Xen project Mailing List

[PATCH v2 1/2] restrict concept of pIRQ to x86

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Wed, 3 May 2023 17:33:05 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g3wz92lQ5KDUxdt8BmZClL8NBUi7+IdNuZks2UaRJyU=; b=gXtfyiiP1q1b9Q+Ftsb7t7PhMZE/zsJ+JcGhXU8ZSxD1A3CFYwjRhAyj8Q0K2HZr3c9lj+822nboWrJEvq9Kv+PT9DX6AbP0mFpChXyAYUcAawM6BtMlh9EwTf4IWlTj0uANRF/g7mfnGjSlG0aAvq10VZAB2edFTwCD1YtK/OA/Kvlh4OELwxVnlGmt+CKvrjSmEKdpIU4G12UWWHxbwC8b9KyLh7lAkvrMw6gy5rbPMlg91lXvM/zJz3jmkChzU0u2VOzvzIIOlrL/axu9IST8n+yPeC+ZQYZxIsVRN3vbTIazM/i4dF97eV6tFc1UuZ/7Sh9iRg/6K6GLObf+Tg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nSgB/yFikd9A65BGSSGIKIyQygm92cG+/3011FVurmipxC58uOkyY7W4m6Yvd8xMheY1Ao4f22SZA5IZyEBC/2ccaXsV+2VuL9RfaMUXbSzTY/yQR8W6TI7AdGmCWyVnfyjzfSXD4dN9fYULBzNrgsE/7LurvowxL7uw6+CCpQU/oRhiCY/kPVsWKO/5I3YnDr46uWKSEfWPJKd5YZ827V3KQYDGGsE4kHES9/ytnke97ur3xfplzbzC9z10qqhX9JmalwPAEQB0lOrh1m3fgFJZDED25YcbTy2jrnq0EqAbI6qFl2eQu9Vb5gKLjgWbhDquWgwQhQyCy9eGNSOHvQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>

Delivery-date: Wed, 03 May 2023 15:33:23 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

... by way of a new arch-selectable Kconfig control. Note that some smaller pieces of code are left without #ifdef, to keep things better readable. Hence items like ECS_PIRQ, nr_static_irqs, or domain_pirq_to_irq() remain uniformly. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- I'm not really certain about XEN_DOMCTL_irq_permission: With pIRQ-s not used, the prior pIRQ -> IRQ translation cannot have succeeded on Arm, so quite possibly the entire domctl is unused there? Yet then how is access to particular device IRQs being granted/revoked? --- v2: New. --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1120,7 +1120,7 @@ introduced with the Nehalem architecture intended as an emergency option for people who first chose fast, then change their minds to secure, and wish not to reboot.** -### extra_guest_irqs +### extra_guest_irqs (x86) > `= [<domU number>][,<dom0 number>]` > Default: `32,<variable>` --- a/xen/arch/arm/include/asm/irq.h +++ b/xen/arch/arm/include/asm/irq.h @@ -52,7 +52,6 @@ struct arch_irq_desc { extern const unsigned int nr_irqs; #define nr_static_irqs NR_IRQS -#define arch_hwdom_irqs(domid) NR_IRQS struct irq_desc; struct irqaction; --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -25,6 +25,7 @@ config X86 select HAS_PCI select HAS_PCI_MSI select HAS_PDX + select HAS_PIRQ select HAS_SCHED_GRANULARITY select HAS_UBSAN select HAS_VPCI if HVM --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -56,6 +56,9 @@ config HAS_KEXEC config HAS_PDX bool +config HAS_PIRQ + bool + config HAS_PMAP bool --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -350,6 +350,8 @@ static int late_hwdom_init(struct domain #endif } +#ifdef CONFIG_HAS_PIRQ + static unsigned int __read_mostly extra_hwdom_irqs; static unsigned int __read_mostly extra_domU_irqs = 32; @@ -364,6 +366,8 @@ static int __init cf_check parse_extra_g } custom_param("extra_guest_irqs", parse_extra_guest_irqs); +#endif /* CONFIG_HAS_PIRQ */ + /* * Release resources held by a domain. There may or may not be live * references to the domain, and it may or may not be fully constructed. @@ -653,6 +657,7 @@ struct domain *domain_create(domid_t dom if ( is_system_domain(d) && !is_idle_domain(d) ) return d; +#ifdef CONFIG_HAS_PIRQ if ( !is_idle_domain(d) ) { if ( !is_hardware_domain(d) ) @@ -664,6 +669,7 @@ struct domain *domain_create(domid_t dom radix_tree_init(&d->pirq_tree); } +#endif if ( (err = arch_domain_create(d, config, flags)) != 0 ) goto fail; @@ -755,7 +761,9 @@ struct domain *domain_create(domid_t dom { evtchn_destroy(d); evtchn_destroy_final(d); +#ifdef CONFIG_HAS_PIRQ radix_tree_destroy(&d->pirq_tree, free_pirq_struct); +#endif } if ( init_status & INIT_watchdog ) watchdog_domain_destroy(d); @@ -1151,7 +1159,9 @@ static void cf_check complete_domain_des evtchn_destroy_final(d); +#ifdef CONFIG_HAS_PIRQ radix_tree_destroy(&d->pirq_tree, free_pirq_struct); +#endif xfree(d->vcpu); @@ -1864,6 +1874,8 @@ long do_vm_assist(unsigned int cmd, unsi } #endif +#ifdef CONFIG_HAS_PIRQ + struct pirq *pirq_get_info(struct domain *d, int pirq) { struct pirq *info = pirq_info(d, pirq); @@ -1893,6 +1905,8 @@ void cf_check free_pirq_struct(void *ptr call_rcu(&pirq->rcu_head, _free_pirq_struct); } +#endif /* CONFIG_HAS_PIRQ */ + struct migrate_info { long (*func)(void *data); void *data; --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -683,11 +683,13 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe unsigned int pirq = op->u.irq_permission.pirq, irq; int allow = op->u.irq_permission.allow_access; +#ifdef CONFIG_HAS_PIRQ if ( pirq >= current->domain->nr_pirqs ) { ret = -EINVAL; break; } +#endif irq = pirq_access_permitted(current->domain, pirq); if ( !irq || xsm_irq_permission(XSM_HOOK, d, irq, allow) ) ret = -EPERM; --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -555,6 +555,7 @@ static int evtchn_bind_ipi(evtchn_bind_i return rc; } +#ifdef CONFIG_HAS_PIRQ static void link_pirq_port(int port, struct evtchn *chn, struct vcpu *v) { @@ -580,9 +581,11 @@ static void unlink_pirq_port(struct evtc chn->u.pirq.prev_port; } +#endif /* CONFIG_HAS_PIRQ */ static int evtchn_bind_pirq(evtchn_bind_pirq_t *bind) { +#ifdef CONFIG_HAS_PIRQ struct evtchn *chn; struct domain *d = current->domain; struct vcpu *v = d->vcpu[0]; @@ -639,6 +642,9 @@ static int evtchn_bind_pirq(evtchn_bind_ write_unlock(&d->event_lock); return rc; +#else /* !CONFIG_HAS_PIRQ */ + return -EOPNOTSUPP; +#endif } @@ -671,6 +677,7 @@ int evtchn_close(struct domain *d1, int case ECS_UNBOUND: break; +#ifdef CONFIG_HAS_PIRQ case ECS_PIRQ: { struct pirq *pirq = pirq_info(d1, chn1->u.pirq.irq); @@ -680,14 +687,13 @@ int evtchn_close(struct domain *d1, int pirq_guest_unbind(d1, pirq); pirq->evtchn = 0; pirq_cleanup_check(pirq, d1); -#ifdef CONFIG_X86 if ( is_hvm_domain(d1) && domain_pirq_to_irq(d1, pirq->pirq) > 0 ) unmap_domain_pirq_emuirq(d1, pirq->pirq); -#endif } unlink_pirq_port(chn1, d1->vcpu[chn1->notify_vcpu_id]); break; } +#endif case ECS_VIRQ: { struct vcpu *v; @@ -1097,6 +1103,8 @@ int evtchn_bind_vcpu(evtchn_port_t port, case ECS_INTERDOMAIN: chn->notify_vcpu_id = v->vcpu_id; break; + +#ifdef CONFIG_HAS_PIRQ case ECS_PIRQ: if ( chn->notify_vcpu_id == v->vcpu_id ) break; @@ -1106,6 +1114,8 @@ int evtchn_bind_vcpu(evtchn_port_t port, cpumask_of(v->processor)); link_pirq_port(port, chn, v); break; +#endif + default: rc = -EINVAL; break; --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -438,12 +438,14 @@ struct domain struct grant_table *grant_table; +#ifdef CONFIG_HAS_PIRQ /* * Interrupt to event-channel mappings and other per-guest-pirq data. * Protected by the domain's event-channel spinlock. */ struct radix_tree_root pirq_tree; unsigned int nr_pirqs; +#endif unsigned int options; /* copy of createdomain flags */

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.