Hi Denis,
On 28/05/2025 23:50, dm...@proton.me wrote:
From: Denis Mukhin <dm...@proton.me>
From: Denis Mukhin <dmuk...@ford.com>
Remove the hardcoded domain ID 0 allocation for hardware domain and replace it
with a call to get_initial_domain_id() (returns the value of hardware_domid on
Arm).
I am not entirely why this is done. Are you intending to pass a
different domain ID? If so...
Update domid_alloc(DOMID_INVALID) case to ensure that get_initial_domain_id()
ID is skipped during domain ID allocation to cover domU case in dom0less
configuration. That also fixes a potential issue with re-using ID#0 for domUs
when get_initial_domain_id() returns non-zero.
Signed-off-by: Denis Mukhin <dmuk...@ford.com>
---
Changes since v8:
- rebased
---
xen/arch/arm/domain_build.c | 4 ++--
xen/common/device-tree/dom0less-build.c | 9 +++------
xen/common/domain.c | 4 ++--
3 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
index e9d563c269..0ad80b020a 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -2035,9 +2035,9 @@ void __init create_dom0(void)
... naming like create_dom0() probably wants to be renamed.
That said, I am not convinced a domain other than 0 should have full
privilege by default. So I would argue it should stay as ...
if ( !llc_coloring_enabled )
flags |= CDF_directmap;
- domid = domid_alloc(0);
+ domid = domid_alloc(get_initial_domain_id());
... 0.
if ( domid == DOMID_INVALID )
- panic("Error allocating domain ID 0\n");
+ panic("Error allocating domain ID %d\n", get_initial_domain_id());
dom0 = domain_create(domid, &dom0_cfg, flags);
if ( IS_ERR(dom0) )
diff --git a/xen/common/device-tree/dom0less-build.c
b/xen/common/device-tree/dom0less-build.c
index a509f8fecd..9a6015f4ce 100644
--- a/xen/common/device-tree/dom0less-build.c
+++ b/xen/common/device-tree/dom0less-build.c
@@ -974,14 +974,11 @@ void __init create_domUs(void)
arch_create_domUs(node, &d_cfg, flags);
- /*
- * The variable max_init_domid is initialized with zero, so here it's
- * very important to use the pre-increment operator to call
- * domain_create() with a domid > 0. (domid == 0 is reserved for Dom0)
- */
- domid = domid_alloc(++max_init_domid);
+ domid = domid_alloc(DOMID_INVALID);
if ( domid == DOMID_INVALID )
panic("Error allocating ID for domain %s\n", dt_node_name(node));
+ if ( max_init_domid < domid )
+ max_init_domid = domid;
d = domain_create(domid, &d_cfg, flags);
if ( IS_ERR(d) )
diff --git a/xen/common/domain.c b/xen/common/domain.c
index ae0c44fcbb..129b4fcb37 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -2423,8 +2423,8 @@ domid_t domid_alloc(domid_t domid)
else
{
static domid_t domid_last;
- /* NB: account for late hwdom case, skip ID#0 */
- const domid_t reserved_domid = 0;
+ /* NB: account for late hwdom case */
+ const domid_t reserved_domid = get_initial_domain_id();
This is somewhat confusing to modify domid_alloc() in a patch that is
meant to modify only the Arm allocation. Can you clarify why this can't
be done earlier?
const bool reserved = __test_and_set_bit(reserved_domid,
domid_bitmap);
domid = find_next_zero_bit(domid_bitmap, DOMID_FIRST_RESERVED,
Cheers,
--
Julien Grall
