Xen project Mailing List

Re: [PATCH v2 7/7] xen/arm: introduce new xen,enhanced property value

From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>

Date: Thu, 25 Aug 2022 09:48:19 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gLCXELMOwsk2k7Sk5WrT4UcdkjlSSCOUF7vBXp8cMwA=; b=iORxbl1YSW9wEIU7ZlXBF4o1o64PGlNolponZHIL6GSDa+cnQvralcc8QNPVYcSLfv8y6hOmZpXsPsqvsH9GNzkadoEtlDF7MB7zMB5pFaWL0it1Jw7TCZ6I5YW4nPAHqXpfTNYGIpN8+2QA88xQJvEAcFAR4kn3e6Go541h8JUTutj6pKnV/mDRWgcQDcFtv5Oh8Zd5iloXQZlue7SVdkJJfLV12I24bLfFag2VG5D5abADlHFOqZzyYkMLNooDpQ9k3KcPT53VEtpnFmu+p2u3zfKKbmb1/JwvP6NpO+v1uTGi+Y59vUYoqDvUVusqnF6ZjINTmETqUc4ouuvYOg==

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gLCXELMOwsk2k7Sk5WrT4UcdkjlSSCOUF7vBXp8cMwA=; b=fPQw6xOuBuOZiFrBqTZEOr96siquRRl9KbyjEMy6LJyg8AVqiduRrmZBAQ28ptNft2u7Aig+bBokrB5AuTOXvwW2K4zMI7jrvx/uutwFuCggF7u4eI8ah/ctIyaozGOpAnQpSGFyYWDkXOqG5FP8kk8tnW+nxbJHDnH+qf4UqoDKsx9mD0RIwiELH1PG3D+UqB/fZwxcrN67yMOJZJvaxpMOeky97hCYi9BGlj5F/tohZYCT8osvGFCldtgClBLV0X0fpaoOMHhDnkEnZ+r/T1r6WukmWSGOQO2f12RLmE4WQf+Tj3wAHrvIfODMlnRnSqBcxeZILqjNVJl4QFmLWg==

Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=KDoB7M4BqeEMfybHr1e0O2Oh7OibLaKmwlIHH13G3u6ncY9AYleoWv7F9SCMGbzKFcCxwglnU/PZ7SgnZ42u/cnYDNVAFGR/EemYw487+5lgrFvLDUsI8J2e2olX0zHPWO/nL5+wLPwW5PizO0n77XM9F+eXk0onoJiACcm8tbaMKfUrPSnBU6LKZxqGU37XP3MPZAaFQA79Fg/FXyR5NVE50PCOUkDkP99gcS9swR/o6JEJR6UPbsrpsqoGBu7vvEHzfO2BW2P5owGYu1LWHIWBA0rWZMQ+NrQHalC0qPya/f7MZdT2ggVAq4Hu4M836OOq6aHKGeOqoiu1Cjs8EQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WRAhPLxSNTyB5IFhjRs1Y+ubtQr7rs652BeJ+lFx2bjDn31B9p9wiaTCkL9GY6N8SQgNxsq2yYZBxPKS6J7SAOkP0xaIeuQ5PF80AVZ4/DgQO+QcNRlxdd+1LGHzFlK1d4dsXVS3ujAbhkk1KZd6SfgQTsMZ/r1rTkb9VDYZ/OSFjL/grvPSXB7Anx3rwQHkUFIixzKKuzzsRjqYrpP8h0Tau1ALts3K64G7kpBB1+VN0qFnwFkOZJg8g+MoA0R7COaKdRGbAb+ZbZ5s0kLktk88SS1SkJyAeoTaojslQxtlKS683nzI3XtxCl5dDFoMlSQFmyeOZMgdzOUJeocSMQ==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Rahul Singh <Rahul.Singh@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Thu, 25 Aug 2022 09:48:50 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHYs7NVsywB9ZS1YkG+gj2FUNdLeq28SEyAgAG2wYCAAAw/gIAAHKuAgAAPTYCAABB2AIAAWmwAgAAL9QCAACl/gIAAbLmAgAAg9QCAAALsAA==

Thread-topic: [PATCH v2 7/7] xen/arm: introduce new xen,enhanced property value

Hi Julien, > On 25 Aug 2022, at 10:37, Julien Grall <julien@xxxxxxx> wrote: > > > > On 25/08/2022 08:39, Bertrand Marquis wrote: >> Hi, >>> On 25 Aug 2022, at 02:10, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote: >>> >>> On Wed, 24 Aug 2022, Julien Grall wrote: >>>> On 24/08/2022 22:59, Stefano Stabellini wrote: >>>>> On Wed, 24 Aug 2022, Rahul Singh wrote: >>>>>>> On 24 Aug 2022, at 4:36 pm, Julien Grall <julien@xxxxxxx> wrote: >>>>>>> On 24/08/2022 15:42, Rahul Singh wrote: >>>>>>>>> On 24 Aug 2022, at 1:59 pm, Julien Grall <julien@xxxxxxx> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On 24/08/2022 13:15, Rahul Singh wrote: >>>>>>>>>> Hi Julien, >>>>>>>>> >>>>>>>>> Hi Rahul, >>>>>>>>> >>>>>>>>>> Please let me know your view on this. >>>>>>>>>> diff --git a/xen/arch/arm/domain_build.c >>>>>>>>>> b/xen/arch/arm/domain_build.c >>>>>>>>>> index bfe7bc6b36..a1e23eee59 100644 >>>>>>>>>> --- a/xen/arch/arm/domain_build.c >>>>>>>>>> +++ b/xen/arch/arm/domain_build.c >>>>>>>>>> @@ -3562,12 +3562,7 @@ static int __init construct_domU(struct >>>>>>>>>> domain *d, >>>>>>>>>> if ( rc == -EILSEQ || >>>>>>>>>> rc == -ENODATA || >>>>>>>>>> (rc == 0 && !strcmp(dom0less_enhanced, “enabled”)) ) >>>>>>>>>> - { >>>>>>>>>> - if ( hardware_domain ) >>>>>>>>>> kinfo.dom0less_enhanced = true; >>>>>>>>>> - else >>>>>>>>>> - panic(“Tried to use xen,enhanced without dom0\n”); >>>>>>>>>> - } >>>>>>>>> >>>>>>>>> You can't use "xen,enhanced" without dom0. In fact, you will end up >>>>>>>>> to dereference NULL in alloc_xenstore_evtchn(). That's because >>>>>>>>> "xen,enhanced" means the domain will be able to use Xenstored. >>>>>>>>> >>>>>>>>> Now if you want to support your feature without a dom0. Then I think >>>>>>>>> we want to introduce an option which would be the same as >>>>>>>>> "xen,enhanced" but doesn't expose Xenstored. >>>>>>>> If we modify the patch as below we can use the "xen,enhanced" for >>>>>>>> domUs without dom0. >>>>>>>> I tested the patch and its works fine. Do you see any issue with this >>>>>>>> approach? >>>>>>> >>>>>>> Yes. For two reasons: >>>>>>> 1) It is muddying the meaning of "xen,enhanced". In particular a user >>>>>>> may not realize that Xenstore is not available if dom0 is not present. >>>>>>> 2) It would be more complicated to handle the case where Xenstored lives >>>>>>> in a non-dom0 domain. I am not aware of anyone wanting this on Arm yet, >>>>>>> but I don't want to close the door. >>>>>>> >>>>>>> So if you want to support create "xen,xen" without all the rest. Then I >>>>>>> think we need a different property value. I don't have a good suggestion >>>>>>> for the name. >>>>>> >>>>>> Is that okay if we use the earlier approach, when user set "xen,enhanced >>>>>> = evtchn” we will not call alloc_xenstore_evtchn() >>>>>> but we create hypervisor node with all fields. >>>>> >>>>> Thinking more about this, today xen,enhanced has the implication that: >>>>> >>>>> - the guest will get a regular and complete "xen,xen" node in device tree >>>>> - xenstore and PV drivers will be available (full Xen interfaces support) >>>>> >>>>> We don't necessarely imply that dom0 is required (from a domU point of >>>>> view) but we do imply that xenstore+evtchn+gnttab will be available to >>>>> the domU. >>>>> >>>>> Now, static event channels are different. They don't require xenstore >>>>> and they don't require gnttab. >>>>> >>>>> It is as if the current xen,enhanced node actually meant: >>>>> >>>>> xen,enhanced = "xenstore,gnttab,evtchn"; >>>> >>>> Correct. >>>> >>>>> >>>>> and now we are only enabling a subset: >>>>> >>>>> xen,enhanced = "evtchn"; >>>>> >>>>> Is that a correct understanding? >>>> >>>> Yes with some cavears (see below). >>>> >>>>> >>>>> >>>>> If so, we can clarify that: >>>>> >>>>> xen,enhanced; >>>>> >>>>> it is a convenient shortend for: >>>>> >>>>> xen,enhanced = "xenstore,gnttab,evtchn"; >>>>> >>>>> and that other combinations are also acceptable, e.g.: >>>>> >>>>> xen,enhanced = "gnttab"; >>>>> xen,enhanced = "evtchn"; >>>>> xen,enhanced = "evtchn,gnttab"; >>>>> >>>>> It is OK to panic if the user specifies an option that is currently >>>>> unsupported (e.g. "gnttab"). >>>> >>>> So today, if you create the node "xen,xen", the guest will expect to be >>>> able >>>> to use both grant-table and event channel. >>>> >>>> Therefore, in the list above, the only configuration we can sensibly >>>> support >>>> without any major rework is "evtchn,gnttab". >>>> >>>> If we want to support "evtchn" or "gnttab" only. Then we likely need to >>>> define >>>> a new binding (or new version) because neither "regs" nor "interrupts" are >>>> optional (although a guest OS is free to ignore them). >>> >>> Yes I think you are right. I also broadly agree with the rest of your >>> reply. >>> >>> Thinking about it and given the above, we only need 2 "levels" of >>> enhancement: >>> >>> 1) everything: xenstore, gnttab, evtchn >>> 2) gnttab, evtchn, but not xenstore >>> >>> Nothing else is really possible because, as Julien pointed out, >>> "xen,enhanced" implies the xen,xen node in the domU device tree and in >>> turn that node implies both evtchn and gnttab. >> So we could say that xen,enhanced always includes gnttab and Xenstore is >> optional. > > Not really, Xenstore has always been part of the story in Xen. So I think > making it optional for "xen,enhanced" is going to make more difficult for > user to understand what the meaning of the option (in particular that in the > future we may want to support Xenstored in a separate domain). Sorry wrong formulation, here I was meaning that we just need a solution to disable Xenstore (should still be here by default when supported). > >>> So I think we just need to add a way to express 2). We could do >>> something like: >>> >>> xen,enhanced = "evtchn,gnttab"; >> I am a bit puzzled here as gnttab is always there. > > What do you mean? Asking the user to specify gnttab in the list even though it is not supported to not have it in the list. > >>> >>> Or we could use a new separate option like Julien initially suggested, >>> e.g.: >>> >>> xen,enhanced-no-xenstore; >>> >>> "xen,enhanced-no-xenstore" is a terrible name actually, but just to >>> explain what I am thinking :-) >> I think most common use case will be to have all, so make sense to allow to >> disable Xenstore. >> How about: >> xen,enhanced = “no-xenstore” ? > > I would be fine with it. > >> An other solution is to keep xen,enhanced as it is and introduce a new >> option: >> Xen,no-xenstore > > I don't like the idea of introducing yet another option. > >> At the end Xenstore cannot be used if there is no Dom0 and that we can >> detect easily. >> Also there is no solution at this stage to have an other domain then Dom0 >> providing >> Xenstore (maybe in the long term someone will want to introduce that and we >> will need >> a way to specify which domain is handling it). >> So I still think that we could just say that Xenstore can only be active if >> there is a Dom0 >> and just disable Xenstore automatically if it is not the case. > > See above about disabling Xenstore automatically. Right now Xenstore can only work with a dom0 and if someone wants to have an other domain to provide it we would need a way to specify which one in the configuration. So in a configuration without dom0, I still think that not enabling Xenstore automatically is ok. > >> If there is a dom0 and someone wants a guest without Xenstore, then we would >> need to >> have the no-xenstore support. >> But is it a use case ? > > Do you mean when "xen,enhanced" is specified? If yes, this could be useful if > one want to limit the interface exposed to the guest. How about the following: Xen,enhanced: gnttab, events and Xenstore if there is a dom0 Xen,enhanced = “[no-]xenstore,[no-]evtchn,[no-]gnttab” for when the user wants to explicitly specify what he wants (and Xen stopping on unsupported configuration). In this I would allow to provide any combinations of the 3 Bertrand > >> All in all, enhance dom0less was not supported before 4.17 so we will not >> create any >> backward compatibility issue. > > I agree we still have the flexibility to change. > > Cheers, > > -- > Julien Grall

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.