On Fri, 6 Aug 2021, Julien Grall wrote: > Hi Stefano, > > On 06/08/2021 21:15, Stefano Stabellini wrote: > > On Fri, 6 Aug 2021, Oleksandr Tyshchenko wrote: > > > Hello, all. > > > > > > I would like to clarify some bits regarding a possible update for "Xen > > > device tree bindings for the guest" [1]. > > > > > > A bit of context: > > > We are considering extending "reg" property under the hypervisor node and > > > we would like to avoid breaking backward compatibility. > > > So far, the "reg" was used to carry a single region for the grant table > > > mapping only and it's size is quite small for the new improvement > > > we are currently working on. > > > > > > What we want to do is to extend the current region [reg: 0] and add an > > > extra regions [reg: 1-N] to be used as a safe address space for any > > > Xen specific mappings. But, we need to be careful about running "new" > > > guests (with the improvement being built-in already) on "old" Xen > > > which is not aware of the extended regions, so we need the binding to be > > > extended in a backward compatible way. In order to detect whether > > > we are running on top of the "new" Xen (and it provides us enough space to > > > be used for improvement), we definitely need some sign to > > > indicate that. > > > > > > Could you please clarify, how do you expect the binding to be changed in > > > the backward compatible way? > > > - by adding an extra compatible (as it is a change of the binding > > > technically) > > > - by just adding new property (xen,***) to indicate that "reg" contains > > > enough space > > > - other option > > > > The current description is: > > > > - reg: specifies the base physical address and size of a region in > > memory where the grant table should be mapped to, using an > > HYPERVISOR_memory_op hypercall [...] > > > > > > Although it says "a region" I think that adding multiple ranges would be > > fine and shouldn't break backward compatibility. > > > > In addition, the purpose of the region was described as "where the grant > > table should be mapped". In other words, it is a safe address range > > where the OS can map Xen special pages. > > > > Your proposal is to extend the region to be bigger to allow the OS to > > map more Xen special pages. I think it is a natural extension to the > > binding, which should be backward compatible. > > I agree that extending the reg (or even adding a second region) should be fine > for older OS. > > > > > Rob, I am not sure what is commonly done in these cases. Maybe we just > > need an update to the description of the binding? I am also fine with > > adding a new compatible string if needed. > > So the trouble is how a newer Linux version knows that the region is big > enough to deal with all the foreign/grant mapping? > > If you run on older Xen, then the region will only be 16MB. This means the > Linux will have to fallback on stealing RAM as it is today. > > IOW, XSA-300 will still be a thing. On newer Xen (or toolstack), we ideally > want the OS to not fallback on stealing RAM (and close XSA-300). This is where > we need a way to advertise it. > > The question here is whether we want to use a property or a compatible for > this. > > I am leaning towards the latter because this is an extension of the bindings. > However, I wasn't entirely whether this was a normal way to do it. Although I think it would be OK to have a new compatible string, am I not sure we need it. In any case, we'll have to be able to recognize and handle the case where we run out of the space in the provided region. If the region is too small (16MB) then it just means we'll run out of space immediately after mapping the grant table. Then, we'll have to use other techniques. Or perhaps you think that if we had a new compatible string to say "Xen binding with a larger region" then we could get away with a simpler implementation in Linux, one that doesn't handle the case where we run out of space in the region? If that was the case, then I agree that it would be worthwhile adding a new compatible.
