[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/6] gnttab: allow per-domain control over transitive grants

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 20 Oct 2021 12:14:00 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T5gS/QDqJNAXCgRJPXuOmpL95A5VZHQhorm/L8X0PAM=; b=l/f9ChvtjFJlQRYDZhcRtcI4ttJNQH84ZiLUScudCfRb3y54Uwb4k6e6rYyxlMbVlNJ3T2TzbtilPAIOwmOADIKbpYlkfOcnz/X068UoMSrRjPVojMhKQAGZ+2SiXvhwZ07D/AbfeUtH4EEFnyQZGn61jqnfTeF1I2ENJXrz+vq+5HBnKjM+amjJRAKV4PWKH8HOWscD0/6gUDzzubsbFAYEEMYNSU9fXAP6sqD7aKj9MKMurhSOUuYjlXNyHbQkj+4sna6K560SPTeRznEN6AvDT0n2xt/1LBx26rqOg+oWgJvmIsKSkxwqLO371kp4CzqfBtWcpbCLLQlUi6C3wA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YltS09cgh37Ptyvwkz/0ZfCRBFnRx0J5m32lM52CIxGpfDWE3YPoliI2fn7ED0yREAhzI+U0WrPYASXW2DdQ0RetqTogJc4moj5d1NrhCkD9EuRzGQav82b/MkOb3cSyUgIb0ygBjMx0+b0WJwwFuAkQVE254LG/vAJ16TGMDHqfWDfLOLI/qkYPsHTGIVa7/rSc+/uTGul3urkY4NwdE4Q9lKDXKqMleltO0lgr+bg7Er/JEATGTGs4oMhNBA+fBThj4XW1tqvH7H3d8FHHXREnMNRZaC1hsmImjStlHBEchHJVjt3fN8tvLU6jJ3l4bse2WKpQks3GVjiCNhyr5Q==
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "Anthony PERARD" <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Christian Lindig <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 20 Oct 2021 10:14:52 +0000
  • Ironport-data: A9a23:pthPnaAjchA29RVW/3Tlw5YqxClBgxIJ4kV8jS/XYbTApDgk1TAOn zBLDGuAPfeNZmChft4kb4m/pB5Q7cTVyodmQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMo/u1Si6FatANl1ElvU2zbue6WLGs1hxZH1c+EX5500o7wobVv6Yz6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eH/5UhN7oNJLnZEpfNatI88thW5 Qr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkQLb9crSiEai84G2PQghUh/si2jhep92 ZJ277uPciYzZ4Odp91HTEwNe81+FfUuFL7vJHG+tYqYzlHccmuqyPJrZK00FdRGoKAtWzgIr KFGbmBWBvyAr7veLLaTUO5ji95lNMD2FIgepmth3XfSCvNOrZXrHviTuo4DjW1YasZmPaiPP uY0dzZUZyv6Ph0fEUgXOaxhtbL97pX4W2IB8w/EzUYt2EDfxRJ8+KLgO93UfpqNX8o9tkSXv GXd5EziHwoXcteYzFKt4n+qw+PCgy7/cIYTD6GjsO5nhkWJwW4eAwFQUkG0ydGHjUq5V8NaO lYj0CMkpqgv92SmVtD4GRa/pRaspQUAUtBdF+k77gClyafO5QudQG8eQVZpacMknN87QyQw0 V2ElM+vAiZg2JWXQ3+A8rafrRupJDMYa2QFYEcsTxYB4tTliJE+iFTIVNkLOLGxps34H3f32 T/ikcQlr+xN14hRjfz9pA2ZxWL3znTUcuIrzjzPdHif4hI+X9SCWLeJ8wH1vMl5dpnMGzFto 0M4s8SZ6ekPC7SEmyqMXPgBEdmV2hqVDNHPqQUwR8d5plxB71bmJNoKuGgvey+FJ+5dIWexC HI/rz+983O60JGCVqRwf56qQ/ojyaztBLwJvdiFM4IQPPCdmOKBlRyChHJ8PUixzyDAcollY P93lPpA615AVcyLKxLtH48gPUcDnHxW+I8qbcmTI+6b+bSffmWJbrwOLUGDaOs0hIvd/l6Jr YgOb5HWk0wGOAEbXsUx2dRPRbztBSNjba0aVuQNLrLTSuaYMDBJ5wDtLUMJJNU+wvU9ehbg9 XChQE5IoGcTdlWcQThmnktLMeu1Nb4m9CpTFXV1YT6AhihyCa7yvfx3X8ZmItEaGBlLkKcco w8tIJ7bXJyii13vplwgUHUKhNY8JE/121/WY3DNjfpWV8cIejElM+TMJ2PH3CIPEjC2pY05p bih3RncWp0NW0JpC8O+VR5l5wnZUaE1lL0gUk3WDMNUfUmwooFmJzao1q08It0WKAWFzTyfj l7EDRAdrOjLgok07NiW2vzU89b3S7NzThhAAm3WzbeqLi2GrGCt9pBNDbSTdjfHWWKqpKj7P bdJz+vxOeEslUpRt9YuCK5iyK8zvoO9p7JTwgl+Mm/MalCnVuFpLnWchJEdvaxR3L5J/wCxX xvXqNVdPLyIPuLjEUIQe1V5PrjSi6lMl2CLv/ovIUj86Ctmx5a9UB1fb0uWlShQDLppK4d5k +0vj9Ebtl6kgR0wP9fY0i0NrzaQLmYNWrkMv40BBNO5kRIiz1xPbMCOCiLy553TOdxAPlNzf 22RjavGwb9d2lDDYzw4En2UhbhRgpEHuRZryl4eJgvWxoqZ16FvhBABoy4qSgl1zwlc17MhM 2dmAER5OKGS8mo6n8NERW2tR1lMCRDxFpYdELfVeLk1l3WVa1E=
  • Ironport-hdrordr: A9a23:6Qezd69qgOMWT1uT80puk+DWI+orL9Y04lQ7vn2ZKCY4TiX8ra uTdZsguiMc5Ax+ZJhDo7C90di7IE80nKQdieN9AV7IZniEhILHFvAG0aLShxHmBi3i5qp8+M 5bAsxD4QTLfDpHsfo=
  • Ironport-sdr: cO6eCfkbpq8R9Rk95m+GqW/yOj2jASZLQnniskr9ymV+fjILNhsTFx6p53g81/Wi2wJ19P+657 Mtroh7aeQrNRWRYfCmKxhjfd+JwsOXMonoiB/oMAD53TOMZNiSZ90EsXaxFmHHdr5dS5Hr+bPe j3enasJde0GzSZlCLbp1X++HF6QZw9+VaXD0ugfABgjRUpf54/HKZ9F8x51LlqSUpvLoTnZdMR 8cR4ghIxqahXFgUTSP1AkD4vQ1HlKinkBVSJliRYUtF8sLAxHYKk3VaNAyY/5RWEZI9mweFG+l q9nT75h7Ui4SSPghJPRMVtpi
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri, Oct 15, 2021 at 12:05:06PM +0200, Jan Beulich wrote:
> On 22.09.2021 10:21, Roger Pau Monne wrote:
> > --- a/xen/arch/arm/domain_build.c
> > +++ b/xen/arch/arm/domain_build.c
> > @@ -2649,7 +2649,8 @@ void __init create_domUs(void)
> >              .max_evtchn_port = -1,
> >              .max_grant_frames = -1,
> >              .max_maptrack_frames = -1,
> > -            .grant_opts = XEN_DOMCTL_GRANT_version_default,
> > +            .grant_opts = XEN_DOMCTL_GRANT_version_default |
> > +                          XEN_DOMCTL_GRANT_transitive,
> >          };
> >  
> >          if ( !dt_device_is_compatible(node, "xen,domain") )
> > @@ -2757,7 +2758,8 @@ void __init create_dom0(void)
> >          .max_evtchn_port = -1,
> >          .max_grant_frames = gnttab_dom0_frames(),
> >          .max_maptrack_frames = -1,
> > -        .grant_opts = XEN_DOMCTL_GRANT_version_default,
> > +        .grant_opts = XEN_DOMCTL_GRANT_version_default |
> > +                      XEN_DOMCTL_GRANT_transitive,
> >      };
> >  
> >      /* The vGIC for DOM0 is exactly emulating the hardware GIC */
> > --- a/xen/arch/x86/setup.c
> > +++ b/xen/arch/x86/setup.c
> > @@ -750,7 +750,8 @@ static struct domain *__init create_dom0(const module_t 
> > *image,
> >          .max_evtchn_port = -1,
> >          .max_grant_frames = -1,
> >          .max_maptrack_frames = -1,
> > -        .grant_opts = XEN_DOMCTL_GRANT_version_default,
> > +        .grant_opts = XEN_DOMCTL_GRANT_version_default |
> > +                      XEN_DOMCTL_GRANT_transitive,
> >          .max_vcpus = dom0_max_vcpus(),
> >          .arch = {
> >              .misc_flags = opt_dom0_msr_relaxed ? XEN_X86_MSR_RELAXED : 0,
> 
> While I can see that you make these adjustments for retaining backwards
> compatibility, I wonder if we need to, at least for Dom0. Dom0 doesn't
> normally grant anything anyway and hence would even less so use
> transitive grants. Of course then there's need to be a command line
> control to re-enable that, just in case.

dom0=gnttab-transitive, or should it be placed somewhere else?

> > @@ -1965,6 +1969,8 @@ int grant_table_init(struct domain *d, int 
> > max_grant_frames,
> >      gt->max_grant_frames = max_grant_frames;
> >      gt->max_maptrack_frames = max_maptrack_frames;
> >      gt->max_grant_version = max_grant_version;
> > +    gt->allow_transitive = !!(options & XEN_DOMCTL_GRANT_transitive) &&
> > +                           opt_transitive_grants;
> 
> No need for !! here afaics. Not even if there weren't the &&.
> 
> As to combining with the global option: I think if an admin requested
> them for a domain, this should overrule the command line option. Which
> in turn suggests that the command line option could go away at this
> point. Otherwise, if you AND both together and the guest is known to
> not work without this functionality, domain creation would instead
> better fail (or at the very least it should be logged by the tool
> stack that the request wasn't satisfied, which would require a means
> to retrieve the effective setting). IOW I would see the command line
> turning this off to trump the per-guest enabling request.

How should we go about deprecating it? It would be a bit antisocial
IMO to just drop the option, since people using it would then be
exposed to guests using transient grants if they didn't realize it
should be set in xl.conf or xl.cfg now.

> > --- a/xen/include/public/domctl.h
> > +++ b/xen/include/public/domctl.h
> > @@ -98,8 +98,11 @@ struct xen_domctl_createdomain {
> >  /* Grant version, use low 4 bits. */
> >  #define XEN_DOMCTL_GRANT_version_mask    0xf
> >  #define XEN_DOMCTL_GRANT_version_default 0xf
> > +/* Allow transitive grants. */
> > +#define _XEN_DOMCTL_GRANT_transitive     4
> > +#define XEN_DOMCTL_GRANT_transitive      (1U << 
> > _XEN_DOMCTL_GRANT_transitive)
> 
> Omit the former and have the latter be 0x10 or (1U << 4)?
> 
> > -#define XEN_DOMCTLGRANT_MAX XEN_DOMCTL_GRANT_version_mask
> > +#define XEN_DOMCTLGRANT_MAX XEN_DOMCTL_GRANT_transitive
> 
> I didn't even spot this in patch 2 - what is this intended to be used
> for? Neither there nor here I can spot any use.

Yeah, AFAICT those _MAX definitions are used by the ocaml stubs to
assert the max option available. Given how these new options are handled
in ocaml the _MAX check is not implemented, so I could like drop those
(unless there's some other tool that also depends on them).

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.