On 21.11.2025 11:57, Penny Zheng wrote:
> Function domain_kill() is responsible for killing domain and relinquish
> domain-held resources. and it is only invoked under
> XEN_DOMCTL_destroydomain-case. So it shall be wrapped with
> CONFIG_MGMT_HYPERCALLS.
> Tracking its calling chain, the following functions could also be wrapped with
> CONFIG_MGMT_HYPERCALLS:
> - domain_relinquish_resource
> - pci_release_device
> - paging_teardown
> - p2m_pod_empty_cache
> - relinquish_memory
> - pit_deinit
> - iommu_release_dt_devices
> - tee_relinquish_resources
> - ffa_relinquish_resources/optee_relinquish_resources
> - relinquish_p2m_mapping
> - p2m_clear_root_pages
> Otherwise all these functions will become unreachable codes when
> MGMT_HYPERCALLS=n, and hence violating Misra rule 2.1.
> The reason why {arch_}domain_teardown() is not wrapped is that it is also used
> on the failure path of domain_create(). And the exclusion of
> paging_final_teardown() is blocked by domain_destroy(), which will be
> triggered when d->refcnt equals zero.
>
> Signed-off-by: Penny Zheng <[email protected]>
> Reviewed-by: Stefano Stabellini <[email protected]>
Acked-by: Jan Beulich <[email protected]>
