[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH v1] imagebuilder: Add a script to check the sanity of device tree

To: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Ayan Kumar Halder <ayankuma@xxxxxxx>
Date: Mon, 22 Sep 2025 18:10:12 +0100
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xecNqUaleM09+SwcGfMxl8bE1CdWDyZ2cVliD9ttxvg=; b=VJuVqyCmjpEdgZWyIEPpQkBzPUBMOGhjD8nnqalNJfy3lCvUUk53458stGbC+ygQ7hISjTqzPm2xm6SA5EcOdWCn/kAQF1fNxx0oY2j3KdEosUT26Up4DKxTR0uYNWfxyX/iHMgtc+/O1aVmFjrI+Jp6m06BDEeu6EkS99ZX6DUfOukYVJxzQb1bj9aTV7xFzRD2Wk/djehi3Ic6smSMJjx67jrvN3bMs8zBFtEGw1qKWHPO4/cao96hlYyeLCz6sNZw3x3gg1xm8FnFCCjRMoL1P69yo7bYW6lm4bkpp3k7h246nv0iP0diCnMg6WLwDNCxzvvU8gIXAvFhqV9npw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VDHbd5M45M+3wbeVWasAnqVyr2Dr6rBmjwxo6wzghHJoCuZ1YbYNYn5brqP6SY4P10lFo54ukRN7IL6NVinxXKEE7uHB/tV8PamglvEhC1fM2O0E8d9TQ6rFRFfRBs0joVewM4rXGb6d5iSoYV/BzHN7JPBjV+hwaLMGGC9Q8H0qiASPnpAXaupi2pTV4W/zOcQiV3Ebf7sNxdmLzkS6P+LX5zK1379bH8YpqpPPC2ZDc5e1JL9zurvn2+by86jkVE+YO0y8mPD/iMMW4EPaXd8DG9bKO2JC1uugwJ88JvOOC/YeYEPfjANN3PDVyhirOI4aOGh1EtGSDBOi0YlaUQ==
Cc: <sstabellini@xxxxxxxxxx>, <bertrand.marquis@xxxxxxx>, <michal.orzel@xxxxxxx>, <volodymyr_babchuk@xxxxxxxx>, <mark.brown@xxxxxxxxxxxxx>, <matthew.l.weber3@xxxxxxxxxx>, <sookyung.ahn@xxxxxxxxxx>
Delivery-date: Mon, 22 Sep 2025 17:10:36 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi,

After the FMEA discussion at Xen summit, I want to put a clarification.

On 01/09/2025 13:31, Ayan Kumar Halder wrote:

Xen gives a panic if certain nodes are not present in the device tree. In order
to prevent this panic, scripts/dt_sanity.py is written so that it checks if the
node/s are present. If the node/s are not present, the script gives an error.

User is expected to run the script against the device tree before booting Xen
with dtb.

Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
---

Hi,

In some of the discussions with the safety experts and upstream folks, one issue

that kept coming up is there are lots of ‘faulty system configuration’ and
‘impossible conditions’ checks in Xen.  While these conditions can rarely occur,
Xen would panic if any of such condition does occur.

For example, during bootup, Xen parses the device tree .

It checks if the device tree nodes are present for timer, interrupt-controller,
memory, cpu, etc. If these nodes are not present, Xen panics.

As part of safety certification, we have 3 aims :-

1. We want to reduce the instances where Xen can panic. This is to improve the
robustness.

2. We need to define a safe state when a fault is triggered in Xen. As faults
(like the one mentioned here) are triggered during boot time and it is due to
incorrect system configuration in device tree, it is hard to define a safe 
state.

3. Avoid validating all the instances of system configuration errors. By having
an external tool, we push the responsibility to the system integrator. The 
system
integrator needs to run the tool to validate all the properties that Xen checks
for. This can be a justification for the coverage gap for those checks in Xen.

This isn't true as we will have tests to validate all possible systemconfiguration errors. However, I want to use this script as a'prevention' mechanism to check for the sanity of device tree (which canbe offloaded to the system integrator). There could be many of sucherrors arising from misconfiguration in device tree. Wherever possible,we will use a script or we can explain how to identify these errorsbefore Xen boots.

We want to convey that certain failures in Xen are not possible (orthere is atleast some mitigation) if the user has read the FMEA orsafety manual or public documents.


- Ayan

References:
- [RFC PATCH v1] imagebuilder: Add a script to check the sanity of device tree
  - From: Ayan Kumar Halder

Prev by Date: Re: [RFC PATCH] xen/arm: Introduce GICV3 Self Tests
Next by Date: Re: [RFC PATCH] xen/arm: Introduce GICV3 Self Tests
Previous by thread: Re: [RFC PATCH v1] imagebuilder: Add a script to check the sanity of device tree
Next by thread: Re: [PATCH v5 10/12] xen/arm: vgic-v3: add emulation of GICv3.1 eSPI registers
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.