I'm not saying that makes it correct,
> but if we word this differently we should also change the others
> IMO.

+1

>> Also, with this in place can't we get rid of the panic in create_dom0() that
>> checks an identical condition?
> 
> Hm, I would possibly leave that one, as I think it's clearer for the
> dom0 case.  Otherwise someone using a build without HAP or shadow and
> attempting to boot in PVH mode will get a message saying: "Shadow
> paging requested but not available", which is IMO less clear than
> getting a "Neither HAP nor Shadow available for PVH domain" error
> message.
> 
> Just my thinking, both checks achieve the same result, but the error
> message in the create_dom0() instance is more helpful in the context
> of dom0 creation.

+1

Jan
Re: [PATCH] x86/hvm: short-circuit HVM shadow guest creation earlier
Posted by Jan Beulich 6 hours ago 
On 09.02.2026 15:40, Roger Pau Monne wrote:
> If shadow paging has been compiled out short circuit the creation of HVM
> guests that attempt to use shadow paging at arch_sanitise_domain_config().
> There's no need to further build the domain when creation is doomed to fail
> later on.
> 
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>

Acked-by: Jan Beulich <jbeulich@suse.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.