[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 05/23] xen/arm: Add capabilities to dom0less
- To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
- From: Jason Andryuk <jason.andryuk@xxxxxxx>
- Date: Fri, 7 Mar 2025 11:40:37 -0500
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C1Kyp1GjSs0giE7LMIyGsT/22R8Oz254Jiq7SGMmfhc=; b=kFe68GwIekL+4gFVgkTpRtFgH9ZcEdjLAacoJvOk48fyxRRudKACNGHfpYfIRZxSVCLsPhakoMOf5PIfazgYwhi+f4D3L2fL17s0T3TJGyBZQti1uf1+7jWLP5nRl9q7bHkReOPol59wOMwaL7+ZFxkfJTbZiIPnsQruOGUlvYdbfYaYhaCZuVITmlCYL5K40mCczUi253H7ap1U/947wLNytWAYEG+RKhknbg18XU67yvWN8rtm10C5o/SGLlcpb+iGebFczhOajdp3l2sXyUPcxCtmGgH7EP7Tc3kc0mYdr69yPW/4hyzffyBw+FsIpo4X9vICH2LbKGn4uwCCYQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=M/QXtssOreN/LRNakkEC7rIpJ0WvbAopa/5qTg4C2HKISyecEut/DY2BBjZRC3vsGK2RmocZHyRraWPjRom2Q9gqod16n86LudAvhbJjSLRXFF4mOgZ0raw0Qcx5kOLhjCMM7uFthwo1UDiQ69VDp1jBHKjCDNzn8vLzPmH7IjuIQg3UmS9zal0TmWWGV3+3Kiyx/9UdRpekMA9Sz/3ko3ts/RkF8EPq6ltgaeJTbDT3bLsrku5J8GzrVypLIG25ID3e0rhLj/I7U+L0k863qK0C7Ng/lZJ/AxsZtk0JX6B3Ku8BG/PRigr2LpULW6YjD6Eiy+UK8fXIO77dcfpVJQ==
- Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, "Bertrand Marquis" <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Delivery-date: Fri, 07 Mar 2025 16:40:59 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-03-06 20:40, Stefano Stabellini wrote:
On Thu, 6 Mar 2025, Jason Andryuk wrote:
Add capabilities property to dom0less to allow building a
disaggregated system.
Introduce bootfdt.h to contain these constants.
When using the hardware or xenstore capabilities, adjust the grant and
event channel limits similar to dom0.
Also for the hardware domain, set directmap and iommu. This brings its
configuration in line with a dom0.
Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
---
There is overlap with hyperlaunch. The numeric values are the same.
Hyperlaunch doesn't expose the values in a public header as done here.
Is this to be expected for dom0less? It seems most of dom0less isn't in
a header, but just in docs.
Hyperlaunch uses BUILD_CAPS_, but I chose DOMAIN_CAPS_ since there are
domain-level capabilities.
Only a single xenstore and hardware domain make sense. A check to limit
to only a single hardware domain is in place - building two breaks. But
nothing prevents the dom0less configuration from only having multiple
xenstore domains. Each xenstore domain would have slightly more
permissions, but only the last one would be used.
diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c
index 5a7871939b..068bf99294 100644
--- a/xen/arch/arm/dom0less-build.c
+++ b/xen/arch/arm/dom0less-build.c
@@ -12,6 +12,7 @@
#include <xen/sizes.h>
#include <xen/vmap.h>
+#include <public/bootfdt.h>
#include <public/io/xs_wire.h>
#include <asm/arm64/sve.h>
@@ -994,6 +995,34 @@ void __init create_domUs(void)
if ( (max_init_domid + 1) >= DOMID_FIRST_RESERVED )
panic("No more domain IDs available\n");
+ if ( dt_property_read_u32(node, "capabilities", &val) )
+ {
+ if ( val & ~DOMAIN_CAPS_MASK )
+ panic("Invalid capabilities (%"PRIx32")\n", val);
+
+ if ( val & DOMAIN_CAPS_CONTROL )
+ flags |= CDF_privileged;
+
+ if ( val & DOMAIN_CAPS_HARDWARE )
+ {
+ if ( hardware_domain )
+ panic("Only 1 hardware domain can be specified! (%pd)\n",
+ hardware_domain);
+
+ d_cfg.max_grant_frames = gnttab_dom0_frames();
+ d_cfg.max_evtchn_port = -1;
max_maptrack_frames = -1 ?
Yes.
+ flags |= CDF_hardware;
+ flags |= CDF_directmap;
+ iommu = true;
+ }
+
+ if ( val & DOMAIN_CAPS_XENSTORE )
+ {
+ d_cfg.flags |= XEN_DOMCTL_CDF_xs_domain;
shouldn't we take the opportunity to also set XEN_DOMCTL_CDF_xs_domain
in xen/arch/arm/domain_build.c:create_dom0 ?
We could. It isn't normally used except for a standalone xenstore
domain, which is why I didn't add it.
+ d_cfg.max_evtchn_port = -1;
Why this one?
It mirrors what is done in init-xenstore for a xenstore stubdom. It's
to remove the limit so the xenstore domain can create as many as
necessary for however many domains.
+ }
+ }
+
if ( dt_find_property(node, "xen,static-mem", NULL) )
{
if ( llc_coloring_enabled )
diff --git a/xen/include/public/bootfdt.h b/xen/include/public/bootfdt.h
new file mode 100644
index 0000000000..4e87aca8ac
--- /dev/null
+++ b/xen/include/public/bootfdt.h
@@ -0,0 +1,27 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Xen Device Tree boot information
+ *
+ * Information for configuring Xen domains created at boot time.
+ */
+
+#ifndef __XEN_PUBLIC_BOOTFDT_H__
+#define __XEN_PUBLIC_BOOTFDT_H__
+
+/* Domain Capabilities specified in the "capabilities" property. Use of
+ * this property allows splitting up the monolithic dom0 into separate,
+ * less privileged components. A regular domU has no capabilities
+ * (which is the default if nothing is specified). A traditional dom0
+ * has all three capabilities.*/
The multiline comment coding style is:
/*
* comment
* comment
*/
Ok.
Thanks,
Jason
|
