[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 12/12] xen/arm: ffa: Add message parameter diagnostics

  • To: Jens Wiklander <jens.wiklander@xxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Wed, 11 Feb 2026 14:26:50 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 4.158.2.129) smtp.rcpttodomain=linaro.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SU6Kecneh1kjo06iRHaR13oXWtvn5PqIMxgv4dUaEC4=; b=uXJUo9CM5pVndEW8Fb0qlkrnrwqlboD5T+n4kbkiJ1gEuGj2XLX2QQXwzr2h3L+C79U1ahS16b1OT/8m+Hv9UgoH/XeqFYepkPF9fIs3KPtG/igcNPcdbQt3kooIZAdthQAaiLrZl8Ud0YrimTFP6pu+Np4blCncEUYg+Ja43cGl3C1XKLIExF94eR0CrKd/DGgy3KYSux5Qh/BKdv355ISOvWeykl4wtfbkLLSKi/XdeHc9UNBAeWj46DIuwHRYrJoSmOoEDScRA4nQkCfEJmmjF/WrDLdTB6YnMeynKVIptpWe0nia8BmRcv8GEkImgECN02SpmGci08ZKfMtgZw==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SU6Kecneh1kjo06iRHaR13oXWtvn5PqIMxgv4dUaEC4=; b=HfEf6I3TNBR8vjVly+gPi56dgqmD0bgf0YbNWMxUxUxzOuftjsqC9esBlaBkOpHchlN4/lP7vbfoz0RzcsfAEfChfbLOVNtoF2zk/9pnvhkI5fbzFWRQNqPeJIKGFUzfI1Wk7CD4tMjSgVoUzZgNaKR5VjM44fK152YMXFKcG9d9us1Y1PsbXTVJKmDlLCZKPoxwMOLMkF7/Lo6axcMS+Wx+ucNExlYLJbLUmxr7qgtnvVOpQzUTNPzj3J0y+v6wzCKLUpCLxK42rnqSMuHl9WPWzZG9sdQWQfgdSLQZuC306kMnAC4HSVLnzthcfgqsDpdn1GhOh1vk7I2WVPVeGA==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=gI52Auwl4rc0xbNcGCV5FIRWYu8zceqJLcXVvGLgBsg1A7eG18DFYh67vFzdTIHGs1+v0O7AYMLG+l/hgR/FCOdYtrFlRMdB01lqGLz34pJDIH7ZZmg2PnLwQ/ds1dIb6QMA97lVisFZmGa9J6QPwjQfvY4vKE9dk9yJYVRvEbL3inDJUdE0/giUddgCtmGeV4NoT0WJSiEj8w0uwoZREpARSHga0pFtCG77noLXBRaAiwiIDw5ikorgM9DCk38IRzb9wXnptQinudhWbZXuktjN4VpFON7lUP2ZXcGXDBLDP4ohivYvG3kNLiq/rnyeEjMnH1GAyzbXobFqkveNOg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=A4bAgvI9QKBgJQioCzygnnUVL7TLP/mWEOjHYzrF754hzjmZyfwHLPJYgJzFdvSf6ojBOO6P41vQ64c22RkM94+E+iZhXZ5Mr75FEPptTFKWkPyHaQqF1MFGR5mR7j0OsCzmbTtCco/BLvcrkFYWCdBcchgwHVRKgz9VCaJeWxSc18MnS3JlouPWlCNO8y9Cts24T1XJNTWxQndgae6wzs1jxdc4JK7d1DWjPoD700RQqDfR34VpiYe28Ysu2LTSgsqGQ3+Wl/IisL0b1zRVRG/ebSmPZ9JXCXzp4AaWx0Rl9jvkmC0EcoxNbo00LVj760V1KD9NRVgHvSMjwPQfYQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Wed, 11 Feb 2026 14:28:07 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Thread-index: AQHclTU3ZJPDIpNYRUSOTYp5hfKcabV9VJGAgAAZM4CAAB65AIAADfgA
  • Thread-topic: [PATCH 12/12] xen/arm: ffa: Add message parameter diagnostics
Hi Jens,

> On 11 Feb 2026, at 14:36, Jens Wiklander <jens.wiklander@xxxxxxxxxx> wrote:
> 
> Hi Bertrand,
> 
> On Wed, Feb 11, 2026 at 12:48 PM Bertrand Marquis
> <Bertrand.Marquis@xxxxxxx> wrote:
>> 
>> Hi Jens,
>> 
>>> On 11 Feb 2026, at 11:16, Jens Wiklander <jens.wiklander@xxxxxxxxxx> wrote:
>>> 
>>> Hi Bertrand,
>>> 
>>> On Tue, Feb 3, 2026 at 6:38 PM Bertrand Marquis
>>> <bertrand.marquis@xxxxxxx> wrote:
>>>> 
>>>> MSG_SEND2 and direct request validation failures are silent, making it
>>>> hard to diagnose invalid IDs, oversized messages, or unsupported
>>>> destination types.
>>>> 
>>>> Add debug logs for parameter validation failures:
>>>> - invalid endpoint IDs
>>>> - oversized messages
>>>> - unsupported destination types
>>>> - invalid sender/receiver combinations
>>>> - ratelimit MSG_SEND2 busy failures to avoid log flooding
>>>> 
>>>> No functional changes.
>>>> 
>>>> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
>>>> ---
>>>> xen/arch/arm/tee/ffa_msg.c | 45 ++++++++++++++++++++++++++++++++++++++
>>>> 1 file changed, 45 insertions(+)
>>>> 
>>>> diff --git a/xen/arch/arm/tee/ffa_msg.c b/xen/arch/arm/tee/ffa_msg.c
>>>> index 928f269f6c3a..cc273c9a8e80 100644
>>>> --- a/xen/arch/arm/tee/ffa_msg.c
>>>> +++ b/xen/arch/arm/tee/ffa_msg.c
>>>> @@ -4,6 +4,7 @@
>>>> */
>>>> 
>>>> #include <xen/const.h>
>>>> +#include <xen/lib.h>
>>>> #include <xen/sizes.h>
>>>> #include <xen/types.h>
>>>> 
>>>> @@ -100,6 +101,7 @@ void ffa_handle_msg_send_direct_req(struct 
>>>> cpu_user_regs *regs, uint32_t fid)
>>>>    if ( !ffa_fw_supports_fid(fid) )
>>>>    {
>>>>        ret = FFA_RET_NOT_SUPPORTED;
>>>> +        gdprintk(XENLOG_DEBUG, "ffa: direct req fid %#x not supported\n", 
>>>> fid);
>>>>        goto out;
>>>>    }
>>>> 
>>>> @@ -108,6 +110,9 @@ void ffa_handle_msg_send_direct_req(struct 
>>>> cpu_user_regs *regs, uint32_t fid)
>>>>         (src_dst & GENMASK(15,0)) == ffa_get_vm_id(d) )
>>>>    {
>>>>        ret = FFA_RET_INVALID_PARAMETERS;
>>>> +        gdprintk(XENLOG_DEBUG,
>>>> +                 "ffa: direct req invalid src/dst %#x\n",
>>>> +                 (uint32_t)src_dst);
>>>>        goto out;
>>>>    }
>>>> 
>>>> @@ -115,6 +120,9 @@ void ffa_handle_msg_send_direct_req(struct 
>>>> cpu_user_regs *regs, uint32_t fid)
>>>>    if ( !FFA_ID_IS_SECURE(src_dst & GENMASK(15,0)) )
>>>>    {
>>>>        ret = FFA_RET_NOT_SUPPORTED;
>>>> +        gdprintk(XENLOG_DEBUG,
>>>> +                 "ffa: direct req to non-secure dst %#x\n",
>>>> +                 (uint32_t)(src_dst & GENMASK(15, 0)));
>>>>        goto out;
>>>>    }
>>>> 
>>>> @@ -166,7 +174,12 @@ static int32_t ffa_msg_send2_vm(uint16_t dst_id, 
>>>> const void *src_buf,
>>>>    /* This is also checking that dest is not src */
>>>>    ret = ffa_endpoint_domain_lookup(dst_id, &dst_d, &dst_ctx);
>>>>    if ( ret )
>>>> +    {
>>>> +        gdprintk(XENLOG_DEBUG,
>>>> +                 "ffa: msg_send2 lookup failed: dst %#x ret %d\n",
>>>> +                 dst_id, ret);
>>>>        return ret;
>>>> +    }
>>>> 
>>>>    /* This also checks that destination has set a Rx buffer */
>>>>    ret = ffa_rx_acquire(dst_ctx , &rx_buf, &rx_size);
>>>> @@ -199,6 +212,12 @@ static int32_t ffa_msg_send2_vm(uint16_t dst_id, 
>>>> const void *src_buf,
>>>>    /* receiver rx buffer will be released by the receiver*/
>>>> 
>>>> out_unlock:
>>>> +    if ( ret )
>>>> +    {
>>>> +        if ( ret != FFA_RET_BUSY || printk_ratelimit() )
>>> 
>>> Shouldn't this be && ?
>> 
>> The intent here is to log all non BUSY errors but only log BUSY when 
>> ratelimit allows
>> to reduce the amount of logs in case of someone polling when the receiver RX 
>> buffer
>> is busy.
>> 
>> Maybe I should add a comment to make that clearer ?

I will add a comment in v2.

Cheers
Bertrand

> 
> Yes, please.
> 
> Cheers,
> Jens
> 
>> 
>> Cheers
>> Bertrand
>> 
>>> 
>>> Cheers,
>>> Jens
>>> 
>>>> +            gdprintk(XENLOG_DEBUG, "ffa: msg_send2 to %#x failed: %d\n",
>>>> +                     dst_id, ret);
>>>> +    }
>>>>    rcu_unlock_domain(dst_d);
>>>>    if ( !ret )
>>>>        ffa_raise_rx_buffer_full(dst_d);
>>>> @@ -226,7 +245,11 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs 
>>>> *regs)
>>>> 
>>>>    ret = ffa_tx_acquire(src_ctx, &tx_buf, &tx_size);
>>>>    if ( ret != FFA_RET_OK )
>>>> +    {
>>>> +        gdprintk(XENLOG_DEBUG,
>>>> +                 "ffa: msg_send2 TX acquire failed: %d\n", ret);
>>>>        return ret;
>>>> +    }
>>>> 
>>>>    /* create a copy of the message header */
>>>>    memcpy(&src_msg, tx_buf, sizeof(src_msg));
>>>> @@ -238,6 +261,9 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs 
>>>> *regs)
>>>>         dst_id == ffa_get_vm_id(src_d) )
>>>>    {
>>>>        ret = FFA_RET_INVALID_PARAMETERS;
>>>> +        gdprintk(XENLOG_DEBUG,
>>>> +                 "ffa: msg_send2 invalid src/dst src %#x dst %#x\n",
>>>> +                 src_id, dst_id);
>>>>        goto out;
>>>>    }
>>>> 
>>>> @@ -246,6 +272,9 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs 
>>>> *regs)
>>>>        if (src_msg.msg_offset < sizeof(struct ffa_part_msg_rxtx_1_1))
>>>>        {
>>>>            ret = FFA_RET_INVALID_PARAMETERS;
>>>> +            gdprintk(XENLOG_DEBUG,
>>>> +                     "ffa: msg_send2 invalid msg_offset %u (v1.1)\n",
>>>> +                     src_msg.msg_offset);
>>>>            goto out;
>>>>        }
>>>>        /* Set uuid to Nil UUID for v1.1 guests */
>>>> @@ -255,6 +284,9 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs 
>>>> *regs)
>>>>    else if ( src_msg.msg_offset < sizeof(struct ffa_part_msg_rxtx_1_2) )
>>>>    {
>>>>        ret = FFA_RET_INVALID_PARAMETERS;
>>>> +        gdprintk(XENLOG_DEBUG,
>>>> +                 "ffa: msg_send2 invalid msg_offset %u (v1.2)\n",
>>>> +                 src_msg.msg_offset);
>>>>        goto out;
>>>>    }
>>>> 
>>>> @@ -263,6 +295,9 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs 
>>>> *regs)
>>>>            src_msg.msg_size > (tx_size - src_msg.msg_offset) )
>>>>    {
>>>>        ret = FFA_RET_INVALID_PARAMETERS;
>>>> +        gdprintk(XENLOG_DEBUG,
>>>> +                 "ffa: msg_send2 invalid msg_size %u offset %u tx %zu\n",
>>>> +                 src_msg.msg_size, src_msg.msg_offset, tx_size);
>>>>        goto out;
>>>>    }
>>>> 
>>>> @@ -272,6 +307,8 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs 
>>>> *regs)
>>>>        if ( !ffa_fw_supports_fid(FFA_MSG_SEND2) )
>>>>        {
>>>>            ret = FFA_RET_NOT_SUPPORTED;
>>>> +            gdprintk(XENLOG_DEBUG,
>>>> +                     "ffa: msg_send2 to SP not supported\n");
>>>>            goto out;
>>>>        }
>>>>        /*
>>>> @@ -288,6 +325,8 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs 
>>>> *regs)
>>>> 
>>>>        ret = ffa_simple_call(FFA_MSG_SEND2,
>>>>                              ((uint32_t)ffa_get_vm_id(src_d)) << 16, 0, 0, 
>>>> 0);
>>>> +        if ( ret )
>>>> +            gdprintk(XENLOG_DEBUG, "ffa: msg_send2 to SP failed: %d\n", 
>>>> ret);
>>>>    }
>>>>    else if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) )
>>>>    {
>>>> @@ -295,7 +334,11 @@ int32_t ffa_handle_msg_send2(struct cpu_user_regs 
>>>> *regs)
>>>>        ret = ffa_msg_send2_vm(dst_id, tx_buf, &src_msg);
>>>>    }
>>>>    else
>>>> +    {
>>>>        ret = FFA_RET_INVALID_PARAMETERS;
>>>> +        gdprintk(XENLOG_DEBUG,
>>>> +                 "ffa: msg_send2 to VM disabled (dst %#x)\n", dst_id);
>>>> +    }
>>>> 
>>>> out:
>>>>    ffa_tx_release(src_ctx);
>>>> @@ -311,6 +354,7 @@ void ffa_handle_run(struct cpu_user_regs *regs, 
>>>> uint32_t fid)
>>>>    if ( !ffa_fw_supports_fid(fid) )
>>>>    {
>>>>        ret = FFA_RET_NOT_SUPPORTED;
>>>> +        gdprintk(XENLOG_DEBUG, "ffa: run fid %#x not supported\n", fid);
>>>>        goto out;
>>>>    }
>>>> 
>>>> @@ -322,6 +366,7 @@ void ffa_handle_run(struct cpu_user_regs *regs, 
>>>> uint32_t fid)
>>>>    if ( !FFA_ID_IS_SECURE(dst >> 16) )
>>>>    {
>>>>        ret = FFA_RET_NOT_SUPPORTED;
>>>> +        gdprintk(XENLOG_DEBUG, "ffa: run to non-secure dst %#x\n", dst);
>>>>        goto out;
>>>>    }
>>>> 
>>>> --
>>>> 2.50.1 (Apple Git-155)

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.