[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] docs: fusa: Add requirements for Device Passthrough

  • To: Ayan Kumar Halder <ayankuma@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Thu, 10 Oct 2024 10:24:11 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DVw/eNOv0sgkPjFHlbL1s0U1mudFbnnfKjwnacZvXT8=; b=Xg+2ifWRMVQKTwf3Q3hbfpXOuVEDRL9VFAO/LQa1NvGfqzRVZFDRYsTMoAztKEbJmd3NeA4pMP8boQYlYT6rQOXfdbD/RB2g1lVhUzNA5vG4Unx01yiPgjEqpzkDjc7RA/TVxSTCwcBnhFtHhZ7b4/e9M9vhHmYMKELTqvOYhnoXWaSSbFXNbHqm8FoI9EEnhiIrZvK7IZyULTGOPxUTtyLtFoBfkPwflNZYXYx+l1CUCml5zaHMEd1uG2DM3FmoBBDdjYhbppa4Zgg3DTYGrUi8RRe4N46ExjNJGWTD23nRLeeonZAUGwJfnECevUdI/75arR83l3SAG5z5VzKW3A==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DVw/eNOv0sgkPjFHlbL1s0U1mudFbnnfKjwnacZvXT8=; b=X2/4rTxZRVaHIMxB5GyBRl+/mFk6ZcawXyQOJVhr8t1JiDWHWvvyONb3buKKlgm6G/Hm3bctoI1r1jVsWOsk4IaaTmOtCTi765yRff79tkTi8tzxBdycHk55++pQD8ZaGGM94IDfRd6SMQb/GvjSLe5rrQzsmoewPoBI0aMw2vU3zvxRzPd/hrciI3quTZO4ZpxxPTi8whePBq5qNzv7/MUqOXNuFKL2CaF/KFkRn18mBOmBTQj6vmaekBe0Yr5j/PfT1FRn3qiMgkIwkJeNbI0e15Vptr2tfh3Pawnaxs/KJ6FvRbHxIKuJK4AqhHgeRFTydUXf7T0HNEpYGHg6ow==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=v27Drsb0LzbcGlfA3HnFxYCC8lCvUSZvgQr9k944pSf4mNi+WvfFSpRPWT5OLAyueJDceMStMn5uSTM2QoXr4FsNQLRHecydTzPW8sAO6kl850BZlYJW8m5m09+AtYgBpmzaGQOeFH3gZz5DWPefI/gwijwOBVYMRlrLaX/0P8JhGdM5VFTq3stJnTN9gh9AYFpMeboK+sryDw4K/pcDcPnHnhBDhaSP0s6M8mHeFyWTmVJwcKCiz5opRcsMgNIo/ZU3izC+hQcc4zfenXETjtny72IZJYtCJLmtiCiap1oasK9oukLktKGsCdTkGYf5NybTh53KkYiWJtYQx63qrQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jtmyjBZ1pXG91LUu0RxVJiYLNlJdwXgrleMfV484mJwGtQIFrPtSqOUYkd6JTyKpQx0pc1QFZHr9NH5kQi2YP8JJkgN6AB66Uw82mJg/hpnB7leSWniuJj4TM5iK/AJIcMtFzBI2W2ZPAlt4+uGYR094SHHIVQ5EQ0AU1tIIahREn7hfhJDye7NS+82/SPtWi/P2mq/ygVkjdjHR42MwvD46SktjimtaIzu+NLmfoFeszJtrF0LaCA1Sf4QpjCUFJtZgV8nxezjRyX3oL/bEXpNoM/8zktYumawT2QQVAye3mIE9bvzr2jdElcxGY08uBSavdljyAFEG1+UK57nUlA==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <olekstysh@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, Artem Mygaiev <artem_mygaiev@xxxxxxxx>, Hisao Munakata <hisao.munakata.vt@xxxxxxxxxxx>
  • Delivery-date: Thu, 10 Oct 2024 10:24:56 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHbGOqFqldnvX8xNEmI4LnFnImSpbJ8YaSAgADTLwCAAEEygIAAgZcAgABSRgCAABPTgIABWyMAgAASXoA=
  • Thread-topic: [PATCH] docs: fusa: Add requirements for Device Passthrough
HI Ayan,

> On 10 Oct 2024, at 11:18, Ayan Kumar Halder <ayankuma@xxxxxxx> wrote:
> 
> Hi Bertrand,
> 
> < snip>
> 
>>> 4) AoU on domain - 1) Domains should not use HVC DCC registers as Xen does 
>>> not emulate them.
>> Xen does not depend on that, the domain does so this is only a Xen expected 
>> behaviour and we should document that Domains shall not use it.
> 
> Agreed, we need to document somewhere that Domains shall not use registers 
> like HVC_DCC, etc which are not properly emulated by Xen.
> 
> Yes, it should not be a part of AoU as Xen's behaviour is not dependent on it.
> 
>> 
>> Xen behaviour if used should be specified.
> Agreed, there should be a document stating the behavior of Xen if non 
> emulated registers are accessed by domains (as an example).
>> 
>>> The AoUs can either be tested or need to be stated explicitly in the safety 
>>> manual.
>>> 
>>>> - "integrator" (word always problematic in Fusa as usually use to bail out
>>>> and give responsibility to someone else) shall and shall not do (for 
>>>> example
>>>> giving access to IOMMU registers to a domain)
>>> The responsibility with the integrator lies for things which cannot be 
>>> tested. For eg Xen has to be built with a particular configuration (eg 
>>> SMMUv3) or a specific CPU errata. Integrator should provide at the most X 
>>> amount of memory for each domain. SMMU (or any specific device) should not 
>>> be assigned to a domain (which should be under Xen's control).
>> Ack
> 
>> 
>>> For some of the AoUs which cannot be tested (eg Bootloader/Firmare needs to 
>>> initialize the DDR, CNTFRQ_EL0 needs to contain the correct system counter 
>>> frequency), the responsibility will lie with the integrator.
>> This is an AoU on the firmware or the platform not on the integrator.
> 
> I agree that this is an AoU on firmware or platform. But we can agree that 
> this AoU cannot be tested by us (within the scope of Xen's safety 
> certification) as we do not know on which hardware platform Xen is deployed. 
> The system integrator (or hardware manufacturer) should know the correct 
> value of system counter frequency. Thus, they should be able to test this.
> 
> Our intention is to keep the scope of Xen's safety certification decoupled 
> from a specific hardware platform. Is this making sense ?

It does as long as the expectations on the hardware are well documented.

> 
>> 
>>>> - interface and what we expect a domain will do with it
>>> This should be covered as part of AoU on domain. We can have more examples 
>>> of this in near future.
>> In my mind interface are for example hypercall numbers and behaviours.
>> I would not expect to find this kind of stuff as AoU.
> 
> Yes, we will be having requirements for the hypercalls. Do you mean this ?

Yes

Cheers
Bertrand

> 
> - Ayan
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.