[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH v2 4/5] xen/arm: allow dynamically assigned SGI handlers


  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Tue, 23 Apr 2024 12:37:58 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rAwMBAufVAp8GbGYavvmsG/sfmZJOk70vZkYwTbKa/4=; b=ZhWi0dSOTM2X0IV2/bscBNE9XtYvA9TIo4tt+qj3kHv7YoY+Z/+MpgURt4zvnABGOkqLjzrGc4BvU97dVwPOdVgnuswLrWoqi5f33/1P8h6WMKEWnrQDyhHtlU4pxrDgTd2PlsXZDhEnfMl4v06LkQVaYSGTpTf3FEQgBOLFmVt+rVGtISJok66cG7I8MMQf9/iPUMMx3BtUbOEoAipe54haN8lKzlN7OVCrFf0gCeCx+1Xs4olYBrWycRp7yyTfXEnFi0Krp8+L2yisAbDRuHqolgwlsTiIR/A4jwBzAD36RrLDXcle/xvrPbgAbFP+o+z+GMIzHpqgVD9Feoa3rQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rAwMBAufVAp8GbGYavvmsG/sfmZJOk70vZkYwTbKa/4=; b=KpUhfUu2Rg33hHmcr/U80nSP5HC+oUVe7imJ58KOVq+hIUwf4pvxr7l2RdZsP4VZIiXgl5QwvptN3NcZR6qnMdS5MnihaxeRD2VB/ZuNbjLjsbreLYwPQIEL6YeogJvHrvWHbO600FwV9fT/qrQHw6tEs7E5ZaTso3i57XgOtdcld/JroMgqFmP5yiIH9MaSVqlo2piVkmeM/oxTMcBji1ZZ7cL7grv2jFtJZmGF/NGNFwntT8CuE1zNrQD+/J96N+gzawf4BlcG9MyZURUEKlwLAtBea9UlVWYjzuIgXPqNr156PY2YOt4W6JigwKsYp3R6Nr1jXEDjpaiaJxOiCQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=M0LjQcVXY7mTI0y7BBCOiMMfqIIFWSMniZ0Ycvq9Z3sTVTGmAoPL2zxaiMjSVOjC1OjBOW2q0GcIYJJP6NCrVkv7SfEUk/JNB5N/VN6bgnEKKGqCWi1ewZhQloulZ7mMyoRqBHn4lhJvJJSV7ABwtbfcJi6twFHGDT3ZsJWhLNazY3omt7VVUT1rAL2BO527+IZprU5l119spZ0AFgsYL/6m+Awc4Gt3uUGVuUHAuoxHsuRfYf5bthVBcqR40PC0aV6mdReNckdaPE5eYYOATDGNmgzvHIixCnKc67+kfMEJ2fTP9RYYT28bRV4mAjKot9QMtgkUulAkecQdi8Bn1Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MEEF/P7oWAsjRNk9H4Uo8vzh44Xu/DcT1AFVtiEvJx+n1x7giS/+euo6CxD6ytcFU+5q6GzcZJ3Rggh1IHkzgVyVYIRQ9I5hrsebg704r+aF4AOPzUsra6vI+zMA/rjfyoiGAQfmXuY6Jwi2zw3PInq34qm90BimDjXjbwoAqoT1Hfhvq05CJ2Q+KGJ16X8HFSHpjq7qHbCeQZL72k4tBAK1OMtoTCZfZ6kVlHJRXjU462QV5xXyj3sFpdxXUQD8sSBDlsc9NWqbD9d6jw/Gtn8i5vOwstqxfjrgamzCIlunQLuKI9Srk+on2nIXUDKD4Rru2hmjN0Zq/GT66T8G0Q==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Jens Wiklander <jens.wiklander@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "patches@xxxxxxxxxx" <patches@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Tue, 23 Apr 2024 12:38:19 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHalIf6ydPM1y7+406Z1t07uZV5tLF0HrOAgAF7f4CAABj+AIAAGdeA
  • Thread-topic: [XEN PATCH v2 4/5] xen/arm: allow dynamically assigned SGI handlers

Hi Julien,

> On 23 Apr 2024, at 13:05, Julien Grall <julien@xxxxxxx> wrote:
> 
> 
> 
> On 23/04/2024 10:35, Jens Wiklander wrote:
>> Hi Julien,
> 
> Hi Jens,
> 
>> On Mon, Apr 22, 2024 at 12:57 PM Julien Grall <julien@xxxxxxx> wrote:
>>> 
>>> Hi Jens,
>>> 
>>> On 22/04/2024 08:37, Jens Wiklander wrote:
>>>> Updates so request_irq() can be used with a dynamically assigned SGI irq
>>>> as input. This prepares for a later patch where an FF-A schedule
>>>> receiver interrupt handler is installed for an SGI generated by the
>>>> secure world.
>>> 
>>> I would like to understand the use-case a bit more. Who is responsible
>>> to decide the SGI number? Is it Xen or the firmware?
>>> 
>>> If the later, how can we ever guarantee the ID is not going to clash
>>> with what the OS/hypervisor is using? Is it described in a
>>> specification? If so, please give a pointer.
>> The firmware decides the SGI number. Given that the firmware doesn't
>> know which SGIs Xen is using it typically needs to donate one of the
>> secure SGIs, but that is transparent to Xen.
> 
> Right this is my concern. The firmware decides the number, but at the same 
> time Xen thinks that all the SGIs are available (AFAIK there is only one set).
> 
> What I would like to see is some wording from a spec indicating that the SGIs 
> ID reserved by the firmware will not be clashing with the one used by Xen.

The idea is that the only SGI reserved for secure are used by the secure world 
(in fact it is the SPMC in the secure world who tells us which SGI it will 
generate).
So in theory that means it will always use an SGI between 8 and 15.

Now it could make sense in fact to check that the number returned by the 
firmware (or SPMC) is not clashing with Xen as it is a recommendation in the 
spec and
in fact an implementation might do something different.

Right now there is no spec that will say that it will never clash with the one 
used by Xen as the FF-A spec is not enforcing anything here so it would be a 
good idea
to check and disable FF-A with a proper error message if this happens.

Cheers
Bertrand

> 
>>> 
>>>> 
>>>> gic_route_irq_to_xen() don't gic_set_irq_type() for SGIs since they are
>>>> always edge triggered.
>>>> 
>>>> gic_interrupt() is updated to route the dynamically assigned SGIs to
>>>> do_IRQ() instead of do_sgi(). The latter still handles the statically
>>>> assigned SGI handlers like for instance GIC_SGI_CALL_FUNCTION.
>>>> 
>>>> Signed-off-by: Jens Wiklander <jens.wiklander@xxxxxxxxxx>
>>>> ---
>>>> v1->v2
>>>> - Update patch description as requested
>>>> ---
>>>>   xen/arch/arm/gic.c | 5 +++--
>>>>   xen/arch/arm/irq.c | 7 +++++--
>>> 
>>> I am not sure where to write the comment. But I think the comment on top
>>> of irq_set_affinity() in setup_irq() should also be updated.
>>> 
>>>>   2 files changed, 8 insertions(+), 4 deletions(-)
>>>> 
>>>> diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
>>>> index 44c40e86defe..e9aeb7138455 100644
>>>> --- a/xen/arch/arm/gic.c
>>>> +++ b/xen/arch/arm/gic.c
>>>> @@ -117,7 +117,8 @@ void gic_route_irq_to_xen(struct irq_desc *desc, 
>>>> unsigned int priority)
>>>> 
>>>>       desc->handler = gic_hw_ops->gic_host_irq_type;
>>>> 
>>>> -    gic_set_irq_type(desc, desc->arch.type);
>>>> +    if ( desc->irq >= NR_GIC_SGI)
>>>> +        gic_set_irq_type(desc, desc->arch.type);
>>> 
>>> So above, you say that the SGIs are always edge-triggered interrupt. So
>>> I assume desc->arch.type. So are you skipping the call because it is
>>> unnessary or it could do the wrong thing?
>>> 
>>> Ideally, the outcome of the answer be part of the comment on top of the
>>> check.
>> gic_set_irq_type() has an assert "ASSERT(type != IRQ_TYPE_INVALID)"
>> which is triggered without this check.
>> So it's both unnecessary and wrong. I suppose we could update the
>> bookkeeping of all SGIs to be edge-triggered instead of
>> IRQ_TYPE_INVALID. It would still be unnecessary though. What do you
>> suggest?
> 
> I would rather prefer if we update the book-keeping for all the SGIs.
> 
> [...]
> 
>>> 
>>>>           {
>>>>               isb();
>>>>               do_IRQ(regs, irq, is_fiq);
>>>> diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c
>>>> index bcce80a4d624..fdb214560978 100644
>>>> --- a/xen/arch/arm/irq.c
>>>> +++ b/xen/arch/arm/irq.c
>>>> @@ -224,9 +224,12 @@ void do_IRQ(struct cpu_user_regs *regs, unsigned int 
>>>> irq, int is_fiq)
>>>> 
>>>>       perfc_incr(irqs);
>>>> 
>>>> -    ASSERT(irq >= 16); /* SGIs do not come down this path */
>>>> +    /* Statically assigned SGIs do not come down this path */
>>>> +    ASSERT(irq >= GIC_SGI_MAX);
>>> 
>>> 
>>> With this change, I think the path with vgic_inject_irq() now needs to
>>> gain an ASSERT(irq >= NR_GIC_SGI) because the path is not supposed to be
>>> taken for SGIs.
>> I'm sorry, I don't see the connection. If I add
>> ASSERT(virq >= NR_GIC_SGI);
>> at the top of vgic_inject_irq() it will panic when injecting a
>> Schedule Receiver or Notification Pending Interrupt for a guest.
> 
> If you look at do_IRQ(), we have the following code:
> 
>    if ( test_bit(_IRQ_GUEST, &desc->status) )
>    {
>        struct irq_guest *info = irq_get_guest_info(desc);
> 
>        perfc_incr(guest_irqs);
>        desc->handler->end(desc);
> 
>        set_bit(_IRQ_INPROGRESS, &desc->status);
> 
>        /*
>         * The irq cannot be a PPI, we only support delivery of SPIs to
>         * guests.
>         */
>        vgic_inject_irq(info->d, NULL, info->virq, true);
>        goto out_no_end;
>    }
> 
> What I suggesting is to add an ASSERT(irq >= NR_GIC_SGI) just before the call 
> because now do_IRQ() can be called with SGIs yet we don't allow HW SGIs to 
> assigned to a guest.
> 
> Cheers,
> 
> -- 
> Julien Grall



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.