[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Domain IDs and Capabilities

  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jason Andryuk <jason.andryuk@xxxxxxx>
  • Date: Mon, 31 Mar 2025 17:46:24 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1Tvm67qEyl7UzdfTkywajKn7OYP+cZgunlRR4104i8g=; b=e6SCt+KABKntLblnSg99VLXPqzvpjvTMnIp6H+qX3Bgj9TcIjl+0yYD2v1bFO0q9QbBv41MBstiAQdz2DI1/UQHkVZDVpkUF2hMQ71liJuT4fA8P1clgwgsira54Y3k/YwEHY27GhJEv/IyLzr9n2g+8saWFHlhlcBm6ch4OooA5EGx+99sB9c+41kUDmAnn4ao7pmiX1zrC7LE4u45rbVlefH+j+UCHaMClrRYYTNJ4xDCdLa0RQmtiGifFqFGlCEh/kUdLxnalaSnz0RfPa4VpW1xdI2tufLQ2ixr6wTz0mXZmmJ3Z3KjBBhocyiHSkmmHiQghmRbUfZV8J41MwQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=baItxbg5OGF01UI4otwk0TX3ekCdYxnO6k2q6oR4TP2G70rYAlvevtqPsDec3vl/7J+UOrBUXhwBCHXytg8PvlkCODRYqxlHpna1To9fyuBB6WSDdBYdEnGnBbnTIYMP2Kx+I/pxelp0ShDDGinBnVNeLzrp6jFDLh8pZAB0l85l/XmpFEyvh5CCmZ2+HlITmrBE1UjAd4sbQLhUpxqjwkURClWVnsCgQ5eIB9WW2QOZV9CDZncQAXfEJeCgPwy2NqhHeV9Zb+iNk1sWkC3cyyHKma0M97cAi6xp0REvmJ/h9B/q3/LLlc7oHbLtqW6+z95i+m21WfXd4J2yfwVb6A==
  • Delivery-date: Mon, 31 Mar 2025 21:46:35 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi,
I'm finding it necessary to expose a domain's domid and capabilities to the domain itself.
On x86, SIF_privileged and SIF_hardware allow a domain to know its privileges through start_info. ARM does not have start_info, and xenstore domain status is not exposed.
Xen sets XENFEAT_dom0 for is_hardware_domain(), and then ARM Linux creates local xen_start_flags with both SIF_PRIVILEGED (control) and SIF_INITDOMAIN (hardware) set. This is inaccurate with a split hardware and control domains.
(This looks like a mis-use of XENFEAT_dom0. It's present in ELF Notes seems more like a flag for a binary to indicate to Xen's ELF loader that it is capable of running as dom0.)
xen_start_flags influences Linux kernel behavior and userspace. /proc/xen/capabilities control_d is only set for SIF_INITDOMAIN. Similarly, the /proc/xen/xsd_{kva,port} keys needed to run xenstored locally depend on xen_initial_domain(), which can be incorrect.
It is useful for a domain to know its own domid. Xenstored has command line flags to set --master-domid (the local domid) and --priv-domid, but it would be better to autodetect those. Also, domids are necessary to set xenstore permissions - DOMID_SELF is not supported today.
Juergen already implemented a get_domid() function for Mini-OS for a xenstore stubdom to query its own domid indirectly through event channel games. That can be re-imlemented in Linux userspace, but it needs the unstable xenctrl library to query event channel status. 

x86 HVM exposes the domid through a CPUID leaf, so it isn't actually hidden.
Should I add a hypercall to query a domid? An alternative, for ARM at least, is to expose the domid and capabilities in the domain's DT in /hypervisor/domid and /hypervisor/caps. I've tried this out as just dumping the domid and caps as uint32_ts.
Reviewing https://lore.kernel.org/xen-devel/20231110113435.22609-1-jgross@xxxxxxxx/ it seems like both a hypercall and an arch specific means might be possible.
XENFEAT could be extended to exposed finer grain capabilities: XENFEAT_{control,hwdom,xenstore}. This is easy. Seems a little bit like a mis-use of XENFEAT to me, but it works.
If generally exposing domids is not desirable, they could be exposed only to domains with capabilities since those are not migratable, AFAICT. 

I'm open to suggestions.

Regards,
Jason

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.