On 13.10.2025 12:15, Penny Zheng wrote: > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -646,11 +646,13 @@ config SYSTEM_SUSPEND > If unsure, say N. > > config MGMT_HYPERCALLS > - def_bool y > + bool "Enable privileged hypercalls for system management" > help > This option shall only be disabled on some dom0less systems, or > PV shim on x86, to reduce Xen footprint via managing unnessary > - hypercalls, like sysctl, etc. > + hypercalls, like sysctl, domctl, etc. > + Be cautious to disable it, as users will face missing a few basic > + hypercalls like listdomains, getdomaininfo, etc.
This is still too little, imo. For one I'm not sure "users" is quite the right term. I'd say it's more "admins". And then, as mentioned, there are a few domctl-s which are usable by DMs. Aiui device pass-through may also be impacted, which imo will want mentioning here as well. Or else, if there is an implication that DMs aren't to be used when MGMT_HYPERCALLS=n, that is what would want calling out. Jan
