[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v8 3/3] xen/domain: introduce CONFIG_MAX_DOMID

On 22.05.2025 02:09, dmkhn@xxxxxxxxx wrote:
> On Wed, May 21, 2025 at 09:31:34AM +0200, Jan Beulich wrote:
>> On 21.05.2025 02:00, dmkhn@xxxxxxxxx wrote:
>>> --- a/xen/arch/arm/tee/ffa.c
>>> +++ b/xen/arch/arm/tee/ffa.c
>>> @@ -331,10 +331,9 @@ static int ffa_domain_init(struct domain *d)
>>>       * reserved for the hypervisor and we only support secure endpoints 
>>> using
>>>       * FF-A IDs with BIT 15 set to 1 so make sure those are not used by 
>>> Xen.
>>>       */
>>> -    BUILD_BUG_ON(DOMID_FIRST_RESERVED >= UINT16_MAX);
>>
>> Why's this being moved to common code? It certainly may have a purpose here
>> (which I'm simply unaware of); I don't see what purpose it has in common
>> code.
> 
> My understanding having DOMID_FIRST_RESERVED compile-time checks in one place
> is good for testability: the check in question also applies to x86.
> 
> I will drop that hunk.

And also the other one, unless you can explain what exactly you're checking.
The connection between DOMID_FIRST_RESERVED and UINT16_MAX is at best
indirect, through domid_t. Yet if domid_t was widened (possible in principle,
but breaking the ABI) that check would end up wrong without the compiler
noticing (unless DOMID_FIRST_RESERVED was also bumped, which however is an
independent thing).

>>> --- a/xen/common/Kconfig
>>> +++ b/xen/common/Kconfig
>>> @@ -576,4 +576,11 @@ config BUDDY_ALLOCATOR_SIZE
>>>       Amount of memory reserved for the buddy allocator to serve Xen heap,
>>>       working alongside the colored one.
>>>
>>> +config MAX_DOMID
>>> +   int "Maximum number of user domains"
>>> +   range 1 32752
>>> +   default 32752
>>> +   help
>>> +     Specifies the maximum number of domains a user can create.
>>
>> My prior comment remains: The description and help needs to be accurate, in
>> order to not cause any confusion. In a true dom0less environment I'm not
>> sure the "user" can create any domains (post boot, that is). And when there
>> is Dom0 (or late hwdom), the number specified already isn't the number of
>> domains one can create (again, post boot, which is how I understand "user
>> domains"). If someone picked 1 as the value here, it's unclear to me how
>> late hwdom or dom0less would work in the first place.
> 
> Do you think something like the following will be more accurate?
> 
>     config MAX_DOMID
>        int "Maximum number of domains"
>        range 1 32752
>        default 32752
>        help
>          Specifies the maximum number of domains: dom0 or late hwdom,
>          predefined domains, post-boot domains, excluding Xen system domains
>          (domid >= DOMID_FIRST_RESERVED).

Especially the mention of DOMID_FIRST_RESERVED is too much of an implementation
detail here, imo. Beyond that - maybe, but I'm not overly happy this way either.

As an aside - MAX_DOMID and "Maximum number of domains" are conflicting
with one another, too: Do you mean "maximum ID" or "maximum number of"? The two
are different by 1.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.