Xen project Mailing List

Re: [PATCH v3] xen/domain: unify domain ID allocation

Date: Thu, 17 Apr 2025 11:47:07 +0200

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: andrew.cooper3@xxxxxxxxxx, anthony.perard@xxxxxxxxxx, julien@xxxxxxx, michal.orzel@xxxxxxx, roger.pau@xxxxxxxxxx, sstabellini@xxxxxxxxxx, dmukhin@xxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 17 Apr 2025 09:47:36 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.04.2025 08:15, dmkhn@xxxxxxxxx wrote: > From: Denis Mukhin <dmukhin@xxxxxxxx> > > Unify the logic of domain ID allocation, so that both the initial domain > creation and the usage by domctl use the same helper function across > architectures (Arm and x86). > > Wrap the domain ID allocation as an arch-independent function domid_alloc() in > common/domain.c. > > Allocation algorithm: > - If an explicit domain ID is provided, verify its availability and > use it if ID is unused; > - Otherwise, perform an exhaustive search for the first available ID > within the [0..DOMID_FIRST_RESERVED) range, excluding hardware_domid. > > Move the is_free_domid() helper closer to domid_alloc(). Simplify > is_free_domid() by removing the domain ID range check, as the ID is now > guaranteed to be within the valid range. Additionally, update the predicate to > return a bool value instead of an int. > > Signed-off-by: Denis Mukhin <dmukhin@xxxxxxxx> Please can you clarify whether this is intended to be no functional change (as far as one would be able to observe from the outside)? (It isn't, and when it isn't, the behavioral change needs justifying. Which I fear you won't be able to, in which case it needs undoing. Not using the first unused ID is a deliberate property of the present allocation scheme.) > --- > xen/arch/arm/dom0less-build.c | 19 ++++++++------- > xen/arch/arm/domain_build.c | 19 +++++++++++---- > xen/arch/x86/setup.c | 8 +++++-- > xen/common/domain.c | 45 +++++++++++++++++++++++++++++++++++ > xen/common/domctl.c | 45 ++++------------------------------- > xen/include/xen/domain.h | 2 ++ > 6 files changed, 81 insertions(+), 57 deletions(-) This suggests it's not clearly an improvement. And I'm heavily inclined to ask (also considering the above) that this simply be dropped. > --- a/xen/arch/arm/domain_build.c > +++ b/xen/arch/arm/domain_build.c > @@ -2370,6 +2370,7 @@ void __init create_dom0(void) > .grant_opts = XEN_DOMCTL_GRANT_version(opt_gnttab_max_version), > }; > unsigned int flags = CDF_privileged; > + domid_t domid; > int rc; > > /* The vGIC for DOM0 is exactly emulating the hardware GIC */ > @@ -2394,19 +2395,27 @@ void __init create_dom0(void) > if ( !llc_coloring_enabled ) > flags |= CDF_directmap; > > - dom0 = domain_create(0, &dom0_cfg, flags); > + rc = domid_alloc(get_initial_domain_id()); > + if ( rc < 0 ) > + panic("Error allocating domain ID %d (rc = %d)\n", > + get_initial_domain_id(), rc); > + domid = rc; > + > + dom0 = domain_create(domid, &dom0_cfg, flags); > if ( IS_ERR(dom0) ) > - panic("Error creating domain 0 (rc = %ld)\n", PTR_ERR(dom0)); > + panic("Error creating domain %d (rc = %ld)\n", domid, PTR_ERR(dom0)); Up to here using domid is okay. However, ... > if ( llc_coloring_enabled && (rc = dom0_set_llc_colors(dom0)) ) > - panic("Error initializing LLC coloring for domain 0 (rc = %d)\n", > rc); > + panic("Error initializing LLC coloring for domain %d (rc = %d)\n", > + domid, rc); > > if ( alloc_dom0_vcpu0(dom0) == NULL ) > - panic("Error creating domain 0 vcpu0\n"); > + panic("Error creating domain %d vcpu0\n", domid); > > rc = construct_dom0(dom0); > if ( rc ) > - panic("Could not set up DOM0 guest OS (rc = %d)\n", rc); > + panic("Could not set up guest OS for domain %d (rc = %d)\n", > + domid, rc); > } ... these all would better use %pd, when already being touched. While touching all of these I think you also want to aim at making output match that %pd or %pv would result in, if they were usable at those places. > --- a/xen/arch/x86/setup.c > +++ b/xen/arch/x86/setup.c > @@ -1009,8 +1009,12 @@ static struct domain *__init create_dom0(struct > boot_info *bi) > if ( iommu_enabled ) > dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; > > - /* Create initial domain. Not d0 for pvshim. */ > - bd->domid = get_initial_domain_id(); > + /* Allocate initial domain ID. Not d0 for pvshim. */ > + bd->domid = domid_alloc(get_initial_domain_id()); You're clipping the int return value to domid_t here, and thus ... > + if ( bd->domid < 0 ) ... this condition will be always false. I'm surprised the compiler didn't flag this for you. > --- a/xen/common/domain.c > +++ b/xen/common/domain.c > @@ -66,6 +66,51 @@ DEFINE_RCU_READ_LOCK(domlist_read_lock); > static struct domain *domain_hash[DOMAIN_HASH_SIZE]; > struct domain *domain_list; > > +static inline bool is_free_domid(domid_t dom) > +{ > + struct domain *d = rcu_lock_domain_by_id(dom); > + > + if ( d ) > + rcu_unlock_domain(d); > + > + return !d; > +} > + > +/* > + * Allocate new domain ID based on the hint. > + * > + * If hint is outside of valid [0..DOMID_FIRST_RESERVED] range of IDs, That's [0, DOMID_FIRST_RESERVED), to be unambiguous. In C array initializer notation it would be [0 ... DOMID_FIRST_RESERVED - 1]. > + * perform an exhaustive search of the first free domain ID excluding > + * hardware_domid. > + */ > +int domid_alloc(int hint) I would have thought that I did comment already on the parameter being plain int. > +{ > + domid_t domid; > + > + if ( hint >= 0 && hint < DOMID_FIRST_RESERVED ) > + { > + if ( !is_free_domid(hint) ) > + return -EEXIST; > + > + domid = hint; > + } > + else > + { > + for ( domid = 0; domid < DOMID_FIRST_RESERVED; domid++ ) > + { > + if ( domid == hardware_domid ) > + continue; > + if ( is_free_domid(domid) ) > + break; > + } > + > + if ( domid == DOMID_FIRST_RESERVED ) > + return -ENOMEM; There's no memory allocation here, so why ENOMEM? ENOSPC may already be slightly better. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.