[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 03/10] xen/arm: ffa: fix version negotiation


  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Tue, 24 Sep 2024 08:23:47 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LWGYdccDi4/VumoNnar6pSJ/vdRKkhVHN7xhYuL4BA4=; b=DbBAPUok28TJS0+SK1ZLm1y/NQddEsn73kFv+C8xdX16L4KwZUN9Xvq4jnwUmrNmjorp60nrhFuNc40d6q+JZy16Mfi/Rhq2uof0zXLvoHeC89xcHW2n6voNg9+NTcEcb8cwYZi/7eN0zemITptKMX0/zHQVTCg7uY5DK4sebkmKcYepdilU7l8hQm+b7tQ4gJRc+vVc5H4nJQAq/AaFmE2zlnXCiJ4+jMpKVJs8Dys+Xr/TErb7c9lH6gd5wuesuH/3wAaGggkf84U5d56sooVC3v0RfWboC+HPM7wxs2OO6M8oAr2N77c4LVVg2UYDJZt1AX8ZJV5muMZEkhUjdQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LWGYdccDi4/VumoNnar6pSJ/vdRKkhVHN7xhYuL4BA4=; b=gAqwtokPGvgGvqY1a/k7TjquVAlzyYNBEZ1QLRWcpNvgV1y/SPuCiIRbrq1s1qY9Pa/rfnFrNPm57Iz2Kpo/xMqbOLcYXfvahkE63XosUKxmZGxKY9cwY6V8BV/hCFb7EsfIYx/u93LAt+WQk5dq55GBLk+wH67C1wyeLlPjBkL60cBkYwjexeaVw3VAqgFdkO6S2sq8g9nO2L+1am8mfUahbr/sARdhCNAUdsElwzxwaOGQz0K9OtR1N9mrf+vjKmRvEAdG9zjBVybcVFk/VoUvgAaSwPFNKvpqoNg/UivPc4ZTtrc7CpAIHJS7VtYNyCmgekwTi/WaeIVmu/89kQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=cIcy5P2xXJQiaEK9Vle/TYJ5Ho8TTOVyLIrd5MuXfMwbp6jddn4Vho2Owz1Hyaskk69l5MAd1vXEwIQRByLYJ32dF4csa6s348rn3vdq1j9cPTgXj3Ak5skCWnyt4N606/4hMuLbnZgwO2DRJP6NRXyhS2AwR4Qr6QhuVp8mgfqdIOoyVPNb+eQsS7gs2EOj12AcLQvYSZbAVMNZ1mFKlnetdz9QPemZU9lMznKoHB64bIjTML5T/kViH+httYQaRahhzVK5Xv+ciAn75TX2Yq/BCtdFVBk9T/ZuerpMz+oaLvZNsy75MDLFCKjOnr0t+X4dulRGn5ZWNw9FSje+Cw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GEcs0Z4c1FqTUesH4tcgPF97sVJrDj5dbBjhownSqcYo4ErvI4mL9fffM8p2s07rlNk4/F247plhp6j3vUHZW6LyTMYgQpsPbm2ZiZ0ly7AUiwei6Kmgnp/KnKWy36Jr9H8n54kyHNlegCS5Y1uNTA4wFTVmnNO8WDc9Q/xm+29B6V9YVr9G4XeR3NWXyx9EcqYSsTa7BtlGwlRgEHpgGhEBlkAjE25W94mzfc1tp2+eOJMOaiEFiw2xVxEgQXTVoqFfbpoIXpeoP1WJ6N3J/vb+Hn+55+92BLs1pv0sSEa3dgUgouMnXeNgekx0tKLXzoq4BizuoGqgA8xU1BassA==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Tue, 24 Sep 2024 08:24:10 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHbCo5DR6ro4Z09O0aiPTgUk1dK17Jjv8yAgALhMQA=
  • Thread-topic: [PATCH 03/10] xen/arm: ffa: fix version negotiation

Hi Julien,

> On 22 Sep 2024, at 14:25, Julien Grall <julien@xxxxxxx> wrote:
> 
> Hi Bertrand,
> 
> NIT Typo: s/fix/Fix/ to match the other title

Ack

> 
> On 19/09/2024 14:19, Bertrand Marquis wrote:
>> Fix FFA version negotiation with the firmware to follow the
>> specification guidance more closely.
> 
> To confirm, below is based on 13.2.1 in DEN0077A, is that correct? If so, can 
> you add a link in the commit message (and maybe code).

Yes it and i will add a link and description to the commit message.

> 
>> When the firmware returns OK we can have several cases:
>> - the version requested is accepted but the firmware supports a greater
>>   one in the same major.
>> - the firmware supports a greater major version. It could still return
>>   OK even if the version requested is not accepted. Reject it.
>> - the firmware supports a lower version. It will return OK and give that
>>   version. Check if we support it and use it or reject it if we do not.
>> Adapt the code to:
>> - reject any version lower than the one we support or not with the same
>>   major version
>> - use the version returned if in our supported range (currently 1.1
>>   only)
>> - use 1.1 if the version returned is greater.
>> Also adapt the handling of version requests from VM:
>> - return an error for a different major
>> - return 1.1 for a version >= 1.1
>> - return 1.0 if 1.0 was requested
>> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
>> ---
>>  xen/arch/arm/tee/ffa.c | 38 ++++++++++++++++++++++++++++++--------
>>  1 file changed, 30 insertions(+), 8 deletions(-)
>> diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
>> index 7ff2529b2055..1f602f25d097 100644
>> --- a/xen/arch/arm/tee/ffa.c
>> +++ b/xen/arch/arm/tee/ffa.c
>> @@ -141,13 +141,24 @@ static void handle_version(struct cpu_user_regs *regs)
>>      struct ffa_ctx *ctx = d->arch.tee;
>>      uint32_t vers = get_user_reg(regs, 1);
>>  -    if ( vers < FFA_VERSION_1_1 )
>> -        vers = FFA_VERSION_1_0;
>> -    else
>> -        vers = FFA_VERSION_1_1;
>> +    /**
> 
> Coding style: We are use a single '*' to start comment.

Ack

> 
>> +     * As of now we only support 1.0 or 1.1.
>> +     * For any 1.x >= 1.1 return OK with 1.1
>> +     * For 1.0 return OK with 1.0
>> +     * For anything else return an error.
>> +     */
> > +    if ( (vers >> FFA_VERSION_MAJOR_SHIFT) == FFA_MY_VERSION_MAJOR )
> > +    {> +        if ( vers < FFA_VERSION_1_1 )
>> +            vers = FFA_VERSION_1_0;
>> +        else
>> +            vers = FFA_VERSION_1_1;
> 
> I feel the logic is fragile. The first ``if`` is generic and I think it would 
> be easy to update the major version without updating handle_version(). To 
> some extend, the same problem would happen with the minor version.

so something like:
if (MAJOR(vers) == MY_MAJOR)
{
   if (MINOR(vers) < MY_MIN || MINOR(vers)>MY_MIN)
        vers = MY_VERSION
   else
        keep requested version
}

> 
> AFAICT, this is not a new issue, but as you touch the code, we should 
> probably harden it. I could settle with a BUILD_BUG_ON() to catch any change 
> of the minor/major.

i could see a BUILD_BUG_ON(MAJOR(MIN_VERSION) != MAJOR(MAX_VERSION))
Is that what you have in mind ?

> 
>>  -    ctx->guest_vers = vers;
>> -    ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
>> +        ctx->guest_vers = vers;
>> +        ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
>> +    }
>> +    else
>> +        ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED);
>>  }
>>    static void handle_msg_send_direct_req(struct cpu_user_regs *regs, 
>> uint32_t fid)
>> @@ -530,7 +541,8 @@ static bool ffa_probe(void)
>>          goto err_no_fw;
>>      }
>>  -    if ( vers < FFA_MIN_SPMC_VERSION || vers > FFA_MY_VERSION )
>> +    if ( vers < FFA_MIN_SPMC_VERSION ||
>> +              (vers >> FFA_VERSION_MAJOR_SHIFT) != FFA_MY_VERSION_MAJOR )
> 
> Coding style: the second line should be aligned with 'vers' rather than 
> indented.

Ack

> 
>>      {
>>          printk(XENLOG_ERR "ffa: Incompatible version %#x found\n", vers);
>>          goto err_no_fw;
>> @@ -542,7 +554,17 @@ static bool ffa_probe(void)
>>      printk(XENLOG_INFO "ARM FF-A Firmware version %u.%u\n",
>>             major_vers, minor_vers);
>>  -    ffa_fw_version = vers;
>> +    /**
> 
> Coding style: We start comment with /*.

Ack

> 
>> +     * If the call succeed and the version returned is higher or equal to
>> +     * the one Xen requested, the version requested by Xen will be the one
>> +     * used. If the version returned is lower but compatible with Xen, Xen
>> +     * will use that version instead.
>> +     * A version with a different major is rejected before.
>> +     */
>> +    if ( vers > FFA_MY_VERSION )
>> +        ffa_fw_version = FFA_MY_VERSION;
>> +    else
>> +        ffa_fw_version = vers;
> 
> Looking at the code after your series (didn't check before). We don't seem to 
> use ffa_fw_version for other than checking that FFA was detected. So wouldn't 
> it be better to stop storing the version?

We are only supporting a firmware version with 1.1 at the moment but when we 
will add support for FFA version 1.2 in the next weeks this will not be true 
anymore so if this is ok with you i would rather keep it.

Cheers
Bertrand

> 
> Cheers,
> 
> -- 
> Julien Grall





 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.