[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V5 08/10] xen: Call arch_domain_create() before evtchn_init()

To: Chen Baozi <cbz@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxxxxx>
Date: Sun, 31 May 2015 14:29:09 +0100
Cc: Keir Fraser <keir@xxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Chen Baozi <baozich@xxxxxxxxx>
Delivery-date: Sun, 31 May 2015 13:29:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi Chen,

On 30/05/2015 12:07, Chen Baozi wrote:

From: Chen Baozi <baozich@xxxxxxxxx>

evtchn_init() will call domain_max_vcpus() to allocate poll_mask, which
needs the max vCPU number returned by domain_max_vcpus(). On arm/arm64
platform, this number is determined by the vGIC the guest is going to
use, which won't be initialised until arch_domain_create() is finished.

Signed-off-by: Chen Baozi <baozich@xxxxxxxxx>
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Cc: Julien Grall <julien.grall@xxxxxxxxxx>
Cc: Ian Campbell <ian.campbell@xxxxxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
Cc: Keir Fraser <keir@xxxxxxx>
Cc: Tim Deegan <tim@xxxxxxx>
---
  xen/common/domain.c | 8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/xen/common/domain.c b/xen/common/domain.c
index 6803c4d..5b98f69 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -316,6 +316,10 @@ struct domain *domain_create(domid_t domid, unsigned int 
domcr_flags,
      if ( domcr_flags & DOMCRF_dummy )
          return d;

+    if ( (err = arch_domain_create(d, domcr_flags, config)) != 0 )
+        goto fail;
+    init_status |= INIT_arch;
+
      if ( !is_idle_domain(d) )
      {
          if ( (err = xsm_domain_create(XSM_HOOK, d, ssidref)) != 0 )
@@ -354,10 +358,6 @@ struct domain *domain_create(domid_t domid, unsigned int 
domcr_flags,
              goto fail;
      }

-    if ( (err = arch_domain_create(d, domcr_flags, config)) != 0 )
-        goto fail;
-    init_status |= INIT_arch;
-

NACK. Moving arch_domain_create means that we will allocate memorybefore checking the XSM policy. I don't think we want to execute anexpensive function if the domain is not allowed to boot.

Furthermore, did you audit all the code to make sure thatarch_domain_create (on both x86 and ARM) doesn't use the allocation donebefore (i.e evtch, grant table,...)?

Depending on this question, we may want to create a preinit domaincreation with set the different value (such as the vGIC callback)without allocation memory.


Regards,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH V5 00/10] Support more than 8 vcpus on arm64 with GICv3
  - From: Chen Baozi
- [Xen-devel] [PATCH V5 08/10] xen: Call arch_domain_create() before evtchn_init()
  - From: Chen Baozi

Prev by Date: Re: [Xen-devel] [PATCH V5 07/10] xen/arm: Set 'reg' of cpu node for dom0 to match MPIDR's affinity
Next by Date: Re: [Xen-devel] [PATCH V5 09/10] xen/arm: make domain_max_vcpus return value from vgic_ops
Previous by thread: [Xen-devel] [PATCH V5 08/10] xen: Call arch_domain_create() before evtchn_init()
Next by thread: [Xen-devel] [PATCH V5 10/10] xen/arm64: increase MAX_VIRT_CPUS to 128 on arm64
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.