Received: by 10.223.164.202 with SMTP id h10csp2364802wrb;
        Sat, 18 Nov 2017 20:20:42 -0800 (PST)
X-Google-Smtp-Source: AGs4zMZTjWEEeNYgh6DWAre+5iJl/X3eFBE/viNmIo1QU1PWSlt8ItRYAta6Bff3R4tK8ezh/Vwd
X-Received: by 10.101.66.11 with SMTP id c11mr9465532pgq.169.1511065242710;
        Sat, 18 Nov 2017 20:20:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511065242; cv=none;
        d=google.com; s=arc-20160816;
        b=n5+RqHjNq69uXOtbnAEVmn6P10AQw31zU0tW5kYj2OZYY1+B6cjhSg/KqgLS6h9MUO
         ZRVx3nPXxVE8KC16mlAAN4cde96woAGYCPn62g2YqnxEJHGElEN5ZP6bn7QGluAKTyNb
         98DFpHR6HpTHn45gy09KV4zTLQhkXz/AIU5N7UQE7e0bMjZKJnnezU+SndWULoJxyS1X
         +rcYzng0ph/2JQaSY9a1cKVCeZg/RWAk6kVmb2baz3qt3oHavaumR889kkM2C1hF34Hb
         lDKM4wxh68fGWxBO6gtX0Q/gyrV4SW0tBbR++e4I0SY5SAZCABqlYywU7r+6T+1lKQOS
         HLsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=ez7Tbm6pxxihzG6G8J5qGABE7cqAZ034yYSn8M0EYgs=;
        b=OBQ7FnIX9cZXQOyFYUiG0MK9llMI1KY/POPcA4AbLMxEWq6U1tjDaoSRGE63t1DkZi
         l/0U+vrWNEIC87SqohunhOonmCwaGEH14WRtKtzt4iwDQFcH3BM0gs1pZkubRYpo5gqf
         RCUeXxg9h8bNJYRdYjUTJswmaB/qXekhAvBem2vE7NLWWVbHvDOT3dZtgCyY6hoi39fG
         sLpUBagij1HEnOf4eFyZjMDxeJsrd9w6uerEWCzlg67lGCuVK1PgMz/IJ0m636eJXXtB
         guLetQJ1wYnAwfVbBGdZLIU+mDaknFZFNsmt5KmrHc39Y6JHo6nSQ77o9jz9LXQ3ubaI
         8UvA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x6si5488221pgt.77.2017.11.18.20.20.30;
        Sat, 18 Nov 2017 20:20:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1163787AbdKRTXG (ORCPT <rfc822;md1512@gmail.com> + 92 others);
        Sat, 18 Nov 2017 14:23:06 -0500
Received: from mout.web.de ([212.227.15.4]:64865 "EHLO mout.web.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1162292AbdKRTXA (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 18 Nov 2017 14:23:00 -0500
Received: from md1f2u6c.ww002.siemens.net ([95.157.57.47]) by smtp.web.de
 (mrweb003 [213.165.67.108]) with ESMTPSA (Nemesis) id
 0LjJK3-1etK7n2I1P-00dU17; Sat, 18 Nov 2017 20:21:56 +0100
Subject: Re: [PATCH 02/10] x86: jailhouse: Add infrastructure for running in
 non-root cell
To:     Thomas Gleixner <tglx@linutronix.de>
Cc:     Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
        x86@kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        jailhouse-dev@googlegroups.com
References: <cover.1510817211.git.jan.kiszka@siemens.com>
 <160b45b696173511465a471a08143bcd9f09dd6e.1510817211.git.jan.kiszka@siemens.com>
 <alpine.DEB.2.20.1711172248110.2186@nanos>
From:   Jan Kiszka <jan.kiszka@web.de>
Message-ID: <eaae5b29-3b4c-c772-83b2-a620bda1778a@web.de>
Date:   Sat, 18 Nov 2017 20:21:45 +0100
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12)
 Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
In-Reply-To: <alpine.DEB.2.20.1711172248110.2186@nanos>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:Qfr75cm22NShadFHPvFdopdOzeQ0gEb71QVe1davm1SODoSxRDH
 QOUUC80hXyaTJ3YluxA4xf9t5AQdeAb7DEqne5so4xRmO7si3EpqG5NbNt1vFi/lNhi4GuN
 3IXMxyifWMibJJLXavB3REWd32sdOtIaLrG3fjYV0Pz57kuDyE8g7fGe5n2Ufugt6hfG6ML
 zN4CYE9DbxP5zEL5iG7Vw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:NZhHjGYb3FQ=:z83FniYVha3lIyh1FDTdXz
 GbOI+r0zM/hj8OH/e1dxtmcdcfDXe9U3CeHcgtIfcBqnebc3pm7xkpFHXMoEzgg5GGfoVC2Sp
 aqATViJk8QPjJl7VhPQVAG5qeW41FLhMAooCMsLyltY7cduHLbgdIJwxCqjPt2oy1ghM1xGnG
 anNigx946ykKV9XOv/SbAjdcDQaK7FEY4BJpMPZJmn1p+hWE0IajNP+RmxJSm9iPZtVmwzqNf
 J5c3ToGypXviFXytkaWAPf9yYo2b1Kng+5Jo+jeYBXZsalCwNmUCKo44fqnlmRFD0n6kZOKVa
 Ic5A3WgVAjyJ8fLRIdlunkBsj/sRjkaKRUSKXbBLJT6HhlAUGUiqfQF5DnL3WDlb+KtXML8DU
 YbVLPN9prjMabhpsSbzZ6IaXh3Z7XZe+Ywflrq6yTmrxfcXCHwjqX7GAS7aRyl8E95iHhs9Tq
 Mpi1RrcWAjz2tyt9JiERx7eOWwa3733ecD5Al+YG0Vfsk/tMucbkKwvxnsGB/lq4JfpK3BXuN
 FUTmQPtgawkByoYGo3x+f6rNOsWY6IF6+rAYtJyQXdkhz57l11YCZWEEgFWlGUeyB2qhirLzS
 Z6Fegep3l/PLIdUqeQWjfFvSuOqhaTZ27YAtiVnqCkYeez5qKyaOy/CXm1dczcOf0xs0NC2Yi
 l1g2xf3PV0ZodTK8YIrxhfV7gPU06Xjl0yJmuSZ1HT0tuBLBzOy1jhOyGaKiS3E57hT+gXZzU
 O/2wWw96byuaFfruQpGFACe8rr4+UhqXvZfRtAEeVWWvSnp3FdWxK3kgbeKqfgBovuXdBs/ty
 i2IHTLkEMAndTKAM96fAOGAIjBzAunOK9ODJUhBYyws5jYwlzU=
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2017-11-17 22:54, Thomas Gleixner wrote:
> On Thu, 16 Nov 2017, Jan Kiszka wrote:
>   
>> +config JAILHOUSE_GUEST
>> +	bool "Jailhouse non-root cell support"
>> +	depends on PARAVIRT && X86_64
>> +	---help---
>> +	  This option allows to run Linux as guest in a Jailhouse non-root
>> +	  cell. You can leave this option disabled if you only want to start
>> +	  Jailhouse and run Linux afterwards in the root cell.
>> +
>> +	  You likely also want to disable CONFIG_SUSPEND and CONFIG_SERIO to
>> +	  avoid access to I/O resources that are usually not assigned to the
>> +	  non-root cell.
> 
> That should be prevented programatically.

Theoretically, serio access could also be assigned to a non-root cell.
But excluding SUSPEND may make sense unconditionally, will check again.

> 
>> +#include <linux/kernel.h>
>> +#include <asm/cpu.h>
>> +#include <asm/hypervisor.h>
>> +#include <asm/setup.h>
>> +
>> +#define SETUP_JAILHOUSE		0x53484c4a /* "JLHS" */
>> +
>> +#define SETUP_REQUIRED_VERSION	1
>> +
>> +/*
>> + * The boot loader is passing platform information via this Jailhouse-specific
>> + * setup data structure.
>> + */
>> +struct jailhouse_setup_data {
>> +	struct setup_data header;
>> +	u16 version;
>> +	u16 compatible_version;
>> +	u16 pm_timer_address;
>> +	u16 num_cpus;
>> +	u64 pci_mmconfig_base;
>> +	u8 standard_ioapic;
>> +	u8 cpu_ids[255];
> 
> Shouldn't this structure and SETUP_JAILHOUSE be defined in a header file
> which can be exported to boot loaders?

Something like arch/x86/include/uapi/asm/jailhouse_setup.h?

Jan

From 1584415807439237736@xxx Sat Nov 18 14:51:02 +0000 2017
X-GM-THRID: 1584212050900318820
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread