Xen project Mailing List

Re: [PATCH] xen/arm: check max_init_domid validity

To: Bertrand Marquis <bertrand.marquis@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Michal Orzel <michal.orzel@xxxxxxx>

Date: Tue, 28 Feb 2023 12:10:48 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=arm.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vlUMh6B6jAvgKlcVcmtBYCCvYf1PJVMVHdIdhhSF/Z8=; b=QOQKVPoxnlAs6Tw/Z000T6ARqrle/9q8Erxg6lkpUycGyai/CVrq1L/VZhAHYWwue6LtZC94YwjOdUe32OB6erEoTvWuXvrRtBQy0O5AediJKBfoWY1TGTHxIkV/ZV4ISSp9PXB6OkVvkyTlA46apZWKUt2cN/VOtGi4K+HUi5afl1MOO3opGkk8TSenMOX8c0xLb4ylrzmiuTBHSqD1qSn0uqlPQNz4lMjts1+LK7t1QXoA5oRHvnBEhPiJ6y2UV4HSm3R/wuDThp4R/OQmrCgavwJdCVUUbkW+dwJIHfGVBqvwf1Ud5Rt+pHU7zphDrjT1inNP4LQJ+ZoRODBcyg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IXLqBoG0z/uAV9TPAxFxQrNC+WenpnIBq0ay40RZmelw6Lyji2E/jBh3qDRW2Gdwiblu9tHAUOBS4KwuIi3ypi46KrifrzuUuzTkvW0ShwZmvMvWGhbzKI+O0swBVkYTPSPgTP2KfnWOdUXSQ0OcdWmzx/1/rU7tgirRqT6fOXV8f4Dyk4QE1jL+aiEZ+7IhB38OX9Rkin2qq5ya/4seyLUvj/ZPKeHSLAjSMOBQqeqJz/W/OTOOgfzf4hTIuC+eFBtabfFKbj/y57h5zwx4c/qKMTlmrG8rPd4uL8WlLlXT/Sp82Kara9TbhdRPu6UUjACRT8KQOc0b/gVGfprIRQ==

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Tue, 28 Feb 2023 11:11:16 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Bertrand, On 28/02/2023 09:08, Bertrand Marquis wrote: > > > Before trying to create a dom0less guest, check that max_init_domid > increment will generate a valid domain ID, lower than > DOMID_FIRST_RESERVED. > > Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx> > --- > xen/arch/arm/domain_build.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c > index edca23b986d2..9707eb7b1bb1 100644 > --- a/xen/arch/arm/domain_build.c > +++ b/xen/arch/arm/domain_build.c > @@ -3879,6 +3879,9 @@ void __init create_domUs(void) > if ( !dt_device_is_compatible(node, "xen,domain") ) > continue; > > + if ( (max_init_domid + 1) >= DOMID_FIRST_RESERVED ) > + panic("No more domain IDs available\n"); Here are some of my thoughts: 1. The check if domid is >= DOMID_FIRST_RESERVED is used in quite a lot of places in the Xen code. We might want to introduce a global function for that purpose instead of repeating this check all over the codebase. 2. This check is something that could be moved to be generic. At the moment we do have an ASSERT with is_system_domain in domain_create. I know domain_create can be called for domids in special range so this would need to be thought through. 3. The placement of this check at the top of the function before starting to parse dt properties might be problematic in the future if we decide to allow specifying static domids for dom0less domUs. In a static configuration, most of the time, we do not have xenstore (either because of lack of xenstore support or because of lack of dom0). AFAIKT, in Xen a domain can get to know its domid only through xenstore (DOMID_SELF is not working in all the cases). Also, in a static configuration, it makes the life of an integrator easy to know all the domids upfront to easily set up some communication, grant tables, etc. Let me know your thoughts. ~Michal

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.