[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v6 12/16] xen: implement new foreign copy hypercall

  • To: Frediano Ziglio <freddy77@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 23 Jun 2026 16:37:44 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1782247068; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=CMo1oSi6NuHwGlocOQBApwjiUoe5SibobKM/BdfaoDE=; b=W1IOAf9ui+ZlAntP70VW/HpA8Hl+qoqDdjS60bopTmi9ks5Og3sWPbfvprWRW/FuW74dBiuXod4ma7wsoL1yrRDjR/1MuXdNm60eGcghAgDXztHWemQSXMeih3V5dLftaKfiSjKdc4AJXikTff8lxpZfz9HO+XUAjgK6NnuFfiw=
  • Arc-seal: i=1; a=rsa-sha256; t=1782247068; cv=none; d=zohomail.com; s=zohoarc; b=dHHqT/IPAjn6lt5RtvbjKROEn7Vorx/SiL3ENvDLtUJQkFtsWLnK87l9tk/n81Ne4QYf3Hv9Q8JO1fGdJ+V4POfrum/4NTXNx+oGHlymPzFJ/e/yiZcz4xzz3bNrL01/qAQlGUyRvFpTNwZjSIU7hTmOdKhMD4R/NEdTL9llZ48=
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=zoho header.d=apertussolutions.com header.i="dpsmith@xxxxxxxxxxxxxxxxxxxx" header.h="Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding"
  • Cc: Frediano Ziglio <frediano.ziglio@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
  • Delivery-date: Tue, 23 Jun 2026 20:38:16 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 6/19/26 9:04 AM, Frediano Ziglio wrote:

Add a sub hypercall to __HYPERVISOR_memory_op to allow to read/write
memory from/to a foreign domain.

Extending MMUEXT_COPY_PAGE seems better on first sight but considering
that MMUEXT is meant for PV only and trying to change that sub-op this
solution is better.

Signed-off-by: Frediano Ziglio <frediano.ziglio@xxxxxxxxxx>
--
Changes since v4:
- Fix typo in comment.

Changes since v5:
- update xen_foreigncopy structure comments;
- move check for no frames after checking the domain;
- use mnemonic instead of 1U;
- fix page type checks;
- do not overwrite error copying back structure;
- latch MFN value;
- improved commit message.
---
  xen/common/memory.c         | 145 ++++++++++++++++++++++++++++++++++++
  xen/include/public/memory.h |  44 ++++++++++-
  2 files changed, 188 insertions(+), 1 deletion(-)

diff --git a/xen/common/memory.c b/xen/common/memory.c
index 3672bda025..98726766bf 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -1545,6 +1545,139 @@ static int acquire_resource(
      return rc;
  }
+/* 
+ * The "noinline" qualifier avoids the compiler to create a large function
+ * consuming quite a lot of stack.
+ */
+static int noinline mem_foreigncopy(
+    XEN_GUEST_HANDLE_PARAM(xen_foreigncopy_t) arg)
+{
+    struct domain *d, *const currd = current->domain;
+    xen_foreigncopy_t copy;
+    int rc, direction;
+
+    if ( copy_from_guest(&copy, arg, 1) )
+        return -EFAULT;
+
+    if ( copy.flags & ~XENMEM_foreigncopy_direction )
+        return -EINVAL;
+
+    direction = copy.flags & XENMEM_foreigncopy_direction;
+
+    rc = rcu_lock_remote_domain_by_id(copy.domid, &d);
+    if ( rc )
+        return rc;
+
+    if ( copy.nr_frames == 0 )
+    {
+        rcu_unlock_domain(d);
+        return 0;
+    }
+
+    /*
+     * Check we are allowed to map and access these foreign pages.
+     */
+    rc = xsm_map_gmfn_foreign(XSM_TARGET, currd, d);
While on the result is the same, this is a different action. I didn't immediately answer because I am split on what the new hook should be. In particular if it should be only one like map_gmfn, if it should instead also take a direction (in/out), of should we have two hooks (xxx_read, xxx_write). Myself, I am leaning toward the last option but I am open to hearing other's opinions. If you need any assistance with writing the hooks, feel free to reach out. 

v/r,
dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.