Xen project Mailing List

RE: [PATCH v3 28/28] xen/domctl: wrap common/domctl.c with CONFIG_MGMT_HYPERCALLS

To: "Andryuk, Jason" <Jason.Andryuk@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

From: "Penny, Zheng" <penny.zheng@xxxxxxx>

Date: Thu, 20 Nov 2025 04:09:55 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bFztgpEeeeIvO7rAoYPXmnwqaR9zXoVttoavI78r6Bs=; b=uc7tsrDxCH0GQrCBEg3WfixGSGbr0e2NPv81mjYJuvHOCcfU/YteraMvuMzcvspLsmKGVn4vSersTdAWwNvUh8iWEGQ4IvD2so+Dmk9sF5E/yTbKnOkMSg7x2Ed1keP6Vn5gFe8caeefdeAiQ0fHTgXFQg70CteKbsSkkxhn64FLmm8OyGI2eLP3Ci5XYCYrVv3Sz/8KVy5YCzRPuM26Baq6RNub9ioenX7psXyPadMCySIsDBjEKOzeG8C/1ZOAQNeuKmAoNRTFzqWEwNfA7ViZa8O7WSezv9/n1flTl8gP+oqE8W104RswUzuGu8IINlOIvFdAwLNjmIpEznpGhQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=X+eDAb8Yuz+sj1QbthWAc2qSFd5ogy8oMbuiBvHopl0edGjE1ntLHu/sQlK9Dt2ZLSizT+SHiUnDiVBUrQn0YB8fSYUFYgctOehdppVGlPDeap6WBwgW3eUlzmtWra5qJLNyqQ1RRw1RKJjrzhu2WltsUOYgfI9iz86tGUughjHtgDxv86oM3VMfObQqWzhcR9iZ/AxziTRTVuBT5iHcEBZmEAaSHPfqKN8lV4hrwkkrgOoZK0EU26WReCV37aOBWSF8l8ipv63XNLK7BjcC6dlwYy5jhyO1GvFbFznRXzZvfPMpepYS5ihNutfYuiG3goiqgLjaPmfT0NWv8jCFFw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;

Cc: "Huang, Ray" <Ray.Huang@xxxxxxx>, "oleksii.kurochko@xxxxxxxxx" <oleksii.kurochko@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, "Orzel, Michal" <Michal.Orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 20 Nov 2025 04:10:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Msip_labels: MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Enabled=True;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_SetDate=2025-11-20T04:09:49.0000000Z;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Name=Open Source;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_ContentBits=3;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Method=Privileged

Thread-index: AQHcPCqhC21cJdWa5E25eCgk7enLhrTazScAgB1wfK+AAAbwUIAAxogAgAIjbCA=

Thread-topic: [PATCH v3 28/28] xen/domctl: wrap common/domctl.c with CONFIG_MGMT_HYPERCALLS

[Public] > -----Original Message----- > From: Jason Andryuk <jason.andryuk@xxxxxxx> > Sent: Wednesday, November 19, 2025 3:30 AM > To: Penny, Zheng <penny.zheng@xxxxxxx>; Jan Beulich <jbeulich@xxxxxxxx> > Cc: Huang, Ray <Ray.Huang@xxxxxxx>; oleksii.kurochko@xxxxxxxxx; Andrew > Cooper <andrew.cooper3@xxxxxxxxxx>; Anthony PERARD > <anthony.perard@xxxxxxxxxx>; Orzel, Michal <Michal.Orzel@xxxxxxx>; Julien > Grall <julien@xxxxxxx>; Roger Pau Monné <roger.pau@xxxxxxxxxx>; Stefano > Stabellini <sstabellini@xxxxxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx > Subject: Re: [PATCH v3 28/28] xen/domctl: wrap common/domctl.c with > CONFIG_MGMT_HYPERCALLS > > On 2025-11-18 02:51, Penny, Zheng wrote: > > [Public] > > > >> -----Original Message----- > >> From: Jan Beulich <jbeulich@xxxxxxxx> > >> Sent: Tuesday, November 18, 2025 3:14 PM > >> To: Penny, Zheng <penny.zheng@xxxxxxx> > >> Cc: Huang, Ray <Ray.Huang@xxxxxxx>; oleksii.kurochko@xxxxxxxxx; > >> Andrew Cooper <andrew.cooper3@xxxxxxxxxx>; Anthony PERARD > >> <anthony.perard@xxxxxxxxxx>; Orzel, Michal <Michal.Orzel@xxxxxxx>; > >> Julien Grall <julien@xxxxxxx>; Roger Pau Monné > >> <roger.pau@xxxxxxxxxx>; Stefano Stabellini <sstabellini@xxxxxxxxxx>; > >> xen-devel@xxxxxxxxxxxxxxxxxxxx > >> Subject: Re: [PATCH v3 28/28] xen/domctl: wrap common/domctl.c with > >> CONFIG_MGMT_HYPERCALLS > >> > >> On 18.11.2025 07:43, Penny, Zheng wrote: > >>> [Public] > >>> > >>>> -----Original Message----- > >>>> From: Jan Beulich <jbeulich@xxxxxxxx> > >>>> Sent: Thursday, October 30, 2025 9:40 PM > >>>> To: Penny, Zheng <penny.zheng@xxxxxxx> > >>>> Cc: Huang, Ray <Ray.Huang@xxxxxxx>; oleksii.kurochko@xxxxxxxxx; > >>>> Andrew Cooper <andrew.cooper3@xxxxxxxxxx>; Anthony PERARD > >>>> <anthony.perard@xxxxxxxxxx>; Orzel, Michal <Michal.Orzel@xxxxxxx>; > >>>> Julien Grall <julien@xxxxxxx>; Roger Pau Monné > >>>> <roger.pau@xxxxxxxxxx>; Stefano Stabellini > >>>> <sstabellini@xxxxxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx > >>>> Subject: Re: [PATCH v3 28/28] xen/domctl: wrap common/domctl.c with > >>>> CONFIG_MGMT_HYPERCALLS > >>>> > >>>> On 13.10.2025 12:15, Penny Zheng wrote: > >>>>> --- a/xen/common/Kconfig > >>>>> +++ b/xen/common/Kconfig > >>>>> @@ -646,11 +646,13 @@ config SYSTEM_SUSPEND > >>>>> If unsure, say N. > >>>>> > >>>>> config MGMT_HYPERCALLS > >>>>> - def_bool y > >>>>> + bool "Enable privileged hypercalls for system management" > >>>>> help > >>>>> This option shall only be disabled on some dom0less systems, or > >>>>> PV shim on x86, to reduce Xen footprint via managing > >>>>> unnessary > > "unnecessary" > > >>>>> - hypercalls, like sysctl, etc. > >>>>> + hypercalls, like sysctl, domctl, etc. > >>>>> + Be cautious to disable it, as users will face missing a few basic > >>>>> + hypercalls like listdomains, getdomaininfo, etc. > >>>> > >>>> This is still too little, imo. For one I'm not sure "users" is > >>>> quite the right term. I'd say it's more "admins". And then, as > >>>> mentioned, there are a few domctl-s which are usable by DMs. Aiui > >>>> device pass-through may also be impacted, which imo will want > >>>> mentioning here as well. Or else, if there is an implication that > >>>> DMs aren't to be used when > >> MGMT_HYPERCALLS=n, that is what would want calling out. > >>> > >>> How about > >>> " > >>> Be cautious to disable it, as admins will face missing a few > >>> basic > >>> hypercalls like listdomains, getdomaininfo, etc, hence leading to > >>> have an impact on xl-device-passthrough and restricted DM. > >>> " > >> > >> Much better. However, why "xl-" and why "restricted"? Neither aspect > >> matters here, unless I overlook something. > >> > > > > Later, in hyperlaunch scenario, device passthrough is still needed, > > but it's not current device passthrough mode, which depends on > > xl-tool-stack to de-assign it from hardware domain and re-assign it to > > guest. It will be limited in boot-up stage, and configured via device > > tree only. FWIU, we may reuse VPCI framework, but commands like "xl > > assign/deassign xxx" will not be needed anymore. PLZ correct me if > > understand wrongly, @Andryuk, Jason > > Yes, this is correct. > > > > > And DM, like QEMU, is still applicable, but only supports a new machine > > type, > "pvh". > > vPCI is used to assign the PCI devices to a PVH domain during boot. > QEMU is present and provides virtio devices, but it does not play a role in > PCI > passthrough. So far we've used independent PCI segments for vPCI and > QEMU/virtio. > > Anyway, maybe something like this for the help text: > """ > Management hypercalls provide the means for dom0 to manage the overall Xen > system and other domains. This includes the hypercalls needed to construct > new > domains. In a dom0less or pv-shim build, they can be omitted to cut down on > the > Xen binary's size. However, this comes at the loss of significant runtime > functionality. > > Unless you know what you are doing, you should enable this. > """ > Thx!!! I'll combine them all > Regards, > Jason

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.