1. Patchew
  2. Xen
  3. [PATCH v7 0/3] xen/domain: domain ID allocation
  4. View patch

[PATCH v7 3/3] xen/domain: introduce CONFIG_MAX_DOMID

dmkhn@proton.me posted 3 patches 8 months, 3 weeks ago
There is a newer version of this series
[PATCH v7 3/3] xen/domain: introduce CONFIG_MAX_DOMID
Posted by dmkhn@proton.me 8 months, 3 weeks ago 
From: Denis Mukhin <dmukhin@ford.com>

Embedded deployments of Xen do not need to have support for more than dozen of
domains.

Introduce build-time configuration option to limit the number of domains during
run-time.

Suggested-by: Julien Grall <julien@xen.org>
Signed-off-by: Denis Mukhin <dmukhin@ford.com>
---
Changes since v6:
- new patch
---
 xen/arch/arm/tee/ffa.c              | 3 ++-
 xen/arch/x86/cpu/mcheck/mce.c       | 2 +-
 xen/arch/x86/cpu/vpmu.c             | 2 +-
 xen/common/Kconfig                  | 7 +++++++
 xen/common/domain.c                 | 7 +++----
 xen/common/sched/core.c             | 4 ++--
 xen/drivers/passthrough/vtd/iommu.c | 2 +-
 xen/include/public/domctl.h         | 2 +-
 8 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
index 3bbdd7168a..faca0acf6a 100644
--- a/xen/arch/arm/tee/ffa.c
+++ b/xen/arch/arm/tee/ffa.c
@@ -333,8 +333,9 @@ static int ffa_domain_init(struct domain *d)
      */
     BUILD_BUG_ON(DOMID_FIRST_RESERVED >= UINT16_MAX);
     BUILD_BUG_ON((DOMID_MASK & BIT(15, U)) != 0);
+    BUILD_BUG_ON(DOMID_FIRST_RESERVED < CONFIG_MAX_DOMID);
 
-    if ( d->domain_id >= DOMID_FIRST_RESERVED )
+    if ( d->domain_id >= CONFIG_MAX_DOMID )
         return -ERANGE;
 
     ctx = xzalloc(struct ffa_ctx);
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index 1c348e557d..ee8ddd33b0 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -1493,7 +1493,7 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc)
             d = rcu_lock_domain_by_any_id(mc_msrinject->mcinj_domid);
             if ( d == NULL )
             {
-                if ( mc_msrinject->mcinj_domid >= DOMID_FIRST_RESERVED )
+                if ( mc_msrinject->mcinj_domid >= CONFIG_MAX_DOMID )
                     return x86_mcerr("do_mca inject: incompatible flag "
                                      "MC_MSRINJ_F_GPADDR with domain %d",
                                      -EINVAL, domid);
diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c
index c28192ea26..67d423e088 100644
--- a/xen/arch/x86/cpu/vpmu.c
+++ b/xen/arch/x86/cpu/vpmu.c
@@ -174,7 +174,7 @@ void vpmu_do_interrupt(void)
      * in XENPMU_MODE_ALL, for everyone.
      */
     if ( (vpmu_mode & XENPMU_MODE_ALL) ||
-         (sampled->domain->domain_id >= DOMID_FIRST_RESERVED) )
+         (sampled->domain->domain_id >= CONFIG_MAX_DOMID) )
     {
         sampling = choose_hwdom_vcpu();
         if ( !sampling )
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 6d43be2e6e..4b487905fa 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -576,4 +576,11 @@ config BUDDY_ALLOCATOR_SIZE
 	  Amount of memory reserved for the buddy allocator to serve Xen heap,
 	  working alongside the colored one.
 
+config MAX_DOMID
+	int "Maximum number of non-system domains"
+	range 1 32752
+	default 32752
+	help
+	  Controls the maximum number of non-system domains in the system.
+
 endmenu
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 0145870a7d..cb05156ff5 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -67,7 +67,6 @@ static struct domain *domain_hash[DOMAIN_HASH_SIZE];
 struct domain *domain_list;
 
 /* Non-system domain ID allocator. */
-#define CONFIG_MAX_DOMID DOMID_FIRST_RESERVED
 static DEFINE_SPINLOCK(domid_lock);
 static DECLARE_BITMAP(domid_bitmap, CONFIG_MAX_DOMID);
 static domid_t domid_last;
@@ -156,7 +155,7 @@ int domain_init_states(void)
     ASSERT(rw_is_write_locked_by_me(&current->domain->event_lock));
 
     dom_state_changed = xvzalloc_array(unsigned long,
-                                       BITS_TO_LONGS(DOMID_FIRST_RESERVED));
+                                       BITS_TO_LONGS(CONFIG_MAX_DOMID));
     if ( !dom_state_changed )
         return -ENOMEM;
 
@@ -236,7 +235,7 @@ int get_domain_state(struct xen_domctl_get_domain_state *info, struct domain *d,
     while ( dom_state_changed )
     {
         dom = find_first_bit(dom_state_changed, DOMID_MASK + 1);
-        if ( dom >= DOMID_FIRST_RESERVED )
+        if ( dom >= CONFIG_MAX_DOMID )
             break;
         if ( test_and_clear_bit(dom, dom_state_changed) )
         {
@@ -825,7 +824,7 @@ struct domain *domain_create(domid_t domid,
     /* Sort out our idea of is_hardware_domain(). */
     if ( (flags & CDF_hardware) || domid == hardware_domid )
     {
-        if ( hardware_domid < 0 || hardware_domid >= DOMID_FIRST_RESERVED )
+        if ( hardware_domid < 0 || hardware_domid >= CONFIG_MAX_DOMID )
             panic("The value of hardware_dom must be a valid domain ID\n");
 
         /* late_hwdom is only allowed for dom0. */
diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c
index 9043414290..f1bfb6f6a2 100644
--- a/xen/common/sched/core.c
+++ b/xen/common/sched/core.c
@@ -867,7 +867,7 @@ int sched_init_domain(struct domain *d, unsigned int poolid)
     int ret;
 
     ASSERT(d->cpupool == NULL);
-    ASSERT(d->domain_id < DOMID_FIRST_RESERVED);
+    ASSERT(d->domain_id < CONFIG_MAX_DOMID);
 
     if ( (ret = cpupool_add_domain(d, poolid)) )
         return ret;
@@ -891,7 +891,7 @@ int sched_init_domain(struct domain *d, unsigned int poolid)
 
 void sched_destroy_domain(struct domain *d)
 {
-    ASSERT(d->domain_id < DOMID_FIRST_RESERVED);
+    ASSERT(d->domain_id < CONFIG_MAX_DOMID);
 
     if ( d->cpupool )
     {
diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
index c55f02c97e..5df85ca629 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1509,7 +1509,7 @@ int domain_context_mapping_one(
 
         prev_did = context_domain_id(lctxt);
         domid = did_to_domain_id(iommu, prev_did);
-        if ( domid < DOMID_FIRST_RESERVED )
+        if ( domid < CONFIG_MAX_DOMID )
             prev_dom = rcu_lock_domain_by_id(domid);
         else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK )
             prev_dom = rcu_lock_domain(dom_io);
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 5b2063eed9..0c14c30c1b 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -36,7 +36,7 @@
 
 /*
  * NB. xen_domctl.domain is an IN/OUT parameter for this operation.
- * If it is specified as an invalid value (0 or >= DOMID_FIRST_RESERVED),
+ * If it is specified as an invalid value (0 or >= CONFIG_MAX_DOMID),
  * an id is auto-allocated and returned.
  */
 /* XEN_DOMCTL_createdomain */
-- 
2.34.1
Re: [PATCH v7 3/3] xen/domain: introduce CONFIG_MAX_DOMID
Posted by Jan Beulich 8 months, 3 weeks ago 
On 19.05.2025 21:23, dmkhn@proton.me wrote:
> From: Denis Mukhin <dmukhin@ford.com>
> 
> Embedded deployments of Xen do not need to have support for more than dozen of
> domains.
> 
> Introduce build-time configuration option to limit the number of domains during
> run-time.

I fear I don't see the (sufficiently meaningful) gain of this. And I must have ...

> Suggested-by: Julien Grall <julien@xen.org>

... missed tis earlier suggestion, or else I would have asked the question already
there.

> --- a/xen/arch/arm/tee/ffa.c
> +++ b/xen/arch/arm/tee/ffa.c
> @@ -333,8 +333,9 @@ static int ffa_domain_init(struct domain *d)
>       */
>      BUILD_BUG_ON(DOMID_FIRST_RESERVED >= UINT16_MAX);
>      BUILD_BUG_ON((DOMID_MASK & BIT(15, U)) != 0);
> +    BUILD_BUG_ON(DOMID_FIRST_RESERVED < CONFIG_MAX_DOMID);

We want this check, yes, but in common code. It's entirely unrelated to Arm's TEE.

> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -576,4 +576,11 @@ config BUDDY_ALLOCATOR_SIZE
>  	  Amount of memory reserved for the buddy allocator to serve Xen heap,
>  	  working alongside the colored one.
>  
> +config MAX_DOMID
> +	int "Maximum number of non-system domains"

Hmm, without clarifying what a system domain is (is hwdom one? is a control
domain one), I fear this may be ambiguous to users.

Jan
Re: [PATCH v7 3/3] xen/domain: introduce CONFIG_MAX_DOMID
Posted by dmkhn@proton.me 8 months, 3 weeks ago 
On Tue, May 20, 2025 at 08:04:14AM +0200, Jan Beulich wrote:
> On 19.05.2025 21:23, dmkhn@proton.me wrote:
> > From: Denis Mukhin <dmukhin@ford.com>
> >
> > Embedded deployments of Xen do not need to have support for more than dozen of
> > domains.
> >
> > Introduce build-time configuration option to limit the number of domains during
> > run-time.
> 
> I fear I don't see the (sufficiently meaningful) gain of this. And I must have ...
> 
> > Suggested-by: Julien Grall <julien@xen.org>
> 
> ... missed tis earlier suggestion, or else I would have asked the question already
> there.

The code change is based on the feedback here:

  https://lore.kernel.org/xen-devel/2e5afdf1-3913-4b6f-86ea-21b3ccd0833c@xen.org/

It probably should have been sent as an RFC change.

> 
> > --- a/xen/arch/arm/tee/ffa.c
> > +++ b/xen/arch/arm/tee/ffa.c
> > @@ -333,8 +333,9 @@ static int ffa_domain_init(struct domain *d)
> >       */
> >      BUILD_BUG_ON(DOMID_FIRST_RESERVED >= UINT16_MAX);
> >      BUILD_BUG_ON((DOMID_MASK & BIT(15, U)) != 0);
> > +    BUILD_BUG_ON(DOMID_FIRST_RESERVED < CONFIG_MAX_DOMID);
> 
> We want this check, yes, but in common code. It's entirely unrelated to Arm's TEE.
> 
> > --- a/xen/common/Kconfig
> > +++ b/xen/common/Kconfig
> > @@ -576,4 +576,11 @@ config BUDDY_ALLOCATOR_SIZE
> >  	  Amount of memory reserved for the buddy allocator to serve Xen heap,
> >  	  working alongside the colored one.
> >
> > +config MAX_DOMID
> > +	int "Maximum number of non-system domains"
> 
> Hmm, without clarifying what a system domain is (is hwdom one? is a control
> domain one), I fear this may be ambiguous to users.
> 
> Jan
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.