The Hyperlaunch device tree for dom0 series is the second split out for the introduction of the Hyperlaunch domain builder logic. These changes focus on introducing the ability to express a domain configuration that is then used to populate the struct boot_domain structure for dom0. This ability to express a domain configuration provides the next step towards a general domain builder. The splitting of Hyperlaunch into a set of series are twofold, to reduce the effort in reviewing a much larger series, and to reduce the effort in handling the knock-on effects to the construction logic from requested review changes. Much thanks to AMD for supporting this work. Documentation on Hyperlaunch: https://wiki.xenproject.org/wiki/Hyperlaunch Original Hyperlaunch v1 patch series: https://lists.xenproject.org/archives/html/xen-devel/2022-07/msg00345.html V/r, Daniel P. Smith Daniel P. Smith (15): x86/boot: introduce boot domain x86/boot: introduce domid field to struct boot_domain x86/boot: add cmdline to struct boot_domain kconfig: introduce option to independently enable libfdt kconfig: introduce domain builder config option x86/hyperlaunch: introduce the domain builder x86/hyperlaunch: initial support for hyperlaunch device tree x86/hyperlaunch: locate dom0 kernel with hyperlaunch x86/hyperlaunch: obtain cmdline from device tree x86/hyperlaunch: locate dom0 initrd with hyperlaunch x86/hyperlaunch: add domain id parsing to domain config x86/hyperlaunch: specify dom0 mode with device tree x86/hyperlaunch: add memory parsing to domain config x86/hyperlaunch: add max vcpu parsing of hyperlaunch device tree x86/hyperlaunch: add capabilities to boot domain xen/arch/x86/Kconfig | 2 + xen/arch/x86/Makefile | 2 + xen/arch/x86/dom0_build.c | 19 +- xen/arch/x86/domain_builder/Kconfig | 15 + xen/arch/x86/domain_builder/Makefile | 3 + xen/arch/x86/domain_builder/core.c | 109 +++++++ xen/arch/x86/domain_builder/fdt.c | 395 +++++++++++++++++++++++ xen/arch/x86/domain_builder/fdt.h | 94 ++++++ xen/arch/x86/hvm/dom0_build.c | 23 +- xen/arch/x86/include/asm/bootdomain.h | 53 +++ xen/arch/x86/include/asm/bootinfo.h | 15 +- xen/arch/x86/include/asm/dom0_build.h | 6 +- xen/arch/x86/include/asm/domainbuilder.h | 12 + xen/arch/x86/include/asm/setup.h | 4 +- xen/arch/x86/pv/dom0_build.c | 28 +- xen/arch/x86/setup.c | 140 +++++--- xen/common/Kconfig | 4 + xen/common/Makefile | 2 +- 18 files changed, 836 insertions(+), 90 deletions(-) create mode 100644 xen/arch/x86/domain_builder/Kconfig create mode 100644 xen/arch/x86/domain_builder/Makefile create mode 100644 xen/arch/x86/domain_builder/core.c create mode 100644 xen/arch/x86/domain_builder/fdt.c create mode 100644 xen/arch/x86/domain_builder/fdt.h create mode 100644 xen/arch/x86/include/asm/bootdomain.h create mode 100644 xen/arch/x86/include/asm/domainbuilder.h -- 2.30.2 To begin moving toward allowing the hypervisor to construct more than one domain at boot, a container is needed for a domain's build information. Introduce a new header, <xen/asm/bootdomain.h>, that contains the initial struct boot_domain that encapsulate the build information for a domain. Add a kernel and ramdisk boot module reference along with a struct domain reference to the new struct boot_domain. This allows a struct boot_domain reference to be the only parameter necessary to pass down through the domain construction call chain. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since boot modules v9 - dropped unlikely Changes since v8: - code style correction --- xen/arch/x86/dom0_build.c | 8 ++++--- xen/arch/x86/hvm/dom0_build.c | 17 +++++---------- xen/arch/x86/include/asm/bootdomain.h | 31 +++++++++++++++++++++++++++ xen/arch/x86/include/asm/bootinfo.h | 5 +++++ xen/arch/x86/include/asm/dom0_build.h | 6 +++--- xen/arch/x86/include/asm/setup.h | 4 ++-- xen/arch/x86/pv/dom0_build.c | 24 +++++++-------------- xen/arch/x86/setup.c | 24 +++++++++------------ 8 files changed, 69 insertions(+), 50 deletions(-) create mode 100644 xen/arch/x86/include/asm/bootdomain.h diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -XXX,XX +XXX,XX @@ #include <xen/softirq.h> #include <asm/amd.h> +#include <asm/bootinfo.h> #include <asm/dom0_build.h> #include <asm/guest.h> #include <asm/hpet.h> @@ -XXX,XX +XXX,XX @@ int __init dom0_setup_permissions(struct domain *d) return rc; } -int __init construct_dom0(struct boot_info *bi, struct domain *d) +int __init construct_dom0(struct boot_domain *bd) { int rc; + const struct domain *d = bd->d; /* Sanity! */ BUG_ON(!pv_shim && d->domain_id != 0); @@ -XXX,XX +XXX,XX @@ int __init construct_dom0(struct boot_info *bi, struct domain *d) process_pending_softirqs(); if ( is_hvm_domain(d) ) - rc = dom0_construct_pvh(bi, d); + rc = dom0_construct_pvh(bd); else if ( is_pv_domain(d) ) - rc = dom0_construct_pv(bi, d); + rc = dom0_construct_pv(bd); else panic("Cannot construct Dom0. No guest interface available\n"); diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -XXX,XX +XXX,XX @@ static void __hwdom_init pvh_setup_mmcfg(struct domain *d) } } -int __init dom0_construct_pvh(struct boot_info *bi, struct domain *d) +int __init dom0_construct_pvh(struct boot_domain *bd) { paddr_t entry, start_info; - struct boot_module *image; - struct boot_module *initrd = NULL; - unsigned int idx; + struct boot_module *image = bd->kernel; + struct boot_module *initrd = bd->ramdisk; + struct domain *d = bd->d; int rc; printk(XENLOG_INFO "*** Building a PVH Dom%d ***\n", d->domain_id); - idx = first_boot_module_index(bi, BOOTMOD_KERNEL); - if ( idx >= bi->nr_modules ) + if ( image == NULL ) panic("Missing kernel boot module for %pd construction\n", d); - image = &bi->mods[idx]; - - idx = first_boot_module_index(bi, BOOTMOD_RAMDISK); - if ( idx < bi->nr_modules ) - initrd = &bi->mods[idx]; - if ( is_hardware_domain(d) ) { /* diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (c) 2024 Apertus Solutions, LLC + * Author: Daniel P. Smith <dpsmith@apertussolutions.com> + * Copyright (c) 2024 Christopher Clark <christopher.w.clark@gmail.com> + */ + +#ifndef __XEN_X86_BOOTDOMAIN_H__ +#define __XEN_X86_BOOTDOMAIN_H__ + +struct boot_module; +struct domain; + +struct boot_domain { + struct boot_module *kernel; + struct boot_module *ramdisk; + + struct domain *d; +}; + +#endif + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootinfo.h +++ b/xen/arch/x86/include/asm/bootinfo.h @@ -XXX,XX +XXX,XX @@ #include <xen/init.h> #include <xen/multiboot.h> #include <xen/types.h> +#include <asm/bootdomain.h> /* Max number of boot modules a bootloader can provide in addition to Xen */ #define MAX_NR_BOOTMODS 63 +/* Max number of boot domains that Xen can construct */ +#define MAX_NR_BOOTDOMS 1 + /* Boot module binary type / purpose */ enum bootmod_type { BOOTMOD_UNKNOWN, @@ -XXX,XX +XXX,XX @@ struct boot_info { unsigned int nr_modules; struct boot_module mods[MAX_NR_BOOTMODS + 1]; + struct boot_domain domains[MAX_NR_BOOTDOMS]; }; /* diff --git a/xen/arch/x86/include/asm/dom0_build.h b/xen/arch/x86/include/asm/dom0_build.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/dom0_build.h +++ b/xen/arch/x86/include/asm/dom0_build.h @@ -XXX,XX +XXX,XX @@ unsigned long dom0_compute_nr_pages(struct domain *d, unsigned long initrd_len); int dom0_setup_permissions(struct domain *d); -struct boot_info; -int dom0_construct_pv(struct boot_info *bi, struct domain *d); -int dom0_construct_pvh(struct boot_info *bi, struct domain *d); +struct boot_domain; +int dom0_construct_pv(struct boot_domain *bd); +int dom0_construct_pvh(struct boot_domain *bd); unsigned long dom0_paging_pages(const struct domain *d, unsigned long nr_pages); diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -XXX,XX +XXX,XX @@ void subarch_init_memory(void); void init_IRQ(void); -struct boot_info; -int construct_dom0(struct boot_info *bi, struct domain *d); +struct boot_domain; +int construct_dom0(struct boot_domain *bd); void setup_io_bitmap(struct domain *d); diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -XXX,XX +XXX,XX @@ static struct page_info * __init alloc_chunk(struct domain *d, return page; } -static int __init dom0_construct(struct boot_info *bi, struct domain *d) +static int __init dom0_construct(struct boot_domain *bd) { unsigned int i; int rc, order, machine; @@ -XXX,XX +XXX,XX @@ static int __init dom0_construct(struct boot_info *bi, struct domain *d) struct page_info *page = NULL; unsigned int flush_flags = 0; start_info_t *si; + struct domain *d = bd->d; struct vcpu *v = d->vcpu[0]; - struct boot_module *image; - struct boot_module *initrd = NULL; + struct boot_module *image = bd->kernel; + struct boot_module *initrd = bd->ramdisk; void *image_base; unsigned long image_len; void *image_start; - unsigned long initrd_len = 0; + unsigned long initrd_len = initrd ? initrd->size : 0; l4_pgentry_t *l4tab = NULL, *l4start = NULL; l3_pgentry_t *l3tab = NULL, *l3start = NULL; @@ -XXX,XX +XXX,XX @@ static int __init dom0_construct(struct boot_info *bi, struct domain *d) printk(XENLOG_INFO "*** Building a PV Dom%d ***\n", d->domain_id); - i = first_boot_module_index(bi, BOOTMOD_KERNEL); - if ( i >= bi->nr_modules ) + if ( !image ) panic("Missing kernel boot module for %pd construction\n", d); - image = &bi->mods[i]; image_base = bootstrap_map_bm(image); image_len = image->size; image_start = image_base + image->headroom; - i = first_boot_module_index(bi, BOOTMOD_RAMDISK); - if ( i < bi->nr_modules ) - { - initrd = &bi->mods[i]; - initrd_len = initrd->size; - } - d->max_pages = ~0U; if ( (rc = bzimage_parse(image_base, &image_start, &image_len)) != 0 ) @@ -XXX,XX +XXX,XX @@ out: return rc; } -int __init dom0_construct_pv(struct boot_info *bi, struct domain *d) +int __init dom0_construct_pv(struct boot_domain *bd) { unsigned long cr4 = read_cr4(); int rc; @@ -XXX,XX +XXX,XX @@ int __init dom0_construct_pv(struct boot_info *bi, struct domain *d) write_cr4(cr4 & ~X86_CR4_SMAP); } - rc = dom0_construct(bi, d); + rc = dom0_construct(bd); if ( cr4 & X86_CR4_SMAP ) { diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) .misc_flags = opt_dom0_msr_relaxed ? XEN_X86_MSR_RELAXED : 0, }, }; + struct boot_domain *bd = &bi->domains[0]; struct domain *d; domid_t domid; - struct boot_module *image; - unsigned int idx; - - idx = first_boot_module_index(bi, BOOTMOD_KERNEL); - if ( idx >= bi->nr_modules ) - panic("Missing kernel boot module for building domain\n"); - - image = &bi->mods[idx]; if ( opt_dom0_pvh ) { @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) panic("Error creating d%uv0\n", domid); /* Grab the DOM0 command line. */ - if ( image->cmdline_pa || bi->kextra ) + if ( bd->kernel->cmdline_pa || bi->kextra ) { - if ( image->cmdline_pa ) - safe_strcpy( - cmdline, cmdline_cook(__va(image->cmdline_pa), bi->loader)); + if ( bd->kernel->cmdline_pa ) + safe_strcpy(cmdline, + cmdline_cook(__va(bd->kernel->cmdline_pa), bi->loader)); if ( bi->kextra ) /* kextra always includes exactly one leading space. */ @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) safe_strcat(cmdline, acpi_param); } - image->cmdline_pa = __pa(cmdline); + bd->kernel->cmdline_pa = __pa(cmdline); } - if ( construct_dom0(bi, d) != 0 ) + bd->d = d; + if ( construct_dom0(bd) != 0 ) panic("Could not construct domain 0\n"); return d; @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) /* Dom0 kernel is always first */ bi->mods[0].type = BOOTMOD_KERNEL; + bi->domains[0].kernel = &bi->mods[0]; if ( pvh_boot ) { @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) if ( initrdidx < MAX_NR_BOOTMODS ) { bi->mods[initrdidx].type = BOOTMOD_RAMDISK; + bi->domains[0].ramdisk = &bi->mods[initrdidx]; if ( first_boot_module_index(bi, BOOTMOD_UNKNOWN) < MAX_NR_BOOTMODS ) printk(XENLOG_WARNING "Multiple initrd candidates, picking module #%u\n", -- 2.30.2 Add a domid field to struct boot_domain to hold the assigned domain id for the domain. During initialization, ensure all instances of struct boot_domain have the invalid domid to ensure that the domid must be set either by convention or configuration. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v9 boot modules - missing include for domid_t def --- xen/arch/x86/include/asm/bootdomain.h | 4 ++++ xen/arch/x86/setup.c | 12 +++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ * Copyright (c) 2024 Christopher Clark <christopher.w.clark@gmail.com> */ +#include <public/xen.h> + #ifndef __XEN_X86_BOOTDOMAIN_H__ #define __XEN_X86_BOOTDOMAIN_H__ @@ -XXX,XX +XXX,XX @@ struct boot_module; struct domain; struct boot_domain { + domid_t domid; + struct boot_module *kernel; struct boot_module *ramdisk; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static struct boot_info *__init multiboot_fill_boot_info( /* Variable 'i' should be one entry past the last module. */ bi->mods[i].type = BOOTMOD_XEN; + for ( i = 0; i < MAX_NR_BOOTDOMS; i++ ) + bi->domains[i].domid = DOMID_INVALID; + return bi; } @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) }; struct boot_domain *bd = &bi->domains[0]; struct domain *d; - domid_t domid; if ( opt_dom0_pvh ) { @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; /* Create initial domain. Not d0 for pvshim. */ - domid = get_initial_domain_id(); - d = domain_create(domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); + bd->domid = get_initial_domain_id(); + d = domain_create(bd->domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); if ( IS_ERR(d) ) - panic("Error creating d%u: %ld\n", domid, PTR_ERR(d)); + panic("Error creating d%u: %ld\n", bd->domid, PTR_ERR(d)); init_dom0_cpuid_policy(d); if ( alloc_dom0_vcpu0(d) == NULL ) - panic("Error creating d%uv0\n", domid); + panic("Error creating d%uv0\n", bd->domid); /* Grab the DOM0 command line. */ if ( bd->kernel->cmdline_pa || bi->kextra ) -- 2.30.2 Add a container for the "cooked" command line for a domain. This provides for the backing memory to be directly associated with the domain being constructed. This is done in anticipation that the domain construction path may need to be invoked multiple times, thus ensuring each instance had a distinct memory allocation. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- Changes since v9 boot modules: - convert pvh_load_kernel to boot domain to directly use cmdline - adjustments to domain_cmdline_size - remove ASSERT and return 0 instead - use strlen() of values instead of hardcoded sizes - update cmdline parsing check to inspect multiboot string and not just pointer - add goto to skip cmdline processing if domain_cmdline_size returns 0 - drop updating cmdline_pa with dynamic buffer with change of its last consumer pvh_load_kernel Changes since v8: - switch to a dynamically allocated buffer - dropped local cmdline var in pv dom0_construct() Changes since v7: - updated commit message to expand on intent and purpose --- xen/arch/x86/hvm/dom0_build.c | 12 +++--- xen/arch/x86/include/asm/bootdomain.h | 2 + xen/arch/x86/pv/dom0_build.c | 4 +- xen/arch/x86/setup.c | 54 ++++++++++++++++++++++----- 4 files changed, 54 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -XXX,XX +XXX,XX @@ static bool __init check_and_adjust_load_address( } static int __init pvh_load_kernel( - struct domain *d, struct boot_module *image, struct boot_module *initrd, - paddr_t *entry, paddr_t *start_info_addr) + struct boot_domain *bd, paddr_t *entry, paddr_t *start_info_addr) { + struct domain *d = bd->d; + struct boot_module *image = bd->kernel; + struct boot_module *initrd = bd->ramdisk; void *image_base = bootstrap_map_bm(image); void *image_start = image_base + image->headroom; unsigned long image_len = image->size; @@ -XXX,XX +XXX,XX @@ static void __hwdom_init pvh_setup_mmcfg(struct domain *d) int __init dom0_construct_pvh(struct boot_domain *bd) { paddr_t entry, start_info; - struct boot_module *image = bd->kernel; - struct boot_module *initrd = bd->ramdisk; struct domain *d = bd->d; int rc; printk(XENLOG_INFO "*** Building a PVH Dom%d ***\n", d->domain_id); - if ( image == NULL ) + if ( bd->kernel == NULL ) panic("Missing kernel boot module for %pd construction\n", d); if ( is_hardware_domain(d) ) @@ -XXX,XX +XXX,XX @@ int __init dom0_construct_pvh(struct boot_domain *bd) return rc; } - rc = pvh_load_kernel(d, image, initrd, &entry, &start_info); + rc = pvh_load_kernel(bd, &entry, &start_info); if ( rc ) { printk("Failed to load Dom0 kernel\n"); diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_module; struct domain; struct boot_domain { + const char *cmdline; + domid_t domid; struct boot_module *kernel; diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -XXX,XX +XXX,XX @@ static int __init dom0_construct(struct boot_domain *bd) } memset(si->cmd_line, 0, sizeof(si->cmd_line)); - if ( image->cmdline_pa ) - strlcpy((char *)si->cmd_line, __va(image->cmdline_pa), sizeof(si->cmd_line)); + if ( bd->cmdline ) + strlcpy((char *)si->cmd_line, bd->cmdline, sizeof(si->cmd_line)); #ifdef CONFIG_VIDEO if ( !pv_shim && fill_console_start_info((void *)(si + 1)) ) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static unsigned int __init copy_bios_e820(struct e820entry *map, unsigned int li return n; } -static struct domain *__init create_dom0(struct boot_info *bi) +static size_t __init domain_cmdline_size( + struct boot_info *bi, struct boot_domain *bd) { - static char __initdata cmdline[MAX_GUEST_CMDLINE]; + size_t s = bi->kextra ? strlen(bi->kextra) : 0; + + s += bd->kernel->cmdline_pa ? strlen(__va(bd->kernel->cmdline_pa)) : 0; + + if ( s == 0 ) + return s; + + /* + * Certain parameters from the Xen command line may be added to the dom0 + * command line. Add additional space for the possible cases along with one + * extra char to hold \0. + */ + s += strlen(" noapic") + strlen(" acpi=") + sizeof(acpi_param) + 1; + + return s; +} +static struct domain *__init create_dom0(struct boot_info *bi) +{ + char *cmdline = NULL; struct xen_domctl_createdomain dom0_cfg = { .flags = IS_ENABLED(CONFIG_TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0, .max_evtchn_port = -1, @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) panic("Error creating d%uv0\n", bd->domid); /* Grab the DOM0 command line. */ - if ( bd->kernel->cmdline_pa || bi->kextra ) + if ( (bd->kernel->cmdline_pa && + ((char *)__va(bd->kernel->cmdline_pa))[0]) || + bi->kextra ) { + size_t cmdline_size = domain_cmdline_size(bi, bd); + + if ( cmdline_size == 0 ) + goto skip_cmdline; + + if ( !(cmdline = xzalloc_array(char, cmdline_size)) ) + panic("Error allocating cmdline buffer for %pd\n", d); + if ( bd->kernel->cmdline_pa ) - safe_strcpy(cmdline, - cmdline_cook(__va(bd->kernel->cmdline_pa), bi->loader)); + strlcpy(cmdline, + cmdline_cook(__va(bd->kernel->cmdline_pa),bi->loader), + cmdline_size); if ( bi->kextra ) /* kextra always includes exactly one leading space. */ - safe_strcat(cmdline, bi->kextra); + strlcat(cmdline, bi->kextra, cmdline_size); /* Append any extra parameters. */ if ( skip_ioapic_setup && !strstr(cmdline, "noapic") ) - safe_strcat(cmdline, " noapic"); + strlcat(cmdline, " noapic", cmdline_size); if ( (strlen(acpi_param) == 0) && acpi_disabled ) { @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) if ( (strlen(acpi_param) != 0) && !strstr(cmdline, "acpi=") ) { - safe_strcat(cmdline, " acpi="); - safe_strcat(cmdline, acpi_param); + strlcat(cmdline, " acpi=", cmdline_size); + strlcat(cmdline, acpi_param, cmdline_size); } - bd->kernel->cmdline_pa = __pa(cmdline); + bd->cmdline = cmdline; } + skip_cmdline: bd->d = d; if ( construct_dom0(bd) != 0 ) panic("Could not construct domain 0\n"); + if ( cmdline ) + xfree(cmdline); + return d; } -- 2.30.2 Currently the inclusion of libfdt is controlled by the CONFIG_HAS_DEVICE_TREE kconfig flag. This flag also changes behvaior in a few places, such as boot module processing for XSM. To support the ability to include libfdt without changing these behaviors, introduce CONFIG_LIB_DEVICE_TREE. The inclusion of libfdt is then moved under CONFIG_LIB_DEVICE_TREE. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/common/Kconfig | 4 ++++ xen/common/Makefile | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -XXX,XX +XXX,XX @@ config HAS_ALTERNATIVE config HAS_COMPAT bool +config LIB_DEVICE_TREE + bool + config HAS_DEVICE_TREE bool + select LIB_DEVICE_TREE config HAS_DIT # Data Independent Timing bool diff --git a/xen/common/Makefile b/xen/common/Makefile index XXXXXXX..XXXXXXX 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -XXX,XX +XXX,XX @@ obj-y += sched/ obj-$(CONFIG_UBSAN) += ubsan/ obj-$(CONFIG_NEEDS_LIBELF) += libelf/ -obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ +obj-$(CONFIG_LIB_DEVICE_TREE) += libfdt/ CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(objtree)/)$(KCONFIG_CONFIG) $(obj)/config.gz: $(CONF_FILE) -- 2.30.2 Hyperlaunch domain builder will be the consolidated boot time domain building logic framework. Introduces the config option to enable this domain builder to and turn on the ability to load the domain configuration via a flattened device tree. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/Kconfig | 2 ++ xen/arch/x86/domain_builder/Kconfig | 15 +++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 xen/arch/x86/domain_builder/Kconfig diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -XXX,XX +XXX,XX @@ config ALTP2M If unsure, stay with defaults. +source "arch/x86/domain_builder/Kconfig" + endmenu source "common/Kconfig" diff --git a/xen/arch/x86/domain_builder/Kconfig b/xen/arch/x86/domain_builder/Kconfig new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain_builder/Kconfig @@ -XXX,XX +XXX,XX @@ + +menu "Domain Builder Features" + +config DOMAIN_BUILDER + bool "Domain builder (UNSUPPORTED)" if UNSUPPORTED + select LIB_DEVICE_TREE + help + Enables the domain builder capability to configure boot domain + construction using a flattened device tree. + + This feature is currently experimental. + + If unsure, say N. + +endmenu -- 2.30.2 Introduce the domain builder which is capable of consuming a device tree as the first boot module. If it finds a device tree as the first boot module, it will set its type to BOOTMOD_FDT. This change only detects the boot module and continues to boot with slight change to the boot convention that the dom0 kernel is no longer first boot module but is the second. No functional change intended. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/Makefile | 2 + xen/arch/x86/domain_builder/Makefile | 3 ++ xen/arch/x86/domain_builder/core.c | 55 ++++++++++++++++++++++++ xen/arch/x86/domain_builder/fdt.c | 38 ++++++++++++++++ xen/arch/x86/domain_builder/fdt.h | 21 +++++++++ xen/arch/x86/include/asm/bootinfo.h | 3 ++ xen/arch/x86/include/asm/domainbuilder.h | 8 ++++ xen/arch/x86/setup.c | 18 +++++--- 8 files changed, 142 insertions(+), 6 deletions(-) create mode 100644 xen/arch/x86/domain_builder/Makefile create mode 100644 xen/arch/x86/domain_builder/core.c create mode 100644 xen/arch/x86/domain_builder/fdt.c create mode 100644 xen/arch/x86/domain_builder/fdt.h create mode 100644 xen/arch/x86/include/asm/domainbuilder.h diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o obj-y += sysctl.o endif +obj-y += domain_builder/ + extra-y += asm-macros.i extra-y += xen.lds diff --git a/xen/arch/x86/domain_builder/Makefile b/xen/arch/x86/domain_builder/Makefile new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain_builder/Makefile @@ -XXX,XX +XXX,XX @@ +obj-$(CONFIG_DOMAIN_BUILDER) += fdt.init.o +obj-y += core.init.o + diff --git a/xen/arch/x86/domain_builder/core.c b/xen/arch/x86/domain_builder/core.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain_builder/core.c @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024, Apertus Solutions, LLC + */ +#include <xen/err.h> +#include <xen/init.h> +#include <xen/kconfig.h> +#include <xen/lib.h> + +#include <asm/bootinfo.h> + +#include "fdt.h" + +void __init builder_init(struct boot_info *bi) +{ + if ( IS_ENABLED(CONFIG_DOMAIN_BUILDER) ) + { + int ret; + + switch ( ret = has_hyperlaunch_fdt(bi) ) + { + case 0: + printk("Hyperlaunch device tree detected\n"); + bi->hyperlaunch_enabled = true; + bi->mods[0].type = BOOTMOD_FDT; + break; + case -EINVAL: + printk("Hyperlaunch device tree was not detected\n"); + bi->hyperlaunch_enabled = false; + break; + case -ENOENT: + fallthrough; + case -ENODATA: + printk("Device tree found, but not hyperlaunch (%d)\n", ret); + bi->hyperlaunch_enabled = false; + bi->mods[0].type = BOOTMOD_FDT; + break; + default: + printk("Unknown error (%d) occured checking for hyperlaunch device tree\n", + ret); + bi->hyperlaunch_enabled = false; + } + + } +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024, Apertus Solutions, LLC + */ +#include <xen/err.h> +#include <xen/init.h> +#include <xen/lib.h> +#include <xen/libfdt/libfdt.h> +#include <xen/rangeset.h> /* required for asm/setup.h */ + +#include <asm/bootinfo.h> +#include <asm/page.h> +#include <asm/setup.h> + +#include "fdt.h" + +int __init has_hyperlaunch_fdt(struct boot_info *bi) +{ + int ret = 0; + void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); + + if ( fdt_check_header(fdt) < 0 ) + ret = -EINVAL; + + bootstrap_unmap(); + + return ret; +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/domain_builder/fdt.h b/xen/arch/x86/domain_builder/fdt.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain_builder/fdt.h @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-2-Clause) */ +#ifndef __XEN_X86_FDT_H__ +#define __XEN_X86_FDT_H__ + +#include <xen/init.h> + +#include <asm/bootinfo.h> + +/* hyperlaunch fdt is required to be module 0 */ +#define HYPERLAUNCH_MODULE_IDX 0 + +#ifdef CONFIG_DOMAIN_BUILDER +int has_hyperlaunch_fdt(struct boot_info *bi); +#else +static inline int __init has_hyperlaunch_fdt(struct boot_info *bi) +{ + return -EINVAL; +} +#endif + +#endif /* __XEN_X86_FDT_H__ */ diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootinfo.h +++ b/xen/arch/x86/include/asm/bootinfo.h @@ -XXX,XX +XXX,XX @@ enum bootmod_type { BOOTMOD_RAMDISK, BOOTMOD_MICROCODE, BOOTMOD_XSM_POLICY, + BOOTMOD_FDT, }; struct boot_module { @@ -XXX,XX +XXX,XX @@ struct boot_info { paddr_t memmap_addr; size_t memmap_length; + bool hyperlaunch_enabled; + unsigned int nr_modules; struct boot_module mods[MAX_NR_BOOTMODS + 1]; struct boot_domain domains[MAX_NR_BOOTDOMS]; diff --git a/xen/arch/x86/include/asm/domainbuilder.h b/xen/arch/x86/include/asm/domainbuilder.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/include/asm/domainbuilder.h @@ -XXX,XX +XXX,XX @@ +#ifndef __XEN_X86_DOMBUILDER_H__ +#define __XEN_X86_DOMBUILDER_H__ + +#include <asm/bootinfo.h> + +void builder_init(struct boot_info *bi); + +#endif diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ #endif #include <xen/bitops.h> #include <asm/bootinfo.h> +#include <asm/domainbuilder.h> #include <asm/smp.h> #include <asm/processor.h> #include <asm/mpspec.h> @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) bi->nr_modules); } - /* Dom0 kernel is always first */ - bi->mods[0].type = BOOTMOD_KERNEL; - bi->domains[0].kernel = &bi->mods[0]; + builder_init(bi); + + /* Find first unknown boot module to use as Dom0 kernel */ + i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); + bi->mods[i].type = BOOTMOD_KERNEL; + bi->domains[0].kernel = &bi->mods[i]; if ( pvh_boot ) { @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) xen->size = __2M_rwdata_end - _stext; } - bi->mods[0].headroom = - bzimage_headroom(bootstrap_map_bm(&bi->mods[0]), bi->mods[0].size); + i = first_boot_module_index(bi, BOOTMOD_KERNEL); + bi->mods[i].headroom = + bzimage_headroom(bootstrap_map_bm(&bi->mods[i]), bi->mods[i].size); bootstrap_unmap(); #ifndef highmem_start @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) #endif } - if ( bi->mods[0].headroom && !bi->mods[0].relocated ) + i = first_boot_module_index(bi, BOOTMOD_KERNEL); + if ( bi->mods[i].headroom && !bi->mods[0].relocated ) panic("Not enough memory to relocate the dom0 kernel image\n"); for ( i = 0; i < bi->nr_modules; ++i ) { -- 2.30.2 Add the ability to detect both a formal hyperlaunch device tree or a dom0less device tree. If the hyperlaunch device tree is found, then count the number of domain entries, reporting if more than one is found. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/domain_builder/core.c | 14 +++++++ xen/arch/x86/domain_builder/fdt.c | 64 ++++++++++++++++++++++++++++- xen/arch/x86/domain_builder/fdt.h | 5 +++ xen/arch/x86/include/asm/bootinfo.h | 1 + 4 files changed, 83 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/domain_builder/core.c b/xen/arch/x86/domain_builder/core.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/core.c +++ b/xen/arch/x86/domain_builder/core.c @@ -XXX,XX +XXX,XX @@ void __init builder_init(struct boot_info *bi) ret); bi->hyperlaunch_enabled = false; } + } + + if ( bi->hyperlaunch_enabled ) + { + int ret; + + printk(XENLOG_INFO "Hyperlauch configuration:\n"); + if ( (ret = walk_hyperlaunch_fdt(bi)) < 0 ) + { + printk(XENLOG_INFO " walk of device tree failed (%d)\n", ret); + bi->hyperlaunch_enabled = false; + return; + } + printk(XENLOG_INFO " Number of domains: %d\n", bi->nr_domains); } } diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ #include "fdt.h" +static int __init find_hyperlaunch_node(void *fdt) +{ + int hv_node = fdt_path_offset(fdt, "/chosen/hypervisor"); + if ( hv_node >= 0 ) + { + /* Anything other than zero indicates no match */ + if ( fdt_node_check_compatible(fdt, hv_node, "hypervisor,xen") ) + return -ENODATA; + else + return hv_node; + } + else + { + /* Lood for dom0less config */ + int node, chosen_node = fdt_path_offset(fdt, "/chosen"); + if ( chosen_node < 0 ) + return -ENOENT; + + fdt_for_each_subnode(node, fdt, chosen_node) + { + if ( fdt_node_check_compatible(fdt, node, "xen,domain") == 0 ) + return chosen_node; + } + } + + return -ENODATA; +} + int __init has_hyperlaunch_fdt(struct boot_info *bi) { int ret = 0; void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); - if ( fdt_check_header(fdt) < 0 ) + if ( !fdt || fdt_check_header(fdt) < 0 ) ret = -EINVAL; + else + ret = find_hyperlaunch_node(fdt); + + bootstrap_unmap(); + + return ret < 0 ? ret : 0; +} + +int __init walk_hyperlaunch_fdt(struct boot_info *bi) +{ + int ret = 0, hv_node, node; + void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); + + if ( unlikely(!fdt) ) + return -EINVAL; + + hv_node = find_hyperlaunch_node(fdt); + if ( hv_node < 0 ) + { + ret = hv_node; + goto err_out; + } + + fdt_for_each_subnode(node, fdt, hv_node) + { + ret = fdt_node_check_compatible(fdt, node, "xen,domain"); + if ( ret == 0 ) + bi->nr_domains++; + } + + /* Until multi-domain construction is added, throw an error */ + if ( !bi->nr_domains || bi->nr_domains > 1 ) + printk(XENLOG_ERR "Hyperlaunch only supports dom0 construction\n"); + err_out: bootstrap_unmap(); return ret; diff --git a/xen/arch/x86/domain_builder/fdt.h b/xen/arch/x86/domain_builder/fdt.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.h +++ b/xen/arch/x86/domain_builder/fdt.h @@ -XXX,XX +XXX,XX @@ #ifdef CONFIG_DOMAIN_BUILDER int has_hyperlaunch_fdt(struct boot_info *bi); +int walk_hyperlaunch_fdt(struct boot_info *bi); #else static inline int __init has_hyperlaunch_fdt(struct boot_info *bi) { return -EINVAL; } +static int __init walk_hyperlaunch_fdt(struct boot_info *bi) +{ + return -EINVAL; +} #endif #endif /* __XEN_X86_FDT_H__ */ diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootinfo.h +++ b/xen/arch/x86/include/asm/bootinfo.h @@ -XXX,XX +XXX,XX @@ struct boot_info { bool hyperlaunch_enabled; unsigned int nr_modules; + unsigned int nr_domains; struct boot_module mods[MAX_NR_BOOTMODS + 1]; struct boot_domain domains[MAX_NR_BOOTDOMS]; }; -- 2.30.2 Look for a subnode of type `multiboot,kernel` within a domain node. If found, process the reg property for the MB1 module index. If the bootargs property is present and there was not an MB1 string, then use the command line from the device tree definition. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/domain_builder/core.c | 12 +++ xen/arch/x86/domain_builder/fdt.c | 126 +++++++++++++++++++++++++++++ xen/arch/x86/domain_builder/fdt.h | 17 ++++ xen/arch/x86/setup.c | 5 -- 4 files changed, 155 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/domain_builder/core.c b/xen/arch/x86/domain_builder/core.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/core.c +++ b/xen/arch/x86/domain_builder/core.c @@ -XXX,XX +XXX,XX @@ void __init builder_init(struct boot_info *bi) printk(XENLOG_INFO " Number of domains: %d\n", bi->nr_domains); } + else + { + int i; + + /* Find first unknown boot module to use as Dom0 kernel */ + printk("Falling back to using first boot module as dom0\n"); + i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); + bi->mods[i].type = BOOTMOD_KERNEL; + bi->domains[0].kernel = &bi->mods[i]; + bi->nr_domains = 1; + } + } /* diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ #include "fdt.h" +static inline int __init fdt_get_prop_as_reg( + const void *fdt, int node, const char *name, unsigned int ssize, + unsigned int asize, uint64_t *size, uint64_t *addr) +{ + int ret; + const struct fdt_property *prop; + fdt32_t *cell; + + /* FDT spec max size is 4 (128bit int), but largest arch int size is 64 */ + if ( ssize > 2 || asize > 2 ) + return -EINVAL; + + prop = fdt_get_property(fdt, node, name, &ret); + if ( !prop || ret < sizeof(u32) ) + return ret < 0 ? ret : -EINVAL; + + /* read address field */ + cell = (fdt32_t *)prop->data; + + if ( asize == 1 ) + { + uint32_t val; + fdt_cell_as_u32(cell, &val); + *addr = (uint64_t)val; + } + else + fdt_cell_as_u64(cell, addr); + + /* read size field */ + cell += asize; + + if ( ssize == 1 ) + { + uint32_t val; + fdt_cell_as_u32(cell, &val); + *size = (uint64_t)val; + } + else + fdt_cell_as_u64(cell, size); + + return 0; +} + +static int __init dom0less_module_node( + void *fdt, int node, int size_size, int address_size) +{ + uint64_t size, addr; + int ret = fdt_get_prop_as_reg(fdt, node, "reg", size_size, address_size, + &size, &addr); + /* An FDT error value may have been returned, translate to -EINVAL */ + if ( ret < 0 ) + return -EINVAL; + + if ( size != 0 ) + return -EOPNOTSUPP; + + if ( addr > MAX_NR_BOOTMODS ) + return -ERANGE; + + /* + * MAX_NR_BOOTMODS cannot exceed the max for MB1, represented by a u32, + * thus the cast down to a u32 will be safe due to the prior check. + */ + return (int)addr; +} + +static int __init process_domain_node( + struct boot_info *bi, void *fdt, int dom_node) +{ + int node; + struct boot_domain *bd = &bi->domains[bi->nr_domains]; + const char *name = fdt_get_name(fdt, dom_node, NULL); + int address_size = fdt_address_cells(fdt, dom_node); + int size_size = fdt_size_cells(fdt, dom_node); + + if ( address_size < 0 || size_size < 0 ) + { + printk(" failed processing #address or #size for domain %s)\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + + fdt_for_each_subnode(node, fdt, dom_node) + { + if ( fdt_node_check_compatible(fdt, node, "multiboot,kernel") == 0 ) + { + int idx = dom0less_module_node(fdt, node, size_size, address_size); + if ( idx < 0 ) + { + printk(" failed processing kernel module for domain %s)\n", + name == NULL ? "unknown" : name); + return idx; + } + + if ( idx > bi->nr_modules ) + { + printk(" invalid kernel module index for domain node (%d)\n", + bi->nr_domains); + return -EINVAL; + } + + printk(" kernel: boot module %d\n", idx); + bi->mods[idx].type = BOOTMOD_KERNEL; + bd->kernel = &bi->mods[idx]; + } + } + + if ( !bd->kernel ) + { + printk(XENLOG_ERR "ERR: no kernel assigned to domain\n"); + return -EFAULT; + } + + return 0; +} + static int __init find_hyperlaunch_node(void *fdt) { int hv_node = fdt_path_offset(fdt, "/chosen/hypervisor"); @@ -XXX,XX +XXX,XX @@ int __init walk_hyperlaunch_fdt(struct boot_info *bi) fdt_for_each_subnode(node, fdt, hv_node) { + if ( bi->nr_domains >= MAX_NR_BOOTDOMS ) + { + printk(XENLOG_WARNING "WARN: more domains defined than max allowed"); + break; + } + ret = fdt_node_check_compatible(fdt, node, "xen,domain"); if ( ret == 0 ) + { + if ( (ret = process_domain_node(bi, fdt, node)) < 0 ) + break; bi->nr_domains++; + } } /* Until multi-domain construction is added, throw an error */ diff --git a/xen/arch/x86/domain_builder/fdt.h b/xen/arch/x86/domain_builder/fdt.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.h +++ b/xen/arch/x86/domain_builder/fdt.h @@ -XXX,XX +XXX,XX @@ #define __XEN_X86_FDT_H__ #include <xen/init.h> +#include <xen/libfdt/libfdt.h> #include <asm/bootinfo.h> @@ -XXX,XX +XXX,XX @@ #define HYPERLAUNCH_MODULE_IDX 0 #ifdef CONFIG_DOMAIN_BUILDER + +static inline int __init fdt_cell_as_u32(const fdt32_t *cell, uint32_t *val) +{ + *val = fdt32_to_cpu(*cell); + + return 0; +} + +static inline int __init fdt_cell_as_u64(const fdt32_t *cell, uint64_t *val) +{ + *val = ((uint64_t)fdt32_to_cpu(cell[0]) << 32) | + (uint64_t)fdt32_to_cpu(cell[1]); + + return 0; +} + int has_hyperlaunch_fdt(struct boot_info *bi); int walk_hyperlaunch_fdt(struct boot_info *bi); #else diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) builder_init(bi); - /* Find first unknown boot module to use as Dom0 kernel */ - i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); - bi->mods[i].type = BOOTMOD_KERNEL; - bi->domains[0].kernel = &bi->mods[i]; - if ( pvh_boot ) { /* pvh_init() already filled in e820_raw */ -- 2.30.2 If a command line is not provided through the bootloader's mechanism, e.g. muiltboot module string field, then use one from the device tree if present. The device tree command line is located in the bootargs property of the `multiboot,kernel` node. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/domain_builder/core.c | 28 +++++++++++++++++++ xen/arch/x86/domain_builder/fdt.c | 34 ++++++++++++++++++++++++ xen/arch/x86/domain_builder/fdt.h | 24 +++++++++++++++++ xen/arch/x86/include/asm/bootinfo.h | 6 +++-- xen/arch/x86/include/asm/domainbuilder.h | 4 +++ xen/arch/x86/setup.c | 10 +++++-- 6 files changed, 102 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain_builder/core.c b/xen/arch/x86/domain_builder/core.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/core.c +++ b/xen/arch/x86/domain_builder/core.c @@ -XXX,XX +XXX,XX @@ #include <xen/lib.h> #include <asm/bootinfo.h> +#include <asm/setup.h> #include "fdt.h" +size_t __init builder_get_cmdline_size(struct boot_info *bi, int offset) +{ +#ifdef CONFIG_DOMAIN_BUILDER + const void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); + int size = fdt_cmdline_prop_size(fdt, offset); + + bootstrap_unmap(); + return size < 0 ? 0 : (size_t) size; +#else + return 0; +#endif +} + +int __init builder_get_cmdline( + struct boot_info *bi, int offset, char *cmdline, size_t size) +{ +#ifdef CONFIG_DOMAIN_BUILDER + const void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); + int ret = fdt_cmdline_prop_copy(fdt, offset, cmdline, size); + + bootstrap_unmap(); + return ret; +#else + return 0; +#endif +} + void __init builder_init(struct boot_info *bi) { if ( IS_ENABLED(CONFIG_DOMAIN_BUILDER) ) diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ static inline int __init fdt_get_prop_as_reg( return 0; } +static int __init fdt_get_prop_as_offset( + const void *fdt, int node, const char *name, unsigned long *a) +{ + int ret, poffset; + const char *pname; + size_t nsize = strlen(name); + + fdt_for_each_property_offset(poffset, fdt, node) + { + fdt_getprop_by_offset(fdt, poffset, &pname, &ret); + + if ( ret < 0 || strlen(pname) != nsize ) + continue; + + if ( !strncmp(pname, name, nsize) ) + { + *a = poffset; + return nsize; + } + } + + return -ENOENT; +} + static int __init dom0less_module_node( void *fdt, int node, int size_size, int address_size) { @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( printk(" kernel: boot module %d\n", idx); bi->mods[idx].type = BOOTMOD_KERNEL; bd->kernel = &bi->mods[idx]; + + /* If bootloader didn't set cmdline, see if FDT provides one. */ + if ( bd->kernel->cmdline_pa && + !((char *)__va(bd->kernel->cmdline_pa))[0] ) + { + int ret = fdt_get_prop_as_offset( + fdt, node, "bootargs", &bd->kernel->cmdline_pa); + if ( ret > 0 ) + bd->kernel->fdt_cmdline = true; + } } } diff --git a/xen/arch/x86/domain_builder/fdt.h b/xen/arch/x86/domain_builder/fdt.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.h +++ b/xen/arch/x86/domain_builder/fdt.h @@ -XXX,XX +XXX,XX @@ static inline int __init fdt_cell_as_u64(const fdt32_t *cell, uint64_t *val) return 0; } +static inline int __init fdt_cmdline_prop_size(const void *fdt, int offset) +{ + int ret; + + fdt_get_property_by_offset(fdt, offset, &ret); + + return ret; +} + +static inline int __init fdt_cmdline_prop_copy( + const void *fdt, int offset, char *cmdline, size_t size) +{ + int ret; + const struct fdt_property *prop = + fdt_get_property_by_offset(fdt, offset, &ret); + + if ( ret < 0 ) + return ret; + + ASSERT(size > ret); + + return strlcpy(cmdline, prop->data, ret); +} + int has_hyperlaunch_fdt(struct boot_info *bi); int walk_hyperlaunch_fdt(struct boot_info *bi); #else diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootinfo.h +++ b/xen/arch/x86/include/asm/bootinfo.h @@ -XXX,XX +XXX,XX @@ struct boot_module { /* * Module State Flags: - * relocated: indicates module has been relocated in memory. - * released: indicates module's pages have been freed. + * relocated: indicates module has been relocated in memory. + * released: indicates module's pages have been freed. + * fdt_cmdline: indicates module's cmdline is in the FDT. */ bool relocated:1; bool released:1; + bool fdt_cmdline:1; /* * A boot module may need decompressing by Xen. Headroom is an estimate of diff --git a/xen/arch/x86/include/asm/domainbuilder.h b/xen/arch/x86/include/asm/domainbuilder.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/domainbuilder.h +++ b/xen/arch/x86/include/asm/domainbuilder.h @@ -XXX,XX +XXX,XX @@ #include <asm/bootinfo.h> +size_t __init builder_get_cmdline_size(struct boot_info *bi, int offset); +int __init builder_get_cmdline( + struct boot_info *bi, int offset, char *cmdline, size_t size); + void builder_init(struct boot_info *bi); #endif diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static size_t __init domain_cmdline_size( { size_t s = bi->kextra ? strlen(bi->kextra) : 0; - s += bd->kernel->cmdline_pa ? strlen(__va(bd->kernel->cmdline_pa)) : 0; + if ( bd->kernel->fdt_cmdline ) + s += builder_get_cmdline_size(bi, bd->kernel->cmdline_pa); + else + s += strlen(__va(bd->kernel->cmdline_pa)); if ( s == 0 ) return s; @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) if ( !(cmdline = xzalloc_array(char, cmdline_size)) ) panic("Error allocating cmdline buffer for %pd\n", d); - if ( bd->kernel->cmdline_pa ) + if ( bd->kernel->fdt_cmdline ) + builder_get_cmdline( + bi, bd->kernel->cmdline_pa, cmdline, cmdline_size); + else strlcpy(cmdline, cmdline_cook(__va(bd->kernel->cmdline_pa),bi->loader), cmdline_size); -- 2.30.2 Look for a subnode of type `multiboot,ramdisk` within a domain node. If found, process the reg property for the MB1 module index. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/domain_builder/fdt.c | 25 ++++++++++++++++++++++ xen/arch/x86/setup.c | 35 +++++++++++++++++-------------- 2 files changed, 44 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( if ( ret > 0 ) bd->kernel->fdt_cmdline = true; } + + continue; + } + if ( fdt_node_check_compatible(fdt, node, "multiboot,ramdisk") == 0 ) + { + int idx = dom0less_module_node(fdt, node, size_size, address_size); + if ( idx < 0 ) + { + printk(" failed processing ramdisk module for domain %s\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + + if ( idx > bi->nr_modules ) + { + printk(" invalid ramdisk module index for domain node (%d)\n", + bi->nr_domains); + return -EINVAL; + } + + printk(" ramdisk: boot module %d\n", idx); + bi->mods[idx].type = BOOTMOD_RAMDISK; + bd->ramdisk = &bi->mods[idx]; + + continue; } } diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) char *kextra; void *bsp_stack; struct cpu_info *info = get_cpu_info(), *bsp_info; - unsigned int initrdidx, num_parked = 0; + unsigned int num_parked = 0; struct boot_info *bi; unsigned long nr_pages, raw_max_page; int i, j, e820_warn = 0, bytes = 0; @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) cpu_has_nx ? XENLOG_INFO : XENLOG_WARNING "Warning: ", cpu_has_nx ? "" : "not "); - /* - * At this point all capabilities that consume boot modules should have - * claimed their boot modules. Find the first unclaimed boot module and - * claim it as the initrd ramdisk. Do a second search to see if there are - * any remaining unclaimed boot modules, and report them as unusued initrd - * candidates. - */ - initrdidx = first_boot_module_index(bi, BOOTMOD_UNKNOWN); - if ( initrdidx < MAX_NR_BOOTMODS ) + if ( !bi->hyperlaunch_enabled ) { - bi->mods[initrdidx].type = BOOTMOD_RAMDISK; - bi->domains[0].ramdisk = &bi->mods[initrdidx]; - if ( first_boot_module_index(bi, BOOTMOD_UNKNOWN) < MAX_NR_BOOTMODS ) - printk(XENLOG_WARNING - "Multiple initrd candidates, picking module #%u\n", - initrdidx); + /* + * At this point all capabilities that consume boot modules should have + * claimed their boot modules. Find the first unclaimed boot module and + * claim it as the initrd ramdisk. Do a second search to see if there are + * any remaining unclaimed boot modules, and report them as unusued initrd + * candidates. + */ + unsigned int initrdidx = first_boot_module_index(bi, BOOTMOD_UNKNOWN); + if ( initrdidx < MAX_NR_BOOTMODS ) + { + bi->mods[initrdidx].type = BOOTMOD_RAMDISK; + bi->domains[0].ramdisk = &bi->mods[initrdidx]; + if ( first_boot_module_index(bi, BOOTMOD_UNKNOWN) < MAX_NR_BOOTMODS ) + printk(XENLOG_WARNING + "Multiple initrd candidates, picking module #%u\n", + initrdidx); + } } /* -- 2.30.2 Introduce the ability to specify the desired domain id for the domain definition. The domain id will be populated in the domid property of the domain node in the device tree configuration. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/domain_builder/fdt.c | 31 ++++++++++++++++++++++++++++++- xen/arch/x86/domain_builder/fdt.h | 18 ++++++++++++++++++ xen/arch/x86/setup.c | 3 ++- 3 files changed, 50 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ #include <xen/rangeset.h> /* required for asm/setup.h */ #include <asm/bootinfo.h> +#include <asm/guest.h> #include <asm/page.h> #include <asm/setup.h> @@ -XXX,XX +XXX,XX @@ static int __init dom0less_module_node( static int __init process_domain_node( struct boot_info *bi, void *fdt, int dom_node) { - int node; + int node, property; struct boot_domain *bd = &bi->domains[bi->nr_domains]; const char *name = fdt_get_name(fdt, dom_node, NULL); int address_size = fdt_address_cells(fdt, dom_node); @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( return -EINVAL; } + fdt_for_each_property_offset(property, fdt, dom_node) + { + const struct fdt_property *prop; + + prop = fdt_get_property_by_offset(fdt, property, NULL); + if ( !prop ) + continue; /* silently skip */ + + if ( match_fdt_property(fdt, prop, "domid" ) ) + { + uint32_t val = DOMID_INVALID; + if ( fdt_prop_as_u32(prop, &val) != 0 ) + { + printk(" failed processing domain id for domain %s\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + bd->domid = (domid_t)val; + printk(" domid: %d\n", bd->domid); + } + } + fdt_for_each_subnode(node, fdt, dom_node) { if ( fdt_node_check_compatible(fdt, node, "multiboot,kernel") == 0 ) @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( return -EFAULT; } + if ( bd->domid == DOMID_INVALID ) + bd->domid = get_initial_domain_id(); + else + if ( bd->domid != get_initial_domain_id() ) + printk(XENLOG_WARNING "WARN: unsuported booting not using initial domid\n"); + return 0; } diff --git a/xen/arch/x86/domain_builder/fdt.h b/xen/arch/x86/domain_builder/fdt.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.h +++ b/xen/arch/x86/domain_builder/fdt.h @@ -XXX,XX +XXX,XX @@ static inline int __init fdt_cell_as_u64(const fdt32_t *cell, uint64_t *val) return 0; } +static inline int __init fdt_prop_as_u32( + const struct fdt_property *prop, uint32_t *val) +{ + if ( !prop || fdt32_to_cpu(prop->len) < sizeof(u32) ) + return -EINVAL; + + return fdt_cell_as_u32((fdt32_t *)prop->data, val); +} + +static inline bool __init match_fdt_property( + const void *fdt, const struct fdt_property *prop, const char *s) +{ + int slen, len = strlen(s); + const char *p = fdt_get_string(fdt, fdt32_to_cpu(prop->nameoff), &slen); + + return p && (slen == len) && (memcmp(p, s, len) == 0); +} + static inline int __init fdt_cmdline_prop_size(const void *fdt, int offset) { int ret; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; /* Create initial domain. Not d0 for pvshim. */ - bd->domid = get_initial_domain_id(); + if ( bd->domid == DOMID_INVALID ) + bd->domid = get_initial_domain_id(); d = domain_create(bd->domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); if ( IS_ERR(d) ) panic("Error creating d%u: %ld\n", bd->domid, PTR_ERR(d)); -- 2.30.2 Enable selecting the mode in which the domain will be built and ran. This includes: - whether it will be either a 32/64 bit domain - if it will be run as a PV or HVM domain - and if it will require a device model (not applicable for dom0) In the device tree, this will be represented as a bit map that will be carried through into struct boot_domain. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/domain_builder/fdt.c | 19 +++++++++++++++++++ xen/arch/x86/include/asm/bootdomain.h | 6 ++++++ xen/arch/x86/setup.c | 3 ++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( bd->domid = (domid_t)val; printk(" domid: %d\n", bd->domid); } + if ( match_fdt_property(fdt, prop, "mode" ) ) + { + if ( fdt_prop_as_u32(prop, &bd->mode) != 0 ) + { + printk(" failed processing mode for domain %s\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + + printk(" mode: "); + if ( !(bd->mode & BUILD_MODE_PARAVIRT) ) { + if ( bd->mode & BUILD_MODE_ENABLE_DM ) + printk("HVM\n"); + else + printk("PVH\n"); + } + else + printk("PV\n"); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_domain { domid_t domid; + /* On | Off */ +#define BUILD_MODE_PARAVIRT (1 << 0) /* PV | PVH/HVM */ +#define BUILD_MODE_ENABLE_DM (1 << 1) /* HVM | PVH */ +#define BUILD_MODE_LONG (1 << 2) /* 64 BIT | 32 BIT */ + uint32_t mode; + struct boot_module *kernel; struct boot_module *ramdisk; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) struct boot_domain *bd = &bi->domains[0]; struct domain *d; - if ( opt_dom0_pvh ) + if ( opt_dom0_pvh || + (bi->hyperlaunch_enabled && !(bd->mode & BUILD_MODE_PARAVIRT)) ) { dom0_cfg.flags |= (XEN_DOMCTL_CDF_hvm | ((hvm_hap_supported() && !opt_dom0_shadow) ? -- 2.30.2 Add three properties, memory, mem-min, and mem-max, to the domain node device tree parsing to define the memory allocation for a domain. All three fields are expressed in kb and written as a u64 in the device tree entries. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/dom0_build.c | 8 ++++++ xen/arch/x86/domain_builder/fdt.c | 37 +++++++++++++++++++++++++++ xen/arch/x86/domain_builder/fdt.h | 9 +++++++ xen/arch/x86/include/asm/bootdomain.h | 4 +++ 4 files changed, 58 insertions(+) diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -XXX,XX +XXX,XX @@ int __init construct_dom0(struct boot_domain *bd) process_pending_softirqs(); + /* If param dom0_size was not set and HL config provided memory size */ + if ( !get_memsize(&dom0_size, LONG_MAX) && bd->mem_pages ) + dom0_size.nr_pages = bd->mem_pages; + if ( !get_memsize(&dom0_min_size, LONG_MAX) && bd->min_pages ) + dom0_size.nr_pages = bd->min_pages; + if ( !get_memsize(&dom0_max_size, LONG_MAX) && bd->max_pages ) + dom0_size.nr_pages = bd->max_pages; + if ( is_hvm_domain(d) ) rc = dom0_construct_pvh(bd); else if ( is_pv_domain(d) ) diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ #include <xen/lib.h> #include <xen/libfdt/libfdt.h> #include <xen/rangeset.h> /* required for asm/setup.h */ +#include <xen/sizes.h> #include <asm/bootinfo.h> #include <asm/guest.h> @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( else printk("PV\n"); } + if ( match_fdt_property(fdt, prop, "memory" ) ) + { + uint64_t kb; + if ( fdt_prop_as_u64(prop, &kb) != 0 ) + { + printk(" failed processing memory for domain %s\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + bd->mem_pages = PFN_DOWN(kb * SZ_1K); + printk(" memory: %ld\n", bd->mem_pages << PAGE_SHIFT); + } + if ( match_fdt_property(fdt, prop, "mem-min" ) ) + { + uint64_t kb; + if ( fdt_prop_as_u64(prop, &kb) != 0 ) + { + printk(" failed processing memory for domain %s\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + bd->min_pages = PFN_DOWN(kb * SZ_1K); + printk(" min memory: %ld\n", bd->min_pages << PAGE_SHIFT); + } + if ( match_fdt_property(fdt, prop, "mem-max" ) ) + { + uint64_t kb; + if ( fdt_prop_as_u64(prop, &kb) != 0 ) + { + printk(" failed processing memory for domain %s\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + bd->max_pages = PFN_DOWN(kb * SZ_1K); + printk(" max memory: %ld\n", bd->max_pages << PAGE_SHIFT); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/domain_builder/fdt.h b/xen/arch/x86/domain_builder/fdt.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.h +++ b/xen/arch/x86/domain_builder/fdt.h @@ -XXX,XX +XXX,XX @@ static inline int __init fdt_prop_as_u32( return fdt_cell_as_u32((fdt32_t *)prop->data, val); } +static inline int __init fdt_prop_as_u64( + const struct fdt_property *prop, uint64_t *val) +{ + if ( !prop || fdt32_to_cpu(prop->len) < sizeof(u64) ) + return -EINVAL; + + return fdt_cell_as_u64((fdt32_t *)prop->data, val); +} + static inline bool __init match_fdt_property( const void *fdt, const struct fdt_property *prop, const char *s) { diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_domain { #define BUILD_MODE_LONG (1 << 2) /* 64 BIT | 32 BIT */ uint32_t mode; + unsigned long mem_pages; + unsigned long min_pages; + unsigned long max_pages; + struct boot_module *kernel; struct boot_module *ramdisk; -- 2.30.2 Introduce the `cpus` property, named as such for dom0less compatibility, that represents the maximum number of vpcus to allocate for a domain. In the device tree, it will be encoded as a u32 value. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/dom0_build.c | 3 +++ xen/arch/x86/domain_builder/fdt.c | 12 ++++++++++++ xen/arch/x86/include/asm/bootdomain.h | 2 ++ 3 files changed, 17 insertions(+) diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -XXX,XX +XXX,XX @@ int __init construct_dom0(struct boot_domain *bd) if ( !get_memsize(&dom0_max_size, LONG_MAX) && bd->max_pages ) dom0_size.nr_pages = bd->max_pages; + if ( opt_dom0_max_vcpus_max == UINT_MAX && bd->max_vcpus ) + opt_dom0_max_vcpus_max = bd->max_vcpus; + if ( is_hvm_domain(d) ) rc = dom0_construct_pvh(bd); else if ( is_pv_domain(d) ) diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( bd->max_pages = PFN_DOWN(kb * SZ_1K); printk(" max memory: %ld\n", bd->max_pages << PAGE_SHIFT); } + if ( match_fdt_property(fdt, prop, "cpus" ) ) + { + uint32_t val = UINT_MAX; + if ( fdt_prop_as_u32(prop, &val) != 0 ) + { + printk(" failed processing max_vcpus for domain %s\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + bd->max_vcpus = val; + printk(" max vcpus: %d\n", bd->max_vcpus); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_domain { unsigned long min_pages; unsigned long max_pages; + unsigned int max_vcpus; + struct boot_module *kernel; struct boot_module *ramdisk; -- 2.30.2 Introduce the ability to assign capabilities to a domain via its definition in device tree. The first capability enabled to select is the control domain capability. The capability property is a bitfield in both the device tree and `struct boot_domain`. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- xen/arch/x86/domain_builder/core.c | 2 +- xen/arch/x86/domain_builder/fdt.c | 13 +++++++++++++ xen/arch/x86/include/asm/bootdomain.h | 4 ++++ xen/arch/x86/setup.c | 6 +++++- 4 files changed, 23 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/domain_builder/core.c b/xen/arch/x86/domain_builder/core.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/core.c +++ b/xen/arch/x86/domain_builder/core.c @@ -XXX,XX +XXX,XX @@ void __init builder_init(struct boot_info *bi) i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); bi->mods[i].type = BOOTMOD_KERNEL; bi->domains[0].kernel = &bi->mods[i]; + bi->domains[0].capabilities |= BUILD_CAPS_CONTROL; bi->nr_domains = 1; } - } /* diff --git a/xen/arch/x86/domain_builder/fdt.c b/xen/arch/x86/domain_builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain_builder/fdt.c +++ b/xen/arch/x86/domain_builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( bd->max_vcpus = val; printk(" max vcpus: %d\n", bd->max_vcpus); } + if ( match_fdt_property(fdt, prop, "capabilities" ) ) + { + if ( fdt_prop_as_u32(prop, &bd->capabilities) != 0 ) + { + printk(" failed processing domain id for domain %s\n", + name == NULL ? "unknown" : name); + return -EINVAL; + } + printk(" caps: "); + if ( bd->capabilities & BUILD_CAPS_CONTROL ) + printk("c"); + printk("\n"); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_domain { domid_t domid; +#define BUILD_CAPS_NONE (0) +#define BUILD_CAPS_CONTROL (1 << 0) + uint32_t capabilities; + /* On | Off */ #define BUILD_MODE_PARAVIRT (1 << 0) /* PV | PVH/HVM */ #define BUILD_MODE_ENABLE_DM (1 << 1) /* HVM | PVH */ diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static size_t __init domain_cmdline_size( static struct domain *__init create_dom0(struct boot_info *bi) { char *cmdline = NULL; + int create_flags = 0; struct xen_domctl_createdomain dom0_cfg = { .flags = IS_ENABLED(CONFIG_TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0, .max_evtchn_port = -1, @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) /* Create initial domain. Not d0 for pvshim. */ if ( bd->domid == DOMID_INVALID ) bd->domid = get_initial_domain_id(); - d = domain_create(bd->domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); + if ( bd->capabilities & BUILD_CAPS_CONTROL ) + create_flags |= CDF_privileged; + d = domain_create(bd->domid, &dom0_cfg, + pv_shim ? 0 : create_flags); if ( IS_ERR(d) ) panic("Error creating d%u: %ld\n", bd->domid, PTR_ERR(d)); -- 2.30.2 The Hyperlaunch device tree for dom0 series is the second split out for the introduction of the Hyperlaunch domain builder logic. These changes focus on introducing the ability to express a domain configuration that is then used to populate the struct boot_domain structure for dom0. This ability to express a domain configuration provides the next step towards a general domain builder. The splitting of Hyperlaunch into a set of series are twofold, to reduce the effort in reviewing a much larger series, and to reduce the effort in handling the knock-on effects to the construction logic from requested review changes. Much thanks to AMD for supporting this work. Documentation on Hyperlaunch: https://wiki.xenproject.org/wiki/Hyperlaunch Original Hyperlaunch v1 patch series: https://lists.xenproject.org/archives/html/xen-devel/2022-07/msg00345.html V/r, Daniel P. Smith Daniel P. Smith (15): x86/boot: introduce boot domain x86/boot: introduce domid field to struct boot_domain x86/boot: add cmdline to struct boot_domain kconfig: introduce option to independently enable libfdt kconfig: introduce domain builder config option x86/hyperlaunch: introduce the domain builder x86/hyperlaunch: initial support for hyperlaunch device tree x86/hyperlaunch: locate dom0 kernel with hyperlaunch x86/hyperlaunch: obtain cmdline from device tree x86/hyperlaunch: locate dom0 initrd with hyperlaunch x86/hyperlaunch: add domain id parsing to domain config x86/hyperlaunch: specify dom0 mode with device tree x86/hyperlaunch: add memory parsing to domain config x86/hyperlaunch: add max vcpu parsing of hyperlaunch device tree x86/hyperlaunch: add capabilities to boot domain xen/arch/x86/Kconfig | 2 + xen/arch/x86/Makefile | 2 + xen/arch/x86/dom0_build.c | 19 +- xen/arch/x86/domain-builder/Kconfig | 15 + xen/arch/x86/domain-builder/Makefile | 3 + xen/arch/x86/domain-builder/core.c | 112 +++++++ xen/arch/x86/domain-builder/fdt.c | 389 +++++++++++++++++++++++ xen/arch/x86/domain-builder/fdt.h | 53 +++ xen/arch/x86/hvm/dom0_build.c | 37 +-- xen/arch/x86/include/asm/bootdomain.h | 49 +++ xen/arch/x86/include/asm/bootinfo.h | 15 +- xen/arch/x86/include/asm/dom0_build.h | 6 +- xen/arch/x86/include/asm/domainbuilder.h | 12 + xen/arch/x86/include/asm/setup.h | 4 +- xen/arch/x86/pv/dom0_build.c | 28 +- xen/arch/x86/setup.c | 162 ++++++---- xen/common/Kconfig | 4 + xen/common/Makefile | 2 +- xen/include/xen/libfdt/libfdt-xen.h | 118 +++++++ 19 files changed, 922 insertions(+), 110 deletions(-) create mode 100644 xen/arch/x86/domain-builder/Kconfig create mode 100644 xen/arch/x86/domain-builder/Makefile create mode 100644 xen/arch/x86/domain-builder/core.c create mode 100644 xen/arch/x86/domain-builder/fdt.c create mode 100644 xen/arch/x86/domain-builder/fdt.h create mode 100644 xen/arch/x86/include/asm/bootdomain.h create mode 100644 xen/arch/x86/include/asm/domainbuilder.h -- 2.30.2 To begin moving toward allowing the hypervisor to construct more than one domain at boot, a container is needed for a domain's build information. Introduce a new header, <xen/asm/bootdomain.h>, that contains the initial struct boot_domain that encapsulate the build information for a domain. Add a kernel and ramdisk boot module reference along with a struct domain reference to the new struct boot_domain. This allows a struct boot_domain reference to be the only parameter necessary to pass down through the domain construction call chain. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since dom0 device tree v1: - dropped unnecessary forward declarations - moved pvh_load_kernel() changes forward to this commit Changes since boot modules v9 - dropped unlikely Changes since v8: - code style correction --- xen/arch/x86/dom0_build.c | 8 +++++--- xen/arch/x86/hvm/dom0_build.c | 23 ++++++++-------------- xen/arch/x86/include/asm/bootdomain.h | 28 +++++++++++++++++++++++++++ xen/arch/x86/include/asm/bootinfo.h | 5 +++++ xen/arch/x86/include/asm/dom0_build.h | 6 +++--- xen/arch/x86/include/asm/setup.h | 4 ++-- xen/arch/x86/pv/dom0_build.c | 24 ++++++++--------------- xen/arch/x86/setup.c | 24 ++++++++++------------- 8 files changed, 69 insertions(+), 53 deletions(-) create mode 100644 xen/arch/x86/include/asm/bootdomain.h diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -XXX,XX +XXX,XX @@ #include <xen/softirq.h> #include <asm/amd.h> +#include <asm/bootinfo.h> #include <asm/dom0_build.h> #include <asm/guest.h> #include <asm/hpet.h> @@ -XXX,XX +XXX,XX @@ int __init dom0_setup_permissions(struct domain *d) return rc; } -int __init construct_dom0(struct boot_info *bi, struct domain *d) +int __init construct_dom0(struct boot_domain *bd) { int rc; + const struct domain *d = bd->d; /* Sanity! */ BUG_ON(!pv_shim && d->domain_id != 0); @@ -XXX,XX +XXX,XX @@ int __init construct_dom0(struct boot_info *bi, struct domain *d) process_pending_softirqs(); if ( is_hvm_domain(d) ) - rc = dom0_construct_pvh(bi, d); + rc = dom0_construct_pvh(bd); else if ( is_pv_domain(d) ) - rc = dom0_construct_pv(bi, d); + rc = dom0_construct_pv(bd); else panic("Cannot construct Dom0. No guest interface available\n"); diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -XXX,XX +XXX,XX @@ static bool __init check_and_adjust_load_address( } static int __init pvh_load_kernel( - struct domain *d, struct boot_module *image, struct boot_module *initrd, - paddr_t *entry, paddr_t *start_info_addr) + struct boot_domain *bd, paddr_t *entry, paddr_t *start_info_addr) { + struct domain *d = bd->d; + struct boot_module *image = bd->kernel; + struct boot_module *initrd = bd->ramdisk; void *image_base = bootstrap_map_bm(image); void *image_start = image_base + image->headroom; unsigned long image_len = image->size; @@ -XXX,XX +XXX,XX @@ static void __hwdom_init pvh_setup_mmcfg(struct domain *d) } } -int __init dom0_construct_pvh(struct boot_info *bi, struct domain *d) +int __init dom0_construct_pvh(struct boot_domain *bd) { paddr_t entry, start_info; - struct boot_module *image; - struct boot_module *initrd = NULL; - unsigned int idx; + struct domain *d = bd->d; int rc; printk(XENLOG_INFO "*** Building a PVH Dom%d ***\n", d->domain_id); - idx = first_boot_module_index(bi, BOOTMOD_KERNEL); - if ( idx >= bi->nr_modules ) + if ( bd->kernel == NULL ) panic("Missing kernel boot module for %pd construction\n", d); - image = &bi->mods[idx]; - - idx = first_boot_module_index(bi, BOOTMOD_RAMDISK); - if ( idx < bi->nr_modules ) - initrd = &bi->mods[idx]; - if ( is_hardware_domain(d) ) { /* @@ -XXX,XX +XXX,XX @@ int __init dom0_construct_pvh(struct boot_info *bi, struct domain *d) return rc; } - rc = pvh_load_kernel(d, image, initrd, &entry, &start_info); + rc = pvh_load_kernel(bd, &entry, &start_info); if ( rc ) { printk("Failed to load Dom0 kernel\n"); diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (c) 2024 Apertus Solutions, LLC + * Author: Daniel P. Smith <dpsmith@apertussolutions.com> + * Copyright (c) 2024 Christopher Clark <christopher.w.clark@gmail.com> + */ + +#ifndef __XEN_X86_BOOTDOMAIN_H__ +#define __XEN_X86_BOOTDOMAIN_H__ + +struct boot_domain { + struct boot_module *kernel; + struct boot_module *ramdisk; + + struct domain *d; +}; + +#endif + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootinfo.h +++ b/xen/arch/x86/include/asm/bootinfo.h @@ -XXX,XX +XXX,XX @@ #include <xen/init.h> #include <xen/multiboot.h> #include <xen/types.h> +#include <asm/bootdomain.h> /* Max number of boot modules a bootloader can provide in addition to Xen */ #define MAX_NR_BOOTMODS 63 +/* Max number of boot domains that Xen can construct */ +#define MAX_NR_BOOTDOMS 1 + /* Boot module binary type / purpose */ enum bootmod_type { BOOTMOD_UNKNOWN, @@ -XXX,XX +XXX,XX @@ struct boot_info { unsigned int nr_modules; struct boot_module mods[MAX_NR_BOOTMODS + 1]; + struct boot_domain domains[MAX_NR_BOOTDOMS]; }; /* diff --git a/xen/arch/x86/include/asm/dom0_build.h b/xen/arch/x86/include/asm/dom0_build.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/dom0_build.h +++ b/xen/arch/x86/include/asm/dom0_build.h @@ -XXX,XX +XXX,XX @@ unsigned long dom0_compute_nr_pages(struct domain *d, unsigned long initrd_len); int dom0_setup_permissions(struct domain *d); -struct boot_info; -int dom0_construct_pv(struct boot_info *bi, struct domain *d); -int dom0_construct_pvh(struct boot_info *bi, struct domain *d); +struct boot_domain; +int dom0_construct_pv(struct boot_domain *bd); +int dom0_construct_pvh(struct boot_domain *bd); unsigned long dom0_paging_pages(const struct domain *d, unsigned long nr_pages); diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -XXX,XX +XXX,XX @@ void subarch_init_memory(void); void init_IRQ(void); -struct boot_info; -int construct_dom0(struct boot_info *bi, struct domain *d); +struct boot_domain; +int construct_dom0(struct boot_domain *bd); void setup_io_bitmap(struct domain *d); diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -XXX,XX +XXX,XX @@ static struct page_info * __init alloc_chunk(struct domain *d, return page; } -static int __init dom0_construct(struct boot_info *bi, struct domain *d) +static int __init dom0_construct(struct boot_domain *bd) { unsigned int i; int rc, order, machine; @@ -XXX,XX +XXX,XX @@ static int __init dom0_construct(struct boot_info *bi, struct domain *d) struct page_info *page = NULL; unsigned int flush_flags = 0; start_info_t *si; + struct domain *d = bd->d; struct vcpu *v = d->vcpu[0]; - struct boot_module *image; - struct boot_module *initrd = NULL; + struct boot_module *image = bd->kernel; + struct boot_module *initrd = bd->ramdisk; void *image_base; unsigned long image_len; void *image_start; - unsigned long initrd_len = 0; + unsigned long initrd_len = initrd ? initrd->size : 0; l4_pgentry_t *l4tab = NULL, *l4start = NULL; l3_pgentry_t *l3tab = NULL, *l3start = NULL; @@ -XXX,XX +XXX,XX @@ static int __init dom0_construct(struct boot_info *bi, struct domain *d) printk(XENLOG_INFO "*** Building a PV Dom%d ***\n", d->domain_id); - i = first_boot_module_index(bi, BOOTMOD_KERNEL); - if ( i >= bi->nr_modules ) + if ( !image ) panic("Missing kernel boot module for %pd construction\n", d); - image = &bi->mods[i]; image_base = bootstrap_map_bm(image); image_len = image->size; image_start = image_base + image->headroom; - i = first_boot_module_index(bi, BOOTMOD_RAMDISK); - if ( i < bi->nr_modules ) - { - initrd = &bi->mods[i]; - initrd_len = initrd->size; - } - d->max_pages = ~0U; if ( (rc = bzimage_parse(image_base, &image_start, &image_len)) != 0 ) @@ -XXX,XX +XXX,XX @@ out: return rc; } -int __init dom0_construct_pv(struct boot_info *bi, struct domain *d) +int __init dom0_construct_pv(struct boot_domain *bd) { unsigned long cr4 = read_cr4(); int rc; @@ -XXX,XX +XXX,XX @@ int __init dom0_construct_pv(struct boot_info *bi, struct domain *d) write_cr4(cr4 & ~X86_CR4_SMAP); } - rc = dom0_construct(bi, d); + rc = dom0_construct(bd); if ( cr4 & X86_CR4_SMAP ) { diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) .misc_flags = opt_dom0_msr_relaxed ? XEN_X86_MSR_RELAXED : 0, }, }; + struct boot_domain *bd = &bi->domains[0]; struct domain *d; domid_t domid; - struct boot_module *image; - unsigned int idx; - - idx = first_boot_module_index(bi, BOOTMOD_KERNEL); - if ( idx >= bi->nr_modules ) - panic("Missing kernel boot module for building domain\n"); - - image = &bi->mods[idx]; if ( opt_dom0_pvh ) { @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) panic("Error creating d%uv0\n", domid); /* Grab the DOM0 command line. */ - if ( image->cmdline_pa || bi->kextra ) + if ( bd->kernel->cmdline_pa || bi->kextra ) { - if ( image->cmdline_pa ) - safe_strcpy( - cmdline, cmdline_cook(__va(image->cmdline_pa), bi->loader)); + if ( bd->kernel->cmdline_pa ) + safe_strcpy(cmdline, + cmdline_cook(__va(bd->kernel->cmdline_pa), bi->loader)); if ( bi->kextra ) /* kextra always includes exactly one leading space. */ @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) safe_strcat(cmdline, acpi_param); } - image->cmdline_pa = __pa(cmdline); + bd->kernel->cmdline_pa = __pa(cmdline); } - if ( construct_dom0(bi, d) != 0 ) + bd->d = d; + if ( construct_dom0(bd) != 0 ) panic("Could not construct domain 0\n"); return d; @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) /* Dom0 kernel is always first */ bi->mods[0].type = BOOTMOD_KERNEL; + bi->domains[0].kernel = &bi->mods[0]; if ( pvh_boot ) { @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) if ( initrdidx < MAX_NR_BOOTMODS ) { bi->mods[initrdidx].type = BOOTMOD_RAMDISK; + bi->domains[0].ramdisk = &bi->mods[initrdidx]; if ( first_boot_module_index(bi, BOOTMOD_UNKNOWN) < MAX_NR_BOOTMODS ) printk(XENLOG_WARNING "Multiple initrd candidates, picking module #%u\n", -- 2.30.2 Add a domid field to struct boot_domain to hold the assigned domain id for the domain. During initialization, ensure all instances of struct boot_domain have the invalid domid to ensure that the domid must be set either by convention or configuration. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v1 dom0 device tree: - made .domid part of the static init of xen_boot_info Changes since v9 boot modules - missing include for domid_t def --- xen/arch/x86/include/asm/bootdomain.h | 4 ++++ xen/arch/x86/setup.c | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ * Copyright (c) 2024 Christopher Clark <christopher.w.clark@gmail.com> */ +#include <public/xen.h> + #ifndef __XEN_X86_BOOTDOMAIN_H__ #define __XEN_X86_BOOTDOMAIN_H__ struct boot_domain { + domid_t domid; + struct boot_module *kernel; struct boot_module *ramdisk; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static const char *cmdline_cook(const char *p, const char *loader_name); struct boot_info __initdata xen_boot_info = { .loader = "unknown", .cmdline = "", + .domains = { {.domid = DOMID_INVALID} }, }; static struct boot_info *__init multiboot_fill_boot_info( @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) }; struct boot_domain *bd = &bi->domains[0]; struct domain *d; - domid_t domid; if ( opt_dom0_pvh ) { @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; /* Create initial domain. Not d0 for pvshim. */ - domid = get_initial_domain_id(); - d = domain_create(domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); + bd->domid = get_initial_domain_id(); + d = domain_create(bd->domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); if ( IS_ERR(d) ) - panic("Error creating d%u: %ld\n", domid, PTR_ERR(d)); + panic("Error creating d%u: %ld\n", bd->domid, PTR_ERR(d)); init_dom0_cpuid_policy(d); if ( alloc_dom0_vcpu0(d) == NULL ) - panic("Error creating d%uv0\n", domid); + panic("Error creating d%uv0\n", bd->domid); /* Grab the DOM0 command line. */ if ( bd->kernel->cmdline_pa || bi->kextra ) -- 2.30.2 Add a container for the "cooked" command line for a domain. This provides for the backing memory to be directly associated with the domain being constructed. This is done in anticipation that the domain construction path may need to be invoked multiple times, thus ensuring each instance had a distinct memory allocation. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- Changes since dom0 device tree v1: - switched over to bd->cmdline in pvh_load_kernel - moved cmdline processing under if, eliminating goto - zero-ed cmdline_pa for kernel module after cmdline processing Changes since v9 boot modules: - convert pvh_load_kernel to boot domain to directly use cmdline - adjustments to domain_cmdline_size - remove ASSERT and return 0 instead - use strlen() of values instead of hardcoded sizes - update cmdline parsing check to inspect multiboot string and not just pointer - add goto to skip cmdline processing if domain_cmdline_size returns 0 - drop updating cmdline_pa with dynamic buffer with change of its last consumer pvh_load_kernel Changes since v8: - switch to a dynamically allocated buffer - dropped local cmdline var in pv dom0_construct() Changes since v7: - updated commit message to expand on intent and purpose --- xen/arch/x86/hvm/dom0_build.c | 14 ++--- xen/arch/x86/include/asm/bootdomain.h | 2 + xen/arch/x86/pv/dom0_build.c | 4 +- xen/arch/x86/setup.c | 78 +++++++++++++++++++-------- 4 files changed, 66 insertions(+), 32 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -XXX,XX +XXX,XX @@ static int __init pvh_load_kernel( void *image_start = image_base + image->headroom; unsigned long image_len = image->size; unsigned long initrd_len = initrd ? initrd->size : 0; - const char *cmdline = image->cmdline_pa ? __va(image->cmdline_pa) : NULL; struct elf_binary elf; struct elf_dom_parms parms; paddr_t last_addr; @@ -XXX,XX +XXX,XX @@ static int __init pvh_load_kernel( (initrd ? ROUNDUP(initrd_len, PAGE_SIZE) + sizeof(mod) : 0) + - (cmdline ? ROUNDUP(strlen(cmdline) + 1, - elf_64bit(&elf) ? 8 : 4) - : 0)); + (bd->cmdline ? ROUNDUP(strlen(bd->cmdline) + 1, + elf_64bit(&elf) ? 8 : 4) + : 0)); if ( last_addr == INVALID_PADDR ) { printk("Unable to find a memory region to load initrd and metadata\n"); @@ -XXX,XX +XXX,XX @@ static int __init pvh_load_kernel( /* Free temporary buffers. */ free_boot_modules(); - if ( cmdline != NULL ) + if ( bd->cmdline != NULL ) { - rc = hvm_copy_to_guest_phys(last_addr, cmdline, strlen(cmdline) + 1, v); + rc = hvm_copy_to_guest_phys( + last_addr, bd->cmdline, strlen(bd->cmdline) + 1, v); if ( rc ) { printk("Unable to copy guest command line\n"); @@ -XXX,XX +XXX,XX @@ static int __init pvh_load_kernel( * Round up to 32/64 bits (depending on the guest kernel bitness) so * the modlist/start_info is aligned. */ - last_addr += ROUNDUP(strlen(cmdline) + 1, elf_64bit(&elf) ? 8 : 4); + last_addr += ROUNDUP(strlen(bd->cmdline) + 1, elf_64bit(&elf) ? 8 : 4); } if ( initrd != NULL ) { diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ #define __XEN_X86_BOOTDOMAIN_H__ struct boot_domain { + const char *cmdline; + domid_t domid; struct boot_module *kernel; diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -XXX,XX +XXX,XX @@ static int __init dom0_construct(struct boot_domain *bd) } memset(si->cmd_line, 0, sizeof(si->cmd_line)); - if ( image->cmdline_pa ) - strlcpy((char *)si->cmd_line, __va(image->cmdline_pa), sizeof(si->cmd_line)); + if ( bd->cmdline ) + strlcpy((char *)si->cmd_line, bd->cmdline, sizeof(si->cmd_line)); #ifdef CONFIG_VIDEO if ( !pv_shim && fill_console_start_info((void *)(si + 1)) ) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static unsigned int __init copy_bios_e820(struct e820entry *map, unsigned int li return n; } -static struct domain *__init create_dom0(struct boot_info *bi) +static size_t __init domain_cmdline_size( + struct boot_info *bi, struct boot_domain *bd) { - static char __initdata cmdline[MAX_GUEST_CMDLINE]; + size_t s = bi->kextra ? strlen(bi->kextra) : 0; + + s += bd->kernel->cmdline_pa ? strlen(__va(bd->kernel->cmdline_pa)) : 0; + + if ( s == 0 ) + return s; + + /* + * Certain parameters from the Xen command line may be added to the dom0 + * command line. Add additional space for the possible cases along with one + * extra char to hold \0. + */ + s += strlen(" noapic") + strlen(" acpi=") + sizeof(acpi_param) + 1; + return s; +} + +static struct domain *__init create_dom0(struct boot_info *bi) +{ + char *cmdline = NULL; struct xen_domctl_createdomain dom0_cfg = { .flags = IS_ENABLED(CONFIG_TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0, .max_evtchn_port = -1, @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) panic("Error creating d%uv0\n", bd->domid); /* Grab the DOM0 command line. */ - if ( bd->kernel->cmdline_pa || bi->kextra ) + if ( (bd->kernel->cmdline_pa && + ((char *)__va(bd->kernel->cmdline_pa))[0]) || + bi->kextra ) { - if ( bd->kernel->cmdline_pa ) - safe_strcpy(cmdline, - cmdline_cook(__va(bd->kernel->cmdline_pa), bi->loader)); + size_t cmdline_size = domain_cmdline_size(bi, bd); + + if ( cmdline_size ) + { + if ( !(cmdline = xzalloc_array(char, cmdline_size)) ) + panic("Error allocating cmdline buffer for %pd\n", d); - if ( bi->kextra ) - /* kextra always includes exactly one leading space. */ - safe_strcat(cmdline, bi->kextra); + if ( bd->kernel->cmdline_pa ) + strlcpy(cmdline, + cmdline_cook(__va(bd->kernel->cmdline_pa), bi->loader), + cmdline_size); - /* Append any extra parameters. */ - if ( skip_ioapic_setup && !strstr(cmdline, "noapic") ) - safe_strcat(cmdline, " noapic"); + if ( bi->kextra ) + /* kextra always includes exactly one leading space. */ + strlcat(cmdline, bi->kextra, cmdline_size); - if ( (strlen(acpi_param) == 0) && acpi_disabled ) - { - printk("ACPI is disabled, notifying Domain 0 (acpi=off)\n"); - safe_strcpy(acpi_param, "off"); - } + /* Append any extra parameters. */ + if ( skip_ioapic_setup && !strstr(cmdline, "noapic") ) + strlcat(cmdline, " noapic", cmdline_size); - if ( (strlen(acpi_param) != 0) && !strstr(cmdline, "acpi=") ) - { - safe_strcat(cmdline, " acpi="); - safe_strcat(cmdline, acpi_param); - } + if ( (strlen(acpi_param) == 0) && acpi_disabled ) + { + printk("ACPI is disabled, notifying Domain 0 (acpi=off)\n"); + safe_strcpy(acpi_param, "off"); + } - bd->kernel->cmdline_pa = __pa(cmdline); + if ( (strlen(acpi_param) != 0) && !strstr(cmdline, "acpi=") ) + { + strlcat(cmdline, " acpi=", cmdline_size); + strlcat(cmdline, acpi_param, cmdline_size); + } + bd->kernel->cmdline_pa = 0; + bd->cmdline = cmdline; + } } bd->d = d; if ( construct_dom0(bd) != 0 ) panic("Could not construct domain 0\n"); + xfree(cmdline); + return d; } -- 2.30.2 Currently, the inclusion of libfdt is controlled by the CONFIG_HAS_DEVICE_TREE kconfig flag. This flag also changes behavior in a few places, such as boot module processing for XSM. To support the ability to include libfdt without changing these behaviors, introduce CONFIG_LIB_DEVICE_TREE. The inclusion of libfdt is then moved under CONFIG_LIB_DEVICE_TREE. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v1: - grammar and spelling fixes to commit message - corrected indentation to Kconfig format - relocated LIB_DEVICE_TREE to alphabet ordered location --- xen/common/Kconfig | 4 ++++ xen/common/Makefile | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -XXX,XX +XXX,XX @@ config HAS_COMPAT config HAS_DEVICE_TREE bool + select LIB_DEVICE_TREE config HAS_DIT # Data Independent Timing bool @@ -XXX,XX +XXX,XX @@ config HAS_UBSAN config HAS_VMAP bool +config LIB_DEVICE_TREE + bool + config MEM_ACCESS_ALWAYS_ON bool diff --git a/xen/common/Makefile b/xen/common/Makefile index XXXXXXX..XXXXXXX 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -XXX,XX +XXX,XX @@ obj-y += sched/ obj-$(CONFIG_UBSAN) += ubsan/ obj-$(CONFIG_NEEDS_LIBELF) += libelf/ -obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ +obj-$(CONFIG_LIB_DEVICE_TREE) += libfdt/ CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(objtree)/)$(KCONFIG_CONFIG) $(obj)/config.gz: $(CONF_FILE) -- 2.30.2 Hyperlaunch domain builder will be the consolidated boot time domain building logic framework. Introduces the config option to enable this domain builder to and turn on the ability to load the domain configuration via a flattened device tree. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- Changes since v1: - fixed Kconfig indentation - change directory name to use - instead of _ --- xen/arch/x86/Kconfig | 2 ++ xen/arch/x86/domain-builder/Kconfig | 15 +++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 xen/arch/x86/domain-builder/Kconfig diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -XXX,XX +XXX,XX @@ config ALTP2M If unsure, stay with defaults. +source "arch/x86/domain_builder/Kconfig" + endmenu source "common/Kconfig" diff --git a/xen/arch/x86/domain-builder/Kconfig b/xen/arch/x86/domain-builder/Kconfig new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain-builder/Kconfig @@ -XXX,XX +XXX,XX @@ + +menu "Domain Builder Features" + +config DOMAIN_BUILDER + bool "Domain builder (UNSUPPORTED)" if UNSUPPORTED + select LIB_DEVICE_TREE + help + Enables the domain builder capability to configure boot domain + construction using a flattened device tree. + + This feature is currently experimental. + + If unsure, say N. + +endmenu -- 2.30.2 Introduce the domain builder which is capable of consuming a device tree as the first boot module. If it finds a device tree as the first boot module, it will set its type to BOOTMOD_FDT. This change only detects the boot module and continues to boot with slight change to the boot convention that the dom0 kernel is no longer first boot module but is the second. No functional change intended. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v1: - coding style compliance - removed unnecessary include of rangeset.h - fixed a missed change from 0 to i - add missing const - remove unnecessary first_boot_module_index() usages --- xen/arch/x86/Kconfig | 2 +- xen/arch/x86/Makefile | 2 + xen/arch/x86/domain-builder/Makefile | 3 ++ xen/arch/x86/domain-builder/core.c | 57 ++++++++++++++++++++++++ xen/arch/x86/domain-builder/fdt.c | 37 +++++++++++++++ xen/arch/x86/domain-builder/fdt.h | 21 +++++++++ xen/arch/x86/include/asm/bootinfo.h | 3 ++ xen/arch/x86/include/asm/domainbuilder.h | 8 ++++ xen/arch/x86/setup.c | 17 ++++--- 9 files changed, 143 insertions(+), 7 deletions(-) create mode 100644 xen/arch/x86/domain-builder/Makefile create mode 100644 xen/arch/x86/domain-builder/core.c create mode 100644 xen/arch/x86/domain-builder/fdt.c create mode 100644 xen/arch/x86/domain-builder/fdt.h create mode 100644 xen/arch/x86/include/asm/domainbuilder.h diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -XXX,XX +XXX,XX @@ config ALTP2M If unsure, stay with defaults. -source "arch/x86/domain_builder/Kconfig" +source "arch/x86/domain-builder/Kconfig" endmenu diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o obj-y += sysctl.o endif +obj-y += domain-builder/ + extra-y += asm-macros.i extra-y += xen.lds diff --git a/xen/arch/x86/domain-builder/Makefile b/xen/arch/x86/domain-builder/Makefile new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain-builder/Makefile @@ -XXX,XX +XXX,XX @@ +obj-$(CONFIG_DOMAIN_BUILDER) += fdt.init.o +obj-y += core.init.o + diff --git a/xen/arch/x86/domain-builder/core.c b/xen/arch/x86/domain-builder/core.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain-builder/core.c @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024, Apertus Solutions, LLC + */ +#include <xen/err.h> +#include <xen/init.h> +#include <xen/kconfig.h> +#include <xen/lib.h> + +#include <asm/bootinfo.h> + +#include "fdt.h" + +void __init builder_init(struct boot_info *bi) +{ + if ( IS_ENABLED(CONFIG_DOMAIN_BUILDER) ) + { + int ret; + + switch ( ret = has_hyperlaunch_fdt(bi) ) + { + case 0: + printk("Hyperlaunch device tree detected\n"); + bi->hyperlaunch_enabled = true; + bi->mods[0].type = BOOTMOD_FDT; + break; + + case -EINVAL: + printk("Hyperlaunch device tree was not detected\n"); + bi->hyperlaunch_enabled = false; + break; + + case -ENOENT: + case -ENODATA: + printk("Device tree found, but not hyperlaunch (%d)\n", ret); + bi->hyperlaunch_enabled = false; + bi->mods[0].type = BOOTMOD_FDT; + break; + + default: + printk("Unknown error (%d) occured checking for hyperlaunch device tree\n", + ret); + bi->hyperlaunch_enabled = false; + break; + } + } +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024, Apertus Solutions, LLC + */ +#include <xen/err.h> +#include <xen/init.h> +#include <xen/lib.h> +#include <xen/libfdt/libfdt.h> + +#include <asm/bootinfo.h> +#include <asm/page.h> +#include <asm/setup.h> + +#include "fdt.h" + +int __init has_hyperlaunch_fdt(struct boot_info *bi) +{ + int ret = 0; + const void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); + + if ( fdt_check_header(fdt) < 0 ) + ret = -EINVAL; + + bootstrap_unmap(); + + return ret; +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/domain-builder/fdt.h b/xen/arch/x86/domain-builder/fdt.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/domain-builder/fdt.h @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-2-Clause) */ +#ifndef __XEN_X86_FDT_H__ +#define __XEN_X86_FDT_H__ + +#include <xen/init.h> + +#include <asm/bootinfo.h> + +/* hyperlaunch fdt is required to be module 0 */ +#define HYPERLAUNCH_MODULE_IDX 0 + +#ifdef CONFIG_DOMAIN_BUILDER +int has_hyperlaunch_fdt(struct boot_info *bi); +#else +static inline int __init has_hyperlaunch_fdt(struct boot_info *bi) +{ + return -EINVAL; +} +#endif + +#endif /* __XEN_X86_FDT_H__ */ diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootinfo.h +++ b/xen/arch/x86/include/asm/bootinfo.h @@ -XXX,XX +XXX,XX @@ enum bootmod_type { BOOTMOD_RAMDISK, BOOTMOD_MICROCODE, BOOTMOD_XSM_POLICY, + BOOTMOD_FDT, }; struct boot_module { @@ -XXX,XX +XXX,XX @@ struct boot_info { paddr_t memmap_addr; size_t memmap_length; + bool hyperlaunch_enabled; + unsigned int nr_modules; struct boot_module mods[MAX_NR_BOOTMODS + 1]; struct boot_domain domains[MAX_NR_BOOTDOMS]; diff --git a/xen/arch/x86/include/asm/domainbuilder.h b/xen/arch/x86/include/asm/domainbuilder.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/xen/arch/x86/include/asm/domainbuilder.h @@ -XXX,XX +XXX,XX @@ +#ifndef __XEN_X86_DOMBUILDER_H__ +#define __XEN_X86_DOMBUILDER_H__ + +#include <asm/bootinfo.h> + +void builder_init(struct boot_info *bi); + +#endif diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ #endif #include <xen/bitops.h> #include <asm/bootinfo.h> +#include <asm/domainbuilder.h> #include <asm/smp.h> #include <asm/processor.h> #include <asm/mpspec.h> @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) bi->nr_modules); } - /* Dom0 kernel is always first */ - bi->mods[0].type = BOOTMOD_KERNEL; - bi->domains[0].kernel = &bi->mods[0]; + builder_init(bi); + + /* Find first unknown boot module to use as Dom0 kernel */ + i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); + bi->mods[i].type = BOOTMOD_KERNEL; + bi->domains[0].kernel = &bi->mods[i]; if ( pvh_boot ) { @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) xen->size = __2M_rwdata_end - _stext; } - bi->mods[0].headroom = - bzimage_headroom(bootstrap_map_bm(&bi->mods[0]), bi->mods[0].size); + bi->domains[0].kernel->headroom = + bzimage_headroom(bootstrap_map_bm(bi->domains[0].kernel), + bi->domains[0].kernel->size); bootstrap_unmap(); #ifndef highmem_start @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) #endif } - if ( bi->mods[0].headroom && !bi->mods[0].relocated ) + if ( bi->domains[0].kernel->headroom && !bi->domains[0].kernel->relocated ) panic("Not enough memory to relocate the dom0 kernel image\n"); for ( i = 0; i < bi->nr_modules; ++i ) { -- 2.30.2 Add the ability to detect both a formal hyperlaunch device tree or a dom0less device tree. If the hyperlaunch device tree is found, then count the number of domain entries, reporting an error if more than one is found. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- Changes since v1: - corrected typo in error message - clarified commit message on "reporting" - added missing inline decl - code style --- xen/arch/x86/domain-builder/core.c | 15 +++++++ xen/arch/x86/domain-builder/fdt.c | 65 ++++++++++++++++++++++++++++- xen/arch/x86/domain-builder/fdt.h | 5 +++ xen/arch/x86/include/asm/bootinfo.h | 1 + 4 files changed, 85 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/domain-builder/core.c b/xen/arch/x86/domain-builder/core.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/core.c +++ b/xen/arch/x86/domain-builder/core.c @@ -XXX,XX +XXX,XX @@ void __init builder_init(struct boot_info *bi) break; } } + + if ( bi->hyperlaunch_enabled ) + { + int ret; + + printk(XENLOG_INFO "Hyperlaunch configuration:\n"); + if ( (ret = walk_hyperlaunch_fdt(bi)) < 0 ) + { + printk(XENLOG_INFO " walk of device tree failed (%d)\n", ret); + bi->hyperlaunch_enabled = false; + return; + } + + printk(XENLOG_INFO " Number of domains: %d\n", bi->nr_domains); + } } /* diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ #include "fdt.h" +static int __init find_hyperlaunch_node(const void *fdt) +{ + int hv_node = fdt_path_offset(fdt, "/chosen/hypervisor"); + + if ( hv_node >= 0 ) + { + /* Anything other than zero indicates no match */ + if ( fdt_node_check_compatible(fdt, hv_node, "hypervisor,xen") ) + return -ENODATA; + else + return hv_node; + } + else + { + /* Lood for dom0less config */ + int node, chosen_node = fdt_path_offset(fdt, "/chosen"); + if ( chosen_node < 0 ) + return -ENOENT; + + fdt_for_each_subnode(node, fdt, chosen_node) + { + if ( fdt_node_check_compatible(fdt, node, "xen,domain") == 0 ) + return chosen_node; + } + } + + return -ENODATA; +} + int __init has_hyperlaunch_fdt(struct boot_info *bi) { int ret = 0; const void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); - if ( fdt_check_header(fdt) < 0 ) + if ( !fdt || fdt_check_header(fdt) < 0 ) ret = -EINVAL; + else + ret = find_hyperlaunch_node(fdt); + + bootstrap_unmap(); + + return ret < 0 ? ret : 0; +} + +int __init walk_hyperlaunch_fdt(struct boot_info *bi) +{ + int ret = 0, hv_node, node; + void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); + + if ( unlikely(!fdt) ) + return -EINVAL; + + hv_node = find_hyperlaunch_node(fdt); + if ( hv_node < 0 ) + { + ret = hv_node; + goto err_out; + } + + fdt_for_each_subnode(node, fdt, hv_node) + { + ret = fdt_node_check_compatible(fdt, node, "xen,domain"); + if ( ret == 0 ) + bi->nr_domains++; + } + + /* Until multi-domain construction is added, throw an error */ + if ( !bi->nr_domains || bi->nr_domains > 1 ) + printk(XENLOG_ERR "Hyperlaunch only supports dom0 construction\n"); + err_out: bootstrap_unmap(); return ret; diff --git a/xen/arch/x86/domain-builder/fdt.h b/xen/arch/x86/domain-builder/fdt.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.h +++ b/xen/arch/x86/domain-builder/fdt.h @@ -XXX,XX +XXX,XX @@ #ifdef CONFIG_DOMAIN_BUILDER int has_hyperlaunch_fdt(struct boot_info *bi); +int walk_hyperlaunch_fdt(struct boot_info *bi); #else static inline int __init has_hyperlaunch_fdt(struct boot_info *bi) { return -EINVAL; } +static inline int __init walk_hyperlaunch_fdt(struct boot_info *bi) +{ + return -EINVAL; +} #endif #endif /* __XEN_X86_FDT_H__ */ diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootinfo.h +++ b/xen/arch/x86/include/asm/bootinfo.h @@ -XXX,XX +XXX,XX @@ struct boot_info { bool hyperlaunch_enabled; unsigned int nr_modules; + unsigned int nr_domains; struct boot_module mods[MAX_NR_BOOTMODS + 1]; struct boot_domain domains[MAX_NR_BOOTDOMS]; }; -- 2.30.2 Look for a subnode of type `multiboot,kernel` within a domain node. If found, process the reg property for the MB1 module index. If the bootargs property is present and there was not an MB1 string, then use the command line from the device tree definition. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v1: - moved low-level fdt handlers to libfdt-xen.h - coding style changes - moved default to "unknown" up to a local declaration - moved the general fdt parsing code out to libfdt - reworked device tree property parsing for module index - reworked parsers to take index as parameter - parsers now return success or error value - added check if kernel was already located, warn and continue --- xen/arch/x86/domain-builder/core.c | 11 +++ xen/arch/x86/domain-builder/fdt.c | 118 ++++++++++++++++++++++++++++ xen/arch/x86/domain-builder/fdt.h | 3 + xen/arch/x86/setup.c | 5 -- xen/include/xen/libfdt/libfdt-xen.h | 76 ++++++++++++++++++ 5 files changed, 208 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/domain-builder/core.c b/xen/arch/x86/domain-builder/core.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/core.c +++ b/xen/arch/x86/domain-builder/core.c @@ -XXX,XX +XXX,XX @@ void __init builder_init(struct boot_info *bi) printk(XENLOG_INFO " Number of domains: %d\n", bi->nr_domains); } + else + { + unsigned int i; + + /* Find first unknown boot module to use as Dom0 kernel */ + printk("Falling back to using first boot module as dom0\n"); + i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); + bi->mods[i].type = BOOTMOD_KERNEL; + bi->domains[0].kernel = &bi->mods[i]; + bi->nr_domains = 1; + } } /* diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ #include "fdt.h" +static int __init hl_module_index(void *fdt, int node, uint32_t *idx) +{ + int ret = 0; + const struct fdt_property *prop = + fdt_get_property(fdt, node, "module-index", &ret); + + /* FDT error or bad idx pointer, translate to -EINVAL */ + if ( ret < 0 || idx == NULL ) + return -EINVAL; + + fdt_cell_as_u32((fdt32_t *)prop->data, idx); + + if ( *idx > MAX_NR_BOOTMODS ) + return -ERANGE; + + return 0; +} + +static int __init dom0less_module_index( + void *fdt, int node, int size_size, int address_size, uint32_t *idx) +{ + uint64_t size = ~0UL, addr = ~0UL; + int ret = + fdt_get_reg_prop(fdt, node, address_size, size_size, &addr, &size, 1); + + /* FDT error or bad idx pointer, translate to -EINVAL */ + if ( ret < 0 || idx == NULL ) + return -EINVAL; + + /* Convention is that zero size indicates address is an index */ + if ( size != 0 ) + return -EOPNOTSUPP; + + if ( addr > MAX_NR_BOOTMODS ) + return -ERANGE; + + /* + * MAX_NR_BOOTMODS cannot exceed the max for MB1, represented by a u32, + * thus the cast down to a u32 will be safe due to the prior check. + */ + *idx = (uint32_t)addr; + + return 0; +} + +static int __init process_domain_node( + struct boot_info *bi, void *fdt, int dom_node) +{ + int node; + struct boot_domain *bd = &bi->domains[bi->nr_domains]; + const char *name = fdt_get_name(fdt, dom_node, NULL) ?: "unknown"; + + fdt_for_each_subnode(node, fdt, dom_node) + { + if ( fdt_node_check_compatible(fdt, node, "multiboot,kernel") == 0 ) + { + unsigned int idx; + int ret = 0; + + if ( bd->kernel ) + { + printk(XENLOG_ERR "Duplicate kernel module for domain %s)\n", + name); + continue; + } + + /* Try hyperlaunch property, fall back to dom0less property. */ + if ( hl_module_index(fdt, node, &idx) < 0 ) + { + int address_size = fdt_address_cells(fdt, dom_node); + int size_size = fdt_size_cells(fdt, dom_node); + + if ( address_size < 0 || size_size < 0 ) + ret = -EINVAL; + else + ret = dom0less_module_index( + fdt, node, size_size, address_size, &idx); + } + + if ( ret < 0 ) + { + printk(" failed processing kernel module for domain %s)\n", + name); + return ret; + } + + if ( idx > bi->nr_modules ) + { + printk(" invalid kernel module index for domain node (%d)\n", + bi->nr_domains); + return -EINVAL; + } + + printk(" kernel: boot module %d\n", idx); + bi->mods[idx].type = BOOTMOD_KERNEL; + bd->kernel = &bi->mods[idx]; + } + } + + if ( !bd->kernel ) + { + printk(XENLOG_ERR "ERR: no kernel assigned to domain\n"); + return -EFAULT; + } + + return 0; +} + static int __init find_hyperlaunch_node(const void *fdt) { int hv_node = fdt_path_offset(fdt, "/chosen/hypervisor"); @@ -XXX,XX +XXX,XX @@ int __init walk_hyperlaunch_fdt(struct boot_info *bi) fdt_for_each_subnode(node, fdt, hv_node) { + if ( bi->nr_domains >= MAX_NR_BOOTDOMS ) + { + printk(XENLOG_WARNING "WARN: more domains defined than max allowed"); + break; + } + ret = fdt_node_check_compatible(fdt, node, "xen,domain"); if ( ret == 0 ) + { + if ( (ret = process_domain_node(bi, fdt, node)) < 0 ) + break; bi->nr_domains++; + } } /* Until multi-domain construction is added, throw an error */ diff --git a/xen/arch/x86/domain-builder/fdt.h b/xen/arch/x86/domain-builder/fdt.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.h +++ b/xen/arch/x86/domain-builder/fdt.h @@ -XXX,XX +XXX,XX @@ #define __XEN_X86_FDT_H__ #include <xen/init.h> +#include <xen/libfdt/libfdt.h> +#include <xen/libfdt/libfdt-xen.h> #include <asm/bootinfo.h> @@ -XXX,XX +XXX,XX @@ #define HYPERLAUNCH_MODULE_IDX 0 #ifdef CONFIG_DOMAIN_BUILDER + int has_hyperlaunch_fdt(struct boot_info *bi); int walk_hyperlaunch_fdt(struct boot_info *bi); #else diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) builder_init(bi); - /* Find first unknown boot module to use as Dom0 kernel */ - i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); - bi->mods[i].type = BOOTMOD_KERNEL; - bi->domains[0].kernel = &bi->mods[i]; - if ( pvh_boot ) { /* pvh_init() already filled in e820_raw */ diff --git a/xen/include/xen/libfdt/libfdt-xen.h b/xen/include/xen/libfdt/libfdt-xen.h index XXXXXXX..XXXXXXX 100644 --- a/xen/include/xen/libfdt/libfdt-xen.h +++ b/xen/include/xen/libfdt/libfdt-xen.h @@ -XXX,XX +XXX,XX @@ #include <xen/libfdt/libfdt.h> +static inline int __init fdt_cell_as_u32(const fdt32_t *cell, uint32_t *val) +{ + *val = fdt32_to_cpu(*cell); + + return 0; +} + +static inline int __init fdt_cell_as_u64(const fdt32_t *cell, uint64_t *val) +{ + *val = ((uint64_t)fdt32_to_cpu(cell[0]) << 32) | + (uint64_t)fdt32_to_cpu(cell[1]); + + return 0; +} + +/* + * Property: reg + * + * Defined in Section 2.3.6 of the Device Tree Specification is the "reg" + * standard property. The property is a prop-encoded-array that is encoded as + * an arbitrary number of (address, length) pairs. + */ +static inline int __init fdt_get_reg_prop( + const void *fdt, int node, unsigned int asize, unsigned int ssize, + uint64_t *addr, uint64_t *size, unsigned int pairs) +{ + int ret; + unsigned int i, count; + const struct fdt_property *prop; + fdt32_t *cell; + + /* FDT spec max size is 4 (128bit int), but largest arch int size is 64 */ + if ( ssize > 2 || asize > 2 ) + return -EINVAL; + + prop = fdt_get_property(fdt, node, "reg", &ret); + if ( !prop || ret < sizeof(u32) ) + return ret < 0 ? ret : -EINVAL; + + /* Get the number of (addr, size) pairs and clamp down. */ + count = fdt32_to_cpu(prop->len) / (ssize + asize); + count = count < pairs ? count : pairs; + + cell = (fdt32_t *)prop->data; + + for ( i = 0; i < count; i++ ) + { + /* read address field */ + if ( asize == 1 ) + { + uint32_t val; + fdt_cell_as_u32(cell, &val); + addr[i] = val; + } + else + fdt_cell_as_u64(cell, &addr[i]); + + /* read size field */ + cell += asize; + + if ( ssize == 1 ) + { + uint32_t val; + fdt_cell_as_u32(cell, &val); + size[i] = val; + } + else + fdt_cell_as_u64(cell, &size[i]); + + /* move to next pair */ + cell += ssize; + } + + return count; +} + static inline int fdt_get_mem_rsv_paddr(const void *fdt, int n, paddr_t *address, paddr_t *size) -- 2.30.2 If a command line is not provided through the bootloader's mechanism, e.g. muiltboot module string field, then use one from the device tree if present. The device tree command line is located in the bootargs property of the `multiboot,kernel` node. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v1: - moved common fdt functions to libfdt - rename prop_as_offset to more correct prop_by_offset --- xen/arch/x86/domain-builder/core.c | 28 ++++++++++++++++++++++++ xen/arch/x86/domain-builder/fdt.c | 10 +++++++++ xen/arch/x86/domain-builder/fdt.h | 24 ++++++++++++++++++++ xen/arch/x86/include/asm/bootinfo.h | 6 +++-- xen/arch/x86/include/asm/domainbuilder.h | 4 ++++ xen/arch/x86/setup.c | 15 +++++++++---- xen/include/xen/libfdt/libfdt-xen.h | 24 ++++++++++++++++++++ 7 files changed, 105 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/domain-builder/core.c b/xen/arch/x86/domain-builder/core.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/core.c +++ b/xen/arch/x86/domain-builder/core.c @@ -XXX,XX +XXX,XX @@ #include <xen/lib.h> #include <asm/bootinfo.h> +#include <asm/setup.h> #include "fdt.h" +size_t __init builder_get_cmdline_size(struct boot_info *bi, int offset) +{ +#ifdef CONFIG_DOMAIN_BUILDER + const void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); + int size = fdt_cmdline_prop_size(fdt, offset); + + bootstrap_unmap(); + return size < 0 ? 0 : (size_t) size; +#else + return 0; +#endif +} + +int __init builder_get_cmdline( + struct boot_info *bi, int offset, char *cmdline, size_t size) +{ +#ifdef CONFIG_DOMAIN_BUILDER + const void *fdt = bootstrap_map_bm(&bi->mods[HYPERLAUNCH_MODULE_IDX]); + int ret = fdt_cmdline_prop_copy(fdt, offset, cmdline, size); + + bootstrap_unmap(); + return ret; +#else + return 0; +#endif +} + void __init builder_init(struct boot_info *bi) { if ( IS_ENABLED(CONFIG_DOMAIN_BUILDER) ) diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( printk(" kernel: boot module %d\n", idx); bi->mods[idx].type = BOOTMOD_KERNEL; bd->kernel = &bi->mods[idx]; + + /* If bootloader didn't set cmdline, see if FDT provides one. */ + if ( bd->kernel->cmdline_pa && + !((char *)__va(bd->kernel->cmdline_pa))[0] ) + { + int ret = fdt_get_prop_by_offset( + fdt, node, "bootargs", &bd->kernel->cmdline_pa); + if ( ret > 0 ) + bd->kernel->fdt_cmdline = true; + } } } diff --git a/xen/arch/x86/domain-builder/fdt.h b/xen/arch/x86/domain-builder/fdt.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.h +++ b/xen/arch/x86/domain-builder/fdt.h @@ -XXX,XX +XXX,XX @@ #ifdef CONFIG_DOMAIN_BUILDER +static inline int __init fdt_cmdline_prop_size(const void *fdt, int offset) +{ + int ret; + + fdt_get_property_by_offset(fdt, offset, &ret); + + return ret; +} + +static inline int __init fdt_cmdline_prop_copy( + const void *fdt, int offset, char *cmdline, size_t size) +{ + int ret; + const struct fdt_property *prop = + fdt_get_property_by_offset(fdt, offset, &ret); + + if ( ret < 0 ) + return ret; + + ASSERT(size > ret); + + return strlcpy(cmdline, prop->data, ret); +} + int has_hyperlaunch_fdt(struct boot_info *bi); int walk_hyperlaunch_fdt(struct boot_info *bi); #else diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootinfo.h +++ b/xen/arch/x86/include/asm/bootinfo.h @@ -XXX,XX +XXX,XX @@ struct boot_module { /* * Module State Flags: - * relocated: indicates module has been relocated in memory. - * released: indicates module's pages have been freed. + * relocated: indicates module has been relocated in memory. + * released: indicates module's pages have been freed. + * fdt_cmdline: indicates module's cmdline is in the FDT. */ bool relocated:1; bool released:1; + bool fdt_cmdline:1; /* * A boot module may need decompressing by Xen. Headroom is an estimate of diff --git a/xen/arch/x86/include/asm/domainbuilder.h b/xen/arch/x86/include/asm/domainbuilder.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/domainbuilder.h +++ b/xen/arch/x86/include/asm/domainbuilder.h @@ -XXX,XX +XXX,XX @@ #include <asm/bootinfo.h> +size_t __init builder_get_cmdline_size(struct boot_info *bi, int offset); +int __init builder_get_cmdline( + struct boot_info *bi, int offset, char *cmdline, size_t size); + void builder_init(struct boot_info *bi); #endif diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static size_t __init domain_cmdline_size( { size_t s = bi->kextra ? strlen(bi->kextra) : 0; - s += bd->kernel->cmdline_pa ? strlen(__va(bd->kernel->cmdline_pa)) : 0; + if ( bd->kernel->fdt_cmdline ) + s += builder_get_cmdline_size(bi, bd->kernel->cmdline_pa); + else + s += strlen(__va(bd->kernel->cmdline_pa)); if ( s == 0 ) return s; @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) /* Grab the DOM0 command line. */ if ( (bd->kernel->cmdline_pa && - ((char *)__va(bd->kernel->cmdline_pa))[0]) || + (bd->kernel->fdt_cmdline || + ((char *)__va(bd->kernel->cmdline_pa))[0])) || bi->kextra ) { size_t cmdline_size = domain_cmdline_size(bi, bd); @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) if ( !(cmdline = xzalloc_array(char, cmdline_size)) ) panic("Error allocating cmdline buffer for %pd\n", d); - if ( bd->kernel->cmdline_pa ) + if ( bd->kernel->fdt_cmdline ) + builder_get_cmdline( + bi, bd->kernel->cmdline_pa, cmdline, cmdline_size); + else strlcpy(cmdline, - cmdline_cook(__va(bd->kernel->cmdline_pa), bi->loader), + cmdline_cook(__va(bd->kernel->cmdline_pa),bi->loader), cmdline_size); if ( bi->kextra ) diff --git a/xen/include/xen/libfdt/libfdt-xen.h b/xen/include/xen/libfdt/libfdt-xen.h index XXXXXXX..XXXXXXX 100644 --- a/xen/include/xen/libfdt/libfdt-xen.h +++ b/xen/include/xen/libfdt/libfdt-xen.h @@ -XXX,XX +XXX,XX @@ static inline int __init fdt_cell_as_u64(const fdt32_t *cell, uint64_t *val) return 0; } +static inline int __init fdt_get_prop_by_offset( + const void *fdt, int node, const char *name, unsigned long *offset) +{ + int ret, poffset; + const char *pname; + size_t nsize = strlen(name); + + fdt_for_each_property_offset(poffset, fdt, node) + { + fdt_getprop_by_offset(fdt, poffset, &pname, &ret); + + if ( ret < 0 || strlen(pname) != nsize ) + continue; + + if ( !strncmp(pname, name, nsize) ) + { + *offset = poffset; + return nsize; + } + } + + return -ENOENT; +} + /* * Property: reg * -- 2.30.2 Look for a subnode of type `multiboot,ramdisk` within a domain node. If found, process the reg property for the MB1 module index. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- Changes since v1: - switch to nested else/if - dropped ternary name selection --- xen/arch/x86/domain-builder/fdt.c | 26 +++++++++++++++++++++++ xen/arch/x86/setup.c | 35 +++++++++++++++++-------------- 2 files changed, 45 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( if ( ret > 0 ) bd->kernel->fdt_cmdline = true; } + + continue; + } + else if ( + fdt_node_check_compatible(fdt, node, "multiboot,ramdisk") == 0 ) + { + int idx = dom0less_module_node(fdt, node, size_size, address_size); + if ( idx < 0 ) + { + printk(" failed processing ramdisk module for domain %s\n", + name); + return -EINVAL; + } + + if ( idx > bi->nr_modules ) + { + printk(" invalid ramdisk module index for domain node (%d)\n", + bi->nr_domains); + return -EINVAL; + } + + printk(" ramdisk: boot module %d\n", idx); + bi->mods[idx].type = BOOTMOD_RAMDISK; + bd->ramdisk = &bi->mods[idx]; + + continue; } } diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) char *kextra; void *bsp_stack; struct cpu_info *info = get_cpu_info(), *bsp_info; - unsigned int initrdidx, num_parked = 0; + unsigned int num_parked = 0; struct boot_info *bi; unsigned long nr_pages, raw_max_page; int i, j, bytes = 0; @@ -XXX,XX +XXX,XX @@ void asmlinkage __init noreturn __start_xen(void) cpu_has_nx ? XENLOG_INFO : XENLOG_WARNING "Warning: ", cpu_has_nx ? "" : "not "); - /* - * At this point all capabilities that consume boot modules should have - * claimed their boot modules. Find the first unclaimed boot module and - * claim it as the initrd ramdisk. Do a second search to see if there are - * any remaining unclaimed boot modules, and report them as unusued initrd - * candidates. - */ - initrdidx = first_boot_module_index(bi, BOOTMOD_UNKNOWN); - if ( initrdidx < MAX_NR_BOOTMODS ) + if ( !bi->hyperlaunch_enabled ) { - bi->mods[initrdidx].type = BOOTMOD_RAMDISK; - bi->domains[0].ramdisk = &bi->mods[initrdidx]; - if ( first_boot_module_index(bi, BOOTMOD_UNKNOWN) < MAX_NR_BOOTMODS ) - printk(XENLOG_WARNING - "Multiple initrd candidates, picking module #%u\n", - initrdidx); + /* + * At this point all capabilities that consume boot modules should have + * claimed their boot modules. Find the first unclaimed boot module and + * claim it as the initrd ramdisk. Do a second search to see if there are + * any remaining unclaimed boot modules, and report them as unusued initrd + * candidates. + */ + unsigned int initrdidx = first_boot_module_index(bi, BOOTMOD_UNKNOWN); + if ( initrdidx < MAX_NR_BOOTMODS ) + { + bi->mods[initrdidx].type = BOOTMOD_RAMDISK; + bi->domains[0].ramdisk = &bi->mods[initrdidx]; + if ( first_boot_module_index(bi, BOOTMOD_UNKNOWN) < MAX_NR_BOOTMODS ) + printk(XENLOG_WARNING + "Multiple initrd candidates, picking module #%u\n", + initrdidx); + } } /* -- 2.30.2 Introduce the ability to specify the desired domain id for the domain definition. The domain id will be populated in the domid property of the domain node in the device tree configuration. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- Changes since v1 - coding style changes - moved comment with code movement - updated warning message - unrolled match_fdt_property() --- xen/arch/x86/domain-builder/fdt.c | 63 ++++++++++++++++++++++++++++- xen/arch/x86/setup.c | 5 ++- xen/include/xen/libfdt/libfdt-xen.h | 9 +++++ 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ #include <xen/libfdt/libfdt.h> #include <asm/bootinfo.h> +#include <asm/guest.h> #include <asm/page.h> #include <asm/setup.h> @@ -XXX,XX +XXX,XX @@ static int __init dom0less_module_index( static int __init process_domain_node( struct boot_info *bi, void *fdt, int dom_node) { - int node; + int node, property; struct boot_domain *bd = &bi->domains[bi->nr_domains]; const char *name = fdt_get_name(fdt, dom_node, NULL) ?: "unknown"; + fdt_for_each_property_offset(property, fdt, dom_node) + { + const struct fdt_property *prop; + const char *prop_name; + int name_len; + + prop = fdt_get_property_by_offset(fdt, property, NULL); + if ( !prop ) + continue; /* silently skip */ + + prop_name = fdt_get_string(fdt, fdt32_to_cpu(prop->nameoff), &name_len); + + if ( strncmp(prop_name, "domid", name_len) == 0 ) + { + uint32_t val = DOMID_INVALID; + if ( fdt_prop_as_u32(prop, &val) != 0 ) + { + printk(" failed processing domain id for domain %s\n", name); + return -EINVAL; + } + if ( val >= DOMID_FIRST_RESERVED ) + { + printk(" invalid domain id for domain %s\n", name); + return -EINVAL; + } + bd->domid = (domid_t)val; + printk(" domid: %d\n", bd->domid); + } + } + fdt_for_each_subnode(node, fdt, dom_node) { if ( fdt_node_check_compatible(fdt, node, "multiboot,kernel") == 0 ) @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( else if ( fdt_node_check_compatible(fdt, node, "multiboot,ramdisk") == 0 ) { - int idx = dom0less_module_node(fdt, node, size_size, address_size); + unsigned int idx; + int ret = 0; + + if ( bd->ramdisk ) + { + printk(XENLOG_ERR "Duplicate ramdisk module for domain %s)\n", + name); + continue; + } + + /* Try hyperlaunch property, fall back to dom0less property. */ + if ( hl_module_index(fdt, node, &idx) < 0 ) + { + int address_size = fdt_address_cells(fdt, dom_node); + int size_size = fdt_size_cells(fdt, dom_node); + + if ( address_size < 0 || size_size < 0 ) + ret = -EINVAL; + else + ret = dom0less_module_index( + fdt, node, size_size, address_size, &idx); + } + if ( idx < 0 ) { printk(" failed processing ramdisk module for domain %s\n", @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( return -EFAULT; } + if ( bd->domid == DOMID_INVALID ) + bd->domid = get_initial_domain_id(); + else if ( bd->domid != get_initial_domain_id() ) + printk(XENLOG_WARNING + "WARN: Booting without initial domid not supported.\n"); + return 0; } diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) if ( iommu_enabled ) dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; - /* Create initial domain. Not d0 for pvshim. */ - bd->domid = get_initial_domain_id(); + if ( bd->domid == DOMID_INVALID ) + /* Create initial domain. Not d0 for pvshim. */ + bd->domid = get_initial_domain_id(); d = domain_create(bd->domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); if ( IS_ERR(d) ) panic("Error creating d%u: %ld\n", bd->domid, PTR_ERR(d)); diff --git a/xen/include/xen/libfdt/libfdt-xen.h b/xen/include/xen/libfdt/libfdt-xen.h index XXXXXXX..XXXXXXX 100644 --- a/xen/include/xen/libfdt/libfdt-xen.h +++ b/xen/include/xen/libfdt/libfdt-xen.h @@ -XXX,XX +XXX,XX @@ static inline int __init fdt_cell_as_u64(const fdt32_t *cell, uint64_t *val) return 0; } +static inline int __init fdt_prop_as_u32( + const struct fdt_property *prop, uint32_t *val) +{ + if ( !prop || fdt32_to_cpu(prop->len) < sizeof(u32) ) + return -EINVAL; + + return fdt_cell_as_u32((fdt32_t *)prop->data, val); +} + static inline int __init fdt_get_prop_by_offset( const void *fdt, int node, const char *name, unsigned long *offset) { -- 2.30.2 Enable selecting the mode in which the domain will be built and ran. This includes: - whether it will be either a 32/64 bit domain - if it will be run as a PV or HVM domain - and if it will require a device model (not applicable for dom0) In the device tree, this will be represented as a bit map that will be carried through into struct boot_domain. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v1: - switched to nested else if - dropped ternary op for reporting domain name - switch to strncmp for the check for mode prop - drop BUILD_MODE_LONG until PV construction series --- xen/arch/x86/domain-builder/fdt.c | 19 +++++++++++++++++++ xen/arch/x86/include/asm/bootdomain.h | 5 +++++ xen/arch/x86/setup.c | 3 ++- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( bd->domid = (domid_t)val; printk(" domid: %d\n", bd->domid); } + else if ( strncmp(prop_name, "mode", name_len) == 0 ) + { + if ( fdt_prop_as_u32(prop, &bd->mode) != 0 ) + { + printk(" failed processing mode for domain %s\n", name); + return -EINVAL; + } + + printk(" mode: "); + if ( !(bd->mode & BUILD_MODE_PARAVIRT) ) + { + if ( bd->mode & BUILD_MODE_ENABLE_DM ) + printk("HVM\n"); + else + printk("PVH\n"); + } + else + printk("PV\n"); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_domain { domid_t domid; + /* On | Off */ +#define BUILD_MODE_PARAVIRT (1 << 0) /* PV | PVH/HVM */ +#define BUILD_MODE_ENABLE_DM (1 << 1) /* HVM | PVH */ + uint32_t mode; + struct boot_module *kernel; struct boot_module *ramdisk; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) struct boot_domain *bd = &bi->domains[0]; struct domain *d; - if ( opt_dom0_pvh ) + if ( opt_dom0_pvh || + (bi->hyperlaunch_enabled && !(bd->mode & BUILD_MODE_PARAVIRT)) ) { dom0_cfg.flags |= (XEN_DOMCTL_CDF_hvm | ((hvm_hap_supported() && !opt_dom0_shadow) ? -- 2.30.2 Add three properties, memory, mem-min, and mem-max, to the domain node device tree parsing to define the memory allocation for a domain. All three fields are expressed in kb and written as a u64 in the device tree entries. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> --- Changes since v1 - moved common fdt parsing to libfdt - dropped ternary for name selection - swtich over from match_fdt to strncmp - change mem prints to kb --- xen/arch/x86/dom0_build.c | 8 +++++++ xen/arch/x86/domain-builder/fdt.c | 34 +++++++++++++++++++++++++++ xen/arch/x86/include/asm/bootdomain.h | 4 ++++ xen/include/xen/libfdt/libfdt-xen.h | 9 +++++++ 4 files changed, 55 insertions(+) diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -XXX,XX +XXX,XX @@ int __init construct_dom0(struct boot_domain *bd) process_pending_softirqs(); + /* If param dom0_size was not set and HL config provided memory size */ + if ( !get_memsize(&dom0_size, LONG_MAX) && bd->mem_pages ) + dom0_size.nr_pages = bd->mem_pages; + if ( !get_memsize(&dom0_min_size, LONG_MAX) && bd->min_pages ) + dom0_size.nr_pages = bd->min_pages; + if ( !get_memsize(&dom0_max_size, LONG_MAX) && bd->max_pages ) + dom0_size.nr_pages = bd->max_pages; + if ( is_hvm_domain(d) ) rc = dom0_construct_pvh(bd); else if ( is_pv_domain(d) ) diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ #include <xen/init.h> #include <xen/lib.h> #include <xen/libfdt/libfdt.h> +#include <xen/sizes.h> #include <asm/bootinfo.h> #include <asm/guest.h> @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( else printk("PV\n"); } + else if ( strncmp(prop_name, "memory", name_len) == 0 ) + { + uint64_t kb; + if ( fdt_prop_as_u64(prop, &kb) != 0 ) + { + printk(" failed processing memory for domain %s\n", name); + return -EINVAL; + } + bd->mem_pages = PFN_DOWN(kb * SZ_1K); + printk(" memory: %ld kb\n", kb); + } + else if ( strncmp(prop_name, "mem-min", name_len) == 0 ) + { + uint64_t kb; + if ( fdt_prop_as_u64(prop, &kb) != 0 ) + { + printk(" failed processing memory for domain %s\n", name); + return -EINVAL; + } + bd->min_pages = PFN_DOWN(kb * SZ_1K); + printk(" min memory: %ld kb\n", kb); + } + else if ( strncmp(prop_name, "mem-max", name_len) == 0 ) + { + uint64_t kb; + if ( fdt_prop_as_u64(prop, &kb) != 0 ) + { + printk(" failed processing memory for domain %s\n", name); + return -EINVAL; + } + bd->max_pages = PFN_DOWN(kb * SZ_1K); + printk(" max memory: %ld kb\n", kb); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_domain { #define BUILD_MODE_ENABLE_DM (1 << 1) /* HVM | PVH */ uint32_t mode; + unsigned long mem_pages; + unsigned long min_pages; + unsigned long max_pages; + struct boot_module *kernel; struct boot_module *ramdisk; diff --git a/xen/include/xen/libfdt/libfdt-xen.h b/xen/include/xen/libfdt/libfdt-xen.h index XXXXXXX..XXXXXXX 100644 --- a/xen/include/xen/libfdt/libfdt-xen.h +++ b/xen/include/xen/libfdt/libfdt-xen.h @@ -XXX,XX +XXX,XX @@ static inline int __init fdt_prop_as_u32( return fdt_cell_as_u32((fdt32_t *)prop->data, val); } +static inline int __init fdt_prop_as_u64( + const struct fdt_property *prop, uint64_t *val) +{ + if ( !prop || fdt32_to_cpu(prop->len) < sizeof(u64) ) + return -EINVAL; + + return fdt_cell_as_u64((fdt32_t *)prop->data, val); +} + static inline int __init fdt_get_prop_by_offset( const void *fdt, int node, const char *name, unsigned long *offset) { -- 2.30.2 Introduce the `cpus` property, named as such for dom0less compatibility, that represents the maximum number of vpcus to allocate for a domain. In the device tree, it will be encoded as a u32 value. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v1: - switched from match_fdt to strncmp - switched to nested else if - dropped ternary for name selection --- xen/arch/x86/dom0_build.c | 3 +++ xen/arch/x86/domain-builder/fdt.c | 11 +++++++++++ xen/arch/x86/include/asm/bootdomain.h | 2 ++ 3 files changed, 16 insertions(+) diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -XXX,XX +XXX,XX @@ int __init construct_dom0(struct boot_domain *bd) if ( !get_memsize(&dom0_max_size, LONG_MAX) && bd->max_pages ) dom0_size.nr_pages = bd->max_pages; + if ( opt_dom0_max_vcpus_max == UINT_MAX && bd->max_vcpus ) + opt_dom0_max_vcpus_max = bd->max_vcpus; + if ( is_hvm_domain(d) ) rc = dom0_construct_pvh(bd); else if ( is_pv_domain(d) ) diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( bd->max_pages = PFN_DOWN(kb * SZ_1K); printk(" max memory: %ld kb\n", kb); } + else if ( strncmp(prop_name, "cpus", name_len) == 0 ) + { + uint32_t val = UINT_MAX; + if ( fdt_prop_as_u32(prop, &val) != 0 ) + { + printk(" failed processing max_vcpus for domain %s\n", name); + return -EINVAL; + } + bd->max_vcpus = val; + printk(" max vcpus: %d\n", bd->max_vcpus); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_domain { unsigned long min_pages; unsigned long max_pages; + unsigned int max_vcpus; + struct boot_module *kernel; struct boot_module *ramdisk; -- 2.30.2 Introduce the ability to assign capabilities to a domain via its definition in device tree. The first capability enabled to select is the control domain capability. The capability property is a bitfield in both the device tree and `struct boot_domain`. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com> --- Changes since v1: - switch to nested else if - switch from match_fdt to strncmp - drop ternary for name selection - coding style changes --- xen/arch/x86/domain-builder/core.c | 1 + xen/arch/x86/domain-builder/fdt.c | 12 ++++++++++++ xen/arch/x86/include/asm/bootdomain.h | 4 ++++ xen/arch/x86/setup.c | 6 +++++- 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/domain-builder/core.c b/xen/arch/x86/domain-builder/core.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/core.c +++ b/xen/arch/x86/domain-builder/core.c @@ -XXX,XX +XXX,XX @@ void __init builder_init(struct boot_info *bi) i = first_boot_module_index(bi, BOOTMOD_UNKNOWN); bi->mods[i].type = BOOTMOD_KERNEL; bi->domains[0].kernel = &bi->mods[i]; + bi->domains[0].capabilities |= BUILD_CAPS_CONTROL; bi->nr_domains = 1; } } diff --git a/xen/arch/x86/domain-builder/fdt.c b/xen/arch/x86/domain-builder/fdt.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/domain-builder/fdt.c +++ b/xen/arch/x86/domain-builder/fdt.c @@ -XXX,XX +XXX,XX @@ static int __init process_domain_node( bd->max_vcpus = val; printk(" max vcpus: %d\n", bd->max_vcpus); } + else if ( strncmp(prop_name, "capabilities", name_len) == 0 ) + { + if ( fdt_prop_as_u32(prop, &bd->capabilities) != 0 ) + { + printk(" failed processing domain id for domain %s\n", name); + return -EINVAL; + } + printk(" caps: "); + if ( bd->capabilities & BUILD_CAPS_CONTROL ) + printk("c"); + printk("\n"); + } } fdt_for_each_subnode(node, fdt, dom_node) diff --git a/xen/arch/x86/include/asm/bootdomain.h b/xen/arch/x86/include/asm/bootdomain.h index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/include/asm/bootdomain.h +++ b/xen/arch/x86/include/asm/bootdomain.h @@ -XXX,XX +XXX,XX @@ struct boot_domain { domid_t domid; +#define BUILD_CAPS_NONE (0) +#define BUILD_CAPS_CONTROL (1 << 0) + uint32_t capabilities; + /* On | Off */ #define BUILD_MODE_PARAVIRT (1 << 0) /* PV | PVH/HVM */ #define BUILD_MODE_ENABLE_DM (1 << 1) /* HVM | PVH */ diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index XXXXXXX..XXXXXXX 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -XXX,XX +XXX,XX @@ static size_t __init domain_cmdline_size( static struct domain *__init create_dom0(struct boot_info *bi) { char *cmdline = NULL; + unsigned int create_flags = 0; struct xen_domctl_createdomain dom0_cfg = { .flags = IS_ENABLED(CONFIG_TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0, .max_evtchn_port = -1, @@ -XXX,XX +XXX,XX @@ static struct domain *__init create_dom0(struct boot_info *bi) if ( bd->domid == DOMID_INVALID ) /* Create initial domain. Not d0 for pvshim. */ bd->domid = get_initial_domain_id(); - d = domain_create(bd->domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); + if ( bd->capabilities & BUILD_CAPS_CONTROL ) + create_flags |= CDF_privileged; + d = domain_create(bd->domid, &dom0_cfg, + pv_shim ? 0 : create_flags); if ( IS_ERR(d) ) panic("Error creating d%u: %ld\n", bd->domid, PTR_ERR(d)); -- 2.30.2