Re: [PATCH v10 3/3] xen/domain: use get_initial_domain_id() instead of open-coded 0

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
To: <dmkhn@proton.me>, <xen-devel@lists.xenproject.org>
Cc: <andrew.cooper3@citrix.com>, <anthony.perard@vates.tech>,
	<jbeulich@suse.com>, <julien@xen.org>, <michal.orzel@amd.com>,
	<roger.pau@citrix.com>, <sstabellini@kernel.org>,
	<dmukhin@ford.com>, <jgross@suse.com>,
	Xen-devel <xen-devel-bounces@lists.xenproject.org>
Subject: Re: [PATCH v10 3/3] xen/domain: use get_initial_domain_id() instead of open-coded 0
Date: Thu, 17 Jul 2025 12:59:15 +0200	[thread overview]
Message-ID: <DBEA05LLKKR8.2SWMMEL6KJTL9@amd.com> (raw)
In-Reply-To: <20250623182721.194238-4-dmukhin@ford.com>

+Juergen for late-hwdom bit

Hi,

On Mon Jun 23, 2025 at 8:28 PM CEST, dmkhn wrote:
> From: Denis Mukhin <dmukhin@ford.com>
>
> Remove the open-coded domain ID 0 and replace it with a call to
> get_initial_domain_id().

Ideally we'd be better off replacing it where applicable with  is
hardware_domain(), or is_control_domain(), or a ORd version of both depending
on what the hardcoded 0 means to do.

>
> Signed-off-by: Denis Mukhin <dmukhin@ford.com>
> ---
> Changes since v9:
> - new patch
> ---
>  xen/arch/arm/domain_build.c | 4 ++--
>  xen/common/domain.c         | 6 +++---
>  2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> index b59b56636920..b525d78c608f 100644
> --- a/xen/arch/arm/domain_build.c
> +++ b/xen/arch/arm/domain_build.c
> @@ -2074,9 +2074,9 @@ void __init create_dom0(void)
>      if ( !llc_coloring_enabled )
>          flags |= CDF_directmap;
>  
> -    domid = domid_alloc(0);
> +    domid = domid_alloc(get_initial_domain_id());
>      if ( domid == DOMID_INVALID )
> -        panic("Error allocating domain ID 0\n");
> +        panic("Error allocating domain ID %d\n", get_initial_domain_id());
>  
>      dom0 = domain_create(domid, &dom0_cfg, flags);
>      if ( IS_ERR(dom0) )

On arm this is just another level of indirection. It might work as a marker to
know where dom0 is hardcoded, though. So sounds good to me.

> diff --git a/xen/common/domain.c b/xen/common/domain.c
> index be022c720b13..27575b4610e3 100644
> --- a/xen/common/domain.c
> +++ b/xen/common/domain.c
> @@ -492,7 +492,7 @@ static int late_hwdom_init(struct domain *d)
>      struct domain *dom0;
>      int rv;
>  
> -    if ( d != hardware_domain || d->domain_id == 0 )
> +    if ( d != hardware_domain || d->domain_id == get_initial_domain_id() )

This is tricky. get_initial_domain_id() is only non-zero in shim-mode. And in
that mode there's no control nor hardware domain (hence why the initial domain
id is not zero in that case).

>          return 0;
>  
>      rv = xsm_init_hardware_domain(XSM_HOOK, d);
> @@ -501,7 +501,7 @@ static int late_hwdom_init(struct domain *d)
>  
>      printk("Initialising hardware domain %d\n", hardware_domid);
>  
> -    dom0 = rcu_lock_domain_by_id(0);
> +    dom0 = rcu_lock_domain_by_id(get_initial_domain_id());

Hmmm. More generally this is probably trying to find the previous hardware
domain. Which the caller already has a pointer to. 

Maybe this would work?

```
	-static int late_hwdom_init(struct domain *d)
	+static int late_hwdom_init(struct domain *d, struct domain *old_hwdom)
	 {
	 #ifdef CONFIG_LATE_HWDOM
	     struct domain *dom0;
	     int rv;

	-    if ( d != hardware_domain || d->domain_id == 0 )
	+    if ( d != hardware_domain || !old_hwdom )
	         return 0;

	     rv = xsm_init_hardware_domain(XSM_HOOK, d);
	@@ -493,8 +493,6 @@ static int late_hwdom_init(struct domain *d)

	     printk("Initialising hardware domain %d\n", hardware_domid);

	-    dom0 = rcu_lock_domain_by_id(0);
	-    ASSERT(dom0 != NULL);
	     /*
	      * Hardware resource ranges for domain 0 have been set up from
	      * various sources intended to restrict the hardware domain's
	@@ -512,11 +510,9 @@ static int late_hwdom_init(struct domain *d)
	 #ifdef CONFIG_X86
	     rangeset_swap(d->arch.ioport_caps, dom0->arch.ioport_caps);
	     setup_io_bitmap(d);
	-    setup_io_bitmap(dom0);
	+    setup_io_bitmap(old_hwdom);
	 #endif

	-    rcu_unlock_domain(dom0);
	-
	     iommu_hwdom_init(d);

	     return rv;
	@@ -967,7 +963,7 @@ struct domain *domain_create(domid_t domid,
	     if ( (err = sched_init_domain(d, config->cpupool_id)) != 0 )
	         goto fail;

	-    if ( (err = late_hwdom_init(d)) != 0 )
	+    if ( (err = late_hwdom_init(d, old_hwdom)) != 0 )
	         goto fail;
```

Juergen, do you have any thoughts about this?

>      ASSERT(dom0 != NULL);
>      /*
>       * Hardware resource ranges for domain 0 have been set up from
> @@ -2479,7 +2479,7 @@ domid_t domid_alloc(domid_t domid)
>          if ( domid == DOMID_FIRST_RESERVED )
>              domid = find_next_zero_bit(domid_bitmap,
>                                         DOMID_FIRST_RESERVED,
> -                                       1);
> +                                       get_initial_domain_id() + 1);

IMO, this should be either 1 (for defence in depth against using zero) or 0.
There's nothing special with any other initial domain ids.

>  #endif
>  
>          if ( domid < DOMID_FIRST_RESERVED )

Cheers,
Alejandro

next prev parent reply	other threads:[~2025-07-17 10:59 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-23 18:27 [PATCH v10 0/3] xen/domain: domain ID allocation dmkhn
2025-06-23 18:28 ` [PATCH v10 1/3] xen/domain: unify " dmkhn
2025-06-24  5:58   ` Jan Beulich
2025-07-17 10:27   ` Alejandro Vallejo
2025-07-22 23:17     ` dmkhn
2025-06-23 18:28 ` [PATCH v10 2/3] xen/domain: update create_dom0() messages dmkhn
2025-07-17 10:34   ` Alejandro Vallejo
2025-07-22 23:19     ` dmkhn
2025-07-17 12:58   ` Grygorii Strashko
2025-07-17 13:03     ` Jan Beulich
2025-07-18 11:20       ` Grygorii Strashko
2025-06-23 18:28 ` [PATCH v10 3/3] xen/domain: use get_initial_domain_id() instead of open-coded 0 dmkhn
2025-06-24  6:07   ` Jan Beulich
2025-07-22 23:24     ` dmkhn
2025-07-17 10:59   ` Alejandro Vallejo [this message]
2025-07-22 23:46     ` dmkhn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DBEA05LLKKR8.2SWMMEL6KJTL9@amd.com \
    --to=alejandro.garciavallejo@amd.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=anthony.perard@vates.tech \
    --cc=dmkhn@proton.me \
    --cc=dmukhin@ford.com \
    --cc=jbeulich@suse.com \
    --cc=jgross@suse.com \
    --cc=julien@xen.org \
    --cc=michal.orzel@amd.com \
    --cc=roger.pau@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel-bounces@lists.xenproject.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.