| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
 Re: [XEN PATCH v2 4/5] xen/arm: allow dynamically assigned SGI handlers
 
To: Julien Grall <julien@xxxxxxx>From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>Date: Tue, 23 Apr 2024 13:23:56 +0000Accept-language: en-GB, en-USArc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=noneArc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c8kLzunINJcBpWu6G9GVvbGsVhDaERAzKG2j0BXjsBE=; b=JlTL0YwrZOal5JAhuWTBKXn3Xe+gvdr9gaj6Ll+mdvFwk8gilIhSPCysmVSRX/CCmb7Dhgz5+ueoyRpaTCVWuAtOGw4scNblW2YKvyjVZ/HoxMwPT4TMyz0asmoA3o8BMbzDrXx06XeZM+THigSlOVUKCSDTKx8ArIqGUJYc7jWKiVuFj/780kADohDWIlmbfuNck4nduHnKGodFCpltV6FVMXVmLEUmOkeGAAIJKSqNgyfFi5pmTbJI8LX2f/++W7n25Gyect9AuJoDvsLKL3ri1Vvey5IBztgR9dQJfcTaYWQuWQCUxSct+L/F5hUJDkKhD0GGtuWgPQ3mVDZNaQ==Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c8kLzunINJcBpWu6G9GVvbGsVhDaERAzKG2j0BXjsBE=; b=WuXXiyam8H/xIYl/I+v5Yczj43S/JrebL84onO+s3Lpo5VhNJIHD1ZVJrMPAWGnVne/jCNaXKWvlWFEUujYixNOkF4XG8I5Tj6ONgERTXILOUwmLhhztG9MtLt+4GbkvMZ0HKUfzD+LdqzyohvYgoE3X2iSBbEki0tdBRd6xz1eIJUFobtt0oVXxUiYNDe1Xy4GxkCTsdcoWz8GNGJI0ZZiPOHclxQuobslNwvWUTwR0ZPsgqNslh2iJ48FNKPZjNxoHf+v63wws02qN9eaIoR0hgdw6oiM30Sf2JqOofzF5XAf/Sf4lQcrKxm+qgbmbOpewO+170AWy1zxdoUKq+Q==Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=AIJTZKSCL5NRSkkGQS5BkVZ803r271hUIkQJtA+xOFp4dN8Xsm5Kq6FPvA3UUH0f+OEpeA0JWWYOgjAj7c4wvPjF3Al4JdfugL9MkIoVafCuBZm3ZuFpL3CJDWdl6hNk3AkfCO6FJpmIj/bIWmROC9+XxeqlsWjqJ4cmhcGXEbvGP6C84iY8AjWKpl35ew7xO8vS05PlAL5tiiDF4Ej0j3J1ke9FkCYI41ik4KpLSf2eg4cfeLN7NR90mmxId+BbwEIZvMHRblTEeU3BMKSf30nut5PusBsjyDNIzimUuOsV5mq/xv/ZgI94Ggf3T5ITjQe84rV0AOdimk/rpNJbzg==Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lETbYMFV0TLH3rEtB6WDZfssU0Emnm4zihxCGGptHjwfmqiI/2SotAjdAIe6sZkemjqRKEnGnyckuVZhTHuDCYu2z0l/AXr4ZyCLL2IICPAZmJfUcr0npKg3OUVb1ztr9VtrwiJvh2enro8VAzR7L1BPW7qoj6Bkf3JTgw7XSIBELH2GDMXrNxtsdnDfN5OHQndCbMGXSYD6OAHzGVzpvcF7S4PyY6gdN+7RZ31CsP3VOaGCvA0hFefmLjilAmuhAyag+uwW7C2L8vQw6k2Jg6Dmtck70KqzC31IhkAN0zTtZRJXb5CmNytNE1Q2Bf1XrQJouXg5fAqNSpj2PWtMLw==Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;Cc: Jens Wiklander <jens.wiklander@xxxxxxxxxx>, Xen-devel	<xen-devel@xxxxxxxxxxxxxxxxxxxx>, "patches@xxxxxxxxxx" <patches@xxxxxxxxxx>,	Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel	<michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>Delivery-date: Tue, 23 Apr 2024 13:24:26 +0000List-id: Xen developer discussion <xen-devel.lists.xenproject.org>Nodisclaimer: trueOriginal-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;Thread-index: AQHalIf6ydPM1y7+406Z1t07uZV5tLF0HrOAgAF7f4CAABj+AIAAGdeAgAAM2IA=Thread-topic: [XEN PATCH v2 4/5] xen/arm: allow dynamically assigned SGI handlers 
 Hi Julien,
> On 23 Apr 2024, at 14:37, Bertrand Marquis <Bertrand.Marquis@xxxxxxx> wrote:
> 
> Hi Julien,
> 
>> On 23 Apr 2024, at 13:05, Julien Grall <julien@xxxxxxx> wrote:
>> 
>> 
>> 
>> On 23/04/2024 10:35, Jens Wiklander wrote:
>>> Hi Julien,
>> 
>> Hi Jens,
>> 
>>> On Mon, Apr 22, 2024 at 12:57 PM Julien Grall <julien@xxxxxxx> wrote:
>>>> 
>>>> Hi Jens,
>>>> 
>>>> On 22/04/2024 08:37, Jens Wiklander wrote:
>>>>> Updates so request_irq() can be used with a dynamically assigned SGI irq
>>>>> as input. This prepares for a later patch where an FF-A schedule
>>>>> receiver interrupt handler is installed for an SGI generated by the
>>>>> secure world.
>>>> 
>>>> I would like to understand the use-case a bit more. Who is responsible
>>>> to decide the SGI number? Is it Xen or the firmware?
>>>> 
>>>> If the later, how can we ever guarantee the ID is not going to clash
>>>> with what the OS/hypervisor is using? Is it described in a
>>>> specification? If so, please give a pointer.
>>> The firmware decides the SGI number. Given that the firmware doesn't
>>> know which SGIs Xen is using it typically needs to donate one of the
>>> secure SGIs, but that is transparent to Xen.
>> 
>> Right this is my concern. The firmware decides the number, but at the same 
>> time Xen thinks that all the SGIs are available (AFAIK there is only one 
>> set).
>> 
>> What I would like to see is some wording from a spec indicating that the 
>> SGIs ID reserved by the firmware will not be clashing with the one used by 
>> Xen.
> 
> The idea is that the only SGI reserved for secure are used by the secure 
> world (in fact it is the SPMC in the secure world who tells us which SGI it 
> will generate).
> So in theory that means it will always use an SGI between 8 and 15.
> 
> Now it could make sense in fact to check that the number returned by the 
> firmware (or SPMC) is not clashing with Xen as it is a recommendation in the 
> spec and
> in fact an implementation might do something different.
> 
> Right now there is no spec that will say that it will never clash with the 
> one used by Xen as the FF-A spec is not enforcing anything here so it would 
> be a good idea
> to check and disable FF-A with a proper error message if this happens.
After some more digging here is what is recommended by Arm in the Arm Base 
System Architecture v1.0C [1]:
"The system shall implement at least eight Non-secure SGIs, assigned to 
interrupt IDs 0-7."
So basically as long as Xen is using SGIs 0-7 it is safe as those shall never 
be used by the secure world.
Now i do agree that we should check that whatever is returned by the firmware 
is not conflicting with what
is used by Xen.
Cheers
Bertrand
[1] https://developer.arm.com/documentation/den0094/
 
 |