[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 03/10] xen/arm: ffa: fix version negotiation

To: Bertrand Marquis <bertrand.marquis@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Julien Grall <julien@xxxxxxx>
Date: Sun, 22 Sep 2024 14:25:05 +0200
Cc: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
Delivery-date: Sun, 22 Sep 2024 12:25:28 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Bertrand,

NIT Typo: s/fix/Fix/ to match the other title

On 19/09/2024 14:19, Bertrand Marquis wrote:

Fix FFA version negotiation with the firmware to follow the
specification guidance more closely.

To confirm, below is based on 13.2.1 in DEN0077A, is that correct? Ifso, can you add a link in the commit message (and maybe code).

When the firmware returns OK we can have several cases:
- the version requested is accepted but the firmware supports a greater
   one in the same major.
- the firmware supports a greater major version. It could still return
   OK even if the version requested is not accepted. Reject it.
- the firmware supports a lower version. It will return OK and give that
   version. Check if we support it and use it or reject it if we do not.

Adapt the code to:
- reject any version lower than the one we support or not with the same
   major version
- use the version returned if in our supported range (currently 1.1
   only)
- use 1.1 if the version returned is greater.

Also adapt the handling of version requests from VM:
- return an error for a different major
- return 1.1 for a version >= 1.1
- return 1.0 if 1.0 was requested

Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
---
  xen/arch/arm/tee/ffa.c | 38 ++++++++++++++++++++++++++++++--------
  1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
index 7ff2529b2055..1f602f25d097 100644
--- a/xen/arch/arm/tee/ffa.c
+++ b/xen/arch/arm/tee/ffa.c
@@ -141,13 +141,24 @@ static void handle_version(struct cpu_user_regs *regs)
      struct ffa_ctx *ctx = d->arch.tee;
      uint32_t vers = get_user_reg(regs, 1);

- if ( vers < FFA_VERSION_1_1 )

-        vers = FFA_VERSION_1_0;
-    else
-        vers = FFA_VERSION_1_1;
+    /**


Coding style: We are use a single '*' to start comment.

+     * As of now we only support 1.0 or 1.1.
+     * For any 1.x >= 1.1 return OK with 1.1
+     * For 1.0 return OK with 1.0
+     * For anything else return an error.
+     */

> +    if ( (vers >> FFA_VERSION_MAJOR_SHIFT) == FFA_MY_VERSION_MAJOR )
> +    {> +        if ( vers < FFA_VERSION_1_1 )

+            vers = FFA_VERSION_1_0;
+        else
+            vers = FFA_VERSION_1_1;

I feel the logic is fragile. The first ``if`` is generic and I think itwould be easy to update the major version without updatinghandle_version(). To some extend, the same problem would happen with theminor version.

AFAICT, this is not a new issue, but as you touch the code, we shouldprobably harden it. I could settle with a BUILD_BUG_ON() to catch anychange of the minor/major.

- ctx->guest_vers = vers;

-    ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
+        ctx->guest_vers = vers;
+        ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
+    }
+    else
+        ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED);
  }

static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid)

@@ -530,7 +541,8 @@ static bool ffa_probe(void)
          goto err_no_fw;
      }

- if ( vers < FFA_MIN_SPMC_VERSION || vers > FFA_MY_VERSION )

+    if ( vers < FFA_MIN_SPMC_VERSION ||
+              (vers >> FFA_VERSION_MAJOR_SHIFT) != FFA_MY_VERSION_MAJOR )

Coding style: the second line should be aligned with 'vers' rather thanindented.

      {
          printk(XENLOG_ERR "ffa: Incompatible version %#x found\n", vers);
          goto err_no_fw;
@@ -542,7 +554,17 @@ static bool ffa_probe(void)
      printk(XENLOG_INFO "ARM FF-A Firmware version %u.%u\n",
             major_vers, minor_vers);

- ffa_fw_version = vers;

+    /**


Coding style: We start comment with /*.

+     * If the call succeed and the version returned is higher or equal to
+     * the one Xen requested, the version requested by Xen will be the one
+     * used. If the version returned is lower but compatible with Xen, Xen
+     * will use that version instead.
+     * A version with a different major is rejected before.
+     */
+    if ( vers > FFA_MY_VERSION )
+        ffa_fw_version = FFA_MY_VERSION;
+    else
+        ffa_fw_version = vers;

Looking at the code after your series (didn't check before). We don'tseem to use ffa_fw_version for other than checking that FFA wasdetected. So wouldn't it be better to stop storing the version?


Cheers,

--
Julien Grall

Follow-Ups:
- Re: [PATCH 03/10] xen/arm: ffa: fix version negotiation
  - From: Bertrand Marquis

References:
- [PATCH 00/10] xen/arm: ffa: Improvements and fixes
  - From: Bertrand Marquis
- [PATCH 03/10] xen/arm: ffa: fix version negotiation
  - From: Bertrand Marquis

Prev by Date: [xen-unstable test] 187806: tolerable FAIL
Next by Date: Re: [PATCH 01/10] xen/arm: ffa: Rework firmware discovery
Previous by thread: [PATCH 03/10] xen/arm: ffa: fix version negotiation
Next by thread: Re: [PATCH 03/10] xen/arm: ffa: fix version negotiation
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.