On 07/09/2021 18:09, Oleksandr Tyshchenko wrote: > From: Oleksandr Tyshchenko <[email protected]> > > We need to pass info about maximum supported guest address > space size to the toolstack on Arm in order to properly > calculate the base and size of the extended region (safe range) > for the guest. The extended region is unused address space which > could be safely used by domain for foreign/grant mappings on Arm. > The extended region itself will be handled by the subsequents > patch. > > Use p2m_ipa_bits variable on Arm, the x86 equivalent is > hap_paddr_bits. > > As we change the size of structure bump the interface version. > > Suggested-by: Julien Grall <[email protected]> > Signed-off-by: Oleksandr Tyshchenko <[email protected]>
So while I think this is a suitable way forward, you're painting yourself into a corner WRT migration. On x86, the correct value is d->arch.cpuid->extd.maxphysaddr and this value is under toolstack control, not Xen control. In particular, it needs to be min(hostA, hostB) to make migration safe, and yes - this is currently a hole in x86's migration logic that will cause large VMs to explode. The same will be true on ARM as/when you gain migration support. I think this would be better as a domctl. On ARM, it can reference p2m_ipa_bits for now along with a /* TODO - make per-domain for migration support */, while on x86 it can take the appropriate value (which will soon actually be safe in migration scenarios). However, that does change the ordering requirements in the toolstack - this hypercall would need to be made after the domain is created, and has been levelled, and before its main memory layout is decided. Alternatively, the abstraction could be hidden in libxl itself in arch specific code, with x86 referring to the local cpu policy (as libxl has the copy it is/has worked on), and ARM making a hypercall. This does make the ordering more obvious. (As a note on the x86 specifics of this patch, hap_paddr_bits is actually unused in practice. It was a proposal from AMD for the hypervisor to fill in those details, which wasn't implemented by anyone, not even Xen, because the important field to modify is maxphysaddr if you don't want to rewrite every kernel to behave differently when virtualised.) ~Andrew
