certain you don't plan on having PV guests which use this feature,
turning it off can reduce the attack surface.
+### pv-shim (x86)
+> `= <boolean>`
+
+> Default: `false`
+
+This option is intended for use by a toolstack, when choosing to run a PV
+guest compatibly inside an HVM container.
+
+In this mode, the kernel and initrd passed as modules to the hypervisor are
+constructed into a plain unprivileged PV domain.
+
### rcu-idle-timer-period-ms
> `= <integer>`
---help---
Support booting using the PVH ABI.
+ If unsure, say N.
+
+config PV_SHIM
+ def_bool n
+ prompt "PV Shim"
+ depends on PV && XEN_GUEST
+ ---help---
+ Build Xen with a mode which acts as a shim to allow PV guest to run
+ in an HVM/PVH container. This mode can only be enabled with command
+ line option.
+
+ If unsure, say N.
+
+config PV_SHIM_EXCLUSIVE
+ def_bool n
+ prompt "PV Shim Exclusive"
+ depends on PV_SHIM
+ ---help---
+ Build Xen in a way which unconditionally assumes PV_SHIM mode. This
+ option is only intended for use when building a dedicated PV Shim
+ firmware, and will not function correctly in other scenarios.
+
If unsure, say N.
endmenu
obj-y += misc-hypercalls.o
obj-y += mm.o
obj-y += ro-page-fault.o
+obj-$(CONFIG_PV_SHIM) += shim.o
obj-y += traps.o
obj-bin-y += dom0_build.init.o
--- /dev/null
+/******************************************************************************
+ * arch/x86/pv/shim.c
+ *
+ * Functionaltiy for PV Shim mode
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Copyright (c) 2017 Citrix Systems Ltd.
+ */
+#include <xen/init.h>
+#include <xen/types.h>
+
+#include <asm/apic.h>
+
+#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+bool pv_shim;
+boolean_param("pv-shim", pv_shim);
+#endif
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
#include <asm/guest/hypercall.h>
#include <asm/guest/pvh-boot.h>
#include <asm/guest/xen.h>
+#include <asm/pv/shim.h>
#endif /* __X86_GUEST_H__ */
--- /dev/null
+/******************************************************************************
+ * asm-x86/guest/shim.h
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms and conditions of the GNU General Public
+ * License, version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Copyright (c) 2017 Citrix Systems Ltd.
+ */
+
+#ifndef __X86_PV_SHIM_H__
+#define __X86_PV_SHIM_H__
+
+#include <xen/types.h>
+
+#if defined(CONFIG_PV_SHIM_EXCLUSIVE)
+# define pv_shim 1
+#elif defined(CONFIG_PV_SHIM)
+extern bool pv_shim;
+#else
+# define pv_shim 0
+#endif /* CONFIG_PV_SHIM{,_EXCLUSIVE} */
+
+#endif /* __X86_PV_SHIM_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
projects / people / iwj / xen.git / commitdiff