[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 16/16] x86/hyperlaunch: add capabilities to boot domain

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>
  • From: Alejandro Vallejo <agarciav@xxxxxxx>
  • Date: Mon, 14 Apr 2025 20:31:29 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NedxB70gyIinom5R3Vejt0xl8WoqeM9u1PaHTk0lkoc=; b=QZZViK5RV/ZgU51nYtPVOttAcU9Nzit4TKAHfvnt2vp8jx1ADqpnGr0F9pEKTJB5JRSrstK7GikAOXDgwE2uBDkir+EYycsd2YVbZkSc1e+HknYPoiCDWiinVTeXiappiewC3NXMkerlccbfFDonay6bLl7AHRxMQwHuPJq3tsj/bx7MdWeuaJP71NayuNAFkLZ9sxc+rNtIvDOBJ2dZ/2UqTU7o565dtI9yeOsDOBFK641/rwjmHcIv80oN9MwBDqow3Hcanm+d9eu3z8waSfI28Ch5SJPyZ38NTSjbsq7VPzQ/EvQKV37r7QeHq+KYfsmW6APN+uzsnAr67+Mw/g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fie2ck1cfvbltV+ZRWrLc62TOW5j2t6wbuZhKA22W+zRYNPIfyrKiomfYXcLmr15JeNs4oQrktpHCkWSsvd9BCm+9LXcRqmJRwmgvFXczG7FNPgNvw5CjNg8bW8TA1I7YTNO84TZBozv8zscMY1oNxYscKmG8uusA83jV2Czoqz1uGYYALpoErbezW7z6XnQAvKsyzA3nvZ/nfK60/xJEMtjEOD78WGTaWvSLUno4I1ixhjPulIF7riM3k+Dd83gKb1CqkUH6XZ8BtOb9t75/ChrPigXjFi7ODNL6WVWHTcC875VFiqXyVEVq7LII9QPs+p0cj+foTRaJeWKx3sY4A==
  • Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Xenia Ragiadakou <xenia.ragiadakou@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 14 Apr 2025 19:31:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu Apr 10, 2025 at 1:18 PM BST, Jan Beulich wrote:
> On 08.04.2025 18:07, Alejandro Vallejo wrote:
>> From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>> 
>> Introduce the ability to assign capabilities to a domain via its definition 
>> in
>> device tree. The first capability enabled to select is the control domain
>> capability. The capability property is a bitfield in both the device tree and
>> `struct boot_domain`.
>> 
>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>> Reviewed-by: Jason Andryuk <jason.andryuk@xxxxxxx>
>> Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
>
> The R-b feels kind of redundant with the subsequent S-o-b.

I'll drop it.

>
>> --- a/xen/arch/x86/domain-builder/fdt.c
>> +++ b/xen/arch/x86/domain-builder/fdt.c
>> @@ -257,6 +257,18 @@ static int __init process_domain_node(
>>              bd->max_vcpus = val;
>>              printk("  max vcpus: %d\n", bd->max_vcpus);
>>          }
>> +        else if ( strncmp(prop_name, "capabilities", name_len) == 0 )
>> +        {
>> +            if ( fdt_prop_as_u32(prop, &bd->capabilities) != 0 )
>> +            {
>> +                printk("  failed processing domain id for domain %s\n", 
>> name);
>> +                return -EINVAL;
>> +            }
>> +            printk("  caps: ");
>> +            if ( bd->capabilities & BUILD_CAPS_CONTROL )
>> +                printk("c");
>> +            printk("\n");
>> +        }
>
> Like for the other patch: What about other bits being set in the value read?

I take it that the non-worded suggestion is to have a mask of reserved
bits for each case and check they are not set (giving a warning if they are)?

>
>> --- a/xen/arch/x86/setup.c
>> +++ b/xen/arch/x86/setup.c
>> @@ -1006,6 +1006,7 @@ static struct domain *__init create_dom0(struct 
>> boot_info *bi)
>>  {
>>      char *cmdline = NULL;
>>      size_t cmdline_size;
>> +    unsigned int create_flags = 0;
>>      struct xen_domctl_createdomain dom0_cfg = {
>>          .flags = IS_ENABLED(CONFIG_TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0,
>>          .max_evtchn_port = -1,
>> @@ -1037,7 +1038,10 @@ static struct domain *__init create_dom0(struct 
>> boot_info *bi)
>>      if ( bd->domid == DOMID_INVALID )
>>          /* Create initial domain.  Not d0 for pvshim. */
>>          bd->domid = get_initial_domain_id();
>> -    d = domain_create(bd->domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged);
>> +    if ( bd->capabilities & BUILD_CAPS_CONTROL )
>> +        create_flags |= CDF_privileged;
>
> Seeing that builder_init() in the non-DT case sets the new bit 
> unconditionally,
> isn't the shim's only domain suddenly getting CDF_privileged set this way? Oh,
> no, you then ...
>
>> +    d = domain_create(bd->domid, &dom0_cfg,
>> +                      pv_shim ? 0 : create_flags);
>
> ... hide the flag here. Any reason to have the intermediate variable in the
> first place

Well, the logic would end up fairly convoluted otherwise. As things
stand this can be encoded in an if-else fashion with 2 calls, but
there's 2 capability flags coming that need integrating together.

This is just avoiding further code motion down the line.

> (can't resist: when there's already a wall of local variables here)?

Heh :). Point taken.

Cheers,
Alejandro

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.