On Mon, Nov 21, 2022 at 4:14 PM Jan Beulich <jbeul...@suse.com> wrote:
>
> On 21.11.2022 15:50, Carlo Nonato wrote:
> > Hi x86 devs,
>
> Any reason you didn't include Roger?

Nope. Sorry, forgot to add him.

> > I want to ask you some questions about this patch because in the previous
> > version me and Julien have discussed how cache colors should be passed in
> > domain creation. You should be able to read that discussion, anyway here is
> > a link to it
> >
> > https://marc.info/?l=xen-devel&m=166151802002263
>
> I've looked at the first few entries, without finding an answer to ...
>
> > In short, using struct xen_arch_domainconfig works fine only when domctl
> > hypercall is issued. That struct contains a XEN_GUEST_HANDLE so it
> > should point to guest memory and must not be used when creating a domain
> > from Xen itself (i.e. dom0 or dom0less domains). The easy way to go is then
> > changing the domain_create() signature to require also a color array and its
> > length to be passed in for these latter cases.
> > Are you ok with that? See below for more comments.
>
> ... my immediate question: Does supplying the colors necessarily need to
> done right at domain creation? Wouldn't it suffice to be done before first
> allocating memory to the new domain, i.e. via a separate domctl (and then
> for Xen-created domains via a separate Xen-internal function, which the
> new domctl handling would also call)? Or do colors also affect the
> allocation of struct domain itself (and pointers hanging off of it)?

This would be really good. The only problem I can see is the p2m allocation
which is done during domain creation. With the current set of patches it
results in a "Failed to allocate P2M pages" since we want to have p2m tables
allocated with the same color of the domain and a null page is returned
because we have no colors.

> > Another question is then if xen_arch_domainconfig is the right place where 
> > to
> > put the coloring fields for domctl hypercall value passing.
> > See below for more comments.
>
> I think I said so before in other contexts: To me this coloring thing
> isn't Arm-specific, and hence - despite only being implemented for Arm
> right now - would preferably be generic at the interface level.

Ok, I'll try to do that.

> >> @@ -232,6 +233,62 @@ bool __init coloring_init(void)
> >>      return true;
> >>  }
> >>
> >> +int domain_coloring_init(struct domain *d,
> >> +                         const struct xen_arch_domainconfig *config)
> >> +{
> >> +    if ( is_domain_direct_mapped(d) )
> >> +    {
> >> +        printk(XENLOG_ERR
> >> +               "Can't enable coloring and directmap at the same time for 
> >> %pd\n",
> >> +               d);
> >> +        return -EINVAL;
> >> +    }
> >> +
> >> +    if ( is_hardware_domain(d) )
> >> +    {
> >> +        d->arch.colors = dom0_colors;
> >> +        d->arch.num_colors = dom0_num_colors;
> >> +    }
> >> +    else if ( config->num_colors == 0 )
> >> +    {
> >> +        printk(XENLOG_WARNING
> >> +               "Color config not found for %pd. Using default\n", d);
> >> +        d->arch.colors = xzalloc_array(unsigned int, max_colors);
> >> +        d->arch.num_colors = set_default_domain_colors(d->arch.colors);
> >> +    }
> >> +    else
> >> +    {
> >> +        d->arch.colors = xzalloc_array(unsigned int, config->num_colors);
> >> +        d->arch.num_colors = config->num_colors;
> >> +        if ( config->from_guest )
> >> +            copy_from_guest(d->arch.colors, config->colors, 
> >> config->num_colors);
> >> +        else
> >> +            memcpy(d->arch.colors, config->colors.p,
> >> +                   sizeof(unsigned int) * config->num_colors);
> >> +    }
> >
> > Question 1:
> > Here is the current hacky solution in action: using config->from_guest to
> > decide whether to call copy_from_guest() or memcpy(). This is a no go for
> > Julien (and also for me right now). In my current work, I tried to get rid
> > of this field simply by calling copy_from_guest() only in domctl.c, but this
> > solution still isn't easy to maintain because the config->colors.p field can
> > either be a guest pointer or a Xen one and mixing the two semantics can be
> > problematic.
>
> You simply cannot expect copy_from_guest() to work when the source pointer
> is not a guest one.
>
> >> --- a/xen/include/public/arch-arm.h
> >> +++ b/xen/include/public/arch-arm.h
> >> @@ -314,6 +314,8 @@ DEFINE_XEN_GUEST_HANDLE(vcpu_guest_context_t);
> >>  #define XEN_DOMCTL_CONFIG_TEE_NONE      0
> >>  #define XEN_DOMCTL_CONFIG_TEE_OPTEE     1
> >>
> >> +__DEFINE_XEN_GUEST_HANDLE(color_t, unsigned int);
> >
> > Question 2:
> > This color_t definition is employed because the guest handle for
> > "unsigned int" (uint) is defined later (public/xen.h) and (citing Julien):
> >
> >> Hmmm... And I guess we can't define "unsigned int" earlier because they
> >> rely on macro defined in arch-arm.h?
> >
> > So the solution could be to move everything up a level in
> > xen_domctl_createdomain, where using uint wouldn't be a problem.
> > If this goes to common code then should it be guarded with some #ifdef
> > or not?
>
> As per above I'd say it shouldn't. But then you also shouldn't use
> "unsigned int" in any new additions to the public interface. Only
> fixed width types are suitable to use here.

Got it.

> Jan

Thanks.
- Carlo Nonato

Reply via email to