[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 00/23] ARM split hardware and control domains


  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jason Andryuk <jason.andryuk@xxxxxxx>
  • Date: Thu, 6 Mar 2025 17:03:20 -0500
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hZmvhT6nCE4j3onjtbDsQyRYYBH3tCizsA5vpT9tGmk=; b=OnzMcmFQ9czPjN57XTheAgfYzC66fhneAUwHGxWyhiRVVpJietbDfuMrX2NIt2wfP1ORNZ4Po5t63Xa3v9DJJrmUGGE7OnKPlpqz3sxWj87Cu+nWJ7Ih4weBSemJycY8g/ZjVKfGvzgW1elQBRc+awprYdotp1NdwThXmiCSXSe1M8FLCLxj40nJgVXT1Bkfwg0a7Q3mjZoPXQP13WmJeDGIs7ew4FqCczVvibvHjMm+8+ajURBEILPYloes8y1VzRccRES8y934PT6l99IwdRpOsMf4RQ28OBSGmgJeye4cqvQMy7IdBQqmRVNwt891C93hBQBo9phS2fBSrkjFaA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KkEZU3U7tFfJmuIujTom24Ga0jGLw0uCcGvmcH7XyJGf01sOXjTPfmTuDS5C5KK15i6o9z2chxPPLCjPCILhKWHq6UxitcxAHGQBac0s2xHcSzEfkshQk5SrC2D5pwspO7VIf2VPK2Y5V28HnHDBcVoge3Fy+yN1gh/hyAHQ+os6FVTnRanaYPBSu+tA3LY4qTOs9Ib0lzqi7ewRLEjvRLhmIZyjWsT1hxVR6iNfkbEVLMEaD0S+GCeovO/HtjgWOcy5xg8625cWVHTXP+y5es6riRH4oi05J5iwBrmWtRKb2NZNCX7VD66T54Z/b4B7rOd9X4ifB7tlLIXz/YbCEg==
  • Cc: Jason Andryuk <jason.andryuk@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Volodymyr Babchuk" <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>
  • Delivery-date: Thu, 06 Mar 2025 22:04:00 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This series implements separation of dom0 into separate hardware and
control domains.  It uses the capabilities idea from Hyperlaunch -
hardware, control, and xenstore.  It's been tested with dom0 as hardware
& xenstore, dom1 as control, and dom2 as a domU.

Running hardware and xenstore together eases the implementation.
Xenstore permissions were tested with a hyperlaunched xenstore stubdom.
C xenstored is needed to use grant mapping instead of foreign mapping -
this is especially needed for hwdom to provide the xenstore to control.
Xen seeds the xenstore grant entries since init-dom0less in hardware
domain does not have permission to map the grant table.

There is a dependency on an ImageBuilder update to generate the
capability device tree nodes.  An update for the automation is in the
last commit - not to be commited.

The early patches re-work dom0less code to allow construction of hwdom.
There are some changes to expose the capabilities to the toolstack.

xenstored is changed to track dom0_domid (hwdom) and priv_domid.  This
works for only a single one of each.

Then there are a bunch of changes to the XSM dummy policy.  The sysctls
are the most problematic.  With a coarse grain policy, they are allowed
for both hwdom and control.  Flask can be used for fine grain control.

Finally, an automation test is added.

Daniel P. Smith (1):
  xen: introduce hardware domain create flag

Jason Andryuk (22):
  xen/arm: Factor out construct_hwdom()
  xen/arm: dom0less hwdom construction
  xen/arm: dom0less use domid 0 for hwdom
  xen/arm: Add capabilities to dom0less
  xen/domctl: Expose privileged and hardware capabilities
  tools/libxl: Expose hardware and privileged flags
  xen/arm: dom0less seed xenstore grant table entry
  tools/init-dom0less: Only seed legacy xenstore grants
  xen/arm: dom0less delay xenstore initialization
  tools/xenstored: Automatically set dom0_domid and priv_domid
  tools/xl: Print domain capabilities with verbose
  xsm/dummy: Allow XS_PRIV XEN_SYSCTL_getdomaininfolist
  xsm/dummy: Allow XS_PRIV to call get_hvm_param
  xen/xsm: Add XSM_HW_PRIV
  xsm/dummy: Allow hwdom xen_version
  xsm/dummy: Allow hwdom more - except targeting control
  xsm/dummy: Allow hwdom SYSCTL_readconsole/physinfo
  xsm/dummy: Allow sysctls to both hardware and control
  xsm/silo: Support hwdom/control domains
  automation/dom0less-arm64: Use double quotes
  automation: Add arm64 hardware/control split test
  DO NOT COMMIT: automation: updated imagebuilder

 automation/gitlab-ci/test.yaml                |   8 +
 .../scripts/qemu-smoke-dom0less-arm64.sh      |  87 ++++++++--
 docs/man/xl.1.pod.in                          |   3 +-
 docs/misc/arm/device-tree/booting.txt         |  11 ++
 tools/helpers/init-dom0less.c                 |  10 +-
 tools/include/libxl.h                         |  16 ++
 tools/libs/light/libxl_domain.c               |   2 +
 tools/libs/light/libxl_types.idl              |   2 +
 tools/xenstored/domain.c                      |  16 ++
 tools/xl/xl_info.c                            |  24 ++-
 xen/arch/arm/dom0less-build.c                 | 164 +++++++++++++-----
 xen/arch/arm/domain.c                         |   3 +-
 xen/arch/arm/domain_build.c                   |  35 ++--
 xen/arch/arm/hvm.c                            |   2 +-
 xen/arch/arm/include/asm/dom0less-build.h     |   2 +
 xen/arch/arm/include/asm/domain_build.h       |   2 +
 xen/arch/arm/platform_hypercall.c             |   2 +-
 xen/arch/x86/hvm/hvm.c                        |   8 +-
 xen/arch/x86/msi.c                            |   2 +-
 xen/arch/x86/physdev.c                        |  12 +-
 xen/arch/x86/platform_hypercall.c             |   2 +-
 xen/arch/x86/setup.c                          |   3 +-
 xen/common/domain.c                           |   2 +-
 xen/common/domctl.c                           |   2 +
 xen/common/grant_table.c                      |  10 ++
 xen/common/sysctl.c                           |   2 +-
 xen/drivers/passthrough/pci.c                 |   5 +-
 xen/drivers/pci/physdev.c                     |   2 +-
 xen/include/public/bootfdt.h                  |  27 +++
 xen/include/public/domctl.h                   |   6 +
 xen/include/xen/domain.h                      |   2 +
 xen/include/xen/grant_table.h                 |   8 +
 xen/include/xsm/dummy.h                       |  55 ++++--
 xen/include/xsm/xsm.h                         |   1 +
 xen/xsm/silo.c                                |   9 +-
 35 files changed, 431 insertions(+), 116 deletions(-)
 create mode 100644 xen/include/public/bootfdt.h

-- 
2.48.1




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.