On 11.11.2025 18:54, Grygorii Strashko wrote: > This series introduces possibility to disable 32-bit (COMPAT) interface > support > in the following cases:
The use of plural here ... > - Only PVH domains are used > - Guests (OS) are started by using direct Direct Kernel Boot > - Guests (OS) are 64-bit and Guest early boot code, which is running not > in 64-bit mode, does not access Xen interfaces > (hypercalls, shared_info, ..) ... makes this an OR list, which I don't think would be correct. PVH domains, for example, can well be 32-bit ones, can't they? Otoh the latter two points look as if they really enumerate alternatives. Can you clarify please what is meant? Jan > If above criterias are met the COMPAT HVM interface become unreachable and > can be disabled. > Coverage reports analyze and adding guard (debug) exceptions in > hvm_hypercall/hvm_do_multicall_call > and hvm_latch_shinfo_size() confirm that COMPAT HVM interface is unused for > safety use-case. > > Grygorii Strashko (5): > x86: hvm: dm: factor out compat code under ifdefs > x86: hvm: compat: introduce vcpu_is_hcall_compat() helper > x86: hvm: factor out compat code under ifdefs > x86: pvh: allow to disable 32-bit interface support > x86: constify has_32bit_shinfo() if !CONFIG_COMPAT > > xen/arch/x86/hvm/Kconfig | 19 +++++++++++++++- > xen/arch/x86/hvm/dm.c | 2 ++ > xen/arch/x86/hvm/hvm.c | 22 +++++++++++++----- > xen/arch/x86/hvm/hypercall.c | 37 +++++++++++++++++++++++-------- > xen/arch/x86/hypercall.c | 6 +---- > xen/arch/x86/include/asm/domain.h | 3 ++- > xen/common/kernel.c | 2 +- > xen/include/xen/sched.h | 9 ++++++++ > 8 files changed, 78 insertions(+), 22 deletions(-) >
