[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN][PATCH 0/5] x86: pvh: allow to disable 32-bit (COMPAT) interface support
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
- Date: Wed, 12 Nov 2025 12:05:39 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=igzEDLR9CwnFw7DmypRVbWYrYEcaUJeATM/YMlhE3ow=; b=hoEXBSr9kT/w8b1h/HWt13Fbythg2OfecpJbgTeGwUZabJJTL9JAsyBf78Fx94OgoXkvkwZs/xjZfLS6q6nNlmNPg2e97ZUqH7AuFgQfTDN4KRpB9MMArHKy14UqRXMosNemC8KpRrQERcr7LpZTLYzZ5WgyeKzy/k5ZrqXbom+a21YGGANMQeyxPISYDsLa1ukUqnOkfCo5VuFvv2KDn2wuShEMpS5e+udFFjqC3B+MWWuBAzn0INfEITl4AH/yCXuaZqY8sU2EGi6bZ4vykgsLG1BFyKIUQCHp0KtREQ7S4RLQGHmzuvVpq7rHTc5D13uaIQFkrDpSDAxItKLNZQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dFFHE6Eht3YNJldF6d/WAFEpcagGrWMI5nn8kPEvR9FF+GeR6B8cTQ3aCmq3UgCH6og3osHzZA2ZN9OU7or9RGHNY2V0u9RPs6Zl3eH3k0QL9qNwCmIT9FQe9FJrbJPKA7dngob7AqYgWXMPMEAs/jdr1z82nPrZ7a2fQWAMeHs3q583OwsFkgjm5rCtqX8gwXBwaei/Mudoc7zUq8x5XIW2w+e9D0bwSU6Beks92RmvOzIUAHOxYDisoUEW/+IfH1RncOtJ0dxsGECLefl3C5nW8bpKhdpbFJlPWgtiVMhv3Z3EGhPeQ4Yw3wGpwu8mVXPA/X5N2d2vMs/Fl3XpCw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Wed, 12 Nov 2025 10:05:50 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12.11.25 08:50, Jan Beulich wrote:
On 11.11.2025 18:54, Grygorii Strashko wrote:
This series introduces possibility to disable 32-bit (COMPAT) interface support
in the following cases:
The use of plural here ...
should be "case"
- Only PVH domains are used
- Guests (OS) are started by using direct Direct Kernel Boot
- Guests (OS) are 64-bit and Guest early boot code, which is running not
in 64-bit mode, does not access Xen interfaces
(hypercalls, shared_info, ..)
... makes this an OR list, which I don't think would be correct.
It is AND for all items.
I think I worded it better in Patch 4
PVH domains,
for example, can well be 32-bit ones, can't they? Otoh the latter two points
look as if they really enumerate alternatives. Can you clarify please what is
meant?
Jan
If above criterias are met the COMPAT HVM interface become unreachable and can
be disabled.
Coverage reports analyze and adding guard (debug) exceptions in
hvm_hypercall/hvm_do_multicall_call
and hvm_latch_shinfo_size() confirm that COMPAT HVM interface is unused for
safety use-case.
Grygorii Strashko (5):
x86: hvm: dm: factor out compat code under ifdefs
x86: hvm: compat: introduce vcpu_is_hcall_compat() helper
x86: hvm: factor out compat code under ifdefs
x86: pvh: allow to disable 32-bit interface support
x86: constify has_32bit_shinfo() if !CONFIG_COMPAT
xen/arch/x86/hvm/Kconfig | 19 +++++++++++++++-
xen/arch/x86/hvm/dm.c | 2 ++
xen/arch/x86/hvm/hvm.c | 22 +++++++++++++-----
xen/arch/x86/hvm/hypercall.c | 37 +++++++++++++++++++++++--------
xen/arch/x86/hypercall.c | 6 +----
xen/arch/x86/include/asm/domain.h | 3 ++-
xen/common/kernel.c | 2 +-
xen/include/xen/sched.h | 9 ++++++++
8 files changed, 78 insertions(+), 22 deletions(-)
--
Best regards,
-grygorii
|
