[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 6/6] xen/arm: Add capabilities to dom0less

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
From: Jason Andryuk <jason.andryuk@xxxxxxx>
Date: Wed, 2 Apr 2025 11:35:31 -0400
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QG6CIx2DDe8kfe6fYcgM7yJYGTgsvNPGe0+TfyQj3dU=; b=DDyK76fv5QqpB+4pvBEzkS/Z2/nHdVLtdOvwFM1hEqD4AJ8u2vqr/hOA+4alLQ6wNH1OB47quvv5UVhxCY5JbbzkwpT2/MabcL6B6GVXT9PUgs2rCFuybQaM32A2kvPq0esWZoO/oGoLoggqmPbe/ufyBhCThGvTuLZaMlItWGgdoMRo5r0cWn2pDdOZl4wLo0SJtRlJVsAFqfYrB5urgYG+Cp4A/q/QdI14hXRlT43RAr0ju1DCmy1SHAGdd7RCJJbrvUcHI6415QrpQ0aoY5yK36QwbGgJbZpwddEtZu9z4qt273ln8RwWLwcXX2AH83J8aV1TKXdeJ/8Ci2X5Jw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qf2qh6UPsgoMlTWhftBEZ33exZPzDFLcBl5DnfIx9s31txNo1o35+2PnfHUtj6SHuN1XQxKCyxI8sNyh5V38gv50LYuFEFLUiLUz5HDTSqmskLaHgNWixCf69yDP3GG83R96lnGi3ZNZ5BqUSWlUjjdKbNoOF7BfFSCbXEGaU8OlW2V3FEBK5aPNUIxJzSmRTPyd98p05anCA/Dq+xnjIiTyij452MuZy9efavTPg5VL8NnMPMR2dm/BEqjWkFMkWH1OJaMpaEZYZmAoi7KB8ihZitxOcHebA4ZZVZODEofJKW7kDZcLsrqR7mBo5BYcxjwEIkEBBMwXTnNDeBhhuQ==
Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, "Bertrand Marquis" <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Wed, 02 Apr 2025 15:35:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2025-04-01 20:03, Stefano Stabellini wrote:

On Mon, 31 Mar 2025, Jason Andryuk wrote:

Add capabilities property to dom0less to allow building a
disaggregated system.  Only a single hardware domain and single xenstore
domain can be specified.  Multiple control domains are possible.

Introduce bootfdt.h to contain these constants.

When using the hardware or xenstore capabilities, adjust the grant and
event channel limits similar to dom0.

For a hardware domain, require an IOMMU and disallow specifying a vpl011
console or nr_spis.

Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
---
v2:
Fix comment style
Make DOMAIN_CAPS_* unsigned
Remove forced directmap & iommu
Require iommu with use of hardware domain
Limit to a single xenstore domain

There is overlap with hyperlaunch.  The numeric values are the same.
Hyperlaunch doesn't expose the values in a public header as done here.
Is this to be expected for dom0less?  It seems most of dom0less isn't in
a header, but just in docs.

Hyperlaunch uses BUILD_CAPS_, but I chose DOMAIN_CAPS_ since there are
domain-level capabilities.

Only a single xenstore and hardware domain make sense.  Hardware domain
receiving all hardware can only have a single domain.

For Xenstore, the logic latches the single xs_domid and uses that for
all domains.  Also, only a single domain can register for VIRQ_DOM_EXC.
---

@@ -1020,6 +1023,40 @@ void __init create_domUs(void)
          if ( (max_init_domid + 1) >= DOMID_FIRST_RESERVED )
              panic("No more domain IDs available\n");

+ if ( dt_property_read_u32(node, "capabilities", &val) )

+        {
+            if ( val & ~DOMAIN_CAPS_MASK )
+                panic("Invalid capabilities (%"PRIx32")\n", val);
+
+            if ( val & DOMAIN_CAPS_CONTROL )
+                flags |= CDF_privileged;
+
+            if ( val & DOMAIN_CAPS_HARDWARE )
+            {
+                if ( hardware_domain )
+                    panic("Only 1 hardware domain can be specified! (%pd)\n",
+                           hardware_domain);
+
+                if ( !iommu_enabled )
+                    panic("iommu required for dom0less hardware domain\n");


The panic is OK if "direct-map" is not specified. We need to check for
direct-map before panic'ing.

Ok, I guess I misunderstood Julien's comment - I thought he wanted torequire an iommu. I can re-work it.

!direct-map && !iommu will panic. Any other combination of direct-mapand iommu will be allowed.

Hmmm, "passthrough" and "multiboot,device-tree" are essentially ignoredfor hwdom right now. I'll require them to be unset for hwdom.


Regards,
Jason

Follow-Ups:
- Re: [PATCH v2 6/6] xen/arm: Add capabilities to dom0less
  - From: Stefano Stabellini

References:
- Re: [PATCH v2 6/6] xen/arm: Add capabilities to dom0less
  - From: Stefano Stabellini

Prev by Date: Re: [XEN PATCH 1/1] xen/x86: drop wrappers of SVM instructions
Next by Date: Re: [RFC PATCH v1 01/15] x86/msr: Replace __wrmsr() with native_wrmsrl()
Previous by thread: Re: [PATCH v2 6/6] xen/arm: Add capabilities to dom0less
Next by thread: Re: [PATCH v2 6/6] xen/arm: Add capabilities to dom0less
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.