Primary vs Secondary VMs

[Hong-Seok Kim]

At least when loading VMs and handling PSCI requests, processing between primary vs. secondary VMs is implemented in different, top-level functions.

load_primary vs load_secondary

psci_primary_vm_handler vs psci_secondary_vm_handler

Both primary and secondary VMs are VMs, thus, their loading and PSCI handling should be similar in many ways. But, having different top-level functions as described above makes it a little bit difficult to understand what are similar vs different.

Any background why the team decided to take this direction?

[Andrew Scull]

Both VMs use the same PSCI interface as defined by the PSCI specification. The primary VM is given access to the physical implementation of power management so Hafnium deals with the details of forwarding the request to the firmware as described in the PSCI specification. Secondary VMs are not given direct access but are virtualized which is where the difference arises.

--
You received this message because you are subscribed to the Google Groups "Hafnium" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hafnium-discu...@googlegroups.com.
To post to this group, send email to hafnium...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/hafnium-discuss/CAHvD%3DH9KQx2C51rdn1ppayfX9vg%3D6MJswCTES%3D9gZQzw8p5MyQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Andrew Walbran]

On Fri, 5 Jul 2019 at 00:57, 'Hong-Seok Kim' via Hafnium <hafnium...@googlegroups.com> wrote:

There are lots of differences between the primary VM and secondary VMs. Among others:

1. The primary VM has one vCPU per physical CPU, which they are tied to, whereas the secondary VMs have an arbitrary configurable number of vCPUs which the primary can run wherever it likes. 

2. The secondary VMs start with a configurable, typically fairly small, section of memory, whereas the primary VM gets everything that is left after Hafnium's and the secondary VMs' memory is removed.

3. The primary gets access to the GIC and gets all physical interrupts, whereas secondaries get a paravirtualised interrupt interface and has virtual interrupts injected.

4. The primary gets to control the physical timer at all times, and the virtual timer either directly (while it is running) or emulated by Hafnium while it is not, whereas secondaries only get to control the virtual timer while they are running, and it is emulated with the help of the primary the rest of the time.

5. The primary gets to control the physical CPUs' power state through PSCI, which Hafnium more or less just passes through to the underlying secure monitor, whereas the secondary VMs get an emulated PSCI interface provided by Hafnium which translates to telling the primary VM to start or stop the vCPUs.

We do share as much code as practical, but all these differences result in a fair bit of difference in the set-up path (and PSCI handling) so it made sense to split it out into separate functions rather than just having if (is_primary) {...} else {...} all over the place.

[Hong-Seok Kim]

Thanks to both Andrews for explanation. I began realizing how different primary and secondary VMs are. Still, as a newcomer to the codebase, I would like to put some thought if there is a better way to organize the code so that what's common vs. different could become more explicit. If that's possible, it'd certainly make our verification efforts easier.

[Andrew Walbran]

Sure, if you can think of a way to refactor it to make it easier to follow that sounds good! We should also document this better.