|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v6 1/2] xen/domain: unify domain ID allocation
Hello,
Le 16/05/2025 à 04:06, dmkhn@xxxxxxxxx a écrit :
> From: Denis Mukhin <dmukhin@xxxxxxxx>
>
> Currently, hypervisor code has two different non-system domain ID allocation
> implementations:
>
> (a) Sequential IDs allocation in dom0less Arm code based on max_init_domid;
>
> (b) Sequential IDs allocation in XEN_DOMCTL_createdomain; does not use
> max_init_domid (both Arm and x86).
>
> It makes sense to have a common helper code for such task across architectures
> (Arm and x86) and between dom0less / toolstack domU allocation.
>
> Wrap the domain ID allocation as an arch-independent function domid_alloc() in
> common/domain.c based on rangeset.
>
> Allocation algorithm:
> - If an explicit domain ID is provided, verify its availability and
> use it if ID is not used;
> - Otherwise, perform an exhaustive search starting from the end of the used
> domain ID range. domid_alloc() guarantees that two subsequent calls will
> result in different IDs allocation.
>
> Initialize the domain IDs rangeset from the new domid_init() which is called
> from arch setup code.
>
> Also, remove is_free_domid() helper as it is not needed now.
>
> No functional change intended.
>
> Signed-off-by: Denis Mukhin <dmukhin@xxxxxxxx>
> ---
> Changes since v5:
> - rebased
> ---
> xen/arch/arm/domain_build.c | 17 ++++--
> xen/arch/arm/setup.c | 2 +
> xen/arch/x86/setup.c | 13 +++--
> xen/common/device-tree/dom0less-build.c | 10 ++--
> xen/common/domain.c | 70 +++++++++++++++++++++++++
> xen/common/domctl.c | 41 ++-------------
> xen/include/xen/domain.h | 4 ++
> 7 files changed, 107 insertions(+), 50 deletions(-)
>
> diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> index b189a7cfae..e9d563c269 100644
> --- a/xen/arch/arm/domain_build.c
> +++ b/xen/arch/arm/domain_build.c
> @@ -2010,6 +2010,7 @@ void __init create_dom0(void)
> .grant_opts = XEN_DOMCTL_GRANT_version(opt_gnttab_max_version),
> };
> unsigned int flags = CDF_privileged | CDF_hardware;
> + domid_t domid;
> int rc;
>
> /* The vGIC for DOM0 is exactly emulating the hardware GIC */
> @@ -2034,19 +2035,25 @@ void __init create_dom0(void)
> if ( !llc_coloring_enabled )
> flags |= CDF_directmap;
>
> - dom0 = domain_create(0, &dom0_cfg, flags);
> + domid = domid_alloc(0);
> + if ( domid == DOMID_INVALID )
> + panic("Error allocating domain ID 0\n");
> +
> + dom0 = domain_create(domid, &dom0_cfg, flags);
> if ( IS_ERR(dom0) )
> - panic("Error creating domain 0 (rc = %ld)\n", PTR_ERR(dom0));
> + panic("Error creating domain %d (rc = %ld)\n", domid, PTR_ERR(dom0));
>
> if ( llc_coloring_enabled && (rc = dom0_set_llc_colors(dom0)) )
> - panic("Error initializing LLC coloring for domain 0 (rc = %d)\n",
> rc);
> + panic("Error initializing LLC coloring for domain %pd (rc = %d)\n",
> + dom0, rc);
>
> if ( alloc_dom0_vcpu0(dom0) == NULL )
> - panic("Error creating domain 0 vcpu0\n");
> + panic("Error creating domain %pdv0\n", dom0);
>
> rc = construct_dom0(dom0);
> if ( rc )
> - panic("Could not set up DOM0 guest OS (rc = %d)\n", rc);
> + panic("Could not set up guest OS for domain %pd (rc = %d)\n",
> + dom0, rc);
>
> set_xs_domain(dom0);
> }
> diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
> index 10b46d0684..c3959e8d8e 100644
> --- a/xen/arch/arm/setup.c
> +++ b/xen/arch/arm/setup.c
> @@ -418,6 +418,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr)
>
> timer_init();
>
> + domid_init();
> +
> init_idle_domain();
>
> rcu_init();
> diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
> index 2518954124..02f665f520 100644
> --- a/xen/arch/x86/setup.c
> +++ b/xen/arch/x86/setup.c
> @@ -1030,8 +1030,11 @@ static struct domain *__init create_dom0(struct
> boot_info *bi)
> if ( iommu_enabled )
> dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu;
>
> - /* Create initial domain. Not d0 for pvshim. */
> - bd->domid = get_initial_domain_id();
> + /* Allocate initial domain ID. Not d0 for pvshim. */
> + bd->domid = domid_alloc(get_initial_domain_id());
> + if ( bd->domid == DOMID_INVALID )
> + panic("Error allocating domain ID %d\n", get_initial_domain_id());
> +
> d = domain_create(bd->domid, &dom0_cfg,
> pv_shim ? 0 : CDF_privileged | CDF_hardware);
> if ( IS_ERR(d) )
> @@ -1063,7 +1066,7 @@ static struct domain *__init create_dom0(struct
> boot_info *bi)
>
> if ( (strlen(acpi_param) == 0) && acpi_disabled )
> {
> - printk("ACPI is disabled, notifying Domain 0 (acpi=off)\n");
> + printk("ACPI is disabled, notifying domain %pd (acpi=off)\n", d);
> safe_strcpy(acpi_param, "off");
> }
>
> @@ -1078,7 +1081,7 @@ static struct domain *__init create_dom0(struct
> boot_info *bi)
>
> bd->d = d;
> if ( construct_dom0(bd) != 0 )
> - panic("Could not construct domain 0\n");
> + panic("Could not construct domain %pd\n", d);
>
> bd->cmdline = NULL;
> xfree(cmdline);
> @@ -1915,6 +1918,8 @@ void asmlinkage __init noreturn __start_xen(void)
> mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges",
> RANGESETF_prettyprint_hex);
>
> + domid_init();
> +
> xsm_multiboot_init(bi);
>
> /*
> diff --git a/xen/common/device-tree/dom0less-build.c
> b/xen/common/device-tree/dom0less-build.c
> index 2c56f13771..9236dbae11 100644
> --- a/xen/common/device-tree/dom0less-build.c
> +++ b/xen/common/device-tree/dom0less-build.c
> @@ -850,15 +850,13 @@ void __init create_domUs(void)
> struct xen_domctl_createdomain d_cfg = {0};
> unsigned int flags = 0U;
> bool has_dtb = false;
> + domid_t domid;
> uint32_t val;
> int rc;
>
> if ( !dt_device_is_compatible(node, "xen,domain") )
> continue;
>
> - if ( (max_init_domid + 1) >= DOMID_FIRST_RESERVED )
> - panic("No more domain IDs available\n");
> -
> d_cfg.max_evtchn_port = 1023;
> d_cfg.max_grant_frames = -1;
> d_cfg.max_maptrack_frames = -1;
> @@ -981,7 +979,11 @@ void __init create_domUs(void)
> * very important to use the pre-increment operator to call
> * domain_create() with a domid > 0. (domid == 0 is reserved for
> Dom0)
> */
> - d = domain_create(++max_init_domid, &d_cfg, flags);
> + domid = domid_alloc(++max_init_domid);
> + if ( domid == DOMID_INVALID )
> + panic("Error allocating ID for domain %s\n", dt_node_name(node));
> +
> + d = domain_create(domid, &d_cfg, flags);
> if ( IS_ERR(d) )
> panic("Error creating domain %s (rc = %ld)\n",
> dt_node_name(node), PTR_ERR(d));
> diff --git a/xen/common/domain.c b/xen/common/domain.c
> index abf1969e60..0ba3cdc47d 100644
> --- a/xen/common/domain.c
> +++ b/xen/common/domain.c
> @@ -66,6 +66,74 @@ DEFINE_RCU_READ_LOCK(domlist_read_lock);
> static struct domain *domain_hash[DOMAIN_HASH_SIZE];
> struct domain *domain_list;
>
> +/* Non-system domain ID allocator. */
> +static DEFINE_SPINLOCK(domid_lock);
> +static struct rangeset *domid_rangeset;
> +static unsigned int domid_last;
> +
> +void __init domid_init(void)
> +{
> + domid_rangeset = rangeset_new(NULL, "domid", RANGESETF_prettyprint_hex);
> + if ( !domid_rangeset )
> + panic("cannot allocate domain ID rangeset\n");
> +
> + rangeset_limit(domid_rangeset, DOMID_FIRST_RESERVED);
> +}
> +
> +/*
> + * Allocate new non-system domain ID based on the hint.
> + *
> + * If hint is outside of valid [0..DOMID_FIRST_RESERVED - 1] range of IDs,
> + * perform an exhaustive search starting from the end of the used domain ID
> + * range.
> + */
> +domid_t domid_alloc(domid_t domid)
> +{
> + spin_lock(&domid_lock);
> +
> + if ( domid < DOMID_FIRST_RESERVED )
> + {
> + if ( rangeset_contains_singleton(domid_rangeset, domid) )
> + domid = DOMID_INVALID;
> + }
> + else
> + {
> + for ( domid = domid_last + 1; domid != domid_last; domid++ )
> + {
> + if ( domid == DOMID_FIRST_RESERVED )
> + domid = 0;
> +
> + if ( !rangeset_contains_singleton(domid_rangeset, domid) )
> + break;
> + }
> +
> + if ( domid == domid_last )
> + domid = DOMID_INVALID;
> + }
> +
> + if ( domid != DOMID_INVALID )
> + {
> + ASSERT(!rangeset_add_singleton(domid_rangeset, domid));
> +
> + if ( domid != domid_last )
> + domid_last = domid;
> + }
> +
> + spin_unlock(&domid_lock);
> +
> + return domid;
> +}
It's mostly a matter of implementation choice, but I am not really fan
of relying on rangesets, which to me are meant for address ranges or
something similar but at least large.
I would rather rely on a bitmap using find_first_zero_bit+set_bit which
avoids doing a per-domid test, and may be simpler overall. The bitmap
size for 0x3FF0 domains is almost 4KB, which looks acceptable.
I don't know what other thinks.
> +
> +void domid_free(domid_t domid)
> +{
> + spin_lock(&domid_lock);
> +
> + if ( rangeset_contains_singleton(domid_rangeset, domid) )
> + ASSERT(!rangeset_remove_singleton(domid_rangeset, domid));
> +
> + spin_unlock(&domid_lock);
> +}
> +
> /*
> * Insert a domain into the domlist/hash. This allows the domain to be
> looked
> * up by domid, and therefore to be the subject of hypercalls/etc.
> @@ -1449,6 +1517,8 @@ void domain_destroy(struct domain *d)
>
> TRACE_TIME(TRC_DOM0_DOM_REM, d->domain_id);
>
> + domid_free(d->domain_id);
> +
> /* Remove from the domlist/hash. */
> domlist_remove(d);
>
> diff --git a/xen/common/domctl.c b/xen/common/domctl.c
> index bfe2e1f9f0..2e02139660 100644
> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -49,20 +49,6 @@ static int xenctl_bitmap_to_nodemask(nodemask_t *nodemask,
> MAX_NUMNODES);
> }
>
> -static inline int is_free_domid(domid_t dom)
> -{
> - struct domain *d;
> -
> - if ( dom >= DOMID_FIRST_RESERVED )
> - return 0;
> -
> - if ( (d = rcu_lock_domain_by_id(dom)) == NULL )
> - return 1;
> -
> - rcu_unlock_domain(d);
> - return 0;
> -}
> -
> void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
> {
> struct vcpu *v;
> @@ -421,34 +407,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
> u_domctl)
>
> case XEN_DOMCTL_createdomain:
> {
> - domid_t dom;
> - static domid_t rover = 0;
> + domid_t domid = domid_alloc(op->domain);
>
> - dom = op->domain;
> - if ( (dom > 0) && (dom < DOMID_FIRST_RESERVED) )
> + if ( domid == DOMID_INVALID )
> {
> ret = -EEXIST;
> - if ( !is_free_domid(dom) )
> - break;
> - }
> - else
> - {
> - for ( dom = rover + 1; dom != rover; dom++ )
> - {
> - if ( dom == DOMID_FIRST_RESERVED )
> - dom = 1;
> - if ( is_free_domid(dom) )
> - break;
> - }
> -
> - ret = -ENOMEM;
> - if ( dom == rover )
> - break;
> -
> - rover = dom;
> + break;
> }
>
> - d = domain_create(dom, &op->u.createdomain, false);
> + d = domain_create(domid, &op->u.createdomain, false);
> if ( IS_ERR(d) )
> {
> ret = PTR_ERR(d);
In case the domain creation failure, we need to free the domid,
otherwise, it would not be used anymore as considered used by the domid
allocator.
> diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h
> index e10baf2615..039bb7eeaf 100644
> --- a/xen/include/xen/domain.h
> +++ b/xen/include/xen/domain.h
> @@ -38,6 +38,10 @@ void arch_get_domain_info(const struct domain *d,
>
> domid_t get_initial_domain_id(void);
>
> +void domid_init(void);
> +void domid_free(domid_t domid);
> +domid_t domid_alloc(domid_t domid);
> +
> /* CDF_* constant. Internal flags for domain creation. */
> /* Is this a privileged domain? */
> #define CDF_privileged (1U << 0)
Teddy
Teddy Astie | Vates XCP-ng Developer
XCP-ng & Xen Orchestra - Vates solutions
web: https://vates.tech
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |