From: dmkhn@proton.me
To: Teddy Astie <teddy.astie@vates.tech>
Cc: xen-devel@lists.xenproject.org, andrew.cooper3@citrix.com,
anthony.perard@vates.tech, jbeulich@suse.com, julien@xen.org,
michal.orzel@amd.com, roger.pau@citrix.com,
sstabellini@kernel.org, dmukhin@ford.com
Subject: Re: [PATCH v6 1/2] xen/domain: unify domain ID allocation
Date: Fri, 16 May 2025 18:06:56 +0000 [thread overview]
Message-ID: <aCd+vEOrQcbCYFgY@kraken> (raw)
In-Reply-To: <3c9f60b3-cedb-4689-a3b4-15ebddcf9f67@vates.tech>
On Fri, May 16, 2025 at 08:43:35AM +0000, Teddy Astie wrote:
> Hello,
>
> Le 16/05/2025 à 04:06, dmkhn@proton.me a écrit :
> > From: Denis Mukhin <dmukhin@ford.com>
> >
> > Currently, hypervisor code has two different non-system domain ID allocation
> > implementations:
> >
> > (a) Sequential IDs allocation in dom0less Arm code based on max_init_domid;
> >
> > (b) Sequential IDs allocation in XEN_DOMCTL_createdomain; does not use
> > max_init_domid (both Arm and x86).
> >
> > It makes sense to have a common helper code for such task across architectures
> > (Arm and x86) and between dom0less / toolstack domU allocation.
> >
> > Wrap the domain ID allocation as an arch-independent function domid_alloc() in
> > common/domain.c based on rangeset.
> >
> > Allocation algorithm:
> > - If an explicit domain ID is provided, verify its availability and
> > use it if ID is not used;
> > - Otherwise, perform an exhaustive search starting from the end of the used
> > domain ID range. domid_alloc() guarantees that two subsequent calls will
> > result in different IDs allocation.
> >
> > Initialize the domain IDs rangeset from the new domid_init() which is called
> > from arch setup code.
> >
> > Also, remove is_free_domid() helper as it is not needed now.
> >
> > No functional change intended.
> >
> > Signed-off-by: Denis Mukhin <dmukhin@ford.com>
> > ---
> > Changes since v5:
> > - rebased
> > ---
> > xen/arch/arm/domain_build.c | 17 ++++--
> > xen/arch/arm/setup.c | 2 +
> > xen/arch/x86/setup.c | 13 +++--
> > xen/common/device-tree/dom0less-build.c | 10 ++--
> > xen/common/domain.c | 70 +++++++++++++++++++++++++
> > xen/common/domctl.c | 41 ++-------------
> > xen/include/xen/domain.h | 4 ++
> > 7 files changed, 107 insertions(+), 50 deletions(-)
> >
> > diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> > index b189a7cfae..e9d563c269 100644
> > --- a/xen/arch/arm/domain_build.c
> > +++ b/xen/arch/arm/domain_build.c
> > @@ -2010,6 +2010,7 @@ void __init create_dom0(void)
> > .grant_opts = XEN_DOMCTL_GRANT_version(opt_gnttab_max_version),
> > };
> > unsigned int flags = CDF_privileged | CDF_hardware;
> > + domid_t domid;
> > int rc;
> >
> > /* The vGIC for DOM0 is exactly emulating the hardware GIC */
> > @@ -2034,19 +2035,25 @@ void __init create_dom0(void)
> > if ( !llc_coloring_enabled )
> > flags |= CDF_directmap;
> >
> > - dom0 = domain_create(0, &dom0_cfg, flags);
> > + domid = domid_alloc(0);
> > + if ( domid == DOMID_INVALID )
> > + panic("Error allocating domain ID 0\n");
> > +
> > + dom0 = domain_create(domid, &dom0_cfg, flags);
> > if ( IS_ERR(dom0) )
> > - panic("Error creating domain 0 (rc = %ld)\n", PTR_ERR(dom0));
> > + panic("Error creating domain %d (rc = %ld)\n", domid, PTR_ERR(dom0));
> >
> > if ( llc_coloring_enabled && (rc = dom0_set_llc_colors(dom0)) )
> > - panic("Error initializing LLC coloring for domain 0 (rc = %d)\n", rc);
> > + panic("Error initializing LLC coloring for domain %pd (rc = %d)\n",
> > + dom0, rc);
> >
> > if ( alloc_dom0_vcpu0(dom0) == NULL )
> > - panic("Error creating domain 0 vcpu0\n");
> > + panic("Error creating domain %pdv0\n", dom0);
> >
> > rc = construct_dom0(dom0);
> > if ( rc )
> > - panic("Could not set up DOM0 guest OS (rc = %d)\n", rc);
> > + panic("Could not set up guest OS for domain %pd (rc = %d)\n",
> > + dom0, rc);
> >
> > set_xs_domain(dom0);
> > }
> > diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
> > index 10b46d0684..c3959e8d8e 100644
> > --- a/xen/arch/arm/setup.c
> > +++ b/xen/arch/arm/setup.c
> > @@ -418,6 +418,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr)
> >
> > timer_init();
> >
> > + domid_init();
> > +
> > init_idle_domain();
> >
> > rcu_init();
> > diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
> > index 2518954124..02f665f520 100644
> > --- a/xen/arch/x86/setup.c
> > +++ b/xen/arch/x86/setup.c
> > @@ -1030,8 +1030,11 @@ static struct domain *__init create_dom0(struct boot_info *bi)
> > if ( iommu_enabled )
> > dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu;
> >
> > - /* Create initial domain. Not d0 for pvshim. */
> > - bd->domid = get_initial_domain_id();
> > + /* Allocate initial domain ID. Not d0 for pvshim. */
> > + bd->domid = domid_alloc(get_initial_domain_id());
> > + if ( bd->domid == DOMID_INVALID )
> > + panic("Error allocating domain ID %d\n", get_initial_domain_id());
> > +
> > d = domain_create(bd->domid, &dom0_cfg,
> > pv_shim ? 0 : CDF_privileged | CDF_hardware);
> > if ( IS_ERR(d) )
> > @@ -1063,7 +1066,7 @@ static struct domain *__init create_dom0(struct boot_info *bi)
> >
> > if ( (strlen(acpi_param) == 0) && acpi_disabled )
> > {
> > - printk("ACPI is disabled, notifying Domain 0 (acpi=off)\n");
> > + printk("ACPI is disabled, notifying domain %pd (acpi=off)\n", d);
> > safe_strcpy(acpi_param, "off");
> > }
> >
> > @@ -1078,7 +1081,7 @@ static struct domain *__init create_dom0(struct boot_info *bi)
> >
> > bd->d = d;
> > if ( construct_dom0(bd) != 0 )
> > - panic("Could not construct domain 0\n");
> > + panic("Could not construct domain %pd\n", d);
> >
> > bd->cmdline = NULL;
> > xfree(cmdline);
> > @@ -1915,6 +1918,8 @@ void asmlinkage __init noreturn __start_xen(void)
> > mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges",
> > RANGESETF_prettyprint_hex);
> >
> > + domid_init();
> > +
> > xsm_multiboot_init(bi);
> >
> > /*
> > diff --git a/xen/common/device-tree/dom0less-build.c b/xen/common/device-tree/dom0less-build.c
> > index 2c56f13771..9236dbae11 100644
> > --- a/xen/common/device-tree/dom0less-build.c
> > +++ b/xen/common/device-tree/dom0less-build.c
> > @@ -850,15 +850,13 @@ void __init create_domUs(void)
> > struct xen_domctl_createdomain d_cfg = {0};
> > unsigned int flags = 0U;
> > bool has_dtb = false;
> > + domid_t domid;
> > uint32_t val;
> > int rc;
> >
> > if ( !dt_device_is_compatible(node, "xen,domain") )
> > continue;
> >
> > - if ( (max_init_domid + 1) >= DOMID_FIRST_RESERVED )
> > - panic("No more domain IDs available\n");
> > -
> > d_cfg.max_evtchn_port = 1023;
> > d_cfg.max_grant_frames = -1;
> > d_cfg.max_maptrack_frames = -1;
> > @@ -981,7 +979,11 @@ void __init create_domUs(void)
> > * very important to use the pre-increment operator to call
> > * domain_create() with a domid > 0. (domid == 0 is reserved for Dom0)
> > */
> > - d = domain_create(++max_init_domid, &d_cfg, flags);
> > + domid = domid_alloc(++max_init_domid);
> > + if ( domid == DOMID_INVALID )
> > + panic("Error allocating ID for domain %s\n", dt_node_name(node));
> > +
> > + d = domain_create(domid, &d_cfg, flags);
> > if ( IS_ERR(d) )
> > panic("Error creating domain %s (rc = %ld)\n",
> > dt_node_name(node), PTR_ERR(d));
> > diff --git a/xen/common/domain.c b/xen/common/domain.c
> > index abf1969e60..0ba3cdc47d 100644
> > --- a/xen/common/domain.c
> > +++ b/xen/common/domain.c
> > @@ -66,6 +66,74 @@ DEFINE_RCU_READ_LOCK(domlist_read_lock);
> > static struct domain *domain_hash[DOMAIN_HASH_SIZE];
> > struct domain *domain_list;
> >
> > +/* Non-system domain ID allocator. */
> > +static DEFINE_SPINLOCK(domid_lock);
> > +static struct rangeset *domid_rangeset;
> > +static unsigned int domid_last;
> > +
> > +void __init domid_init(void)
> > +{
> > + domid_rangeset = rangeset_new(NULL, "domid", RANGESETF_prettyprint_hex);
> > + if ( !domid_rangeset )
> > + panic("cannot allocate domain ID rangeset\n");
> > +
> > + rangeset_limit(domid_rangeset, DOMID_FIRST_RESERVED);
> > +}
> > +
> > +/*
> > + * Allocate new non-system domain ID based on the hint.
> > + *
> > + * If hint is outside of valid [0..DOMID_FIRST_RESERVED - 1] range of IDs,
> > + * perform an exhaustive search starting from the end of the used domain ID
> > + * range.
> > + */
> > +domid_t domid_alloc(domid_t domid)
> > +{
> > + spin_lock(&domid_lock);
> > +
> > + if ( domid < DOMID_FIRST_RESERVED )
> > + {
> > + if ( rangeset_contains_singleton(domid_rangeset, domid) )
> > + domid = DOMID_INVALID;
> > + }
> > + else
> > + {
> > + for ( domid = domid_last + 1; domid != domid_last; domid++ )
> > + {
> > + if ( domid == DOMID_FIRST_RESERVED )
> > + domid = 0;
> > +
> > + if ( !rangeset_contains_singleton(domid_rangeset, domid) )
> > + break;
> > + }
> > +
> > + if ( domid == domid_last )
> > + domid = DOMID_INVALID;
> > + }
> > +
> > + if ( domid != DOMID_INVALID )
> > + {
> > + ASSERT(!rangeset_add_singleton(domid_rangeset, domid));
> > +
> > + if ( domid != domid_last )
> > + domid_last = domid;
> > + }
> > +
> > + spin_unlock(&domid_lock);
> > +
> > + return domid;
> > +}
>
> It's mostly a matter of implementation choice, but I am not really fan
> of relying on rangesets, which to me are meant for address ranges or
> something similar but at least large.
>
> I would rather rely on a bitmap using find_first_zero_bit+set_bit which
> avoids doing a per-domid test, and may be simpler overall. The bitmap
> size for 0x3FF0 domains is almost 4KB, which looks acceptable.
>
> I don't know what other thinks.
Thanks for taking a look!
TBH, I was initially considering using a bitmap. But then I chose use rangesets
because statically defined bitmap will increase the binary size, which may be
indesirable; and for dynamic allocation, rangeset has all convenience APIs
implemented...
>
> > +
> > +void domid_free(domid_t domid)
> > +{
> > + spin_lock(&domid_lock);
> > +
> > + if ( rangeset_contains_singleton(domid_rangeset, domid) )
> > + ASSERT(!rangeset_remove_singleton(domid_rangeset, domid));
> > +
> > + spin_unlock(&domid_lock);
> > +}
> > +
> > /*
> > * Insert a domain into the domlist/hash. This allows the domain to be looked
> > * up by domid, and therefore to be the subject of hypercalls/etc.
> > @@ -1449,6 +1517,8 @@ void domain_destroy(struct domain *d)
> >
> > TRACE_TIME(TRC_DOM0_DOM_REM, d->domain_id);
> >
> > + domid_free(d->domain_id);
> > +
> > /* Remove from the domlist/hash. */
> > domlist_remove(d);
> >
> > diff --git a/xen/common/domctl.c b/xen/common/domctl.c
> > index bfe2e1f9f0..2e02139660 100644
> > --- a/xen/common/domctl.c
> > +++ b/xen/common/domctl.c
> > @@ -49,20 +49,6 @@ static int xenctl_bitmap_to_nodemask(nodemask_t *nodemask,
> > MAX_NUMNODES);
> > }
> >
> > -static inline int is_free_domid(domid_t dom)
> > -{
> > - struct domain *d;
> > -
> > - if ( dom >= DOMID_FIRST_RESERVED )
> > - return 0;
> > -
> > - if ( (d = rcu_lock_domain_by_id(dom)) == NULL )
> > - return 1;
> > -
> > - rcu_unlock_domain(d);
> > - return 0;
> > -}
> > -
> > void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
> > {
> > struct vcpu *v;
> > @@ -421,34 +407,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
> >
> > case XEN_DOMCTL_createdomain:
> > {
> > - domid_t dom;
> > - static domid_t rover = 0;
> > + domid_t domid = domid_alloc(op->domain);
> >
> > - dom = op->domain;
> > - if ( (dom > 0) && (dom < DOMID_FIRST_RESERVED) )
> > + if ( domid == DOMID_INVALID )
> > {
> > ret = -EEXIST;
> > - if ( !is_free_domid(dom) )
> > - break;
> > - }
> > - else
> > - {
> > - for ( dom = rover + 1; dom != rover; dom++ )
> > - {
> > - if ( dom == DOMID_FIRST_RESERVED )
> > - dom = 1;
> > - if ( is_free_domid(dom) )
> > - break;
> > - }
> > -
> > - ret = -ENOMEM;
> > - if ( dom == rover )
> > - break;
> > -
> > - rover = dom;
> > + break;
> > }
> >
> > - d = domain_create(dom, &op->u.createdomain, false);
> > + d = domain_create(domid, &op->u.createdomain, false);
> > if ( IS_ERR(d) )
> > {
> > ret = PTR_ERR(d);
>
> In case the domain creation failure, we need to free the domid,
> otherwise, it would not be used anymore as considered used by the domid
> allocator.
Thanks!
>
> > diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h
> > index e10baf2615..039bb7eeaf 100644
> > --- a/xen/include/xen/domain.h
> > +++ b/xen/include/xen/domain.h
> > @@ -38,6 +38,10 @@ void arch_get_domain_info(const struct domain *d,
> >
> > domid_t get_initial_domain_id(void);
> >
> > +void domid_init(void);
> > +void domid_free(domid_t domid);
> > +domid_t domid_alloc(domid_t domid);
> > +
> > /* CDF_* constant. Internal flags for domain creation. */
> > /* Is this a privileged domain? */
> > #define CDF_privileged (1U << 0)
>
> Teddy
>
>
> Teddy Astie | Vates XCP-ng Developer
>
> XCP-ng & Xen Orchestra - Vates solutions
>
> web: https://vates.tech
>
>
>
next prev parent reply other threads:[~2025-05-16 18:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-16 2:04 [PATCH v6 0/2] xen/domain: domain ID allocation dmkhn
2025-05-16 2:04 ` [PATCH v6 1/2] xen/domain: unify " dmkhn
2025-05-16 8:43 ` Teddy Astie
2025-05-16 18:06 ` dmkhn [this message]
2025-05-16 20:35 ` Julien Grall
2025-05-16 21:14 ` dmkhn
2025-05-18 8:52 ` Jan Beulich
2025-05-19 19:31 ` dmkhn
2025-05-16 2:04 ` [PATCH v6 2/2] xen/domain: adjust domain ID allocation for Arm dmkhn
2025-05-18 8:57 ` Jan Beulich
2025-05-19 19:28 ` dmkhn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCd+vEOrQcbCYFgY@kraken \
--to=dmkhn@proton.me \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@vates.tech \
--cc=dmukhin@ford.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=teddy.astie@vates.tech \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.