[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 15/15] x86/hyperlaunch: add capabilities to boot domain

To: Jan Beulich <jbeulich@xxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
From: Jason Andryuk <jason.andryuk@xxxxxxx>
Date: Tue, 4 Feb 2025 10:40:33 -0500
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vQcLdlKW0icFyAbjXxqit7HfY/4al4fiiHxm+ExMnSA=; b=I+VlucHhvzDbDmNzMCMZE9XsFpHxzZZwNdDlDXeckCjOdDzZh6O7+t4Zli6Ahti2percvwkqq2VM9STVB6wetIkIuhm9gkYvjyul7uetXHhhj6uL9OtKCk10xDJNpsp9QSbVCpeKtgw7YQfjiKabDrOSs5EqbLT0A1k2UE+4u2PTzHLxJoHq53AL2E/dDFBxbpNQceOK47c17rzP2zz7YyhpV8vADiA/2OPbQ12K1HkZtvZo/swN/EycpdxBsuvibk/x41Y8ru+x+EiGoXFwRVWb66Au+pwnwws7OTAsDSTnMllTEXkglJi2gK6T0WZ4pfHjCRyrEh0aBGleC3JDiw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=s/70+YoqajjbHlrfJNSm2/dUHEI0fiJibrUEImtqJhJcoMAo3irU6BznTCvEWwrQojg2ZviCmatrB8ITP5sbOO0IZu590CgNNPTlwpJ3YgHdcojAQoWf21UWiPvM+4cutRQPRjNmPBQ4OrTOZ/vmygO/FR9Ge+Eeh5O7a9aIZ0Fe/sTdHclRGSyk32u9geEVv/yYFqhUKTZ1/Joyo/fsLHQYcGiSqaSOZDuNFdZqbrWrLhDceOlp22CkJQR4a90msC99IutI3AA8xjclOvFiT9AwlSfvKbEswtmRvI8SBvxnx6A7I3cGq838YMUYqshEw8g/7Un7ObnVmnTG2Y980g==
Cc: <christopher.w.clark@xxxxxxxxx>, <stefano.stabellini@xxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Julien Grall" <julien@xxxxxxx>
Delivery-date: Tue, 04 Feb 2025 15:40:48 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2025-02-04 06:13, Jan Beulich wrote:

On 26.12.2024 17:57, Daniel P. Smith wrote:

Introduce the ability to assign capabilities to a domain via its definition in
device tree. The first capability enabled to select is the control domain
capability.


Hmm, and not at the same time another one to select "hardware domain"?

Dan has an un-submitted patch that adds in hardware domain. Related, Iwas preparing a dom0less patch that adds control, hardware, and xenstorecapabilities.

I've included it below. To keep them aligned, it creates a new commonpublic header with defines for the capabilities.


Regards,
Jason

commit 5d329e6ef7128a4999b28de6745810c595a7f9e8
Author: Jason Andryuk <jason.andryuk@xxxxxxx>
Date:   Fri Jan 31 14:50:53 2025 -0500

    xen/arm: Add capabilities to dom0less

    Add capabilities property to dom0less to allow building a
    disaggregated system.

    Introduce bootfdt.h to contain these constants.

    Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
    ---
    There is overlap with hyperlaunch.  The numeric values are the same.
    Hyperlaunch doesn't expose the values in a public header as done here.

Is this to be expected for dom0less? It seems most of dom0lessisn't in

    a header, but just in docs.

    Hyperlaunch uses BUILD_CAPS_, but I chose DOMAIN_CAPS_ since there are
    domain-level capabilities.

diff --git a/docs/misc/arm/device-tree/booting.txtb/docs/misc/arm/device-tree/booting.txt

index 4346953a71..2cd99f9b79 100644
--- a/docs/misc/arm/device-tree/booting.txt
+++ b/docs/misc/arm/device-tree/booting.txt
@@ -167,6 +167,17 @@ with the following properties:

Refer to docs/misc/cache_coloring.rst for syntax. This option isapplicable

     only to Arm64 guests.

+- capabilities
+    Optional.  A bit field of domain capabilities for a disaggregated
+    system.  A traditional dom0 has all all of these capabilities, and a
+    domU has none of them.
+
+    0x1 DOMAIN_CAPS_CONTROL  - A privileged, control domain
+    0x2 DOMAIN_CAPS_HARDWARE - The hardware domain - there can be only 1
+    0x4 DOMAIN_CAPS_XENSTORE - The xenstore domain - there can be only 1
+
+    The default is no capabilities.
+
 - vpl011

     An empty property to enable/disable a virtual pl011 for the guest to
diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c
index 9f24463ebd..bb49142d24 100644
--- a/xen/arch/arm/dom0less-build.c
+++ b/xen/arch/arm/dom0less-build.c
@@ -12,6 +12,7 @@
 #include <xen/sizes.h>
 #include <xen/vmap.h>

+#include <public/bootfdt.h>
 #include <public/io/xs_wire.h>

 #include <asm/arm64/sve.h>
@@ -1236,6 +1237,18 @@ void __init create_domUs(void)
             d_cfg.max_maptrack_frames = val;
         }

+        if ( dt_property_read_u32(node, "capabilities", &val) )
+        {
+            if ( val & ~DOMAIN_CAPS_MASK )
+                panic("invalid capabilities (%"PRIu32") overflow\n", val);
+            if ( val & DOMAIN_CAPS_CONTROL )
+                flags |= CDF_privileged;
+            if ( val & DOMAIN_CAPS_HARDWARE )
+                flags |= CDF_hardware;
+            if ( val & DOMAIN_CAPS_XENSTORE )
+                d_cfg.flags |= XEN_DOMCTL_CDF_xs_domain;
+        }
+
         if ( dt_get_property(node, "sve", &val) )
         {
 #ifdef CONFIG_ARM64_SVE
diff --git a/xen/common/domain.c b/xen/common/domain.c
index c170597410..dbeda908be 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -701,6 +701,10 @@ struct domain *domain_create(domid_t domid,
     /* Sort out our idea of is_hardware_domain(). */
     if ( flags & CDF_hardware || domid == hardware_domid )
     {
+        if ( hardware_domain )
+            panic("Can't set %pd - %pd is already hardware domain\n", d,
+                  hardware_domain);
+

if ( hardware_domid < 0 || hardware_domid >=DOMID_FIRST_RESERVED )panic("The value of hardware_dom must be a valid domainID\n");


diff --git a/xen/include/public/bootfdt.h b/xen/include/public/bootfdt.h
new file mode 100644
index 0000000000..4e87aca8ac
--- /dev/null
+++ b/xen/include/public/bootfdt.h
@@ -0,0 +1,27 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Xen Device Tree boot information
+ *
+ * Information for configuring Xen domains created at boot time.
+ */
+
+#ifndef __XEN_PUBLIC_BOOTFDT_H__
+#define __XEN_PUBLIC_BOOTFDT_H__
+
+/* Domain Capabilities specified in the "capabilities" property.  Use of
+ * this property allows splitting up the monolithic dom0 into separate,
+ * less privileged components.  A regular domU has no capabilities
+ * (which is the default if nothing is specified).  A traditional dom0
+ * has all three capabilities.*/
+
+/* Control/Privileged domain capable of affecting other domains. */
+#define DOMAIN_CAPS_CONTROL  (1 << 0)
+/* Hardware domain controlling physical hardware.  Typically providing
+ * backends to other domains.  */
+#define DOMAIN_CAPS_HARDWARE (1 << 1)
+/* Xenstore domain. */
+#define DOMAIN_CAPS_XENSTORE (1 << 2)

+#define DOMAIN_CAPS_MASK (DOMAIN_CAPS_CONTROL |DOMAIN_CAPS_HARDWARE | \

+                              DOMAIN_CAPS_XENSTORE)
+
+#endif /* __XEN_PUBLIC_BOOTFDT_H__ */

References:
- Re: [PATCH v2 15/15] x86/hyperlaunch: add capabilities to boot domain
  - From: Jan Beulich

Prev by Date: Re: [PATCH v2 2/2] tools/hvmloader: Replace LAPIC_ID() with cpu_to_apicid[]
Next by Date: Re: [PATCH v2 2/2] tools/hvmloader: Replace LAPIC_ID() with cpu_to_apicid[]
Previous by thread: Re: [PATCH v2 15/15] x86/hyperlaunch: add capabilities to boot domain
Next by thread: Re: v5.4.289 failed to boot with error megasas_build_io_fusion 3219 sge_count (-12) is out of range
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.