Xen project Mailing List

[PATCH v3 16/16] x86/hyperlaunch: add capabilities to boot domain

From: Alejandro Vallejo <agarciav@xxxxxxx>

Date: Tue, 8 Apr 2025 17:07:38 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CdZjJno4ZP28T5tdzAN4JY6E44clyK3Mj7hHKvRrs5s=; b=lB7ZIj1ZIiXVAmchV7DjXZCmzB1VDTbIJhDqluy9kMKiRTdzvx5a/5KgQdE5XcYCskbzmADEP/+a8flGm6ArLBgOj6dPzyNwL6dDlO/co20ktRxkErKAeY0j6/PJrN0SOv+4QvfPl4xSzvKkYpR9iSd75eqCudLtHjMueX0UI7cFuTEWsuuXLGbtWKZK73u4ojRaDK4vI5w5TxloQhRdefhaGWACiHj0V8uRTcRHbO6p4GLCHMfbcnRY1a+bxpkb4JZDcsJ4qrOgLTdyTroFe99HxzKydwXnMBOUxzbKjBKuz8v6lsiWNkXhBztVw/q7Ze5lskQlse+zshZ4LiW1pQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KhKWTPh5+j5ubY28Lc8y3jGM9Q0MXXLh54mpD5gHAMO0+i6MleGisXfDKlGgCf6AftSm9n1D4PCnTSAORjWATgLT1YV4XRTrNMYJ9ZjJPyaouGb1/xcx8PqIoGywNa2J4CKPk/mY5HFwaomZmqPZ+ofcmqTYrNhi3OtLZK1ek3XEwkSKOUbeOg5GyMzYfrVrtj0IP1hPvJ/A+iJs07VvXVChBJzDHjbQvjuduCY1dWLs3AY11GJJFM/afPON/oPPgt6j6SY12m4uoYWk3bRHeidmYeKYIgVq4irgsfrJdvfxsM0CVVqMoDG86fyoSmUUUS8FRdmAhnyGrifo52JDVQ==

Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, Xenia Ragiadakou <xenia.ragiadakou@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 08 Apr 2025 16:10:54 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx> Introduce the ability to assign capabilities to a domain via its definition in device tree. The first capability enabled to select is the control domain capability. The capability property is a bitfield in both the device tree and `struct boot_domain`. Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> Reviewed-by: Jason Andryuk <jason.andryuk@xxxxxxx> Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx> --- xen/arch/x86/domain-builder/core.c | 1 + xen/arch/x86/domain-builder/fdt.c | 12 ++++++++++++ xen/arch/x86/include/asm/boot-domain.h | 4 ++++ xen/arch/x86/setup.c | 6 +++++- 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/domain-builder/core.c b/xen/arch/x86/domain-builder/core.c index 510a74a675..6ab4e6fe53 100644 --- a/xen/arch/x86/domain-builder/core.c +++ b/xen/arch/x86/domain-builder/core.c @@ -96,6 +96,7 @@ void __init builder_init(struct boot_info *bi) i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); bi->mods[i].type = BOOTMOD_KERNEL; bi->domains[0].kernel = &bi->mods[i]; + bi->domains[0].capabilities |= BUILD_CAPS_CONTROL; bi->nr_domains = 1; } } diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index 5fcb767bdd..dbfbcffb0a 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -257,6 +257,18 @@ static int __init process_domain_node( bd->max_vcpus = val; printk(" max vcpus: %d\n", bd->max_vcpus); } + else if ( strncmp(prop_name, "capabilities", name_len) == 0 ) + { + if ( fdt_prop_as_u32(prop, &bd->capabilities) != 0 ) + { + printk(" failed processing domain id for domain %s\n", name); + return -EINVAL; + } + printk(" caps: "); + if ( bd->capabilities & BUILD_CAPS_CONTROL ) + printk("c"); + printk("\n"); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/include/asm/boot-domain.h b/xen/arch/x86/include/asm/boot-domain.h index 969c02a6ea..29a7d806de 100644 --- a/xen/arch/x86/include/asm/boot-domain.h +++ b/xen/arch/x86/include/asm/boot-domain.h @@ -13,6 +13,10 @@ struct boot_domain { domid_t domid; +#define BUILD_CAPS_NONE (0) +#define BUILD_CAPS_CONTROL (1 << 0) + uint32_t capabilities; + /* On | Off */ #define BUILD_MODE_PARAVIRT (1 << 0) /* PV | PVH/HVM */ #define BUILD_MODE_ENABLE_DM (1 << 1) /* HVM | PVH */ diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 4127a0105d..7e1a26b4d2 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1006,6 +1006,7 @@ static struct domain *__init create_dom0(struct boot_info *bi) { char *cmdline = NULL; size_t cmdline_size; + unsigned int create_flags = 0; struct xen_domctl_createdomain dom0_cfg = { .flags = IS_ENABLED(CONFIG_TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0, .max_evtchn_port = -1, @@ -1037,7 +1038,10 @@ static struct domain *__init create_dom0(struct boot_info *bi) if ( bd->domid == DOMID_INVALID ) /* Create initial domain. Not d0 for pvshim. */ bd->domid = get_initial_domain_id(); - d = domain_create(bd->domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); + if ( bd->capabilities & BUILD_CAPS_CONTROL ) + create_flags |= CDF_privileged; + d = domain_create(bd->domid, &dom0_cfg, + pv_shim ? 0 : create_flags); if ( IS_ERR(d) ) panic("Error creating d%u: %ld\n", bd->domid, PTR_ERR(d)); -- 2.43.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.