[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [ARM] Native application design and discussion (I hope)

Hi Dario,

On 05/09/2017 11:13 AM, Dario Faggioli wrote:
On Fri, 2017-05-05 at 12:28 -0700, Stefano Stabellini wrote:
On Fri, 5 May 2017, Andrii Anisov wrote:
On 24.04.17 21:08, Stefano Stabellini wrote:
The advantages of using EL0 apps are:
- scheduled deterministically
- faster context switch
- lower and deterministic latency
- EL0 apps execution time is accounted appropriately to the guest
   they are servicing

Can't the EL0 app be servicing XEN itself?

Short answer: no.

Long answer follows. EL0 apps will run in a different context.

I still feel like I am missing something (most likely, due to my
limited knowledge of ARM arch and XenOnARM code). Can you try to
clarify a bit for me what it "in a different context" in this case, and
 why it is important?

We want to run it in a different exception level to limit the surface attack of the hypervisor if the application is buggy.

It was
suggested to keep track of their state in the guest vcpu struct,
looks like a good idea to me. If we did that, the only way to have an
EL0 app running without being bound to a specific guest, would be to
it on the idle vcpu, which I think is a bad idea.

Which, FTR, is what we do in Xen for a bunch of things already, i.e.,
softirqs and tasklets.

No, we don't switch to the idle vCPU to handle tasklets or softirqs. They will be done before entering to the guest and still in the hypervisor context.

It's actually a rather effective way of executing some piece of Xen
code synchronously with some event (as softirqs are always checked 'on
the way back' from the hypervisor), which I guess in your case could be
 the trap from the guest vCPU requesting service.

And it should not be hard to give such code access to the context of
the vCPU that was previously running (in x86, given we implement what
we call lazy context switch, it's most likely still loaded in the

I agree with Stefano, switching to the idle vCPU is a pretty bad idea.

the idle vCPU is a fake vCPU on ARM to stick with the common code (we never leave the hypervisor). In the case of the EL0 app, we want to change exception level to run the code with lower privilege.

Also IHMO, it should only be used when there are nothing to run and not re-purposed for running EL0 app.


Julien Grall

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.