On 8/2/23 03:51, Jan Beulich wrote:
On 01.08.2023 22:20, Daniel P. Smith wrote:
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -340,6 +340,14 @@ static int late_hwdom_init(struct domain *d)
setup_io_bitmap(dom0);
#endif
+ /*
+ * "dom0" may have been created under the unbounded role, demote it from
+ * that role, reducing it to the control domain role and any other roles it
+ * may have been given.
+ */
+ dom0->role &= ~(ROLE_UNBOUNDED_DOMAIN & ROLE_HARDWARE_DOMAIN);
This doesn't look to remove anything, when taking into account ...
Ugh, you are correct. It was meant to be a bitwise and of dom0-role with
a mask that has every bit set except ROLE_UNBOUNDED_DOMAIN and
ROLE_HARDWARE_DOMAIN. But being a bonehead, I bitwise and the two roles
instead of or-ing them. I agree with your comment below, which will
reduce to just masking a bitwise not of ROLE_HARDWARE_DOMAIN.
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -467,8 +467,10 @@ struct domain
#endif
/* is node-affinity automatically computed? */
bool auto_node_affinity;
- /* Is this guest fully privileged (aka dom0)? */
- bool is_privileged;
+#define ROLE_UNBOUNDED_DOMAIN (1U<<0)
+#define ROLE_CONTROL_DOMAIN (1U<<1)
+#define ROLE_HARDWARE_DOMAIN (1U<<2)
... that each of the constants has just a single bit set. Seeing the
& there I was expecting something like
#define ROLE_UNBOUNDED_DOMAIN (ROLE_CONTROL_DOMAIN | ROLE_HARDWARE_DOMAIN)
instead.
Agree, instead of consuming one the limited number of bits for a role
that represents a domain having all roles, just or all the roles
together. Then I can reclaim one of the bits of the flag field.
v/r,
dps
