Xen project Mailing List

Re: [PATCH 2/4] xsm/silo: Support hwdom/control domains

From: Jason Andryuk <jason.andryuk@xxxxxxx>

Date: Thu, 12 Jun 2025 16:30:17 -0400

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wbhSiqFxCJg3UTzzQSjLFfT2DQEtNEKTY6C9eF2ty6g=; b=whB3akfdlc3XHVr3rYHiDZcywR+98OrUd/Yz0I+IFDRnDTCteHYJZGZ5sa7YSXBQqKYaLOoxSKSQXVJERQgW4qAePnkfFzMhlKVxVY1wOqY2JKtMsxUazWrowimKNp2uocUvpqIF1WzAZNTYrM956XWvJ3iPEVZ/OIjKGscUPV8jxrPEKMaRkMq1Nduo9g7V6WXqfQM69jAdLZ/YSmBu40oh8VNfOzICJ7ovH+CG8jMdTqAfPXBg2fDkEIKf2zKhJvcaFPJ9N0byOEKq2Hr3poSTc+vKwIZeJOnrYYRawgL+S9ZhMxUgCNMtm8uDtVszJ+B8dDbvNHxb2smHdjpSxQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=U+QsvYCorc1/MC9isUesy19/+9uexLk065goQ29tTW8iIh6pasJITzyer3W2nOsSVdtDD/4F+6tkY3wvIhQnLtRgC59tFMQYmM5NIs8Cpm1AVjpeGAYi0PhCPuyad4pMvBFRNUfQvyZrBKRxi/+SWpDKWiQv7J4TudcAP0dFUoym/Mll/wxlxIBx8edqv9rnW+zKQkAs5Zx1BDA5ZkuOiAg8EtUN5T8FtSCP9HfGK9fMr4lef4xyJnPVRRj9PFeZdSygTrH8gBAhzQdsmBvw/7550VWHXduiZUja0/fr3ShGMCODmC0frE9Ox0ugH18O4Zq5Oct4BLmN3JWZkU4l9A==

Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 12 Jun 2025 20:30:33 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2025-06-12 12:56, Jason Andryuk wrote:

On 2025-06-12 03:52, Jan Beulich wrote:

On 11.06.2025 06:20, Jason Andryuk wrote:

On 2025-06-11 09:17, Jan Beulich wrote:

On 11.06.2025 00:57, Jason Andryuk wrote:

In a disaggregated environment, dom0 is split into Control, Hardware,
and Xenstore domains, along with domUs.  The is_control_domain() check
is not sufficient to handle all these cases.  Add is_priv_domain() to
support allowing for the various domains.
The purpose of SILO mode is to prevent domUs from interacting witheach
other.  But dom0 was allowed to communicate with domUs to provide
services. As the disaggregation of dom0, Control, Hardware andXenstore
are all service domains that need to communicate with other domains.
To provide xenstore connections, the Xenstore domain must beallowed to
connect via grants and event channels.  Xenstore domain must also be
allowed to connect to Control and Hardware to provide xenstore tothem.


Are you suggesting that SILO at present is incompatible with a Xenstore
domain? silo_mode_dom_check() in its original form has no special
precautions, after all.


Yes, it is incompatible with the current silo_mode_dom_check().  Only
Control domain is allowed to use grants and event channels with a domU.
A Xenstore domain would be denied.

Xenstore stubdom only exists for x86 today.  My limited attempts to run
xenstored in an dedicated Xenstore ARM Linux domain have failed.


This may want sorting independently first. Once sorted, the requirements
here may become more clear.


HW+XS-> xenstore works

CTL+XS or XS -> the domain's console just stops. vCPUs are in Linux cpuidle. I haven't figured out more. This required some Linux changes toquery the capabilities since XS isn't exposed and ARM assumes initialdomain implies HW + CTL. It's orthogonal to my goals, so I haven'tlooked too hard.

I got standalone Xenstore working on ARM. Linux was blocking in

xs_reset_watches() - the Xenstore domain needs to skip that function

like xen_initial_domain().

This is with SILO's check as: static bool is_priv_domain(const struct domain *d) { return evaluate_nospec((d->options & XEN_DOMCTL_CDF_xs_domain) || d == hardware_domain); } Regards, Jason

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.