On Thu, Aug 25, 2011 at 11:13:40AM +0100, Ian Jackson wrote:
Will Deacon writes ("Re: ARM processor mode, kernel startup, Hyp / secure state"):
On Wed, Aug 24, 2011 at 05:09:01PM +0100, Ian Jackson wrote:
I think the trampoline needs to have one hypercall: "set HVBAR". (And, implicitly, it needs to be specified that the resulting vectors will run without physical-to-virtual page translation, etc.) That is sufficient to bootstrap all the rest of the way up - and that other bootstrapping code would have to exist anyway.
I also thought you might want a hypercall that gives you a version number (i.e. a way to identify the hypervisor trampoline in case it changes)
Since the hypervisor trampoline was installed by the very same kernel which is running, there is no need for any defined interface or version numbers.
Sure, but when we are confronted with a hypervisor that we didn't write ourselves it might be nice if it looks the same as our Linux trampoline. If we don't define this interface, that can never happen. So at the very least, let's define the HVC number that we want to use for our single hypercall.
and we might also want something for doing a system reset (for example, if a kernel that hasn't installed a hypervisor wants to kexec another kernel image).
No, if a kernel has installed a hypervisor and wishes to kexec then it must start the new kernel in Hyp mode - since that is what we are proposing to specify as the cpu mode to use when booting the kernel.
Agreed.
So the outgoing kernel simply switches to Hyp mode, tears down Hyp mode's paging (and probably the rest of the paging too), and then enters the new kernel in Hyp mode with paging off. The new kernel then installs its own hypervisor trampoline.
If the outgoing kernel hasn't installed a hypervisor it's even easier: simply do the usual teardown, and then switch to Hyp mode using its existing trampoline and then enter the new kernel.
Thanks for the explanation. I was concerned about losing state across the HVC but if it just returns back to you in the higher privilege level then that's not a problem.
Will