diff mbox series

[v2,1/2] xen: add option to disable GNTTABOP_transfer

Message ID 20220203131418.1319-1-jgross@suse.com (mailing list archive)
State New, archived
Headers show
Series [v2,1/2] xen: add option to disable GNTTABOP_transfer | expand

Commit Message

Juergen Gross Feb. 3, 2022, 1:14 p.m. UTC 
The grant table operation GNTTABOP_transfer is meant to be used in
PV device backends, and it hasn't been used in Linux since the old
Xen-o-Linux days.

Add a command line sub-option to the "gnttab" option for disabling the
GNTTABOP_transfer functionality.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- make option available for CONFIG_PV only (Jan Beulich)
- return -EOPNOTSUPP instead of -ENOSYS (Jan Beulich)
---
 docs/misc/xen-command-line.pandoc |  8 ++++++--
 xen/common/grant_table.c          | 12 ++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

Comments

Jan Beulich Feb. 3, 2022, 1:17 p.m. UTC | #1 
On 03.02.2022 14:14, Juergen Gross wrote:
> The grant table operation GNTTABOP_transfer is meant to be used in
> PV device backends, and it hasn't been used in Linux since the old
> Xen-o-Linux days.
> 
> Add a command line sub-option to the "gnttab" option for disabling the
> GNTTABOP_transfer functionality.
> 
> Signed-off-by: Juergen Gross <jgross@suse.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>
diff mbox series

Patch

diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc
index 6b3da6ddc1..44232b94c5 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -1167,9 +1167,9 @@  does not provide `VM_ENTRY_LOAD_GUEST_PAT`.
 Specify which console gdbstub should use. See **console**.
 
 ### gnttab
-> `= List of [ max-ver:<integer>, transitive=<bool> ]`
+> `= List of [ max-ver:<integer>, transitive=<bool>, transfer=<bool> ]`
 
-> Default: `gnttab=max-ver:2,transitive`
+> Default: `gnttab=max-ver:2,transitive,transfer`
 
 Control various aspects of the grant table behaviour available to guests.
 
@@ -1178,6 +1178,10 @@  version are 1 and 2.
 * `transitive` Permit or disallow the use of transitive grants.  Note that the
 use of grant table v2 without transitive grants is an ABI breakage from the
 guests point of view.
+* `transfer` Permit or disallow the GNTTABOP_transfer operation of the
+grant table hypercall.  Note that disallowing GNTTABOP_transfer is an ABI
+breakage from the guests point of view.  This option is only available on
+hypervisors configured to support PV guests.
 
 The usage of gnttab v2 is not security supported on ARM platforms.
 
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index ed1e2fabce..57dfc54994 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -181,6 +181,11 @@  static int parse_gnttab_max_maptrack_frames(const char *arg)
 
 unsigned int __read_mostly opt_gnttab_max_version = GNTTAB_MAX_VERSION;
 static bool __read_mostly opt_transitive_grants = true;
+#ifdef CONFIG_PV
+static bool __ro_after_init opt_grant_transfer = true;
+#else
+#define opt_grant_transfer false
+#endif
 
 static int __init parse_gnttab(const char *s)
 {
@@ -204,6 +209,10 @@  static int __init parse_gnttab(const char *s)
         }
         else if ( (val = parse_boolean("transitive", s, ss)) >= 0 )
             opt_transitive_grants = val;
+#ifndef opt_grant_transfer
+        else if ( (val = parse_boolean("transfer", s, ss)) >= 0 )
+            opt_grant_transfer = val;
+#endif
         else
             rc = -EINVAL;
 
@@ -2233,6 +2242,9 @@  gnttab_transfer(
     unsigned int max_bitsize;
     struct active_grant_entry *act;
 
+    if ( !opt_grant_transfer )
+        return -EOPNOTSUPP;
+
     for ( i = 0; i < count; i++ )
     {
         bool_t okay;