[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 07/10] xen/arm: ffa: Transmit RXTX buffers to the SPMC



Hi Bertrand,

On Thu, Oct 24, 2024 at 11:46 AM Bertrand Marquis
<Bertrand.Marquis@xxxxxxx> wrote:
>
> Hi Jens,
>
> > On 23 Oct 2024, at 16:51, Jens Wiklander <jens.wiklander@xxxxxxxxxx> wrote:
> >
> > Hi Bertrand,
> >
> > On Wed, Oct 16, 2024 at 10:32 AM Bertrand Marquis
> > <bertrand.marquis@xxxxxxx> wrote:
> >>
> >> When an RXTX buffer is mapped by a VM transmit it to the SPMC when it
> >> supports RX_ACQUIRE.
> >> As a consequence of that, we must acquire the RX buffer of a VM from the
> >> SPMC when we want to use it:
> >> - create a generic acquire and release function to get the rx buffer of
> >>  a VM which gets it from the SPMC when supported
> >> - rename the rx_acquire to hyp_rx_acquire to remove confusion
> >> - rework the rx_lock to only lock access to rx_is_free and only allow
> >>  usage of the rx buffer to one who managed to acquire it, thus removing
> >>  the trylock and returning busy if rx_is_free is false
> >>
> >> As part of this change move some structure definition to ffa_private
> >> from ffa_shm as those are need for the MAP call with the SPMC.
> >>
> >> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
> >> ---
> >> Changes in v2:
> >> - unmap VM rxtx buffer in SPMC on unmap call or on VM destroy
> >> - rework the unmap call to the SPMC to properly pass the VM ID
> >> ---
> >> xen/arch/arm/tee/ffa.c          |   2 +-
> >> xen/arch/arm/tee/ffa_partinfo.c |  29 ++----
> >> xen/arch/arm/tee/ffa_private.h  |  22 ++++-
> >> xen/arch/arm/tee/ffa_rxtx.c     | 158 ++++++++++++++++++++++++++------
> >> xen/arch/arm/tee/ffa_shm.c      |  15 ---
> >> 5 files changed, 161 insertions(+), 65 deletions(-)
> >>
> >> diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
> >> index a292003ca9fe..40ea5398fa21 100644
> >> --- a/xen/arch/arm/tee/ffa.c
> >> +++ b/xen/arch/arm/tee/ffa.c
> >> @@ -347,7 +347,7 @@ static bool ffa_handle_call(struct cpu_user_regs *regs)
> >>         ffa_handle_partition_info_get(regs);
> >>         return true;
> >>     case FFA_RX_RELEASE:
> >> -        e = ffa_handle_rx_release();
> >> +        e = ffa_rx_release(d);
> >>         break;
> >>     case FFA_MSG_SEND_DIRECT_REQ_32:
> >>     case FFA_MSG_SEND_DIRECT_REQ_64:
> >> diff --git a/xen/arch/arm/tee/ffa_partinfo.c 
> >> b/xen/arch/arm/tee/ffa_partinfo.c
> >> index 3cf801523296..fde187dba4e5 100644
> >> --- a/xen/arch/arm/tee/ffa_partinfo.c
> >> +++ b/xen/arch/arm/tee/ffa_partinfo.c
> >> @@ -121,11 +121,9 @@ void ffa_handle_partition_info_get(struct 
> >> cpu_user_regs *regs)
> >>         goto out;
> >>     }
> >>
> >> -    if ( !spin_trylock(&ctx->rx_lock) )
> >> -    {
> >> -        ret = FFA_RET_BUSY;
> >> +    ret = ffa_rx_acquire(d);
> >> +    if ( ret != FFA_RET_OK )
> >>         goto out;
> >> -    }
> >>
> >>     dst_buf = ctx->rx;
> >>
> >> @@ -135,22 +133,16 @@ void ffa_handle_partition_info_get(struct 
> >> cpu_user_regs *regs)
> >>         goto out_rx_release;
> >>     }
> >>
> >> -    if ( !ctx->page_count || !ctx->rx_is_free )
> >> -    {
> >> -        ret = FFA_RET_DENIED;
> >> -        goto out_rx_release;
> >> -    }
> >> -
> >>     spin_lock(&ffa_rx_buffer_lock);
> >>
> >>     ret = ffa_partition_info_get(uuid, 0, &ffa_sp_count, &src_size);
> >>
> >>     if ( ret )
> >> -        goto out_rx_buf_unlock;
> >> +        goto out_rx_hyp_unlock;
> >>
> >>     /*
> >>      * ffa_partition_info_get() succeeded so we now own the RX buffer we
> >> -     * share with the SPMC. We must give it back using ffa_rx_release()
> >> +     * share with the SPMC. We must give it back using 
> >> ffa_hyp_rx_release()
> >>      * once we've copied the content.
> >>      */
> >>
> >> @@ -193,15 +185,13 @@ void ffa_handle_partition_info_get(struct 
> >> cpu_user_regs *regs)
> >>         }
> >>     }
> >>
> >> -    ctx->rx_is_free = false;
> >> -
> >> out_rx_hyp_release:
> >> -    ffa_rx_release();
> >> -out_rx_buf_unlock:
> >> +    ffa_hyp_rx_release();
> >> +out_rx_hyp_unlock:
> >>     spin_unlock(&ffa_rx_buffer_lock);
> >> out_rx_release:
> >> -    spin_unlock(&ctx->rx_lock);
> >> -
> >> +    if ( ret != FFA_RET_OK )
> >> +        ffa_rx_release(d);
> >
> > Please comment on why ffa_rx_release() must only be called on failure.
>
> It is because the buffer contains data for the caller in case of success so
> it must be released by the caller.

Please mention the transfer of buffer ownership since that might be
easy to miss if only skimming the spec.

>
> Do i get it right that you want me to add a comment saying that in the code
> and not only tell you here ?

Yes. :-)

Cheers,
Jens

>
> >
> >> out:
> >>     if ( ret )
> >>         ffa_set_regs_error(regs, ret);
> >> @@ -368,8 +358,7 @@ bool ffa_partinfo_init(void)
> >>     ret = init_subscribers(count, fpi_size);
> >>
> >> out:
> >> -    ffa_rx_release();
> >> -
> >> +    ffa_hyp_rx_release();
> >>     return ret;
> >> }
> >>
> >> diff --git a/xen/arch/arm/tee/ffa_private.h 
> >> b/xen/arch/arm/tee/ffa_private.h
> >> index afe69b43dbef..9adfe687c3c9 100644
> >> --- a/xen/arch/arm/tee/ffa_private.h
> >> +++ b/xen/arch/arm/tee/ffa_private.h
> >> @@ -265,6 +265,21 @@
> >> #define FFA_ABI_BITNUM(id)    ((FFA_ABI_ID(id) - FFA_ABI_MIN) << 1 | \
> >>                                FFA_ABI_CONV(id))
> >>
> >> +/* Constituent memory region descriptor */
> >> +struct ffa_address_range {
> >> +    uint64_t address;
> >> +    uint32_t page_count;
> >> +    uint32_t reserved;
> >> +};
> >> +
> >> +/* Composite memory region descriptor */
> >> +struct ffa_mem_region {
> >> +    uint32_t total_page_count;
> >> +    uint32_t address_range_count;
> >> +    uint64_t reserved;
> >> +    struct ffa_address_range address_range_array[];
> >> +};
> >> +
> >> struct ffa_ctx_notif {
> >>     bool enabled;
> >>
> >> @@ -292,7 +307,7 @@ struct ffa_ctx {
> >>     struct ffa_ctx_notif notif;
> >>     /*
> >>      * tx_lock is used to serialize access to tx
> >> -     * rx_lock is used to serialize access to rx
> >> +     * rx_lock is used to serialize access to rx_is_free
> >>      * lock is used for the rest in this struct
> >>      */
> >>     spinlock_t tx_lock;
> >> @@ -331,7 +346,8 @@ void ffa_rxtx_domain_destroy(struct domain *d);
> >> uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr,
> >>                             register_t rx_addr, uint32_t page_count);
> >> uint32_t ffa_handle_rxtx_unmap(void);
> >> -int32_t ffa_handle_rx_release(void);
> >> +int32_t ffa_rx_acquire(struct domain *d);
> >> +int32_t ffa_rx_release(struct domain *d);
> >>
> >> void ffa_notif_init(void);
> >> void ffa_notif_init_interrupt(void);
> >> @@ -420,7 +436,7 @@ static inline int32_t ffa_simple_call(uint32_t fid, 
> >> register_t a1,
> >>     return ffa_get_ret_code(&resp);
> >> }
> >>
> >> -static inline int32_t ffa_rx_release(void)
> >> +static inline int32_t ffa_hyp_rx_release(void)
> >> {
> >>     return ffa_simple_call(FFA_RX_RELEASE, 0, 0, 0, 0);
> >> }
> >> diff --git a/xen/arch/arm/tee/ffa_rxtx.c b/xen/arch/arm/tee/ffa_rxtx.c
> >> index b6931c855779..a5d43e51f843 100644
> >> --- a/xen/arch/arm/tee/ffa_rxtx.c
> >> +++ b/xen/arch/arm/tee/ffa_rxtx.c
> >> @@ -30,6 +30,17 @@ struct ffa_endpoint_rxtx_descriptor_1_1 {
> >>     uint32_t tx_region_offs;
> >> };
> >>
> >> +static int32_t ffa_rxtx_map(paddr_t tx_addr, paddr_t rx_addr,
> >> +                            uint32_t page_count)
> >> +{
> >> +    return ffa_simple_call(FFA_RXTX_MAP_64, tx_addr, rx_addr, page_count, 
> >> 0);
> >> +}
> >> +
> >> +static int32_t ffa_rxtx_unmap(uint16_t id)
> >> +{
> >> +    return ffa_simple_call(FFA_RXTX_UNMAP, ((uint64_t)id)<<16, 0, 0, 0);
> >> +}
> >> +
> >> uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr,
> >>                             register_t rx_addr, uint32_t page_count)
> >> {
> >> @@ -42,6 +53,9 @@ uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t 
> >> tx_addr,
> >>     void *rx;
> >>     void *tx;
> >>
> >> +    /* The code is considering that we only get one page for now */
> >> +    BUILD_BUG_ON(FFA_MAX_RXTX_PAGE_COUNT != 1);
> >> +
> >>     if ( !smccc_is_conv_64(fid) )
> >>     {
> >>         /*
> >> @@ -87,6 +101,65 @@ uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t 
> >> tx_addr,
> >>     if ( !rx )
> >>         goto err_unmap_tx;
> >>
> >> +    /*
> >> +     * Transmit the RX/TX buffer information to the SPM if acquire is 
> >> supported
> >> +     * as the spec says that if not there is not need to 
> >> acquire/release/map
> >> +     * rxtx buffers from the SPMC
> >> +     */
> >> +    if ( ffa_fw_supports_fid(FFA_RX_ACQUIRE) )
> >> +    {
> >> +        struct ffa_endpoint_rxtx_descriptor_1_1 *rxtx_desc;
> >> +        struct ffa_mem_region *mem_reg;
> >> +
> >> +        /* All must fit in our TX buffer */
> >> +        BUILD_BUG_ON((sizeof(*rxtx_desc) + sizeof(*mem_reg)*2 +
> >> +                      sizeof(struct ffa_address_range)*2) > 
> >> FFA_PAGE_SIZE);
> >
> > Please add space before and after the binary operator "*".
> Ack
>
> > The size of the TX buffer is FFA_RXTX_PAGE_COUNT * FFA_PAGE_SIZE.
> Very right, I will fix that in v3.
>
> > Nit: the outer parenthesis around the left expression aren't needed.
> Ack
>
> >
> >> +
> >> +        spin_lock(&ffa_tx_buffer_lock);
> >> +        rxtx_desc = ffa_tx;
> >> +
> >> +        /*
> >> +         * We have only one page for each so we pack everything:
> >> +         * - rx region descriptor
> >> +         * - rx region range
> >> +         * - tx region descriptor
> >> +         * - tx region range
> >> +         */
> >> +        rxtx_desc->sender_id = ffa_get_vm_id(d);
> >> +        rxtx_desc->reserved = 0;
> >> +        rxtx_desc->rx_region_offs = sizeof(*rxtx_desc);
> >> +        rxtx_desc->tx_region_offs = sizeof(*rxtx_desc) +
> >> +                                    offsetof(struct ffa_mem_region,
> >> +                                             address_range_array[1]);
> >> +
> >> +        /* rx buffer */
> >> +        mem_reg = ffa_tx + sizeof(*rxtx_desc);
> >> +        mem_reg->total_page_count = 1;
> >> +        mem_reg->address_range_count = 1;
> >> +        mem_reg->reserved = 0;
> >> +
> >> +        mem_reg->address_range_array[0].address = page_to_maddr(rx_pg);
> >> +        mem_reg->address_range_array[0].page_count = 1;
> >> +        mem_reg->address_range_array[0].reserved = 0;
> >> +
> >> +        /* tx buffer */
> >> +        mem_reg = ffa_tx + rxtx_desc->tx_region_offs;
> >> +        mem_reg->total_page_count = 1;
> >> +        mem_reg->address_range_count = 1;
> >> +        mem_reg->reserved = 0;
> >> +
> >> +        mem_reg->address_range_array[0].address = page_to_maddr(tx_pg);
> >> +        mem_reg->address_range_array[0].page_count = 1;
> >> +        mem_reg->address_range_array[0].reserved = 0;
> >> +
> >> +        ret = ffa_rxtx_map(0, 0, 1);
> >
> > The last parameter is also MBZ when forwarding on behalf of an endpoint.
>
> Ack, will fix in v3.
>
> Cheers
> Bertrand
>
> >
> > Cheers,
> > Jens
> >
> >> +
> >> +        spin_unlock(&ffa_tx_buffer_lock);
> >> +
> >> +        if ( ret != FFA_RET_OK )
> >> +            goto err_unmap_rx;
> >> +    }
> >> +
> >>     ctx->rx = rx;
> >>     ctx->tx = tx;
> >>     ctx->rx_pg = rx_pg;
> >> @@ -95,6 +168,8 @@ uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t 
> >> tx_addr,
> >>     ctx->rx_is_free = true;
> >>     return FFA_RET_OK;
> >>
> >> +err_unmap_rx:
> >> +    unmap_domain_page_global(rx);
> >> err_unmap_tx:
> >>     unmap_domain_page_global(tx);
> >> err_put_rx_pg:
> >> @@ -105,8 +180,22 @@ err_put_tx_pg:
> >>     return ret;
> >> }
> >>
> >> -static void rxtx_unmap(struct ffa_ctx *ctx)
> >> +static uint32_t  rxtx_unmap(struct domain *d)
> >> {
> >> +    struct ffa_ctx *ctx = d->arch.tee;
> >> +
> >> +    if ( !ctx->page_count )
> >> +        return FFA_RET_INVALID_PARAMETERS;
> >> +
> >> +    if ( ffa_fw_supports_fid(FFA_RX_ACQUIRE) )
> >> +    {
> >> +        uint32_t ret;
> >> +
> >> +        ret = ffa_rxtx_unmap(ffa_get_vm_id(d));
> >> +        if ( ret != FFA_RET_OK )
> >> +            return ret;
> >> +    }
> >> +
> >>     unmap_domain_page_global(ctx->rx);
> >>     unmap_domain_page_global(ctx->tx);
> >>     put_page(ctx->rx_pg);
> >> @@ -117,32 +206,63 @@ static void rxtx_unmap(struct ffa_ctx *ctx)
> >>     ctx->tx_pg = NULL;
> >>     ctx->page_count = 0;
> >>     ctx->rx_is_free = false;
> >> +
> >> +    return FFA_RET_OK;
> >> }
> >>
> >> uint32_t ffa_handle_rxtx_unmap(void)
> >> {
> >> -    struct domain *d = current->domain;
> >> +    return rxtx_unmap(current->domain);
> >> +}
> >> +
> >> +int32_t ffa_rx_acquire(struct domain *d)
> >> +{
> >> +    int32_t ret = FFA_RET_OK;
> >>     struct ffa_ctx *ctx = d->arch.tee;
> >>
> >> -    if ( !ctx->rx )
> >> -        return FFA_RET_INVALID_PARAMETERS;
> >> +    spin_lock(&ctx->rx_lock);
> >>
> >> -    rxtx_unmap(ctx);
> >> +    if ( !ctx->page_count )
> >> +    {
> >> +        ret = FFA_RET_DENIED;
> >> +        goto out;
> >> +    }
> >>
> >> -    return FFA_RET_OK;
> >> +    if ( !ctx->rx_is_free )
> >> +    {
> >> +        ret = FFA_RET_BUSY;
> >> +        goto out;
> >> +    }
> >> +
> >> +    if ( ffa_fw_supports_fid(FFA_RX_ACQUIRE) )
> >> +    {
> >> +        ret = ffa_simple_call(FFA_RX_ACQUIRE, ffa_get_vm_id(d), 0, 0, 0);
> >> +        if ( ret != FFA_RET_OK )
> >> +            goto out;
> >> +    }
> >> +    ctx->rx_is_free = false;
> >> +out:
> >> +    spin_unlock(&ctx->rx_lock);
> >> +
> >> +    return ret;
> >> }
> >>
> >> -int32_t ffa_handle_rx_release(void)
> >> +int32_t ffa_rx_release(struct domain *d)
> >> {
> >>     int32_t ret = FFA_RET_DENIED;
> >> -    struct domain *d = current->domain;
> >>     struct ffa_ctx *ctx = d->arch.tee;
> >>
> >> -    if ( !spin_trylock(&ctx->rx_lock) )
> >> -        return FFA_RET_BUSY;
> >> +    spin_lock(&ctx->rx_lock);
> >>
> >>     if ( !ctx->page_count || ctx->rx_is_free )
> >>         goto out;
> >> +
> >> +    if ( ffa_fw_supports_fid(FFA_RX_ACQUIRE) )
> >> +    {
> >> +        ret = ffa_simple_call(FFA_RX_RELEASE, ffa_get_vm_id(d), 0, 0, 0);
> >> +        if ( ret != FFA_RET_OK )
> >> +            goto out;
> >> +    }
> >>     ret = FFA_RET_OK;
> >>     ctx->rx_is_free = true;
> >> out:
> >> @@ -151,23 +271,9 @@ out:
> >>     return ret;
> >> }
> >>
> >> -static int32_t ffa_rxtx_map(paddr_t tx_addr, paddr_t rx_addr,
> >> -                            uint32_t page_count)
> >> -{
> >> -    return ffa_simple_call(FFA_RXTX_MAP_64, tx_addr, rx_addr, page_count, 
> >> 0);
> >> -}
> >> -
> >> -static int32_t ffa_rxtx_unmap(void)
> >> -{
> >> -    return ffa_simple_call(FFA_RXTX_UNMAP, 0, 0, 0, 0);
> >> -}
> >> -
> >> void ffa_rxtx_domain_destroy(struct domain *d)
> >> {
> >> -    struct ffa_ctx *ctx = d->arch.tee;
> >> -
> >> -    if ( ctx->rx )
> >> -        rxtx_unmap(ctx);
> >> +    rxtx_unmap(d);
> >> }
> >>
> >> void ffa_rxtx_destroy(void)
> >> @@ -186,7 +292,7 @@ void ffa_rxtx_destroy(void)
> >>     }
> >>
> >>     if ( need_unmap )
> >> -        ffa_rxtx_unmap();
> >> +        ffa_rxtx_unmap(0);
> >> }
> >>
> >> bool ffa_rxtx_init(void)
> >> diff --git a/xen/arch/arm/tee/ffa_shm.c b/xen/arch/arm/tee/ffa_shm.c
> >> index 29675f9ba3f7..d628c1b70609 100644
> >> --- a/xen/arch/arm/tee/ffa_shm.c
> >> +++ b/xen/arch/arm/tee/ffa_shm.c
> >> @@ -16,21 +16,6 @@
> >>
> >> #include "ffa_private.h"
> >>
> >> -/* Constituent memory region descriptor */
> >> -struct ffa_address_range {
> >> -    uint64_t address;
> >> -    uint32_t page_count;
> >> -    uint32_t reserved;
> >> -};
> >> -
> >> -/* Composite memory region descriptor */
> >> -struct ffa_mem_region {
> >> -    uint32_t total_page_count;
> >> -    uint32_t address_range_count;
> >> -    uint64_t reserved;
> >> -    struct ffa_address_range address_range_array[];
> >> -};
> >> -
> >> /* Memory access permissions descriptor */
> >> struct ffa_mem_access_perm {
> >>     uint16_t endpoint_id;
> >> --
> >> 2.47.0
>
>



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.