[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen: gic-v3: Introduce CONFIG_GICV3_NR_LRS

  • To: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
  • From: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • Date: Wed, 8 Apr 2026 14:24:40 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 4.158.2.129) smtp.rcpttodomain=amd.com smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=crjtuVI0/8IRJIVmV7CB5LK2aDZnz4Cjmew4sqLTOXI=; b=WnS391qCSBWg0GCF48nTFc4/3IqNZG6fKnJhbl+n4Ev/tQs3xBakPQ9uO/l88IIEJKNsuZurGvvCWG75YJvez9LxwCAgxKW6F25n1wdU/bhAt80YJ4k1SLYGDhMZmgJNcIh+N+6AQ6HcHJLNEVJrOUE9SAbGbLysstomHOuNvYGRro4IEmYXX3C9WjL7C6NLJcZKTZ3VmBkVlSfH4nfYln9VeKyMGtBWAHmHy4TtiVR//LLFUar7TDnI7/U/P732Tu0NpygNqYJbrLp2IGqbJkP8uJQuMNnTrRt4veLwvtEkeuuRytugIveXL33vHO4vn01hovblWLpBfrKOq5XHqg==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=crjtuVI0/8IRJIVmV7CB5LK2aDZnz4Cjmew4sqLTOXI=; b=SJYukOARCpgplZ0GTrx4RFreZtaYeK/6rckLZ89JrE8yZxiIO1u39cWVyOkIStYR3Wj3EXeYmwdpyeZNP4QZvxVKSEhhRCCVk0awdSDFWO2wXMUZ5Q2WokuXFGg5CJyd3DiSk19aLqI4pFfBgHIEkFby5jBerZkI55KkVXENcepgt2TcFgX9ylJbAEykY+0yD327cdN0hlzN161kYu2z/0KCo+o9mZJwIEu55ThCFwM9yPs6nosSSlolPR23ph88eXRS/JaOrS5T/DY1XWOM03+1z1Zqe6Kw7C8Tsqq6zFc9uGzebvlPara9SPrxg3Kt/mVt0hc0r09CMfHvhnBhQg==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=J2hphFbLG+Vq88AQM4HFM5h4U4KDu0lB+eqvuuLF3zf7w88I/6hzjgDXuPD3ny+ucpluK6wncgqNu5Y9GJGXSzo3tPCLZrbTnuZq4nQCDCLDkyliV6fOxp34VrknebepqWfk1E//+D/WkvooNo0UhswE37ZMlkUlEz61RqT2xFuK9TnKGpDEU6tGfC9YS3QkpGUt+613wkJ7rbEhTFoKSsnBlv51guFZwWUtIoWWpHYFES58bho3cwqyIENmToUZHae/ctD5wTarAIfCc+cPcxiM4WxTcJX/f+57wy30HXthpgFFqNDAR9U5a+jp3VsiKfOuUNkHo2cDbiFaSo5H5g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=t4OCMVXri277bS8AdrzYYlBvtUf+45+xkTLXk4CWF0I/RktDWS450+H6MaiqB9T9V8JHTXHs3AKQmc7o/8ZUx1vmSEeShkWNwS1jIjEupkL97SfCBuOpOnE4iMoZ2VJi+lFC16pVIpbZh+6pYhl9bYgOpIL/XB36tlCS9BvLsNhh0HP4iQ3hpnaxCqbyRyYvy9qnFp2JPGVhvS5P2Wu42Xg0Iq2sLDRnw063WbVRlBjYDCqUdybk2mHKBru1A+/ODfGD2I9VSUeA3M4ugS2nNNUt5tom9ub03Hq0T/XnVX6pykPU6MTrPH0i70MyQg72dHvXCB2oCBpfYeFUDP2wpw==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=arm.com header.i="@arm.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"; dkim=pass header.s=selector1 header.d=arm.com header.i="@arm.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Wed, 08 Apr 2026 14:26:00 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Thread-index: AQHcx2Nvy01nqbaxNEymwM2jnpP38w==
  • Thread-topic: [PATCH v2] xen: gic-v3: Introduce CONFIG_GICV3_NR_LRS
Hi Ayan,

> On 18 Mar 2026, at 14:09, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx> wrote:
> 
> One key requirement of Xen functional safety is to reduce the number
> of lines of code to be safety certified. Besides, a safety certified
> Xen requires a static hardware configuration to be defined. This static
> hardware configuration is described as per the test hardware/emulator
> hardware configuration against which Xen is verified.
> 
> Introduce GICV3_NR_LRS with the two aims in mind:
> 1. User should set the number of GICV3 list registers as per the test
> hardware so that the unwanted code can be removed using GCC's dead
> code elimination or preprocessor's config.
> 2. By doing #1, one can ensure that there is no untested code due to
> unsupported hardware platform and thus there is no safety impact due
> to untested code.
> 
> However if the user does not set GICV3_NR_LRS, then it is set to 0.
> Thus Xen will fallback to the default scenario (i.e. read the hardware
> register to determine the number of LRS).
> 
> 1. In gicv3_save_lrs()/gicv3_restore_lrs(), use the number of list
> registers from GICV3_NR_LRS (if defined) instead of gicv3_info.nr_lrs.
> This ensures that if the hardware does not support more than 4 LRs
> (for example), the code accessing LR 4-15 is never reached. The
> compiler can eliminate the unsupported cases as the switch case uses a
> constant conditional.
> 
> 2. RAZ/WI for the unsupported LRs.
> 
> Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
> Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
> ---
> Changelog:
> 
> v1 - 1. s/lrs/LRS
> 2. Implement RAZ/WI instead of panic
> 
> Few comments which were not addressed
> 1. Do "gicv3_info.nr_lrs to LRS" in gicv3_hyp_init() and keep the code
> unchanged in gicv3_save_lrs()/gicv3_restore_lrs() -- This prevents the
> compiler from doing dead code elimination as the switch condition cannot
> be evaluated at compile time.
> I am not sure how to get around this issue.
> 
> xen/arch/arm/Kconfig  |  9 +++++++++
> xen/arch/arm/gic-v3.c | 14 ++++++++++++--
> 2 files changed, 21 insertions(+), 2 deletions(-)
> 
> diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> index 2f2b501fda..6540013f97 100644
> --- a/xen/arch/arm/Kconfig
> +++ b/xen/arch/arm/Kconfig
> @@ -276,6 +276,15 @@ config PCI_PASSTHROUGH
> 
> endmenu
> 
> +config GICV3_NR_LRS
> + int "Number of GICv3 Link Registers supported" if EXPERT
> + depends on GICV3
> + range 0 16

16 is the maximum supported since ICH_VTR_EL2.ListRegs is 4 bits [1], 
however how are we handling the case when GICV3_NR_LRS is greater
than the supported number of LR registers?

Shall we check that in gicv3_hyp_init()?

> + default 0
> + help
> +  Controls the number of Link registers to be accessed.
> +  Keep it set to 0 to use a value obtained from a hardware register.
> +
> menu "ARM errata workaround via the alternative framework"
> depends on HAS_ALTERNATIVE
> 
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index bc07f97c16..eaae95eb4d 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -51,6 +51,8 @@ static DEFINE_PER_CPU(void __iomem*, rbase);
> #define GICD                   (gicv3.map_dbase)
> #define GICD_RDIST_BASE        (this_cpu(rbase))
> #define GICD_RDIST_SGI_BASE    (GICD_RDIST_BASE + SZ_64K)
> +#define LRS                    (CONFIG_GICV3_NR_LRS ?: \
> +                                gicv3_info.nr_lrs)
> 
> /*
>  * Saves all 16(Max) LR registers. Though number of LRs implemented
> @@ -59,7 +61,7 @@ static DEFINE_PER_CPU(void __iomem*, rbase);
> static inline void gicv3_save_lrs(struct vcpu *v)
> {
>     /* Fall through for all the cases */
> -    switch ( gicv3_info.nr_lrs )
> +    switch ( LRS )
>     {
>     case 16:
>         v->arch.gic.v3.lr[15] = READ_SYSREG_LR(15);
> @@ -121,7 +123,7 @@ static inline void gicv3_save_lrs(struct vcpu *v)
> static inline void gicv3_restore_lrs(const struct vcpu *v)
> {
>     /* Fall through for all the cases */
> -    switch ( gicv3_info.nr_lrs )
> +    switch ( LRS )
>     {
>     case 16:
>         WRITE_SYSREG_LR(v->arch.gic.v3.lr[15], 15);
> @@ -178,6 +180,10 @@ static inline void gicv3_restore_lrs(const struct vcpu 
> *v)
> 
> static uint64_t gicv3_ich_read_lr(int lr)
> {
> +    /* RAZ for unsupported LR */
> +    if ( lr >= LRS )
> +        return 0;
> +
>     switch ( lr )
>     {
>     case 0: return READ_SYSREG_LR(0);
> @@ -203,6 +209,10 @@ static uint64_t gicv3_ich_read_lr(int lr)
> 
> static void gicv3_ich_write_lr(int lr, uint64_t val)
> {
> +    /* WI for unsupported LR */
> +    if ( lr >= LRS )
> +        return;
> +
>     switch ( lr )
>     {
>     case 0:

Now, since we are using CONFIG_GICV3_NR_LRS or gicv3_info.nr_lrs in 
gicv3_save_lrs/gicv3_restore_lrs,
there are other part of the codebase using nr_lrs (gic_get_nr_lrs() is one of 
them), but all the callers of that
function will use the HW nr_lrs and not the CONFIG_GICV3_NR_LRS, so I think 
some work needs to be done
to align them or there will be mismatches at runtime with possible loss of 
information.


[1] 
https://developer.arm.com/documentation/111179/2025-09_ASL1/AArch64-Registers/ICH-VTR-EL2--Interrupt-Controller-VGIC-Type-Register

Cheers,
Luca

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.