* [PATCH v2 0/2] Xen FF-A mediator
@ 2022-06-09 6:18 Jens Wiklander
2022-06-09 6:18 ` [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers Jens Wiklander
2022-06-09 6:18 ` [PATCH v2 2/2] xen/arm: add FF-A mediator Jens Wiklander
0 siblings, 2 replies; 21+ messages in thread
From: Jens Wiklander @ 2022-06-09 6:18 UTC (permalink / raw)
To: xen-devel
Cc: Stefano Stabellini, Julien Grall, Volodymyr Babchuk, Jens Wiklander
Hi,
This patch sets add a FF-A [1] mediator modeled after the TEE mediator
already present in Xen. The FF-A mediator implements the subset of the FF-A
1.1 specification needed to communicate with OP-TEE using FF-A as transport
mechanism instead of SMC/HVC as with the TEE mediator. It allows a similar
design in OP-TEE as with the TEE mediator where OP-TEE presents one virtual
partition of itself to each guest in Xen.
The FF-A mediator is generic in the sense it has nothing OP-TEE specific
except that only the subset needed for OP-TEE is implemented so far. The
hooks needed to inform OP-TEE that a guest is created or destroyed is part
of the FF-A specification.
It should be possible to extend the FF-A mediator to implement a larger
portion of the FF-A 1.1 specification without breaking with the way OP-TEE
is communicated with here. So it should be possible to support any TEE or
Secure Partition using FF-A as transport with this mediator.
[1] https://developer.arm.com/documentation/den0077/latest
Thanks,
Jens
v1->v2:
* Rebased on staging to resolve some merge conflicts as requested
Jens Wiklander (2):
xen/arm: smccc: add support for SMCCCv1.2 extended input/output
registers
xen/arm: add FF-A mediator
xen/arch/arm/Kconfig | 11 +
xen/arch/arm/Makefile | 1 +
xen/arch/arm/arm64/smc.S | 43 +
xen/arch/arm/domain.c | 10 +
xen/arch/arm/ffa.c | 1624 +++++++++++++++++++++++++++++
xen/arch/arm/include/asm/domain.h | 4 +
xen/arch/arm/include/asm/ffa.h | 71 ++
xen/arch/arm/include/asm/smccc.h | 42 +
xen/arch/arm/vsmc.c | 19 +-
9 files changed, 1821 insertions(+), 4 deletions(-)
create mode 100644 xen/arch/arm/ffa.c
create mode 100644 xen/arch/arm/include/asm/ffa.h
--
2.31.1
^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-09 6:18 [PATCH v2 0/2] Xen FF-A mediator Jens Wiklander
@ 2022-06-09 6:18 ` Jens Wiklander
2022-06-11 0:41 ` Stefano Stabellini
2022-06-09 6:18 ` [PATCH v2 2/2] xen/arm: add FF-A mediator Jens Wiklander
1 sibling, 1 reply; 21+ messages in thread
From: Jens Wiklander @ 2022-06-09 6:18 UTC (permalink / raw)
To: xen-devel
Cc: Stefano Stabellini, Julien Grall, Volodymyr Babchuk, Jens Wiklander
SMCCC v1.2 AArch64 allows x0-x17 to be used as both parameter registers
and result registers for the SMC and HVC instructions.
Arm Firmware Framework for Armv8-A specification makes use of x0-x7 as
parameter and result registers.
Let us add new interface to support this extended set of input/output
registers.
This is based on 3fdc0cb59d97 ("arm64: smccc: Add support for SMCCCv1.2
extended input/output registers") by Sudeep Holla from the Linux kernel
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
xen/arch/arm/arm64/smc.S | 43 ++++++++++++++++++++++++++++++++
xen/arch/arm/include/asm/smccc.h | 42 +++++++++++++++++++++++++++++++
xen/arch/arm/vsmc.c | 2 +-
3 files changed, 86 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/arm64/smc.S b/xen/arch/arm/arm64/smc.S
index 91bae62dd4d2..1570bc8eb9d4 100644
--- a/xen/arch/arm/arm64/smc.S
+++ b/xen/arch/arm/arm64/smc.S
@@ -27,3 +27,46 @@ ENTRY(__arm_smccc_1_0_smc)
stp x2, x3, [x4, #SMCCC_RES_a2]
1:
ret
+
+
+/*
+ * void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args,
+ * struct arm_smccc_1_2_regs *res)
+ */
+ENTRY(arm_smccc_1_2_smc)
+ /* Save `res` and free a GPR that won't be clobbered */
+ stp x1, x19, [sp, #-16]!
+
+ /* Ensure `args` won't be clobbered while loading regs in next step */
+ mov x19, x0
+
+ /* Load the registers x0 - x17 from the struct arm_smccc_1_2_regs */
+ ldp x0, x1, [x19, #0]
+ ldp x2, x3, [x19, #16]
+ ldp x4, x5, [x19, #32]
+ ldp x6, x7, [x19, #48]
+ ldp x8, x9, [x19, #64]
+ ldp x10, x11, [x19, #80]
+ ldp x12, x13, [x19, #96]
+ ldp x14, x15, [x19, #112]
+ ldp x16, x17, [x19, #128]
+
+ smc #0
+
+ /* Load the `res` from the stack */
+ ldr x19, [sp]
+
+ /* Store the registers x0 - x17 into the result structure */
+ stp x0, x1, [x19, #0]
+ stp x2, x3, [x19, #16]
+ stp x4, x5, [x19, #32]
+ stp x6, x7, [x19, #48]
+ stp x8, x9, [x19, #64]
+ stp x10, x11, [x19, #80]
+ stp x12, x13, [x19, #96]
+ stp x14, x15, [x19, #112]
+ stp x16, x17, [x19, #128]
+
+ /* Restore original x19 */
+ ldp xzr, x19, [sp], #16
+ ret
diff --git a/xen/arch/arm/include/asm/smccc.h b/xen/arch/arm/include/asm/smccc.h
index b3dbeecc90ad..316adf968e74 100644
--- a/xen/arch/arm/include/asm/smccc.h
+++ b/xen/arch/arm/include/asm/smccc.h
@@ -33,6 +33,7 @@
#define ARM_SMCCC_VERSION_1_0 SMCCC_VERSION(1, 0)
#define ARM_SMCCC_VERSION_1_1 SMCCC_VERSION(1, 1)
+#define ARM_SMCCC_VERSION_1_2 SMCCC_VERSION(1, 2)
/*
* This file provides common defines for ARM SMC Calling Convention as
@@ -217,6 +218,7 @@ struct arm_smccc_res {
#ifdef CONFIG_ARM_32
#define arm_smccc_1_0_smc(...) arm_smccc_1_1_smc(__VA_ARGS__)
#define arm_smccc_smc(...) arm_smccc_1_1_smc(__VA_ARGS__)
+
#else
void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2,
@@ -265,8 +267,48 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2,
else \
arm_smccc_1_0_smc(__VA_ARGS__); \
} while ( 0 )
+
+/**
+ * struct arm_smccc_1_2_regs - Arguments for or Results from SMC call
+ * @a0-a17 argument values from registers 0 to 17
+ */
+struct arm_smccc_1_2_regs {
+ unsigned long a0;
+ unsigned long a1;
+ unsigned long a2;
+ unsigned long a3;
+ unsigned long a4;
+ unsigned long a5;
+ unsigned long a6;
+ unsigned long a7;
+ unsigned long a8;
+ unsigned long a9;
+ unsigned long a10;
+ unsigned long a11;
+ unsigned long a12;
+ unsigned long a13;
+ unsigned long a14;
+ unsigned long a15;
+ unsigned long a16;
+ unsigned long a17;
+};
#endif /* CONFIG_ARM_64 */
+/**
+ * arm_smccc_1_2_smc() - make SMC calls
+ * @args: arguments passed via struct arm_smccc_1_2_regs
+ * @res: result values via struct arm_smccc_1_2_regs
+ *
+ * This function is used to make SMC calls following SMC Calling Convention
+ * v1.2 or above. The content of the supplied param are copied from the
+ * structure to registers prior to the SMC instruction. The return values
+ * are updated with the content from registers on return from the SMC
+ * instruction.
+ */
+void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args,
+ struct arm_smccc_1_2_regs *res);
+
+
#endif /* __ASSEMBLY__ */
/*
diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
index 676740ef1520..6f90c08a6304 100644
--- a/xen/arch/arm/vsmc.c
+++ b/xen/arch/arm/vsmc.c
@@ -93,7 +93,7 @@ static bool handle_arch(struct cpu_user_regs *regs)
switch ( fid )
{
case ARM_SMCCC_VERSION_FID:
- set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_1);
+ set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_2);
return true;
case ARM_SMCCC_ARCH_FEATURES_FID:
--
2.31.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-09 6:18 [PATCH v2 0/2] Xen FF-A mediator Jens Wiklander
2022-06-09 6:18 ` [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers Jens Wiklander
@ 2022-06-09 6:18 ` Jens Wiklander
2022-06-11 1:23 ` Stefano Stabellini
2022-06-14 19:47 ` Volodymyr Babchuk
1 sibling, 2 replies; 21+ messages in thread
From: Jens Wiklander @ 2022-06-09 6:18 UTC (permalink / raw)
To: xen-devel
Cc: Stefano Stabellini, Julien Grall, Volodymyr Babchuk, Jens Wiklander
Adds a FF-A version 1.1 [1] mediator to communicate with a Secure
Partition in secure world.
The implementation is the bare minimum to be able to communicate with
OP-TEE running as an SPMC at S-EL1.
This is loosely based on the TEE mediator framework and the OP-TEE
mediator.
[1] https://developer.arm.com/documentation/den0077/latest
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
xen/arch/arm/Kconfig | 11 +
xen/arch/arm/Makefile | 1 +
xen/arch/arm/domain.c | 10 +
xen/arch/arm/ffa.c | 1624 +++++++++++++++++++++++++++++
xen/arch/arm/include/asm/domain.h | 4 +
xen/arch/arm/include/asm/ffa.h | 71 ++
xen/arch/arm/vsmc.c | 17 +-
7 files changed, 1735 insertions(+), 3 deletions(-)
create mode 100644 xen/arch/arm/ffa.c
create mode 100644 xen/arch/arm/include/asm/ffa.h
diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index ecfa6822e4d3..5b75067e2745 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -106,6 +106,17 @@ config TEE
source "arch/arm/tee/Kconfig"
+config FFA
+ bool "Enable FF-A mediator support" if EXPERT
+ default n
+ depends on ARM_64
+ help
+ This option enables a minamal FF-A mediator. The mediator is
+ generic as it follows the FF-A specification [1], but it only
+ implements a small substet of the specification.
+
+ [1] https://developer.arm.com/documentation/den0077/latest
+
endmenu
menu "ARM errata workaround via the alternative framework"
diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index 1d862351d111..dbf5e593a069 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -20,6 +20,7 @@ obj-y += domain.o
obj-y += domain_build.init.o
obj-y += domctl.o
obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
+obj-$(CONFIG_FFA) += ffa.o
obj-y += gic.o
obj-y += gic-v2.o
obj-$(CONFIG_GICV3) += gic-v3.o
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 8110c1df8638..a93e6a9c4aef 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -27,6 +27,7 @@
#include <asm/cpufeature.h>
#include <asm/current.h>
#include <asm/event.h>
+#include <asm/ffa.h>
#include <asm/gic.h>
#include <asm/guest_atomics.h>
#include <asm/irq.h>
@@ -756,6 +757,9 @@ int arch_domain_create(struct domain *d,
if ( (rc = tee_domain_init(d, config->arch.tee_type)) != 0 )
goto fail;
+ if ( (rc = ffa_domain_init(d)) != 0 )
+ goto fail;
+
update_domain_wallclock_time(d);
/*
@@ -998,6 +1002,7 @@ static int relinquish_memory(struct domain *d, struct page_list_head *list)
enum {
PROG_pci = 1,
PROG_tee,
+ PROG_ffa,
PROG_xen,
PROG_page,
PROG_mapping,
@@ -1046,6 +1051,11 @@ int domain_relinquish_resources(struct domain *d)
if (ret )
return ret;
+ PROGRESS(ffa):
+ ret = ffa_relinquish_resources(d);
+ if (ret )
+ return ret;
+
PROGRESS(xen):
ret = relinquish_memory(d, &d->xenpage_list);
if ( ret )
diff --git a/xen/arch/arm/ffa.c b/xen/arch/arm/ffa.c
new file mode 100644
index 000000000000..9063b7f2b59e
--- /dev/null
+++ b/xen/arch/arm/ffa.c
@@ -0,0 +1,1624 @@
+/*
+ * xen/arch/arm/ffa.c
+ *
+ * Arm Firmware Framework for ARMv8-A(FFA) mediator
+ *
+ * Copyright (C) 2021 Linaro Limited
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#include <xen/domain_page.h>
+#include <xen/errno.h>
+#include <xen/init.h>
+#include <xen/lib.h>
+#include <xen/sched.h>
+#include <xen/types.h>
+#include <xen/sizes.h>
+#include <xen/bitops.h>
+
+#include <asm/smccc.h>
+#include <asm/event.h>
+#include <asm/ffa.h>
+#include <asm/regs.h>
+
+/* Error codes */
+#define FFA_RET_OK 0
+#define FFA_RET_NOT_SUPPORTED -1
+#define FFA_RET_INVALID_PARAMETERS -2
+#define FFA_RET_NO_MEMORY -3
+#define FFA_RET_BUSY -4
+#define FFA_RET_INTERRUPTED -5
+#define FFA_RET_DENIED -6
+#define FFA_RET_RETRY -7
+#define FFA_RET_ABORTED -8
+
+/* FFA_VERSION helpers */
+#define FFA_VERSION_MAJOR _AC(1,U)
+#define FFA_VERSION_MAJOR_SHIFT _AC(16,U)
+#define FFA_VERSION_MAJOR_MASK _AC(0x7FFF,U)
+#define FFA_VERSION_MINOR _AC(1,U)
+#define FFA_VERSION_MINOR_SHIFT _AC(0,U)
+#define FFA_VERSION_MINOR_MASK _AC(0xFFFF,U)
+#define MAKE_FFA_VERSION(major, minor) \
+ ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \
+ ((minor) & FFA_VERSION_MINOR_MASK))
+
+#define FFA_MIN_VERSION MAKE_FFA_VERSION(1, 0)
+#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0)
+#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1)
+#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_VERSION_MAJOR, \
+ FFA_VERSION_MINOR)
+
+
+#define FFA_HANDLE_HYP_FLAG BIT(63,ULL)
+
+/* Memory attributes: Normal memory, Write-Back cacheable, Inner shareable */
+#define FFA_NORMAL_MEM_REG_ATTR _AC(0x2f,U)
+
+/* Memory access permissions: Read-write */
+#define FFA_MEM_ACC_RW _AC(0x2,U)
+
+/* Clear memory before mapping in receiver */
+#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U)
+/* Relayer may time slice this operation */
+#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U)
+/* Clear memory after receiver relinquishes it */
+#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U)
+
+/* Share memory transaction */
+#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (_AC(1,U) << 3)
+/* Relayer must choose the alignment boundary */
+#define FFA_MEMORY_REGION_FLAG_ANY_ALIGNMENT _AC(0,U)
+
+#define FFA_HANDLE_INVALID _AC(0xffffffffffffffff,ULL)
+
+/* Framework direct request/response */
+#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U)
+#define FFA_MSG_TYPE_MASK _AC(0xFF,U);
+#define FFA_MSG_PSCI _AC(0x0,U)
+#define FFA_MSG_SEND_VM_CREATED _AC(0x4,U)
+#define FFA_MSG_RESP_VM_CREATED _AC(0x5,U)
+#define FFA_MSG_SEND_VM_DESTROYED _AC(0x6,U)
+#define FFA_MSG_RESP_VM_DESTROYED _AC(0x7,U)
+
+/*
+ * Flags used for the FFA_PARTITION_INFO_GET return message:
+ * BIT(0): Supports receipt of direct requests
+ * BIT(1): Can send direct requests
+ * BIT(2): Can send and receive indirect messages
+ * BIT(3): Supports receipt of notifications
+ * BIT(4-5): Partition ID is a PE endpoint ID
+ */
+#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0,U)
+#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1,U)
+#define FFA_PART_PROP_INDIRECT_MSGS BIT(2,U)
+#define FFA_PART_PROP_RECV_NOTIF BIT(3,U)
+#define FFA_PART_PROP_IS_PE_ID (_AC(0,U) << 4)
+#define FFA_PART_PROP_IS_SEPID_INDEP (_AC(1,U) << 4)
+#define FFA_PART_PROP_IS_SEPID_DEP (_AC(2,U) << 4)
+#define FFA_PART_PROP_IS_AUX_ID (_AC(3,U) << 4)
+#define FFA_PART_PROP_NOTIF_CREATED BIT(6,U)
+#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7,U)
+#define FFA_PART_PROP_AARCH64_STATE BIT(8,U)
+
+/* Function IDs */
+#define FFA_ERROR _AC(0x84000060,U)
+#define FFA_SUCCESS_32 _AC(0x84000061,U)
+#define FFA_SUCCESS_64 _AC(0xC4000061,U)
+#define FFA_INTERRUPT _AC(0x84000062,U)
+#define FFA_VERSION _AC(0x84000063,U)
+#define FFA_FEATURES _AC(0x84000064,U)
+#define FFA_RX_ACQUIRE _AC(0x84000084,U)
+#define FFA_RX_RELEASE _AC(0x84000065,U)
+#define FFA_RXTX_MAP_32 _AC(0x84000066,U)
+#define FFA_RXTX_MAP_64 _AC(0xC4000066,U)
+#define FFA_RXTX_UNMAP _AC(0x84000067,U)
+#define FFA_PARTITION_INFO_GET _AC(0x84000068,U)
+#define FFA_ID_GET _AC(0x84000069,U)
+#define FFA_SPM_ID_GET _AC(0x84000085,U)
+#define FFA_MSG_WAIT _AC(0x8400006B,U)
+#define FFA_MSG_YIELD _AC(0x8400006C,U)
+#define FFA_MSG_RUN _AC(0x8400006D,U)
+#define FFA_MSG_SEND2 _AC(0x84000086,U)
+#define FFA_MSG_SEND_DIRECT_REQ_32 _AC(0x8400006F,U)
+#define FFA_MSG_SEND_DIRECT_REQ_64 _AC(0xC400006F,U)
+#define FFA_MSG_SEND_DIRECT_RESP_32 _AC(0x84000070,U)
+#define FFA_MSG_SEND_DIRECT_RESP_64 _AC(0xC4000070,U)
+#define FFA_MEM_DONATE_32 _AC(0x84000071,U)
+#define FFA_MEM_DONATE_64 _AC(0xC4000071,U)
+#define FFA_MEM_LEND_32 _AC(0x84000072,U)
+#define FFA_MEM_LEND_64 _AC(0xC4000072,U)
+#define FFA_MEM_SHARE_32 _AC(0x84000073,U)
+#define FFA_MEM_SHARE_64 _AC(0xC4000073,U)
+#define FFA_MEM_RETRIEVE_REQ_32 _AC(0x84000074,U)
+#define FFA_MEM_RETRIEVE_REQ_64 _AC(0xC4000074,U)
+#define FFA_MEM_RETRIEVE_RESP _AC(0x84000075,U)
+#define FFA_MEM_RELINQUISH _AC(0x84000076,U)
+#define FFA_MEM_RECLAIM _AC(0x84000077,U)
+#define FFA_MEM_FRAG_RX _AC(0x8400007A,U)
+#define FFA_MEM_FRAG_TX _AC(0x8400007B,U)
+#define FFA_MSG_SEND _AC(0x8400006E,U)
+#define FFA_MSG_POLL _AC(0x8400006A,U)
+
+/* Partition information descriptor */
+struct ffa_partition_info_1_0 {
+ uint16_t id;
+ uint16_t execution_context;
+ uint32_t partition_properties;
+};
+
+struct ffa_partition_info_1_1 {
+ uint16_t id;
+ uint16_t execution_context;
+ uint32_t partition_properties;
+ uint8_t uuid[16];
+};
+
+/* Constituent memory region descriptor */
+struct ffa_address_range {
+ uint64_t address;
+ uint32_t page_count;
+ uint32_t reserved;
+};
+
+/* Composite memory region descriptor */
+struct ffa_mem_region {
+ uint32_t total_page_count;
+ uint32_t address_range_count;
+ uint64_t reserved;
+ struct ffa_address_range address_range_array[];
+};
+
+/* Memory access permissions descriptor */
+struct ffa_mem_access_perm {
+ uint16_t endpoint_id;
+ uint8_t perm;
+ uint8_t flags;
+};
+
+/* Endpoint memory access descriptor */
+struct ffa_mem_access {
+ struct ffa_mem_access_perm access_perm;
+ uint32_t region_offs;
+ uint64_t reserved;
+};
+
+/* Lend, donate or share memory transaction descriptor */
+struct ffa_mem_transaction_1_0 {
+ uint16_t sender_id;
+ uint8_t mem_reg_attr;
+ uint8_t reserved0;
+ uint32_t flags;
+ uint64_t global_handle;
+ uint64_t tag;
+ uint32_t reserved1;
+ uint32_t mem_access_count;
+ struct ffa_mem_access mem_access_array[];
+};
+
+struct ffa_mem_transaction_1_1 {
+ uint16_t sender_id;
+ uint16_t mem_reg_attr;
+ uint32_t flags;
+ uint64_t global_handle;
+ uint64_t tag;
+ uint32_t mem_access_size;
+ uint32_t mem_access_count;
+ uint32_t mem_access_offs;
+ uint8_t reserved[12];
+};
+
+/*
+ * The parts needed from struct ffa_mem_transaction_1_0 or struct
+ * ffa_mem_transaction_1_1, used to provide an abstraction of difference in
+ * data structures between version 1.0 and 1.1. This is just an internal
+ * interface and can be changed without changing any ABI.
+ */
+struct ffa_mem_transaction_x {
+ uint16_t sender_id;
+ uint8_t mem_reg_attr;
+ uint8_t flags;
+ uint8_t mem_access_size;
+ uint8_t mem_access_count;
+ uint16_t mem_access_offs;
+ uint64_t global_handle;
+ uint64_t tag;
+};
+
+/* Endpoint RX/TX descriptor */
+struct ffa_endpoint_rxtx_descriptor_1_0 {
+ uint16_t sender_id;
+ uint16_t reserved;
+ uint32_t rx_range_count;
+ uint32_t tx_range_count;
+};
+
+struct ffa_endpoint_rxtx_descriptor_1_1 {
+ uint16_t sender_id;
+ uint16_t reserved;
+ uint32_t rx_region_offs;
+ uint32_t tx_region_offs;
+};
+
+struct ffa_ctx {
+ void *rx;
+ void *tx;
+ struct page_info *rx_pg;
+ struct page_info *tx_pg;
+ unsigned int page_count;
+ uint32_t guest_vers;
+ bool tx_is_mine;
+ bool interrupted;
+};
+
+struct ffa_shm_mem {
+ struct list_head list;
+ uint16_t sender_id;
+ uint16_t ep_id; /* endpoint, the one lending */
+ uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */
+ unsigned int page_count;
+ struct page_info *pages[];
+};
+
+struct mem_frag_state {
+ struct list_head list;
+ struct ffa_shm_mem *shm;
+ uint32_t range_count;
+ unsigned int current_page_idx;
+ unsigned int frag_offset;
+ unsigned int range_offset;
+ uint8_t *buf;
+ unsigned int buf_size;
+ struct ffa_address_range range;
+};
+
+/*
+ * Our rx/rx buffer shared with the SPMC
+ */
+static uint32_t ffa_version;
+static uint16_t *subsr_vm_created;
+static unsigned int subsr_vm_created_count;
+static uint16_t *subsr_vm_destroyed;
+static unsigned int subsr_vm_destroyed_count;
+static void *ffa_rx;
+static void *ffa_tx;
+static unsigned int ffa_page_count;
+static spinlock_t ffa_buffer_lock = SPIN_LOCK_UNLOCKED;
+
+static struct list_head ffa_mem_list = LIST_HEAD_INIT(ffa_mem_list);
+static struct list_head ffa_frag_list = LIST_HEAD_INIT(ffa_frag_list);
+static spinlock_t ffa_mem_list_lock = SPIN_LOCK_UNLOCKED;
+
+static uint64_t next_handle = FFA_HANDLE_HYP_FLAG;
+
+static uint64_t reg_pair_to_64(uint32_t reg0, uint32_t reg1)
+{
+ return (uint64_t)reg0 << 32 | reg1;
+}
+
+static void reg_pair_from_64(uint32_t *reg0, uint32_t *reg1, uint64_t val)
+{
+ *reg0 = val >> 32;
+ *reg1 = val;
+}
+
+static bool ffa_get_version(uint32_t *vers)
+{
+ const struct arm_smccc_1_2_regs arg = {
+ .a0 = FFA_VERSION, .a1 = FFA_MY_VERSION,
+ };
+ struct arm_smccc_1_2_regs resp;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+ if ( resp.a0 == FFA_RET_NOT_SUPPORTED )
+ {
+ printk(XENLOG_ERR "ffa: FFA_VERSION returned not supported\n");
+ return false;
+ }
+
+ *vers = resp.a0;
+ return true;
+}
+
+static uint32_t ffa_rxtx_map(register_t tx_addr, register_t rx_addr,
+ uint32_t page_count)
+{
+ const struct arm_smccc_1_2_regs arg = {
+#ifdef CONFIG_ARM_64
+ .a0 = FFA_RXTX_MAP_64,
+#endif
+#ifdef CONFIG_ARM_32
+ .a0 = FFA_RXTX_MAP_32,
+#endif
+ .a1 = tx_addr, .a2 = rx_addr,
+ .a3 = page_count,
+ };
+ struct arm_smccc_1_2_regs resp;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+
+ if ( resp.a0 == FFA_ERROR )
+ {
+ if ( resp.a2 )
+ return resp.a2;
+ else
+ return FFA_RET_NOT_SUPPORTED;
+ }
+
+ return FFA_RET_OK;
+}
+
+static uint32_t ffa_rxtx_unmap(uint16_t vm_id)
+{
+ const struct arm_smccc_1_2_regs arg = {
+ .a0 = FFA_RXTX_UNMAP, .a1 = vm_id,
+ };
+ struct arm_smccc_1_2_regs resp;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+
+ if ( resp.a0 == FFA_ERROR )
+ {
+ if ( resp.a2 )
+ return resp.a2;
+ else
+ return FFA_RET_NOT_SUPPORTED;
+ }
+
+ return FFA_RET_OK;
+}
+
+static uint32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
+ uint32_t w4, uint32_t w5,
+ uint32_t *count)
+{
+ const struct arm_smccc_1_2_regs arg = {
+ .a0 = FFA_PARTITION_INFO_GET, .a1 = w1, .a2 = w2, .a3 = w3, .a4 = w4,
+ .a5 = w5,
+ };
+ struct arm_smccc_1_2_regs resp;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+
+ if ( resp.a0 == FFA_ERROR )
+ {
+ if ( resp.a2 )
+ return resp.a2;
+ else
+ return FFA_RET_NOT_SUPPORTED;
+ }
+
+ *count = resp.a2;
+
+ return FFA_RET_OK;
+}
+
+static uint32_t ffa_rx_release(void)
+{
+ const struct arm_smccc_1_2_regs arg = { .a0 = FFA_RX_RELEASE, };
+ struct arm_smccc_1_2_regs resp;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+
+ if ( resp.a0 == FFA_ERROR )
+ {
+ if ( resp.a2 )
+ return resp.a2;
+ else
+ return FFA_RET_NOT_SUPPORTED;
+ }
+
+ return FFA_RET_OK;
+}
+
+static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len,
+ register_t addr, uint32_t pg_count,
+ uint64_t *handle)
+{
+ struct arm_smccc_1_2_regs arg = {
+ .a0 = FFA_MEM_SHARE_32, .a1 = tot_len, .a2 = frag_len, .a3 = addr,
+ .a4 = pg_count,
+ };
+ struct arm_smccc_1_2_regs resp;
+
+ /*
+ * For arm64 we must use 64-bit calling convention if the buffer isn't
+ * passed in our tx buffer.
+ */
+ if (sizeof(addr) > 4 && addr)
+ arg.a0 = FFA_MEM_SHARE_64;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+
+ switch ( resp.a0 ) {
+ case FFA_ERROR:
+ if ( resp.a2 )
+ return resp.a2;
+ else
+ return FFA_RET_NOT_SUPPORTED;
+ case FFA_SUCCESS_32:
+ *handle = reg_pair_to_64(resp.a3, resp.a2);
+ return FFA_RET_OK;
+ case FFA_MEM_FRAG_RX:
+ *handle = reg_pair_to_64(resp.a2, resp.a1);
+ return resp.a3;
+ default:
+ return FFA_RET_NOT_SUPPORTED;
+ }
+}
+
+static int32_t ffa_mem_frag_tx(uint64_t handle, uint32_t frag_len,
+ uint16_t sender_id)
+{
+ struct arm_smccc_1_2_regs arg = {
+ .a0 = FFA_MEM_FRAG_TX, .a1 = handle & UINT32_MAX, .a2 = handle >> 32,
+ .a3 = frag_len, .a4 = (uint32_t)sender_id << 16,
+ };
+ struct arm_smccc_1_2_regs resp;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+
+ switch ( resp.a0 ) {
+ case FFA_ERROR:
+ if ( resp.a2 )
+ return resp.a2;
+ else
+ return FFA_RET_NOT_SUPPORTED;
+ case FFA_SUCCESS_32:
+ return FFA_RET_OK;
+ case FFA_MEM_FRAG_RX:
+ return resp.a3;
+ default:
+ return FFA_RET_NOT_SUPPORTED;
+ }
+}
+
+static uint32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi,
+ uint32_t flags)
+{
+ const struct arm_smccc_1_2_regs arg = {
+ .a0 = FFA_MEM_RECLAIM, .a1 = handle_lo, .a2 = handle_hi, .a3 = flags,
+ };
+ struct arm_smccc_1_2_regs resp;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+
+ if ( resp.a0 == FFA_ERROR )
+ {
+ if ( resp.a2 )
+ return resp.a2;
+ else
+ return FFA_RET_NOT_SUPPORTED;
+ }
+
+ return FFA_RET_OK;
+}
+
+static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id,
+ uint8_t msg)
+{
+ uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK;
+ int32_t res;
+
+ if ( msg != FFA_MSG_SEND_VM_CREATED && msg !=FFA_MSG_SEND_VM_DESTROYED )
+ return FFA_RET_INVALID_PARAMETERS;
+
+ if ( msg == FFA_MSG_SEND_VM_CREATED )
+ exp_resp |= FFA_MSG_RESP_VM_CREATED;
+ else
+ exp_resp |= FFA_MSG_RESP_VM_DESTROYED;
+
+ do {
+ const struct arm_smccc_1_2_regs arg = {
+ .a0 = FFA_MSG_SEND_DIRECT_REQ_32,
+ .a1 = sp_id,
+ .a2 = FFA_MSG_FLAG_FRAMEWORK | msg,
+ .a5 = vm_id,
+ };
+ struct arm_smccc_1_2_regs resp;
+
+ arm_smccc_1_2_smc(&arg, &resp);
+ if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) {
+ /*
+ * This is an invalid response, likely due to some error in the
+ * implementation of the ABI.
+ */
+ return FFA_RET_INVALID_PARAMETERS;
+ }
+ res = resp.a3;
+ } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY );
+
+ return res;
+}
+
+static u16 get_vm_id(struct domain *d)
+{
+ /* +1 since 0 is reserved for the hypervisor in FF-A */
+ return d->domain_id + 1;
+}
+
+static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1,
+ register_t v2, register_t v3, register_t v4, register_t v5,
+ register_t v6, register_t v7)
+{
+ set_user_reg(regs, 0, v0);
+ set_user_reg(regs, 1, v1);
+ set_user_reg(regs, 2, v2);
+ set_user_reg(regs, 3, v3);
+ set_user_reg(regs, 4, v4);
+ set_user_reg(regs, 5, v5);
+ set_user_reg(regs, 6, v6);
+ set_user_reg(regs, 7, v7);
+}
+
+static void set_regs_error(struct cpu_user_regs *regs, uint32_t error_code)
+{
+ set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0);
+}
+
+static void set_regs_success(struct cpu_user_regs *regs, uint32_t w2,
+ uint32_t w3)
+{
+ set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0);
+}
+
+static void set_regs_frag_rx(struct cpu_user_regs *regs, uint32_t handle_lo,
+ uint32_t handle_hi, uint32_t frag_offset,
+ uint16_t sender_id)
+{
+ set_regs(regs, FFA_MEM_FRAG_RX, handle_lo, handle_hi, frag_offset,
+ (uint32_t)sender_id << 16, 0, 0, 0);
+}
+
+static void handle_version(struct cpu_user_regs *regs)
+{
+ struct domain *d = current->domain;
+ struct ffa_ctx *ctx = d->arch.ffa;
+ uint32_t vers = get_user_reg(regs, 1);
+
+ if ( vers < FFA_VERSION_1_1 )
+ vers = FFA_VERSION_1_0;
+ else
+ vers = FFA_VERSION_1_1;
+
+ ctx->guest_vers = vers;
+ set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
+}
+
+static uint32_t handle_rxtx_map(uint32_t fid, register_t tx_addr,
+ register_t rx_addr, uint32_t page_count)
+{
+ uint32_t ret = FFA_RET_NOT_SUPPORTED;
+ struct domain *d = current->domain;
+ struct ffa_ctx *ctx = d->arch.ffa;
+ struct page_info *tx_pg;
+ struct page_info *rx_pg;
+ p2m_type_t t;
+ void *rx;
+ void *tx;
+
+ if ( !smccc_is_conv_64(fid) )
+ {
+ tx_addr &= UINT32_MAX;
+ rx_addr &= UINT32_MAX;
+ }
+
+ /* For now to keep things simple, only deal with a single page */
+ if ( page_count != 1 )
+ return FFA_RET_NOT_SUPPORTED;
+
+ /* Already mapped */
+ if ( ctx->rx )
+ return FFA_RET_DENIED;
+
+ tx_pg = get_page_from_gfn(d, gaddr_to_gfn(tx_addr), &t, P2M_ALLOC);
+ if ( !tx_pg )
+ return FFA_RET_NOT_SUPPORTED;
+ /* Only normal RAM for now */
+ if (t != p2m_ram_rw)
+ goto err_put_tx_pg;
+
+ rx_pg = get_page_from_gfn(d, gaddr_to_gfn(rx_addr), &t, P2M_ALLOC);
+ if ( !tx_pg )
+ goto err_put_tx_pg;
+ /* Only normal RAM for now */
+ if ( t != p2m_ram_rw )
+ goto err_put_rx_pg;
+
+ tx = __map_domain_page_global(tx_pg);
+ if ( !tx )
+ goto err_put_rx_pg;
+
+ rx = __map_domain_page_global(rx_pg);
+ if ( !rx )
+ goto err_unmap_tx;
+
+ ctx->rx = rx;
+ ctx->tx = tx;
+ ctx->rx_pg = rx_pg;
+ ctx->tx_pg = tx_pg;
+ ctx->page_count = 1;
+ ctx->tx_is_mine = true;
+ return FFA_RET_OK;
+
+err_unmap_tx:
+ unmap_domain_page_global(tx);
+err_put_rx_pg:
+ put_page(rx_pg);
+err_put_tx_pg:
+ put_page(tx_pg);
+ return ret;
+}
+
+static uint32_t handle_rxtx_unmap(void)
+{
+ struct domain *d = current->domain;
+ struct ffa_ctx *ctx = d->arch.ffa;
+ uint32_t ret;
+
+ if ( !ctx-> rx )
+ return FFA_RET_INVALID_PARAMETERS;
+
+ ret = ffa_rxtx_unmap(get_vm_id(d));
+ if ( ret )
+ return ret;
+
+ unmap_domain_page_global(ctx->rx);
+ unmap_domain_page_global(ctx->tx);
+ put_page(ctx->rx_pg);
+ put_page(ctx->tx_pg);
+ ctx->rx = NULL;
+ ctx->tx = NULL;
+ ctx->rx_pg = NULL;
+ ctx->tx_pg = NULL;
+ ctx->page_count = 0;
+ ctx->tx_is_mine = false;
+
+ return FFA_RET_OK;
+}
+
+static uint32_t handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
+ uint32_t w4, uint32_t w5,
+ uint32_t *count)
+{
+ uint32_t ret = FFA_RET_DENIED;
+ struct domain *d = current->domain;
+ struct ffa_ctx *ctx = d->arch.ffa;
+
+ if ( !ffa_page_count )
+ return FFA_RET_DENIED;
+
+ spin_lock(&ffa_buffer_lock);
+ if ( !ctx->page_count || !ctx->tx_is_mine )
+ goto out;
+ ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count);
+ if ( ret )
+ goto out;
+ if ( ctx->guest_vers == FFA_VERSION_1_0 ) {
+ size_t n;
+ struct ffa_partition_info_1_1 *src = ffa_rx;
+ struct ffa_partition_info_1_0 *dst = ctx->rx;
+
+ for ( n = 0; n < *count; n++ ) {
+ dst[n].id = src[n].id;
+ dst[n].execution_context = src[n].execution_context;
+ dst[n].partition_properties = src[n].partition_properties;
+ }
+ } else {
+ size_t sz = *count * sizeof(struct ffa_partition_info_1_1);
+
+ memcpy(ctx->rx, ffa_rx, sz);
+ }
+ ffa_rx_release();
+ ctx->tx_is_mine = false;
+out:
+ spin_unlock(&ffa_buffer_lock);
+
+ return ret;
+}
+
+static uint32_t handle_rx_release(void)
+{
+ uint32_t ret = FFA_RET_DENIED;
+ struct domain *d = current->domain;
+ struct ffa_ctx *ctx = d->arch.ffa;
+
+ spin_lock(&ffa_buffer_lock);
+ if ( !ctx->page_count || ctx->tx_is_mine )
+ goto out;
+ ret = FFA_RET_OK;
+ ctx->tx_is_mine = true;
+out:
+ spin_unlock(&ffa_buffer_lock);
+
+ return ret;
+}
+
+static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid)
+{
+ struct arm_smccc_1_2_regs arg = { .a0 = fid, };
+ struct arm_smccc_1_2_regs resp = { };
+ struct domain *d = current->domain;
+ struct ffa_ctx *ctx = d->arch.ffa;
+ uint32_t src_dst;
+ uint64_t mask;
+
+ if ( smccc_is_conv_64(fid) )
+ mask = 0xffffffffffffffff;
+ else
+ mask = 0xffffffff;
+
+ src_dst = get_user_reg(regs, 1);
+ if ( (src_dst >> 16) != get_vm_id(d) )
+ {
+ resp.a0 = FFA_ERROR;
+ resp.a2 = FFA_RET_INVALID_PARAMETERS;
+ goto out;
+ }
+
+ arg.a1 = src_dst;
+ arg.a2 = get_user_reg(regs, 2) & mask;
+ arg.a3 = get_user_reg(regs, 3) & mask;
+ arg.a4 = get_user_reg(regs, 4) & mask;
+ arg.a5 = get_user_reg(regs, 5) & mask;
+ arg.a6 = get_user_reg(regs, 6) & mask;
+ arg.a7 = get_user_reg(regs, 7) & mask;
+
+ while ( true ) {
+ arm_smccc_1_2_smc(&arg, &resp);
+
+ switch ( resp.a0 )
+ {
+ case FFA_INTERRUPT:
+ ctx->interrupted = true;
+ goto out;
+ case FFA_ERROR:
+ case FFA_SUCCESS_32:
+ case FFA_SUCCESS_64:
+ case FFA_MSG_SEND_DIRECT_RESP_32:
+ case FFA_MSG_SEND_DIRECT_RESP_64:
+ goto out;
+ default:
+ /* Bad fid, report back. */
+ memset(&arg, 0, sizeof(arg));
+ arg.a0 = FFA_ERROR;
+ arg.a1 = src_dst;
+ arg.a2 = FFA_RET_NOT_SUPPORTED;
+ continue;
+ }
+ }
+
+out:
+ set_user_reg(regs, 0, resp.a0);
+ set_user_reg(regs, 2, resp.a2 & mask);
+ set_user_reg(regs, 1, resp.a1 & mask);
+ set_user_reg(regs, 3, resp.a3 & mask);
+ set_user_reg(regs, 4, resp.a4 & mask);
+ set_user_reg(regs, 5, resp.a5 & mask);
+ set_user_reg(regs, 6, resp.a6 & mask);
+ set_user_reg(regs, 7, resp.a7 & mask);
+}
+
+static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm,
+ struct ffa_address_range *range, uint32_t range_count,
+ unsigned int start_page_idx,
+ unsigned int *last_page_idx)
+{
+ unsigned int pg_idx = start_page_idx;
+ unsigned long gfn;
+ unsigned int n;
+ unsigned int m;
+ p2m_type_t t;
+ uint64_t addr;
+
+ for ( n = 0; n < range_count; n++ ) {
+ for ( m = 0; m < range[n].page_count; m++ ) {
+ if ( pg_idx >= shm->page_count )
+ return FFA_RET_INVALID_PARAMETERS;
+
+ addr = read_atomic(&range[n].address);
+ gfn = gaddr_to_gfn(addr + m * PAGE_SIZE);
+ shm->pages[pg_idx] = get_page_from_gfn(d, gfn, &t, P2M_ALLOC);
+ if ( !shm->pages[pg_idx] )
+ return FFA_RET_DENIED;
+ pg_idx++;
+ /* Only normal RAM for now */
+ if ( t != p2m_ram_rw )
+ return FFA_RET_DENIED;
+ }
+ }
+
+ *last_page_idx = pg_idx;
+
+ return FFA_RET_OK;
+}
+
+static void put_shm_pages(struct ffa_shm_mem *shm)
+{
+ unsigned int n;
+
+ for ( n = 0; n < shm->page_count && shm->pages[n]; n++ )
+ {
+ if ( shm->pages[n] ) {
+ put_page(shm->pages[n]);
+ shm->pages[n] = NULL;
+ }
+ }
+}
+
+static void init_range(struct ffa_address_range *addr_range,
+ paddr_t pa)
+{
+ memset(addr_range, 0, sizeof(*addr_range));
+ addr_range->address = pa;
+ addr_range->page_count = 1;
+}
+
+static int share_shm(struct ffa_shm_mem *shm)
+{
+ uint32_t max_frag_len = ffa_page_count * PAGE_SIZE;
+ struct ffa_mem_transaction_1_1 *descr = ffa_tx;
+ struct ffa_mem_access *mem_access_array;
+ struct ffa_mem_region *region_descr;
+ struct ffa_address_range *addr_range;
+ paddr_t pa;
+ paddr_t last_pa;
+ unsigned int n;
+ uint32_t frag_len;
+ uint32_t tot_len;
+ int ret;
+ unsigned int range_count;
+ unsigned int range_base;
+ bool first;
+
+ memset(descr, 0, sizeof(*descr));
+ descr->sender_id = shm->sender_id;
+ descr->global_handle = shm->handle;
+ descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR;
+ descr->mem_access_count = 1;
+ descr->mem_access_size = sizeof(*mem_access_array);
+ descr->mem_access_offs = sizeof(*descr);
+ mem_access_array = (void *)(descr + 1);
+ region_descr = (void *)(mem_access_array + 1);
+
+ memset(mem_access_array, 0, sizeof(*mem_access_array));
+ mem_access_array[0].access_perm.endpoint_id = shm->ep_id;
+ mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW;
+ mem_access_array[0].region_offs = (vaddr_t)region_descr - (vaddr_t)ffa_tx;
+
+ memset(region_descr, 0, sizeof(*region_descr));
+ region_descr->total_page_count = shm->page_count;
+
+ region_descr->address_range_count = 1;
+ last_pa = page_to_maddr(shm->pages[0]);
+ for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
+ {
+ pa = page_to_maddr(shm->pages[n]);
+ if ( last_pa + PAGE_SIZE == pa )
+ {
+ continue;
+ }
+ region_descr->address_range_count++;
+ }
+
+ tot_len = sizeof(*descr) + sizeof(*mem_access_array) +
+ sizeof(*region_descr) +
+ region_descr->address_range_count * sizeof(*addr_range);
+
+ addr_range = region_descr->address_range_array;
+ frag_len = (vaddr_t)(addr_range + 1) - (vaddr_t)ffa_tx;
+ last_pa = page_to_maddr(shm->pages[0]);
+ init_range(addr_range, last_pa);
+ first = true;
+ range_count = 1;
+ range_base = 0;
+ for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
+ {
+ pa = page_to_maddr(shm->pages[n]);
+ if ( last_pa + PAGE_SIZE == pa )
+ {
+ addr_range->page_count++;
+ continue;
+ }
+
+ if (frag_len == max_frag_len) {
+ if (first)
+ {
+ ret = ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
+ first = false;
+ }
+ else
+ {
+ ret = ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
+ }
+ if (ret <= 0)
+ return ret;
+ range_base = range_count;
+ range_count = 0;
+ frag_len = sizeof(*addr_range);
+ addr_range = ffa_tx;
+ } else {
+ frag_len += sizeof(*addr_range);
+ addr_range++;
+ }
+ init_range(addr_range, pa);
+ range_count++;
+ }
+
+ if (first)
+ return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
+ else
+ return ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
+}
+
+static int read_mem_transaction(uint32_t ffa_vers, void *buf, size_t blen,
+ struct ffa_mem_transaction_x *trans)
+{
+ uint16_t mem_reg_attr;
+ uint32_t flags;
+ uint32_t count;
+ uint32_t offs;
+ uint32_t size;
+
+ if (ffa_vers >= FFA_VERSION_1_1) {
+ struct ffa_mem_transaction_1_1 *descr;
+
+ if (blen < sizeof(*descr))
+ return FFA_RET_INVALID_PARAMETERS;
+
+ descr = buf;
+ trans->sender_id = read_atomic(&descr->sender_id);
+ mem_reg_attr = read_atomic(&descr->mem_reg_attr);
+ flags = read_atomic(&descr->flags);
+ trans->global_handle = read_atomic(&descr->global_handle);
+ trans->tag = read_atomic(&descr->tag);
+
+ count = read_atomic(&descr->mem_access_count);
+ size = read_atomic(&descr->mem_access_size);
+ offs = read_atomic(&descr->mem_access_offs);
+ } else {
+ struct ffa_mem_transaction_1_0 *descr;
+
+ if (blen < sizeof(*descr))
+ return FFA_RET_INVALID_PARAMETERS;
+
+ descr = buf;
+ trans->sender_id = read_atomic(&descr->sender_id);
+ mem_reg_attr = read_atomic(&descr->mem_reg_attr);
+ flags = read_atomic(&descr->flags);
+ trans->global_handle = read_atomic(&descr->global_handle);
+ trans->tag = read_atomic(&descr->tag);
+
+ count = read_atomic(&descr->mem_access_count);
+ size = sizeof(struct ffa_mem_access);
+ offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array);
+ }
+
+ if (mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX ||
+ count > UINT8_MAX || offs > UINT16_MAX)
+ return FFA_RET_INVALID_PARAMETERS;
+
+ /* Check that the endpoint memory access descriptor array fits */
+ if (size * count + offs > blen)
+ return FFA_RET_INVALID_PARAMETERS;
+
+ trans->mem_reg_attr = mem_reg_attr;
+ trans->flags = flags;
+ trans->mem_access_size = size;
+ trans->mem_access_count = count;
+ trans->mem_access_offs = offs;
+ return 0;
+}
+
+static int add_mem_share_frag(struct mem_frag_state *s, unsigned int offs,
+ unsigned int frag_len)
+{
+ struct domain *d = current->domain;
+ unsigned int o = offs;
+ unsigned int l;
+ int ret;
+
+ if (frag_len < o)
+ return FFA_RET_INVALID_PARAMETERS;
+
+ /* Fill up the first struct ffa_address_range */
+ l = min_t(unsigned int, frag_len - o, sizeof(s->range) - s->range_offset);
+ memcpy((uint8_t *)&s->range + s->range_offset, s->buf + o, l);
+ s->range_offset += l;
+ o += l;
+ if (s->range_offset != sizeof(s->range))
+ goto out;
+ s->range_offset = 0;
+
+ while (true) {
+ ret = get_shm_pages(d, s->shm, &s->range, 1, s->current_page_idx,
+ &s->current_page_idx);
+ if (ret)
+ return ret;
+ if (s->range_count == 1)
+ return 0;
+ s->range_count--;
+ if (frag_len - o < sizeof(s->range))
+ break;
+ memcpy(&s->range, s->buf + o, sizeof(s->range));
+ o += sizeof(s->range);
+ }
+
+ /* Collect any remaining bytes for the next struct ffa_address_range */
+ s->range_offset = frag_len - o;
+ memcpy(&s->range, s->buf + o, frag_len - o);
+out:
+ s->frag_offset += frag_len;
+ return s->frag_offset;
+}
+
+static void handle_mem_share(struct cpu_user_regs *regs)
+{
+ uint32_t tot_len = get_user_reg(regs, 1);
+ uint32_t frag_len = get_user_reg(regs, 2);
+ uint64_t addr = get_user_reg(regs, 3);
+ uint32_t page_count = get_user_reg(regs, 4);
+ struct ffa_mem_transaction_x trans;
+ struct ffa_mem_access *mem_access;
+ struct ffa_mem_region *region_descr;
+ struct domain *d = current->domain;
+ struct ffa_ctx *ctx = d->arch.ffa;
+ struct ffa_shm_mem *shm = NULL;
+ unsigned int last_page_idx = 0;
+ uint32_t range_count;
+ uint32_t region_offs;
+ int ret = FFA_RET_DENIED;
+ uint32_t handle_hi = 0;
+ uint32_t handle_lo = 0;
+
+ /*
+ * We're only accepting memory transaction descriptors via the rx/tx
+ * buffer.
+ */
+ if ( addr ) {
+ ret = FFA_RET_NOT_SUPPORTED;
+ goto out_unlock;
+ }
+
+ /* Check that fragment legnth doesn't exceed total length */
+ if (frag_len > tot_len) {
+ ret = FFA_RET_INVALID_PARAMETERS;
+ goto out_unlock;
+ }
+
+ spin_lock(&ffa_buffer_lock);
+
+ if ( frag_len > ctx->page_count * PAGE_SIZE )
+ goto out_unlock;
+
+ if ( !ffa_page_count ) {
+ ret = FFA_RET_NO_MEMORY;
+ goto out_unlock;
+ }
+
+ ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans);
+ if (ret)
+ goto out_unlock;
+
+ if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR )
+ {
+ ret = FFA_RET_NOT_SUPPORTED;
+ goto out;
+ }
+
+ /* Only supports sharing it with one SP for now */
+ if ( trans.mem_access_count != 1 )
+ {
+ ret = FFA_RET_NOT_SUPPORTED;
+ goto out_unlock;
+ }
+
+ if ( trans.sender_id != get_vm_id(d) )
+ {
+ ret = FFA_RET_INVALID_PARAMETERS;
+ goto out_unlock;
+ }
+
+ /* Check that it fits in the supplied data */
+ if ( trans.mem_access_offs + trans.mem_access_size > frag_len)
+ goto out_unlock;
+
+ mem_access = (void *)((vaddr_t)ctx->tx + trans.mem_access_offs);
+ if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW )
+ {
+ ret = FFA_RET_NOT_SUPPORTED;
+ goto out_unlock;
+ }
+
+ region_offs = read_atomic(&mem_access->region_offs);
+ if (sizeof(*region_descr) + region_offs > frag_len) {
+ ret = FFA_RET_NOT_SUPPORTED;
+ goto out_unlock;
+ }
+
+ region_descr = (void *)((vaddr_t)ctx->tx + region_offs);
+ range_count = read_atomic(®ion_descr->address_range_count);
+ page_count = read_atomic(®ion_descr->total_page_count);
+
+ shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count);
+ if ( !shm )
+ {
+ ret = FFA_RET_NO_MEMORY;
+ goto out;
+ }
+ shm->sender_id = trans.sender_id;
+ shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id);
+ shm->page_count = page_count;
+
+ if (frag_len != tot_len) {
+ struct mem_frag_state *s = xzalloc(struct mem_frag_state);
+
+ if (!s) {
+ ret = FFA_RET_NO_MEMORY;
+ goto out;
+ }
+ s->shm = shm;
+ s->range_count = range_count;
+ s->buf = ctx->tx;
+ s->buf_size = ffa_page_count * PAGE_SIZE;
+ ret = add_mem_share_frag(s, sizeof(*region_descr) + region_offs,
+ frag_len);
+ if (ret <= 0) {
+ xfree(s);
+ if (ret < 0)
+ goto out;
+ } else {
+ shm->handle = next_handle++;
+ reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
+ spin_lock(&ffa_mem_list_lock);
+ list_add_tail(&s->list, &ffa_frag_list);
+ spin_unlock(&ffa_mem_list_lock);
+ }
+ goto out_unlock;
+ }
+
+ /*
+ * Check that the Composite memory region descriptor fits.
+ */
+ if ( sizeof(*region_descr) + region_offs +
+ range_count * sizeof(struct ffa_address_range) > frag_len) {
+ ret = FFA_RET_INVALID_PARAMETERS;
+ goto out;
+ }
+
+ ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count,
+ 0, &last_page_idx);
+ if ( ret )
+ goto out;
+ if (last_page_idx != shm->page_count) {
+ ret = FFA_RET_INVALID_PARAMETERS;
+ goto out;
+ }
+
+ /* Note that share_shm() uses our tx buffer */
+ ret = share_shm(shm);
+ if ( ret )
+ goto out;
+
+ spin_lock(&ffa_mem_list_lock);
+ list_add_tail(&shm->list, &ffa_mem_list);
+ spin_unlock(&ffa_mem_list_lock);
+
+ reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
+
+out:
+ if ( ret && shm )
+ {
+ put_shm_pages(shm);
+ xfree(shm);
+ }
+out_unlock:
+ spin_unlock(&ffa_buffer_lock);
+
+ if ( ret > 0 )
+ set_regs_frag_rx(regs, handle_lo, handle_hi, ret, trans.sender_id);
+ else if ( ret == 0)
+ set_regs_success(regs, handle_lo, handle_hi);
+ else
+ set_regs_error(regs, ret);
+}
+
+static struct mem_frag_state *find_frag_state(uint64_t handle)
+{
+ struct mem_frag_state *s;
+
+ list_for_each_entry(s, &ffa_frag_list, list)
+ if ( s->shm->handle == handle)
+ return s;
+
+ return NULL;
+}
+
+static void handle_mem_frag_tx(struct cpu_user_regs *regs)
+{
+ uint32_t frag_len = get_user_reg(regs, 3);
+ uint32_t handle_lo = get_user_reg(regs, 1);
+ uint32_t handle_hi = get_user_reg(regs, 2);
+ uint64_t handle = reg_pair_to_64(handle_hi, handle_lo);
+ struct mem_frag_state *s;
+ uint16_t sender_id = 0;
+ int ret;
+
+ spin_lock(&ffa_buffer_lock);
+ s = find_frag_state(handle);
+ if (!s) {
+ ret = FFA_RET_INVALID_PARAMETERS;
+ goto out;
+ }
+ sender_id = s->shm->sender_id;
+
+ if (frag_len > s->buf_size) {
+ ret = FFA_RET_INVALID_PARAMETERS;
+ goto out;
+ }
+
+ ret = add_mem_share_frag(s, 0, frag_len);
+ if (ret == 0) {
+ /* Note that share_shm() uses our tx buffer */
+ ret = share_shm(s->shm);
+ if (ret == 0) {
+ spin_lock(&ffa_mem_list_lock);
+ list_add_tail(&s->shm->list, &ffa_mem_list);
+ spin_unlock(&ffa_mem_list_lock);
+ } else {
+ put_shm_pages(s->shm);
+ xfree(s->shm);
+ }
+ spin_lock(&ffa_mem_list_lock);
+ list_del(&s->list);
+ spin_unlock(&ffa_mem_list_lock);
+ xfree(s);
+ } else if (ret < 0) {
+ put_shm_pages(s->shm);
+ xfree(s->shm);
+ spin_lock(&ffa_mem_list_lock);
+ list_del(&s->list);
+ spin_unlock(&ffa_mem_list_lock);
+ xfree(s);
+ }
+out:
+ spin_unlock(&ffa_buffer_lock);
+
+ if ( ret > 0 )
+ set_regs_frag_rx(regs, handle_lo, handle_hi, ret, sender_id);
+ else if ( ret == 0)
+ set_regs_success(regs, handle_lo, handle_hi);
+ else
+ set_regs_error(regs, ret);
+}
+
+static int handle_mem_reclaim(uint64_t handle, uint32_t flags)
+{
+ struct ffa_shm_mem *shm;
+ uint32_t handle_hi;
+ uint32_t handle_lo;
+ int ret;
+
+ spin_lock(&ffa_mem_list_lock);
+ list_for_each_entry(shm, &ffa_mem_list, list) {
+ if ( shm->handle == handle )
+ goto found_it;
+ }
+ shm = NULL;
+found_it:
+ spin_unlock(&ffa_mem_list_lock);
+
+ if ( !shm )
+ return FFA_RET_INVALID_PARAMETERS;
+
+ reg_pair_from_64(&handle_hi, &handle_lo, handle);
+ ret = ffa_mem_reclaim(handle_lo, handle_hi, flags);
+ if ( ret )
+ return ret;
+
+ spin_lock(&ffa_mem_list_lock);
+ list_del(&shm->list);
+ spin_unlock(&ffa_mem_list_lock);
+
+ put_shm_pages(shm);
+ xfree(shm);
+
+ return ret;
+}
+
+bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
+{
+ struct domain *d = current->domain;
+ struct ffa_ctx *ctx = d->arch.ffa;
+ uint32_t count;
+ uint32_t e;
+
+ if ( !ctx )
+ return false;
+
+ switch ( fid )
+ {
+ case FFA_VERSION:
+ handle_version(regs);
+ return true;
+ case FFA_ID_GET:
+ set_regs_success(regs, get_vm_id(d), 0);
+ return true;
+ case FFA_RXTX_MAP_32:
+#ifdef CONFIG_ARM_64
+ case FFA_RXTX_MAP_64:
+#endif
+ e = handle_rxtx_map(fid, get_user_reg(regs, 1), get_user_reg(regs, 2),
+ get_user_reg(regs, 3));
+ if ( e )
+ set_regs_error(regs, e);
+ else
+ set_regs_success(regs, 0, 0);
+ return true;
+ case FFA_RXTX_UNMAP:
+ e = handle_rxtx_unmap();
+ if ( e )
+ set_regs_error(regs, e);
+ else
+ set_regs_success(regs, 0, 0);
+ return true;
+ case FFA_PARTITION_INFO_GET:
+ e = handle_partition_info_get(get_user_reg(regs, 1),
+ get_user_reg(regs, 2),
+ get_user_reg(regs, 3),
+ get_user_reg(regs, 4),
+ get_user_reg(regs, 5), &count);
+ if ( e )
+ set_regs_error(regs, e);
+ else
+ set_regs_success(regs, count, 0);
+ return true;
+ case FFA_RX_RELEASE:
+ e = handle_rx_release();
+ if ( e )
+ set_regs_error(regs, e);
+ else
+ set_regs_success(regs, 0, 0);
+ return true;
+ case FFA_MSG_SEND_DIRECT_REQ_32:
+#ifdef CONFIG_ARM_64
+ case FFA_MSG_SEND_DIRECT_REQ_64:
+#endif
+ handle_msg_send_direct_req(regs, fid);
+ return true;
+ case FFA_MEM_SHARE_32:
+#ifdef CONFIG_ARM_64
+ case FFA_MEM_SHARE_64:
+#endif
+ handle_mem_share(regs);
+ return true;
+ case FFA_MEM_RECLAIM:
+ e = handle_mem_reclaim(reg_pair_to_64(get_user_reg(regs, 2),
+ get_user_reg(regs, 1)),
+ get_user_reg(regs, 3));
+ if ( e )
+ set_regs_error(regs, e);
+ else
+ set_regs_success(regs, 0, 0);
+ return true;
+ case FFA_MEM_FRAG_TX:
+ handle_mem_frag_tx(regs);
+ return true;
+
+ default:
+ printk(XENLOG_ERR "ffa: unhandled fid 0x%x\n", fid);
+ return false;
+ }
+}
+
+int ffa_domain_init(struct domain *d)
+{
+ struct ffa_ctx *ctx;
+ unsigned int n;
+ unsigned int m;
+ unsigned int c_pos;
+ int32_t res;
+
+ if ( !ffa_version )
+ return 0;
+
+ ctx = xzalloc(struct ffa_ctx);
+ if ( !ctx )
+ return -ENOMEM;
+
+ for ( n = 0; n < subsr_vm_created_count; n++ ) {
+ res = ffa_direct_req_send_vm(subsr_vm_created[n], get_vm_id(d),
+ FFA_MSG_SEND_VM_CREATED);
+ if ( res ) {
+ printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n",
+ get_vm_id(d), subsr_vm_created[n], res);
+ c_pos = n;
+ goto err;
+ }
+ }
+
+ d->arch.ffa = ctx;
+
+ return 0;
+
+err:
+ /* Undo any already sent vm created messaged */
+ for ( n = 0; n < c_pos; n++ )
+ for ( m = 0; m < subsr_vm_destroyed_count; m++ )
+ if ( subsr_vm_destroyed[m] == subsr_vm_created[n] )
+ ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
+ FFA_MSG_SEND_VM_DESTROYED);
+ return -ENOMEM;
+}
+
+int ffa_relinquish_resources(struct domain *d)
+{
+ struct ffa_ctx *ctx = d->arch.ffa;
+ unsigned int n;
+ int32_t res;
+
+ if ( !ctx )
+ return 0;
+
+ for ( n = 0; n < subsr_vm_destroyed_count; n++ ) {
+ res = ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
+ FFA_MSG_SEND_VM_DESTROYED);
+
+ if ( res )
+ printk(XENLOG_ERR "ffa: Failed to report destruction of vm_id %u to %u: res %d\n",
+ get_vm_id(d), subsr_vm_destroyed[n], res);
+ }
+
+ XFREE(d->arch.ffa);
+
+ return 0;
+}
+
+static bool __init init_subscribers(void)
+{
+ struct ffa_partition_info_1_1 *fpi;
+ bool ret = false;
+ uint32_t count;
+ uint32_t e;
+ uint32_t n;
+ uint32_t c_pos;
+ uint32_t d_pos;
+
+ if ( ffa_version < FFA_VERSION_1_1 )
+ return true;
+
+ e = ffa_partition_info_get(0, 0, 0, 0, 1, &count);
+ ffa_rx_release();
+ if ( e ) {
+ printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", (int)e);
+ goto out;
+ }
+
+ fpi = ffa_rx;
+ subsr_vm_created_count = 0;
+ subsr_vm_destroyed_count = 0;
+ for ( n = 0; n < count; n++ ) {
+ if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
+ subsr_vm_created_count++;
+ if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
+ subsr_vm_destroyed_count++;
+ }
+
+ if ( subsr_vm_created_count )
+ subsr_vm_created = xzalloc_array(uint16_t, subsr_vm_created_count);
+ if ( subsr_vm_destroyed_count )
+ subsr_vm_destroyed = xzalloc_array(uint16_t, subsr_vm_destroyed_count);
+ if ( (subsr_vm_created_count && !subsr_vm_created) ||
+ (subsr_vm_destroyed_count && !subsr_vm_destroyed) ) {
+ printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n");
+ subsr_vm_created_count = 0;
+ subsr_vm_destroyed_count = 0;
+ XFREE(subsr_vm_created);
+ XFREE(subsr_vm_destroyed);
+ goto out;
+ }
+
+ for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) {
+ if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
+ subsr_vm_created[c_pos++] = fpi[n].id;
+ if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
+ subsr_vm_destroyed[d_pos++] = fpi[n].id;
+ }
+
+ ret = true;
+out:
+ ffa_rx_release();
+ return ret;
+}
+
+static int __init ffa_init(void)
+{
+ uint32_t vers;
+ uint32_t e;
+ unsigned int major_vers;
+ unsigned int minor_vers;
+
+ /*
+ * psci_init_smccc() updates this value with what's reported by EL-3
+ * or secure world.
+ */
+ if ( smccc_ver < ARM_SMCCC_VERSION_1_2 )
+ {
+ printk(XENLOG_ERR
+ "ffa: unsupported SMCCC version %#x (need at least %#x)\n",
+ smccc_ver, ARM_SMCCC_VERSION_1_2);
+ return 0;
+ }
+
+ if ( !ffa_get_version(&vers) )
+ return 0;
+
+ if ( vers < FFA_MIN_VERSION || vers > FFA_MY_VERSION )
+ {
+ printk(XENLOG_ERR "ffa: Incompatible version %#x found\n", vers);
+ return 0;
+ }
+
+ major_vers = (vers >> FFA_VERSION_MAJOR_SHIFT) & FFA_VERSION_MAJOR_MASK;
+ minor_vers = vers & FFA_VERSION_MINOR_MASK;
+ printk(XENLOG_ERR "ARM FF-A Mediator version %u.%u\n",
+ FFA_VERSION_MAJOR, FFA_VERSION_MINOR);
+ printk(XENLOG_ERR "ARM FF-A Firmware version %u.%u\n",
+ major_vers, minor_vers);
+
+ ffa_rx = alloc_xenheap_pages(0, 0);
+ if ( !ffa_rx )
+ return 0;
+
+ ffa_tx = alloc_xenheap_pages(0, 0);
+ if ( !ffa_tx )
+ goto err_free_ffa_rx;
+
+ e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), 1);
+ if ( e )
+ {
+ printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", (int)e);
+ goto err_free_ffa_tx;
+ }
+ ffa_page_count = 1;
+ ffa_version = vers;
+
+ if ( !init_subscribers() )
+ goto err_free_ffa_tx;
+
+ return 0;
+
+err_free_ffa_tx:
+ free_xenheap_pages(ffa_tx, 0);
+ ffa_tx = NULL;
+err_free_ffa_rx:
+ free_xenheap_pages(ffa_rx, 0);
+ ffa_rx = NULL;
+ ffa_page_count = 0;
+ ffa_version = 0;
+ XFREE(subsr_vm_created);
+ subsr_vm_created_count = 0;
+ XFREE(subsr_vm_destroyed);
+ subsr_vm_destroyed_count = 0;
+ return 0;
+}
+
+__initcall(ffa_init);
diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h
index ed63c2b6f91f..b3dee269bced 100644
--- a/xen/arch/arm/include/asm/domain.h
+++ b/xen/arch/arm/include/asm/domain.h
@@ -103,6 +103,10 @@ struct arch_domain
void *tee;
#endif
+#ifdef CONFIG_FFA
+ void *ffa;
+#endif
+
bool directmap;
} __cacheline_aligned;
diff --git a/xen/arch/arm/include/asm/ffa.h b/xen/arch/arm/include/asm/ffa.h
new file mode 100644
index 000000000000..1c6ce6421294
--- /dev/null
+++ b/xen/arch/arm/include/asm/ffa.h
@@ -0,0 +1,71 @@
+/*
+ * xen/arch/arm/ffa.c
+ *
+ * Arm Firmware Framework for ARMv8-A(FFA) mediator
+ *
+ * Copyright (C) 2021 Linaro Limited
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef __ASM_ARM_FFA_H__
+#define __ASM_ARM_FFA_H__
+
+#include <xen/const.h>
+
+#include <asm/smccc.h>
+#include <asm/types.h>
+
+#define FFA_FNUM_MIN_VALUE _AC(0x60,U)
+#define FFA_FNUM_MAX_VALUE _AC(0x86,U)
+
+static inline bool is_ffa_fid(uint32_t fid)
+{
+ uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
+
+ return fn >= FFA_FNUM_MIN_VALUE && fn <= FFA_FNUM_MAX_VALUE;
+}
+
+#ifdef CONFIG_FFA
+#define FFA_NR_FUNCS 11
+
+bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid);
+int ffa_domain_init(struct domain *d);
+int ffa_relinquish_resources(struct domain *d);
+#else
+#define FFA_NR_FUNCS 0
+
+static inline bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
+{
+ return false;
+}
+
+static inline int ffa_domain_init(struct domain *d)
+{
+ return 0;
+}
+
+static inline int ffa_relinquish_resources(struct domain *d)
+{
+ return 0;
+}
+#endif
+
+#endif /*__ASM_ARM_FFA_H__*/
diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
index 6f90c08a6304..34586025eff8 100644
--- a/xen/arch/arm/vsmc.c
+++ b/xen/arch/arm/vsmc.c
@@ -20,6 +20,7 @@
#include <public/arch-arm/smccc.h>
#include <asm/cpuerrata.h>
#include <asm/cpufeature.h>
+#include <asm/ffa.h>
#include <asm/monitor.h>
#include <asm/regs.h>
#include <asm/smccc.h>
@@ -32,7 +33,7 @@
#define XEN_SMCCC_FUNCTION_COUNT 3
/* Number of functions currently supported by Standard Service Service Calls. */
-#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS)
+#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS + FFA_NR_FUNCS)
static bool fill_uid(struct cpu_user_regs *regs, xen_uuid_t uuid)
{
@@ -196,13 +197,23 @@ static bool handle_existing_apis(struct cpu_user_regs *regs)
return do_vpsci_0_1_call(regs, fid);
}
+static bool is_psci_fid(uint32_t fid)
+{
+ uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
+
+ return fn >= 0 && fn <= 0x1fU;
+}
+
/* PSCI 0.2 interface and other Standard Secure Calls */
static bool handle_sssc(struct cpu_user_regs *regs)
{
uint32_t fid = (uint32_t)get_user_reg(regs, 0);
- if ( do_vpsci_0_2_call(regs, fid) )
- return true;
+ if ( is_psci_fid(fid) )
+ return do_vpsci_0_2_call(regs, fid);
+
+ if ( is_ffa_fid(fid) )
+ return ffa_handle_call(regs, fid);
switch ( fid )
{
--
2.31.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-09 6:18 ` [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers Jens Wiklander
@ 2022-06-11 0:41 ` Stefano Stabellini
2022-06-11 9:41 ` Julien Grall
` (2 more replies)
0 siblings, 3 replies; 21+ messages in thread
From: Stefano Stabellini @ 2022-06-11 0:41 UTC (permalink / raw)
To: Jens Wiklander
Cc: xen-devel, Stefano Stabellini, Julien Grall, Volodymyr Babchuk
On Thu, 9 Jun 2022, Jens Wiklander wrote:
> SMCCC v1.2 AArch64 allows x0-x17 to be used as both parameter registers
> and result registers for the SMC and HVC instructions.
>
> Arm Firmware Framework for Armv8-A specification makes use of x0-x7 as
> parameter and result registers.
>
> Let us add new interface to support this extended set of input/output
> registers.
>
> This is based on 3fdc0cb59d97 ("arm64: smccc: Add support for SMCCCv1.2
> extended input/output registers") by Sudeep Holla from the Linux kernel
>
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> ---
> xen/arch/arm/arm64/smc.S | 43 ++++++++++++++++++++++++++++++++
> xen/arch/arm/include/asm/smccc.h | 42 +++++++++++++++++++++++++++++++
> xen/arch/arm/vsmc.c | 2 +-
> 3 files changed, 86 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/arm/arm64/smc.S b/xen/arch/arm/arm64/smc.S
> index 91bae62dd4d2..1570bc8eb9d4 100644
> --- a/xen/arch/arm/arm64/smc.S
> +++ b/xen/arch/arm/arm64/smc.S
> @@ -27,3 +27,46 @@ ENTRY(__arm_smccc_1_0_smc)
> stp x2, x3, [x4, #SMCCC_RES_a2]
> 1:
> ret
> +
> +
> +/*
> + * void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args,
> + * struct arm_smccc_1_2_regs *res)
> + */
> +ENTRY(arm_smccc_1_2_smc)
> + /* Save `res` and free a GPR that won't be clobbered */
> + stp x1, x19, [sp, #-16]!
> +
> + /* Ensure `args` won't be clobbered while loading regs in next step */
> + mov x19, x0
> +
> + /* Load the registers x0 - x17 from the struct arm_smccc_1_2_regs */
> + ldp x0, x1, [x19, #0]
> + ldp x2, x3, [x19, #16]
> + ldp x4, x5, [x19, #32]
> + ldp x6, x7, [x19, #48]
> + ldp x8, x9, [x19, #64]
> + ldp x10, x11, [x19, #80]
> + ldp x12, x13, [x19, #96]
> + ldp x14, x15, [x19, #112]
> + ldp x16, x17, [x19, #128]
> +
> + smc #0
> +
> + /* Load the `res` from the stack */
> + ldr x19, [sp]
> +
> + /* Store the registers x0 - x17 into the result structure */
> + stp x0, x1, [x19, #0]
> + stp x2, x3, [x19, #16]
> + stp x4, x5, [x19, #32]
> + stp x6, x7, [x19, #48]
> + stp x8, x9, [x19, #64]
> + stp x10, x11, [x19, #80]
> + stp x12, x13, [x19, #96]
> + stp x14, x15, [x19, #112]
> + stp x16, x17, [x19, #128]
I noticed that in the original commit the offsets are declared as
ARM_SMCCC_1_2_REGS_X0_OFFS, etc. In Xen we could add them to
xen/arch/arm/arm64/asm-offsets.c given that they are only used in asm.
That said, there isn't a huge value in declaring them given that they
are always read and written in order and there is nothing else in the
struct, so I am fine either way.
I am also happy to have them declared if other maintainers prefer it
that way.
> + /* Restore original x19 */
> + ldp xzr, x19, [sp], #16
> + ret
> diff --git a/xen/arch/arm/include/asm/smccc.h b/xen/arch/arm/include/asm/smccc.h
> index b3dbeecc90ad..316adf968e74 100644
> --- a/xen/arch/arm/include/asm/smccc.h
> +++ b/xen/arch/arm/include/asm/smccc.h
> @@ -33,6 +33,7 @@
>
> #define ARM_SMCCC_VERSION_1_0 SMCCC_VERSION(1, 0)
> #define ARM_SMCCC_VERSION_1_1 SMCCC_VERSION(1, 1)
> +#define ARM_SMCCC_VERSION_1_2 SMCCC_VERSION(1, 2)
>
> /*
> * This file provides common defines for ARM SMC Calling Convention as
> @@ -217,6 +218,7 @@ struct arm_smccc_res {
> #ifdef CONFIG_ARM_32
> #define arm_smccc_1_0_smc(...) arm_smccc_1_1_smc(__VA_ARGS__)
> #define arm_smccc_smc(...) arm_smccc_1_1_smc(__VA_ARGS__)
> +
> #else
Spurious change
> void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2,
> @@ -265,8 +267,48 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2,
> else \
> arm_smccc_1_0_smc(__VA_ARGS__); \
> } while ( 0 )
> +
> +/**
> + * struct arm_smccc_1_2_regs - Arguments for or Results from SMC call
> + * @a0-a17 argument values from registers 0 to 17
> + */
> +struct arm_smccc_1_2_regs {
> + unsigned long a0;
> + unsigned long a1;
> + unsigned long a2;
> + unsigned long a3;
> + unsigned long a4;
> + unsigned long a5;
> + unsigned long a6;
> + unsigned long a7;
> + unsigned long a8;
> + unsigned long a9;
> + unsigned long a10;
> + unsigned long a11;
> + unsigned long a12;
> + unsigned long a13;
> + unsigned long a14;
> + unsigned long a15;
> + unsigned long a16;
> + unsigned long a17;
> +};
> #endif /* CONFIG_ARM_64 */
>
> +/**
> + * arm_smccc_1_2_smc() - make SMC calls
> + * @args: arguments passed via struct arm_smccc_1_2_regs
> + * @res: result values via struct arm_smccc_1_2_regs
> + *
> + * This function is used to make SMC calls following SMC Calling Convention
> + * v1.2 or above. The content of the supplied param are copied from the
> + * structure to registers prior to the SMC instruction. The return values
> + * are updated with the content from registers on return from the SMC
> + * instruction.
> + */
> +void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args,
> + struct arm_smccc_1_2_regs *res);
> +
As arm_smccc_1_2_smc is not implemented in ARM32 it is better to place
the declaration inside the #ifdef CONFIG_ARM_64.
> #endif /* __ASSEMBLY__ */
>
> /*
> diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
> index 676740ef1520..6f90c08a6304 100644
> --- a/xen/arch/arm/vsmc.c
> +++ b/xen/arch/arm/vsmc.c
> @@ -93,7 +93,7 @@ static bool handle_arch(struct cpu_user_regs *regs)
> switch ( fid )
> {
> case ARM_SMCCC_VERSION_FID:
> - set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_1);
> + set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_2);
> return true;
This is going to be a problem for ARM32 given that ARM_SMCCC_VERSION_1_2
is unimplemented on ARM32. If there is an ARM32 implementation in Linux
for ARM_SMCCC_VERSION_1_2 you might as well import it too.
Otherwise we'll have to abstract it away, e.g.:
#ifdef CONFIG_ARM_64
#define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_2
#else
#define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_1
#endif
> case ARM_SMCCC_ARCH_FEATURES_FID:
> --
> 2.31.1
>
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-09 6:18 ` [PATCH v2 2/2] xen/arm: add FF-A mediator Jens Wiklander
@ 2022-06-11 1:23 ` Stefano Stabellini
2022-06-11 9:08 ` Julien Grall
2022-06-16 18:05 ` Jens Wiklander
2022-06-14 19:47 ` Volodymyr Babchuk
1 sibling, 2 replies; 21+ messages in thread
From: Stefano Stabellini @ 2022-06-11 1:23 UTC (permalink / raw)
To: Jens Wiklander
Cc: xen-devel, Stefano Stabellini, Julien Grall, Volodymyr Babchuk,
Bertrand.Marquis
On Thu, 9 Jun 2022, Jens Wiklander wrote:
> Adds a FF-A version 1.1 [1] mediator to communicate with a Secure
> Partition in secure world.
>
> The implementation is the bare minimum to be able to communicate with
> OP-TEE running as an SPMC at S-EL1.
>
> This is loosely based on the TEE mediator framework and the OP-TEE
> mediator.
>
> [1] https://developer.arm.com/documentation/den0077/latest
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Hi Jens, thanks for rebasing. This is not a full review because I ran
out of time but some initial comments.
> ---
> xen/arch/arm/Kconfig | 11 +
> xen/arch/arm/Makefile | 1 +
> xen/arch/arm/domain.c | 10 +
> xen/arch/arm/ffa.c | 1624 +++++++++++++++++++++++++++++
> xen/arch/arm/include/asm/domain.h | 4 +
> xen/arch/arm/include/asm/ffa.h | 71 ++
> xen/arch/arm/vsmc.c | 17 +-
> 7 files changed, 1735 insertions(+), 3 deletions(-)
> create mode 100644 xen/arch/arm/ffa.c
> create mode 100644 xen/arch/arm/include/asm/ffa.h
>
> diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> index ecfa6822e4d3..5b75067e2745 100644
> --- a/xen/arch/arm/Kconfig
> +++ b/xen/arch/arm/Kconfig
> @@ -106,6 +106,17 @@ config TEE
>
> source "arch/arm/tee/Kconfig"
>
> +config FFA
> + bool "Enable FF-A mediator support" if EXPERT
> + default n
> + depends on ARM_64
> + help
> + This option enables a minamal FF-A mediator. The mediator is
> + generic as it follows the FF-A specification [1], but it only
> + implements a small substet of the specification.
> +
> + [1] https://developer.arm.com/documentation/den0077/latest
> +
> endmenu
>
> menu "ARM errata workaround via the alternative framework"
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 1d862351d111..dbf5e593a069 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -20,6 +20,7 @@ obj-y += domain.o
> obj-y += domain_build.init.o
> obj-y += domctl.o
> obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
> +obj-$(CONFIG_FFA) += ffa.o
> obj-y += gic.o
> obj-y += gic-v2.o
> obj-$(CONFIG_GICV3) += gic-v3.o
> diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> index 8110c1df8638..a93e6a9c4aef 100644
> --- a/xen/arch/arm/domain.c
> +++ b/xen/arch/arm/domain.c
> @@ -27,6 +27,7 @@
> #include <asm/cpufeature.h>
> #include <asm/current.h>
> #include <asm/event.h>
> +#include <asm/ffa.h>
> #include <asm/gic.h>
> #include <asm/guest_atomics.h>
> #include <asm/irq.h>
> @@ -756,6 +757,9 @@ int arch_domain_create(struct domain *d,
> if ( (rc = tee_domain_init(d, config->arch.tee_type)) != 0 )
> goto fail;
>
> + if ( (rc = ffa_domain_init(d)) != 0 )
> + goto fail;
> +
> update_domain_wallclock_time(d);
>
> /*
> @@ -998,6 +1002,7 @@ static int relinquish_memory(struct domain *d, struct page_list_head *list)
> enum {
> PROG_pci = 1,
> PROG_tee,
> + PROG_ffa,
> PROG_xen,
> PROG_page,
> PROG_mapping,
> @@ -1046,6 +1051,11 @@ int domain_relinquish_resources(struct domain *d)
> if (ret )
> return ret;
>
> + PROGRESS(ffa):
> + ret = ffa_relinquish_resources(d);
> + if (ret )
> + return ret;
> +
> PROGRESS(xen):
> ret = relinquish_memory(d, &d->xenpage_list);
> if ( ret )
> diff --git a/xen/arch/arm/ffa.c b/xen/arch/arm/ffa.c
> new file mode 100644
> index 000000000000..9063b7f2b59e
> --- /dev/null
> +++ b/xen/arch/arm/ffa.c
> @@ -0,0 +1,1624 @@
> +/*
> + * xen/arch/arm/ffa.c
> + *
> + * Arm Firmware Framework for ARMv8-A(FFA) mediator
> + *
> + * Copyright (C) 2021 Linaro Limited
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without restriction,
> + * including without limitation the rights to use, copy, modify, merge,
> + * publish, distribute, sublicense, and/or sell copies of the Software,
> + * and to permit persons to whom the Software is furnished to do so,
> + * subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
> + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
> + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
> + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
> + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
> + */
> +
> +#include <xen/domain_page.h>
> +#include <xen/errno.h>
> +#include <xen/init.h>
> +#include <xen/lib.h>
> +#include <xen/sched.h>
> +#include <xen/types.h>
> +#include <xen/sizes.h>
> +#include <xen/bitops.h>
> +
> +#include <asm/smccc.h>
> +#include <asm/event.h>
> +#include <asm/ffa.h>
> +#include <asm/regs.h>
> +
> +/* Error codes */
> +#define FFA_RET_OK 0
> +#define FFA_RET_NOT_SUPPORTED -1
> +#define FFA_RET_INVALID_PARAMETERS -2
> +#define FFA_RET_NO_MEMORY -3
> +#define FFA_RET_BUSY -4
> +#define FFA_RET_INTERRUPTED -5
> +#define FFA_RET_DENIED -6
> +#define FFA_RET_RETRY -7
> +#define FFA_RET_ABORTED -8
> +
> +/* FFA_VERSION helpers */
> +#define FFA_VERSION_MAJOR _AC(1,U)
> +#define FFA_VERSION_MAJOR_SHIFT _AC(16,U)
> +#define FFA_VERSION_MAJOR_MASK _AC(0x7FFF,U)
> +#define FFA_VERSION_MINOR _AC(1,U)
> +#define FFA_VERSION_MINOR_SHIFT _AC(0,U)
> +#define FFA_VERSION_MINOR_MASK _AC(0xFFFF,U)
> +#define MAKE_FFA_VERSION(major, minor) \
> + ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \
> + ((minor) & FFA_VERSION_MINOR_MASK))
> +
> +#define FFA_MIN_VERSION MAKE_FFA_VERSION(1, 0)
> +#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0)
> +#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1)
> +#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_VERSION_MAJOR, \
> + FFA_VERSION_MINOR)
> +
> +
> +#define FFA_HANDLE_HYP_FLAG BIT(63,ULL)
> +
> +/* Memory attributes: Normal memory, Write-Back cacheable, Inner shareable */
> +#define FFA_NORMAL_MEM_REG_ATTR _AC(0x2f,U)
> +
> +/* Memory access permissions: Read-write */
> +#define FFA_MEM_ACC_RW _AC(0x2,U)
> +
> +/* Clear memory before mapping in receiver */
> +#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U)
> +/* Relayer may time slice this operation */
> +#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U)
> +/* Clear memory after receiver relinquishes it */
> +#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U)
> +
> +/* Share memory transaction */
> +#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (_AC(1,U) << 3)
> +/* Relayer must choose the alignment boundary */
> +#define FFA_MEMORY_REGION_FLAG_ANY_ALIGNMENT _AC(0,U)
> +
> +#define FFA_HANDLE_INVALID _AC(0xffffffffffffffff,ULL)
> +
> +/* Framework direct request/response */
> +#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U)
> +#define FFA_MSG_TYPE_MASK _AC(0xFF,U);
> +#define FFA_MSG_PSCI _AC(0x0,U)
> +#define FFA_MSG_SEND_VM_CREATED _AC(0x4,U)
> +#define FFA_MSG_RESP_VM_CREATED _AC(0x5,U)
> +#define FFA_MSG_SEND_VM_DESTROYED _AC(0x6,U)
> +#define FFA_MSG_RESP_VM_DESTROYED _AC(0x7,U)
> +
> +/*
> + * Flags used for the FFA_PARTITION_INFO_GET return message:
> + * BIT(0): Supports receipt of direct requests
> + * BIT(1): Can send direct requests
> + * BIT(2): Can send and receive indirect messages
> + * BIT(3): Supports receipt of notifications
> + * BIT(4-5): Partition ID is a PE endpoint ID
> + */
> +#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0,U)
> +#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1,U)
> +#define FFA_PART_PROP_INDIRECT_MSGS BIT(2,U)
> +#define FFA_PART_PROP_RECV_NOTIF BIT(3,U)
> +#define FFA_PART_PROP_IS_PE_ID (_AC(0,U) << 4)
> +#define FFA_PART_PROP_IS_SEPID_INDEP (_AC(1,U) << 4)
> +#define FFA_PART_PROP_IS_SEPID_DEP (_AC(2,U) << 4)
> +#define FFA_PART_PROP_IS_AUX_ID (_AC(3,U) << 4)
> +#define FFA_PART_PROP_NOTIF_CREATED BIT(6,U)
> +#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7,U)
> +#define FFA_PART_PROP_AARCH64_STATE BIT(8,U)
> +
> +/* Function IDs */
> +#define FFA_ERROR _AC(0x84000060,U)
> +#define FFA_SUCCESS_32 _AC(0x84000061,U)
> +#define FFA_SUCCESS_64 _AC(0xC4000061,U)
> +#define FFA_INTERRUPT _AC(0x84000062,U)
> +#define FFA_VERSION _AC(0x84000063,U)
> +#define FFA_FEATURES _AC(0x84000064,U)
> +#define FFA_RX_ACQUIRE _AC(0x84000084,U)
> +#define FFA_RX_RELEASE _AC(0x84000065,U)
> +#define FFA_RXTX_MAP_32 _AC(0x84000066,U)
> +#define FFA_RXTX_MAP_64 _AC(0xC4000066,U)
> +#define FFA_RXTX_UNMAP _AC(0x84000067,U)
> +#define FFA_PARTITION_INFO_GET _AC(0x84000068,U)
> +#define FFA_ID_GET _AC(0x84000069,U)
> +#define FFA_SPM_ID_GET _AC(0x84000085,U)
> +#define FFA_MSG_WAIT _AC(0x8400006B,U)
> +#define FFA_MSG_YIELD _AC(0x8400006C,U)
> +#define FFA_MSG_RUN _AC(0x8400006D,U)
> +#define FFA_MSG_SEND2 _AC(0x84000086,U)
> +#define FFA_MSG_SEND_DIRECT_REQ_32 _AC(0x8400006F,U)
> +#define FFA_MSG_SEND_DIRECT_REQ_64 _AC(0xC400006F,U)
> +#define FFA_MSG_SEND_DIRECT_RESP_32 _AC(0x84000070,U)
> +#define FFA_MSG_SEND_DIRECT_RESP_64 _AC(0xC4000070,U)
> +#define FFA_MEM_DONATE_32 _AC(0x84000071,U)
> +#define FFA_MEM_DONATE_64 _AC(0xC4000071,U)
> +#define FFA_MEM_LEND_32 _AC(0x84000072,U)
> +#define FFA_MEM_LEND_64 _AC(0xC4000072,U)
> +#define FFA_MEM_SHARE_32 _AC(0x84000073,U)
> +#define FFA_MEM_SHARE_64 _AC(0xC4000073,U)
> +#define FFA_MEM_RETRIEVE_REQ_32 _AC(0x84000074,U)
> +#define FFA_MEM_RETRIEVE_REQ_64 _AC(0xC4000074,U)
> +#define FFA_MEM_RETRIEVE_RESP _AC(0x84000075,U)
> +#define FFA_MEM_RELINQUISH _AC(0x84000076,U)
> +#define FFA_MEM_RECLAIM _AC(0x84000077,U)
> +#define FFA_MEM_FRAG_RX _AC(0x8400007A,U)
> +#define FFA_MEM_FRAG_TX _AC(0x8400007B,U)
> +#define FFA_MSG_SEND _AC(0x8400006E,U)
> +#define FFA_MSG_POLL _AC(0x8400006A,U)
> +
> +/* Partition information descriptor */
> +struct ffa_partition_info_1_0 {
> + uint16_t id;
> + uint16_t execution_context;
> + uint32_t partition_properties;
> +};
> +
> +struct ffa_partition_info_1_1 {
> + uint16_t id;
> + uint16_t execution_context;
> + uint32_t partition_properties;
> + uint8_t uuid[16];
> +};
> +
> +/* Constituent memory region descriptor */
> +struct ffa_address_range {
> + uint64_t address;
> + uint32_t page_count;
> + uint32_t reserved;
> +};
> +
> +/* Composite memory region descriptor */
> +struct ffa_mem_region {
> + uint32_t total_page_count;
> + uint32_t address_range_count;
> + uint64_t reserved;
> + struct ffa_address_range address_range_array[];
> +};
> +
> +/* Memory access permissions descriptor */
> +struct ffa_mem_access_perm {
> + uint16_t endpoint_id;
> + uint8_t perm;
> + uint8_t flags;
> +};
> +
> +/* Endpoint memory access descriptor */
> +struct ffa_mem_access {
> + struct ffa_mem_access_perm access_perm;
> + uint32_t region_offs;
> + uint64_t reserved;
> +};
> +
> +/* Lend, donate or share memory transaction descriptor */
> +struct ffa_mem_transaction_1_0 {
> + uint16_t sender_id;
> + uint8_t mem_reg_attr;
> + uint8_t reserved0;
> + uint32_t flags;
> + uint64_t global_handle;
> + uint64_t tag;
> + uint32_t reserved1;
> + uint32_t mem_access_count;
> + struct ffa_mem_access mem_access_array[];
> +};
> +
> +struct ffa_mem_transaction_1_1 {
> + uint16_t sender_id;
> + uint16_t mem_reg_attr;
> + uint32_t flags;
> + uint64_t global_handle;
> + uint64_t tag;
> + uint32_t mem_access_size;
> + uint32_t mem_access_count;
> + uint32_t mem_access_offs;
> + uint8_t reserved[12];
> +};
> +
> +/*
> + * The parts needed from struct ffa_mem_transaction_1_0 or struct
> + * ffa_mem_transaction_1_1, used to provide an abstraction of difference in
> + * data structures between version 1.0 and 1.1. This is just an internal
> + * interface and can be changed without changing any ABI.
> + */
> +struct ffa_mem_transaction_x {
> + uint16_t sender_id;
> + uint8_t mem_reg_attr;
> + uint8_t flags;
> + uint8_t mem_access_size;
> + uint8_t mem_access_count;
> + uint16_t mem_access_offs;
> + uint64_t global_handle;
> + uint64_t tag;
> +};
> +
> +/* Endpoint RX/TX descriptor */
> +struct ffa_endpoint_rxtx_descriptor_1_0 {
> + uint16_t sender_id;
> + uint16_t reserved;
> + uint32_t rx_range_count;
> + uint32_t tx_range_count;
> +};
> +
> +struct ffa_endpoint_rxtx_descriptor_1_1 {
> + uint16_t sender_id;
> + uint16_t reserved;
> + uint32_t rx_region_offs;
> + uint32_t tx_region_offs;
> +};
> +
> +struct ffa_ctx {
> + void *rx;
> + void *tx;
> + struct page_info *rx_pg;
> + struct page_info *tx_pg;
> + unsigned int page_count;
> + uint32_t guest_vers;
> + bool tx_is_mine;
> + bool interrupted;
> +};
> +
> +struct ffa_shm_mem {
> + struct list_head list;
> + uint16_t sender_id;
> + uint16_t ep_id; /* endpoint, the one lending */
> + uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */
> + unsigned int page_count;
> + struct page_info *pages[];
> +};
> +
> +struct mem_frag_state {
> + struct list_head list;
> + struct ffa_shm_mem *shm;
> + uint32_t range_count;
> + unsigned int current_page_idx;
> + unsigned int frag_offset;
> + unsigned int range_offset;
> + uint8_t *buf;
> + unsigned int buf_size;
> + struct ffa_address_range range;
> +};
> +
> +/*
> + * Our rx/rx buffer shared with the SPMC
> + */
> +static uint32_t ffa_version;
> +static uint16_t *subsr_vm_created;
> +static unsigned int subsr_vm_created_count;
> +static uint16_t *subsr_vm_destroyed;
> +static unsigned int subsr_vm_destroyed_count;
> +static void *ffa_rx;
> +static void *ffa_tx;
> +static unsigned int ffa_page_count;
> +static spinlock_t ffa_buffer_lock = SPIN_LOCK_UNLOCKED;
DEFINE_SPINLOCK. But actually shouldn't the spin_locks be per-domain? It
looks like that at least some of the locks don't need to be global.
> +static struct list_head ffa_mem_list = LIST_HEAD_INIT(ffa_mem_list);
> +static struct list_head ffa_frag_list = LIST_HEAD_INIT(ffa_frag_list);
LIST_HEAD(ffa_mem_list);
LIST_HEAD(ffa_frag_list);
> +static spinlock_t ffa_mem_list_lock = SPIN_LOCK_UNLOCKED;
DEFINE_SPINLOCK
> +static uint64_t next_handle = FFA_HANDLE_HYP_FLAG;
> +
> +static uint64_t reg_pair_to_64(uint32_t reg0, uint32_t reg1)
> +{
> + return (uint64_t)reg0 << 32 | reg1;
> +}
> +
> +static void reg_pair_from_64(uint32_t *reg0, uint32_t *reg1, uint64_t val)
> +{
> + *reg0 = val >> 32;
> + *reg1 = val;
> +}
I think these two should be static inline
> +static bool ffa_get_version(uint32_t *vers)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_VERSION, .a1 = FFA_MY_VERSION,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> + if ( resp.a0 == FFA_RET_NOT_SUPPORTED )
> + {
> + printk(XENLOG_ERR "ffa: FFA_VERSION returned not supported\n");
> + return false;
> + }
> +
> + *vers = resp.a0;
> + return true;
> +}
> +
> +static uint32_t ffa_rxtx_map(register_t tx_addr, register_t rx_addr,
> + uint32_t page_count)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> +#ifdef CONFIG_ARM_64
> + .a0 = FFA_RXTX_MAP_64,
> +#endif
This ifdef is unnecessary given that FFA depends on ARM64 and SMCCCv1.2
is only implemented on ARM64. It also applies to all the other ifdefs in
this file. You can remove the code under #ifdef CONFIG_ARM_32.
> +#ifdef CONFIG_ARM_32
> + .a0 = FFA_RXTX_MAP_32,
> +#endif
> + .a1 = tx_addr, .a2 = rx_addr,
> + .a3 = page_count,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + return FFA_RET_OK;
> +}
> +
> +static uint32_t ffa_rxtx_unmap(uint16_t vm_id)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_RXTX_UNMAP, .a1 = vm_id,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + return FFA_RET_OK;
> +}
> +
> +static uint32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
> + uint32_t w4, uint32_t w5,
> + uint32_t *count)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_PARTITION_INFO_GET, .a1 = w1, .a2 = w2, .a3 = w3, .a4 = w4,
> + .a5 = w5,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + *count = resp.a2;
> +
> + return FFA_RET_OK;
> +}
> +
> +static uint32_t ffa_rx_release(void)
> +{
> + const struct arm_smccc_1_2_regs arg = { .a0 = FFA_RX_RELEASE, };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + return FFA_RET_OK;
> +}
> +
> +static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len,
> + register_t addr, uint32_t pg_count,
> + uint64_t *handle)
> +{
> + struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_MEM_SHARE_32, .a1 = tot_len, .a2 = frag_len, .a3 = addr,
> + .a4 = pg_count,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + /*
> + * For arm64 we must use 64-bit calling convention if the buffer isn't
> + * passed in our tx buffer.
> + */
> + if (sizeof(addr) > 4 && addr)
> + arg.a0 = FFA_MEM_SHARE_64;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + switch ( resp.a0 ) {
> + case FFA_ERROR:
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + case FFA_SUCCESS_32:
> + *handle = reg_pair_to_64(resp.a3, resp.a2);
> + return FFA_RET_OK;
> + case FFA_MEM_FRAG_RX:
> + *handle = reg_pair_to_64(resp.a2, resp.a1);
> + return resp.a3;
> + default:
> + return FFA_RET_NOT_SUPPORTED;
coding style: alignment
> + }
> +}
> +
> +static int32_t ffa_mem_frag_tx(uint64_t handle, uint32_t frag_len,
> + uint16_t sender_id)
> +{
> + struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_MEM_FRAG_TX, .a1 = handle & UINT32_MAX, .a2 = handle >> 32,
> + .a3 = frag_len, .a4 = (uint32_t)sender_id << 16,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + switch ( resp.a0 ) {
> + case FFA_ERROR:
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + case FFA_SUCCESS_32:
> + return FFA_RET_OK;
> + case FFA_MEM_FRAG_RX:
> + return resp.a3;
> + default:
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +}
> +
> +static uint32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi,
> + uint32_t flags)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_MEM_RECLAIM, .a1 = handle_lo, .a2 = handle_hi, .a3 = flags,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + return FFA_RET_OK;
> +}
> +
> +static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id,
> + uint8_t msg)
> +{
> + uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK;
> + int32_t res;
> +
> + if ( msg != FFA_MSG_SEND_VM_CREATED && msg !=FFA_MSG_SEND_VM_DESTROYED )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + if ( msg == FFA_MSG_SEND_VM_CREATED )
> + exp_resp |= FFA_MSG_RESP_VM_CREATED;
> + else
> + exp_resp |= FFA_MSG_RESP_VM_DESTROYED;
> +
> + do {
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_MSG_SEND_DIRECT_REQ_32,
> + .a1 = sp_id,
> + .a2 = FFA_MSG_FLAG_FRAMEWORK | msg,
> + .a5 = vm_id,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> + if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) {
> + /*
> + * This is an invalid response, likely due to some error in the
> + * implementation of the ABI.
> + */
> + return FFA_RET_INVALID_PARAMETERS;
> + }
> + res = resp.a3;
> + } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY );
> +
> + return res;
> +}
> +
> +static u16 get_vm_id(struct domain *d)
> +{
> + /* +1 since 0 is reserved for the hypervisor in FF-A */
> + return d->domain_id + 1;
> +}
> +
> +static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1,
> + register_t v2, register_t v3, register_t v4, register_t v5,
> + register_t v6, register_t v7)
> +{
> + set_user_reg(regs, 0, v0);
> + set_user_reg(regs, 1, v1);
> + set_user_reg(regs, 2, v2);
> + set_user_reg(regs, 3, v3);
> + set_user_reg(regs, 4, v4);
> + set_user_reg(regs, 5, v5);
> + set_user_reg(regs, 6, v6);
> + set_user_reg(regs, 7, v7);
> +}
> +
> +static void set_regs_error(struct cpu_user_regs *regs, uint32_t error_code)
> +{
> + set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0);
> +}
> +
> +static void set_regs_success(struct cpu_user_regs *regs, uint32_t w2,
> + uint32_t w3)
> +{
> + set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0);
> +}
> +
> +static void set_regs_frag_rx(struct cpu_user_regs *regs, uint32_t handle_lo,
> + uint32_t handle_hi, uint32_t frag_offset,
> + uint16_t sender_id)
> +{
> + set_regs(regs, FFA_MEM_FRAG_RX, handle_lo, handle_hi, frag_offset,
> + (uint32_t)sender_id << 16, 0, 0, 0);
> +}
> +
> +static void handle_version(struct cpu_user_regs *regs)
> +{
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + uint32_t vers = get_user_reg(regs, 1);
> +
> + if ( vers < FFA_VERSION_1_1 )
> + vers = FFA_VERSION_1_0;
> + else
> + vers = FFA_VERSION_1_1;
> +
> + ctx->guest_vers = vers;
> + set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
> +}
> +
> +static uint32_t handle_rxtx_map(uint32_t fid, register_t tx_addr,
> + register_t rx_addr, uint32_t page_count)
> +{
> + uint32_t ret = FFA_RET_NOT_SUPPORTED;
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + struct page_info *tx_pg;
> + struct page_info *rx_pg;
> + p2m_type_t t;
> + void *rx;
> + void *tx;
> +
> + if ( !smccc_is_conv_64(fid) )
> + {
> + tx_addr &= UINT32_MAX;
> + rx_addr &= UINT32_MAX;
> + }
> +
> + /* For now to keep things simple, only deal with a single page */
> + if ( page_count != 1 )
> + return FFA_RET_NOT_SUPPORTED;
> +
> + /* Already mapped */
> + if ( ctx->rx )
> + return FFA_RET_DENIED;
> +
> + tx_pg = get_page_from_gfn(d, gaddr_to_gfn(tx_addr), &t, P2M_ALLOC);
> + if ( !tx_pg )
> + return FFA_RET_NOT_SUPPORTED;
It looks like this should be another error: if get_page_from_gfn fails
it is probably because the provided page is invalid, so we should return
FFA_RET_INVALID_PARAMETERS ?
> + /* Only normal RAM for now */
> + if (t != p2m_ram_rw)
> + goto err_put_tx_pg;
> +
> + rx_pg = get_page_from_gfn(d, gaddr_to_gfn(rx_addr), &t, P2M_ALLOC);
> + if ( !tx_pg )
> + goto err_put_tx_pg;
same here?
> + /* Only normal RAM for now */
> + if ( t != p2m_ram_rw )
> + goto err_put_rx_pg;
> +
> + tx = __map_domain_page_global(tx_pg);
> + if ( !tx )
> + goto err_put_rx_pg;
> +
> + rx = __map_domain_page_global(rx_pg);
> + if ( !rx )
> + goto err_unmap_tx;
> +
> + ctx->rx = rx;
> + ctx->tx = tx;
> + ctx->rx_pg = rx_pg;
> + ctx->tx_pg = tx_pg;
> + ctx->page_count = 1;
> + ctx->tx_is_mine = true;
> + return FFA_RET_OK;
> +
> +err_unmap_tx:
> + unmap_domain_page_global(tx);
> +err_put_rx_pg:
> + put_page(rx_pg);
> +err_put_tx_pg:
> + put_page(tx_pg);
> + return ret;
> +}
> +
> +static uint32_t handle_rxtx_unmap(void)
> +{
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + uint32_t ret;
> +
> + if ( !ctx-> rx )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + ret = ffa_rxtx_unmap(get_vm_id(d));
> + if ( ret )
> + return ret;
> +
> + unmap_domain_page_global(ctx->rx);
> + unmap_domain_page_global(ctx->tx);
> + put_page(ctx->rx_pg);
> + put_page(ctx->tx_pg);
> + ctx->rx = NULL;
> + ctx->tx = NULL;
> + ctx->rx_pg = NULL;
> + ctx->tx_pg = NULL;
> + ctx->page_count = 0;
> + ctx->tx_is_mine = false;
> +
> + return FFA_RET_OK;
> +}
> +
> +static uint32_t handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
> + uint32_t w4, uint32_t w5,
> + uint32_t *count)
> +{
> + uint32_t ret = FFA_RET_DENIED;
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> +
> + if ( !ffa_page_count )
> + return FFA_RET_DENIED;
> +
> + spin_lock(&ffa_buffer_lock);
> + if ( !ctx->page_count || !ctx->tx_is_mine )
> + goto out;
> + ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count);
> + if ( ret )
> + goto out;
> + if ( ctx->guest_vers == FFA_VERSION_1_0 ) {
> + size_t n;
> + struct ffa_partition_info_1_1 *src = ffa_rx;
> + struct ffa_partition_info_1_0 *dst = ctx->rx;
> +
> + for ( n = 0; n < *count; n++ ) {
> + dst[n].id = src[n].id;
> + dst[n].execution_context = src[n].execution_context;
> + dst[n].partition_properties = src[n].partition_properties;
> + }
> + } else {
> + size_t sz = *count * sizeof(struct ffa_partition_info_1_1);
> +
> + memcpy(ctx->rx, ffa_rx, sz);
> + }
> + ffa_rx_release();
> + ctx->tx_is_mine = false;
> +out:
> + spin_unlock(&ffa_buffer_lock);
> +
> + return ret;
> +}
> +
> +static uint32_t handle_rx_release(void)
> +{
> + uint32_t ret = FFA_RET_DENIED;
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> +
> + spin_lock(&ffa_buffer_lock);
> + if ( !ctx->page_count || ctx->tx_is_mine )
> + goto out;
> + ret = FFA_RET_OK;
> + ctx->tx_is_mine = true;
> +out:
> + spin_unlock(&ffa_buffer_lock);
> +
> + return ret;
> +}
> +
> +static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid)
> +{
> + struct arm_smccc_1_2_regs arg = { .a0 = fid, };
> + struct arm_smccc_1_2_regs resp = { };
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + uint32_t src_dst;
> + uint64_t mask;
> +
> + if ( smccc_is_conv_64(fid) )
> + mask = 0xffffffffffffffff;
> + else
> + mask = 0xffffffff;
> +
> + src_dst = get_user_reg(regs, 1);
> + if ( (src_dst >> 16) != get_vm_id(d) )
> + {
> + resp.a0 = FFA_ERROR;
> + resp.a2 = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> +
> + arg.a1 = src_dst;
> + arg.a2 = get_user_reg(regs, 2) & mask;
> + arg.a3 = get_user_reg(regs, 3) & mask;
> + arg.a4 = get_user_reg(regs, 4) & mask;
> + arg.a5 = get_user_reg(regs, 5) & mask;
> + arg.a6 = get_user_reg(regs, 6) & mask;
> + arg.a7 = get_user_reg(regs, 7) & mask;
> +
> + while ( true ) {
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + switch ( resp.a0 )
> + {
> + case FFA_INTERRUPT:
> + ctx->interrupted = true;
> + goto out;
> + case FFA_ERROR:
> + case FFA_SUCCESS_32:
> + case FFA_SUCCESS_64:
> + case FFA_MSG_SEND_DIRECT_RESP_32:
> + case FFA_MSG_SEND_DIRECT_RESP_64:
> + goto out;
> + default:
> + /* Bad fid, report back. */
> + memset(&arg, 0, sizeof(arg));
> + arg.a0 = FFA_ERROR;
> + arg.a1 = src_dst;
> + arg.a2 = FFA_RET_NOT_SUPPORTED;
> + continue;
> + }
> + }
> +
> +out:
> + set_user_reg(regs, 0, resp.a0);
> + set_user_reg(regs, 2, resp.a2 & mask);
> + set_user_reg(regs, 1, resp.a1 & mask);
> + set_user_reg(regs, 3, resp.a3 & mask);
> + set_user_reg(regs, 4, resp.a4 & mask);
> + set_user_reg(regs, 5, resp.a5 & mask);
> + set_user_reg(regs, 6, resp.a6 & mask);
> + set_user_reg(regs, 7, resp.a7 & mask);
> +}
> +
> +static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm,
> + struct ffa_address_range *range, uint32_t range_count,
> + unsigned int start_page_idx,
> + unsigned int *last_page_idx)
> +{
> + unsigned int pg_idx = start_page_idx;
> + unsigned long gfn;
> + unsigned int n;
> + unsigned int m;
> + p2m_type_t t;
> + uint64_t addr;
> +
> + for ( n = 0; n < range_count; n++ ) {
> + for ( m = 0; m < range[n].page_count; m++ ) {
> + if ( pg_idx >= shm->page_count )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + addr = read_atomic(&range[n].address);
> + gfn = gaddr_to_gfn(addr + m * PAGE_SIZE);
> + shm->pages[pg_idx] = get_page_from_gfn(d, gfn, &t, P2M_ALLOC);
> + if ( !shm->pages[pg_idx] )
> + return FFA_RET_DENIED;
> + pg_idx++;
> + /* Only normal RAM for now */
> + if ( t != p2m_ram_rw )
> + return FFA_RET_DENIED;
> + }
> + }
> +
> + *last_page_idx = pg_idx;
> +
> + return FFA_RET_OK;
> +}
> +
> +static void put_shm_pages(struct ffa_shm_mem *shm)
> +{
> + unsigned int n;
> +
> + for ( n = 0; n < shm->page_count && shm->pages[n]; n++ )
> + {
> + if ( shm->pages[n] ) {
> + put_page(shm->pages[n]);
> + shm->pages[n] = NULL;
> + }
> + }
> +}
> +
> +static void init_range(struct ffa_address_range *addr_range,
> + paddr_t pa)
> +{
> + memset(addr_range, 0, sizeof(*addr_range));
> + addr_range->address = pa;
> + addr_range->page_count = 1;
> +}
> +
> +static int share_shm(struct ffa_shm_mem *shm)
> +{
> + uint32_t max_frag_len = ffa_page_count * PAGE_SIZE;
> + struct ffa_mem_transaction_1_1 *descr = ffa_tx;
> + struct ffa_mem_access *mem_access_array;
> + struct ffa_mem_region *region_descr;
> + struct ffa_address_range *addr_range;
> + paddr_t pa;
> + paddr_t last_pa;
> + unsigned int n;
> + uint32_t frag_len;
> + uint32_t tot_len;
> + int ret;
> + unsigned int range_count;
> + unsigned int range_base;
> + bool first;
> +
> + memset(descr, 0, sizeof(*descr));
> + descr->sender_id = shm->sender_id;
> + descr->global_handle = shm->handle;
> + descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR;
> + descr->mem_access_count = 1;
> + descr->mem_access_size = sizeof(*mem_access_array);
> + descr->mem_access_offs = sizeof(*descr);
> + mem_access_array = (void *)(descr + 1);
> + region_descr = (void *)(mem_access_array + 1);
> +
> + memset(mem_access_array, 0, sizeof(*mem_access_array));
> + mem_access_array[0].access_perm.endpoint_id = shm->ep_id;
> + mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW;
> + mem_access_array[0].region_offs = (vaddr_t)region_descr - (vaddr_t)ffa_tx;
> +
> + memset(region_descr, 0, sizeof(*region_descr));
> + region_descr->total_page_count = shm->page_count;
> +
> + region_descr->address_range_count = 1;
> + last_pa = page_to_maddr(shm->pages[0]);
> + for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
> + {
> + pa = page_to_maddr(shm->pages[n]);
> + if ( last_pa + PAGE_SIZE == pa )
> + {
> + continue;
> + }
> + region_descr->address_range_count++;
> + }
> +
> + tot_len = sizeof(*descr) + sizeof(*mem_access_array) +
> + sizeof(*region_descr) +
> + region_descr->address_range_count * sizeof(*addr_range);
> +
> + addr_range = region_descr->address_range_array;
> + frag_len = (vaddr_t)(addr_range + 1) - (vaddr_t)ffa_tx;
> + last_pa = page_to_maddr(shm->pages[0]);
> + init_range(addr_range, last_pa);
> + first = true;
> + range_count = 1;
> + range_base = 0;
> + for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
> + {
> + pa = page_to_maddr(shm->pages[n]);
> + if ( last_pa + PAGE_SIZE == pa )
> + {
> + addr_range->page_count++;
> + continue;
> + }
> +
> + if (frag_len == max_frag_len) {
> + if (first)
> + {
> + ret = ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
> + first = false;
> + }
> + else
> + {
> + ret = ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
> + }
> + if (ret <= 0)
> + return ret;
> + range_base = range_count;
> + range_count = 0;
> + frag_len = sizeof(*addr_range);
> + addr_range = ffa_tx;
> + } else {
> + frag_len += sizeof(*addr_range);
> + addr_range++;
> + }
> + init_range(addr_range, pa);
> + range_count++;
> + }
> +
> + if (first)
> + return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
> + else
> + return ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
> +}
> +
> +static int read_mem_transaction(uint32_t ffa_vers, void *buf, size_t blen,
> + struct ffa_mem_transaction_x *trans)
> +{
> + uint16_t mem_reg_attr;
> + uint32_t flags;
> + uint32_t count;
> + uint32_t offs;
> + uint32_t size;
> +
> + if (ffa_vers >= FFA_VERSION_1_1) {
> + struct ffa_mem_transaction_1_1 *descr;
> +
> + if (blen < sizeof(*descr))
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + descr = buf;
> + trans->sender_id = read_atomic(&descr->sender_id);
> + mem_reg_attr = read_atomic(&descr->mem_reg_attr);
> + flags = read_atomic(&descr->flags);
> + trans->global_handle = read_atomic(&descr->global_handle);
> + trans->tag = read_atomic(&descr->tag);
> +
> + count = read_atomic(&descr->mem_access_count);
> + size = read_atomic(&descr->mem_access_size);
> + offs = read_atomic(&descr->mem_access_offs);
> + } else {
> + struct ffa_mem_transaction_1_0 *descr;
> +
> + if (blen < sizeof(*descr))
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + descr = buf;
> + trans->sender_id = read_atomic(&descr->sender_id);
> + mem_reg_attr = read_atomic(&descr->mem_reg_attr);
> + flags = read_atomic(&descr->flags);
> + trans->global_handle = read_atomic(&descr->global_handle);
> + trans->tag = read_atomic(&descr->tag);
> +
> + count = read_atomic(&descr->mem_access_count);
> + size = sizeof(struct ffa_mem_access);
> + offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array);
> + }
> +
> + if (mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX ||
> + count > UINT8_MAX || offs > UINT16_MAX)
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + /* Check that the endpoint memory access descriptor array fits */
> + if (size * count + offs > blen)
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + trans->mem_reg_attr = mem_reg_attr;
> + trans->flags = flags;
> + trans->mem_access_size = size;
> + trans->mem_access_count = count;
> + trans->mem_access_offs = offs;
> + return 0;
> +}
> +
> +static int add_mem_share_frag(struct mem_frag_state *s, unsigned int offs,
> + unsigned int frag_len)
> +{
> + struct domain *d = current->domain;
> + unsigned int o = offs;
> + unsigned int l;
> + int ret;
> +
> + if (frag_len < o)
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + /* Fill up the first struct ffa_address_range */
> + l = min_t(unsigned int, frag_len - o, sizeof(s->range) - s->range_offset);
> + memcpy((uint8_t *)&s->range + s->range_offset, s->buf + o, l);
> + s->range_offset += l;
> + o += l;
> + if (s->range_offset != sizeof(s->range))
> + goto out;
> + s->range_offset = 0;
> +
> + while (true) {
> + ret = get_shm_pages(d, s->shm, &s->range, 1, s->current_page_idx,
> + &s->current_page_idx);
> + if (ret)
> + return ret;
> + if (s->range_count == 1)
> + return 0;
> + s->range_count--;
> + if (frag_len - o < sizeof(s->range))
> + break;
> + memcpy(&s->range, s->buf + o, sizeof(s->range));
> + o += sizeof(s->range);
> + }
> +
> + /* Collect any remaining bytes for the next struct ffa_address_range */
> + s->range_offset = frag_len - o;
> + memcpy(&s->range, s->buf + o, frag_len - o);
> +out:
> + s->frag_offset += frag_len;
> + return s->frag_offset;
> +}
> +
> +static void handle_mem_share(struct cpu_user_regs *regs)
> +{
> + uint32_t tot_len = get_user_reg(regs, 1);
> + uint32_t frag_len = get_user_reg(regs, 2);
> + uint64_t addr = get_user_reg(regs, 3);
> + uint32_t page_count = get_user_reg(regs, 4);
> + struct ffa_mem_transaction_x trans;
> + struct ffa_mem_access *mem_access;
> + struct ffa_mem_region *region_descr;
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + struct ffa_shm_mem *shm = NULL;
> + unsigned int last_page_idx = 0;
> + uint32_t range_count;
> + uint32_t region_offs;
> + int ret = FFA_RET_DENIED;
> + uint32_t handle_hi = 0;
> + uint32_t handle_lo = 0;
> +
> + /*
> + * We're only accepting memory transaction descriptors via the rx/tx
> + * buffer.
> + */
> + if ( addr ) {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out_unlock;
> + }
> +
> + /* Check that fragment legnth doesn't exceed total length */
> + if (frag_len > tot_len) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out_unlock;
> + }
> +
> + spin_lock(&ffa_buffer_lock);
> +
> + if ( frag_len > ctx->page_count * PAGE_SIZE )
> + goto out_unlock;
> +
> + if ( !ffa_page_count ) {
> + ret = FFA_RET_NO_MEMORY;
> + goto out_unlock;
> + }
> +
> + ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans);
> + if (ret)
> + goto out_unlock;
> +
> + if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR )
> + {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out;
> + }
> +
> + /* Only supports sharing it with one SP for now */
> + if ( trans.mem_access_count != 1 )
> + {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out_unlock;
> + }
> +
> + if ( trans.sender_id != get_vm_id(d) )
> + {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out_unlock;
> + }
> +
> + /* Check that it fits in the supplied data */
> + if ( trans.mem_access_offs + trans.mem_access_size > frag_len)
> + goto out_unlock;
> +
> + mem_access = (void *)((vaddr_t)ctx->tx + trans.mem_access_offs);
> + if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW )
> + {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out_unlock;
> + }
> +
> + region_offs = read_atomic(&mem_access->region_offs);
> + if (sizeof(*region_descr) + region_offs > frag_len) {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out_unlock;
> + }
> +
> + region_descr = (void *)((vaddr_t)ctx->tx + region_offs);
> + range_count = read_atomic(®ion_descr->address_range_count);
> + page_count = read_atomic(®ion_descr->total_page_count);
> +
> + shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count);
> + if ( !shm )
> + {
> + ret = FFA_RET_NO_MEMORY;
> + goto out;
> + }
> + shm->sender_id = trans.sender_id;
> + shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id);
> + shm->page_count = page_count;
> +
> + if (frag_len != tot_len) {
> + struct mem_frag_state *s = xzalloc(struct mem_frag_state);
> +
> + if (!s) {
> + ret = FFA_RET_NO_MEMORY;
> + goto out;
> + }
> + s->shm = shm;
> + s->range_count = range_count;
> + s->buf = ctx->tx;
> + s->buf_size = ffa_page_count * PAGE_SIZE;
> + ret = add_mem_share_frag(s, sizeof(*region_descr) + region_offs,
> + frag_len);
> + if (ret <= 0) {
> + xfree(s);
> + if (ret < 0)
> + goto out;
> + } else {
> + shm->handle = next_handle++;
> + reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
> + spin_lock(&ffa_mem_list_lock);
> + list_add_tail(&s->list, &ffa_frag_list);
> + spin_unlock(&ffa_mem_list_lock);
> + }
> + goto out_unlock;
> + }
> +
> + /*
> + * Check that the Composite memory region descriptor fits.
> + */
> + if ( sizeof(*region_descr) + region_offs +
> + range_count * sizeof(struct ffa_address_range) > frag_len) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> +
> + ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count,
> + 0, &last_page_idx);
> + if ( ret )
> + goto out;
> + if (last_page_idx != shm->page_count) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> +
> + /* Note that share_shm() uses our tx buffer */
> + ret = share_shm(shm);
> + if ( ret )
> + goto out;
> +
> + spin_lock(&ffa_mem_list_lock);
> + list_add_tail(&shm->list, &ffa_mem_list);
> + spin_unlock(&ffa_mem_list_lock);
> +
> + reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
> +
> +out:
> + if ( ret && shm )
> + {
> + put_shm_pages(shm);
> + xfree(shm);
> + }
> +out_unlock:
> + spin_unlock(&ffa_buffer_lock);
> +
> + if ( ret > 0 )
> + set_regs_frag_rx(regs, handle_lo, handle_hi, ret, trans.sender_id);
> + else if ( ret == 0)
> + set_regs_success(regs, handle_lo, handle_hi);
> + else
> + set_regs_error(regs, ret);
> +}
> +
> +static struct mem_frag_state *find_frag_state(uint64_t handle)
> +{
> + struct mem_frag_state *s;
> +
> + list_for_each_entry(s, &ffa_frag_list, list)
> + if ( s->shm->handle == handle)
> + return s;
> +
> + return NULL;
> +}
> +
> +static void handle_mem_frag_tx(struct cpu_user_regs *regs)
> +{
> + uint32_t frag_len = get_user_reg(regs, 3);
> + uint32_t handle_lo = get_user_reg(regs, 1);
> + uint32_t handle_hi = get_user_reg(regs, 2);
> + uint64_t handle = reg_pair_to_64(handle_hi, handle_lo);
> + struct mem_frag_state *s;
> + uint16_t sender_id = 0;
> + int ret;
> +
> + spin_lock(&ffa_buffer_lock);
> + s = find_frag_state(handle);
> + if (!s) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> + sender_id = s->shm->sender_id;
> +
> + if (frag_len > s->buf_size) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> +
> + ret = add_mem_share_frag(s, 0, frag_len);
> + if (ret == 0) {
> + /* Note that share_shm() uses our tx buffer */
> + ret = share_shm(s->shm);
> + if (ret == 0) {
> + spin_lock(&ffa_mem_list_lock);
> + list_add_tail(&s->shm->list, &ffa_mem_list);
> + spin_unlock(&ffa_mem_list_lock);
> + } else {
> + put_shm_pages(s->shm);
> + xfree(s->shm);
> + }
> + spin_lock(&ffa_mem_list_lock);
> + list_del(&s->list);
> + spin_unlock(&ffa_mem_list_lock);
> + xfree(s);
> + } else if (ret < 0) {
> + put_shm_pages(s->shm);
> + xfree(s->shm);
> + spin_lock(&ffa_mem_list_lock);
> + list_del(&s->list);
> + spin_unlock(&ffa_mem_list_lock);
> + xfree(s);
> + }
> +out:
> + spin_unlock(&ffa_buffer_lock);
> +
> + if ( ret > 0 )
> + set_regs_frag_rx(regs, handle_lo, handle_hi, ret, sender_id);
> + else if ( ret == 0)
> + set_regs_success(regs, handle_lo, handle_hi);
> + else
> + set_regs_error(regs, ret);
> +}
> +
> +static int handle_mem_reclaim(uint64_t handle, uint32_t flags)
> +{
> + struct ffa_shm_mem *shm;
> + uint32_t handle_hi;
> + uint32_t handle_lo;
> + int ret;
> +
> + spin_lock(&ffa_mem_list_lock);
> + list_for_each_entry(shm, &ffa_mem_list, list) {
> + if ( shm->handle == handle )
> + goto found_it;
> + }
> + shm = NULL;
> +found_it:
> + spin_unlock(&ffa_mem_list_lock);
> +
> + if ( !shm )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + reg_pair_from_64(&handle_hi, &handle_lo, handle);
> + ret = ffa_mem_reclaim(handle_lo, handle_hi, flags);
> + if ( ret )
> + return ret;
> +
> + spin_lock(&ffa_mem_list_lock);
> + list_del(&shm->list);
> + spin_unlock(&ffa_mem_list_lock);
> +
> + put_shm_pages(shm);
> + xfree(shm);
> +
> + return ret;
> +}
> +
> +bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
> +{
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + uint32_t count;
> + uint32_t e;
> +
> + if ( !ctx )
> + return false;
> +
> + switch ( fid )
> + {
> + case FFA_VERSION:
> + handle_version(regs);
> + return true;
> + case FFA_ID_GET:
> + set_regs_success(regs, get_vm_id(d), 0);
> + return true;
> + case FFA_RXTX_MAP_32:
> +#ifdef CONFIG_ARM_64
> + case FFA_RXTX_MAP_64:
> +#endif
> + e = handle_rxtx_map(fid, get_user_reg(regs, 1), get_user_reg(regs, 2),
> + get_user_reg(regs, 3));
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, 0, 0);
> + return true;
> + case FFA_RXTX_UNMAP:
> + e = handle_rxtx_unmap();
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, 0, 0);
> + return true;
> + case FFA_PARTITION_INFO_GET:
> + e = handle_partition_info_get(get_user_reg(regs, 1),
> + get_user_reg(regs, 2),
> + get_user_reg(regs, 3),
> + get_user_reg(regs, 4),
> + get_user_reg(regs, 5), &count);
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, count, 0);
> + return true;
> + case FFA_RX_RELEASE:
> + e = handle_rx_release();
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, 0, 0);
> + return true;
> + case FFA_MSG_SEND_DIRECT_REQ_32:
> +#ifdef CONFIG_ARM_64
> + case FFA_MSG_SEND_DIRECT_REQ_64:
> +#endif
> + handle_msg_send_direct_req(regs, fid);
> + return true;
> + case FFA_MEM_SHARE_32:
> +#ifdef CONFIG_ARM_64
> + case FFA_MEM_SHARE_64:
> +#endif
> + handle_mem_share(regs);
> + return true;
> + case FFA_MEM_RECLAIM:
> + e = handle_mem_reclaim(reg_pair_to_64(get_user_reg(regs, 2),
> + get_user_reg(regs, 1)),
> + get_user_reg(regs, 3));
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, 0, 0);
> + return true;
> + case FFA_MEM_FRAG_TX:
> + handle_mem_frag_tx(regs);
> + return true;
> +
> + default:
> + printk(XENLOG_ERR "ffa: unhandled fid 0x%x\n", fid);
> + return false;
> + }
> +}
> +
> +int ffa_domain_init(struct domain *d)
> +{
> + struct ffa_ctx *ctx;
> + unsigned int n;
> + unsigned int m;
> + unsigned int c_pos;
> + int32_t res;
> +
> + if ( !ffa_version )
> + return 0;
> +
> + ctx = xzalloc(struct ffa_ctx);
> + if ( !ctx )
> + return -ENOMEM;
> +
> + for ( n = 0; n < subsr_vm_created_count; n++ ) {
> + res = ffa_direct_req_send_vm(subsr_vm_created[n], get_vm_id(d),
> + FFA_MSG_SEND_VM_CREATED);
> + if ( res ) {
> + printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n",
> + get_vm_id(d), subsr_vm_created[n], res);
> + c_pos = n;
> + goto err;
> + }
> + }
> +
> + d->arch.ffa = ctx;
> +
> + return 0;
> +
> +err:
> + /* Undo any already sent vm created messaged */
> + for ( n = 0; n < c_pos; n++ )
> + for ( m = 0; m < subsr_vm_destroyed_count; m++ )
> + if ( subsr_vm_destroyed[m] == subsr_vm_created[n] )
> + ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
> + FFA_MSG_SEND_VM_DESTROYED);
> + return -ENOMEM;
> +}
> +
> +int ffa_relinquish_resources(struct domain *d)
> +{
> + struct ffa_ctx *ctx = d->arch.ffa;
> + unsigned int n;
> + int32_t res;
> +
> + if ( !ctx )
> + return 0;
> +
> + for ( n = 0; n < subsr_vm_destroyed_count; n++ ) {
> + res = ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
> + FFA_MSG_SEND_VM_DESTROYED);
> +
> + if ( res )
> + printk(XENLOG_ERR "ffa: Failed to report destruction of vm_id %u to %u: res %d\n",
> + get_vm_id(d), subsr_vm_destroyed[n], res);
> + }
> +
> + XFREE(d->arch.ffa);
> +
> + return 0;
> +}
> +
> +static bool __init init_subscribers(void)
> +{
> + struct ffa_partition_info_1_1 *fpi;
> + bool ret = false;
> + uint32_t count;
> + uint32_t e;
> + uint32_t n;
> + uint32_t c_pos;
> + uint32_t d_pos;
> +
> + if ( ffa_version < FFA_VERSION_1_1 )
> + return true;
> +
> + e = ffa_partition_info_get(0, 0, 0, 0, 1, &count);
> + ffa_rx_release();
> + if ( e ) {
> + printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", (int)e);
> + goto out;
> + }
> +
> + fpi = ffa_rx;
> + subsr_vm_created_count = 0;
> + subsr_vm_destroyed_count = 0;
> + for ( n = 0; n < count; n++ ) {
> + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
> + subsr_vm_created_count++;
> + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
> + subsr_vm_destroyed_count++;
> + }
> +
> + if ( subsr_vm_created_count )
> + subsr_vm_created = xzalloc_array(uint16_t, subsr_vm_created_count);
> + if ( subsr_vm_destroyed_count )
> + subsr_vm_destroyed = xzalloc_array(uint16_t, subsr_vm_destroyed_count);
> + if ( (subsr_vm_created_count && !subsr_vm_created) ||
> + (subsr_vm_destroyed_count && !subsr_vm_destroyed) ) {
> + printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n");
> + subsr_vm_created_count = 0;
> + subsr_vm_destroyed_count = 0;
> + XFREE(subsr_vm_created);
> + XFREE(subsr_vm_destroyed);
> + goto out;
> + }
> +
> + for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) {
> + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
> + subsr_vm_created[c_pos++] = fpi[n].id;
> + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
> + subsr_vm_destroyed[d_pos++] = fpi[n].id;
> + }
> +
> + ret = true;
> +out:
> + ffa_rx_release();
> + return ret;
> +}
> +
> +static int __init ffa_init(void)
> +{
> + uint32_t vers;
> + uint32_t e;
> + unsigned int major_vers;
> + unsigned int minor_vers;
> +
> + /*
> + * psci_init_smccc() updates this value with what's reported by EL-3
> + * or secure world.
> + */
> + if ( smccc_ver < ARM_SMCCC_VERSION_1_2 )
> + {
> + printk(XENLOG_ERR
> + "ffa: unsupported SMCCC version %#x (need at least %#x)\n",
> + smccc_ver, ARM_SMCCC_VERSION_1_2);
> + return 0;
> + }
> +
> + if ( !ffa_get_version(&vers) )
> + return 0;
> +
> + if ( vers < FFA_MIN_VERSION || vers > FFA_MY_VERSION )
> + {
> + printk(XENLOG_ERR "ffa: Incompatible version %#x found\n", vers);
> + return 0;
> + }
> +
> + major_vers = (vers >> FFA_VERSION_MAJOR_SHIFT) & FFA_VERSION_MAJOR_MASK;
> + minor_vers = vers & FFA_VERSION_MINOR_MASK;
> + printk(XENLOG_ERR "ARM FF-A Mediator version %u.%u\n",
> + FFA_VERSION_MAJOR, FFA_VERSION_MINOR);
> + printk(XENLOG_ERR "ARM FF-A Firmware version %u.%u\n",
> + major_vers, minor_vers);
XENLOG_INFO
> + ffa_rx = alloc_xenheap_pages(0, 0);
> + if ( !ffa_rx )
> + return 0;
> +
> + ffa_tx = alloc_xenheap_pages(0, 0);
> + if ( !ffa_tx )
> + goto err_free_ffa_rx;
> +
> + e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), 1);
> + if ( e )
> + {
> + printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", (int)e);
> + goto err_free_ffa_tx;
> + }
> + ffa_page_count = 1;
> + ffa_version = vers;
> +
> + if ( !init_subscribers() )
> + goto err_free_ffa_tx;
> +
> + return 0;
> +
> +err_free_ffa_tx:
> + free_xenheap_pages(ffa_tx, 0);
> + ffa_tx = NULL;
> +err_free_ffa_rx:
> + free_xenheap_pages(ffa_rx, 0);
> + ffa_rx = NULL;
> + ffa_page_count = 0;
> + ffa_version = 0;
> + XFREE(subsr_vm_created);
> + subsr_vm_created_count = 0;
> + XFREE(subsr_vm_destroyed);
> + subsr_vm_destroyed_count = 0;
> + return 0;
> +}
> +
> +__initcall(ffa_init);
> diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h
> index ed63c2b6f91f..b3dee269bced 100644
> --- a/xen/arch/arm/include/asm/domain.h
> +++ b/xen/arch/arm/include/asm/domain.h
> @@ -103,6 +103,10 @@ struct arch_domain
> void *tee;
> #endif
>
> +#ifdef CONFIG_FFA
> + void *ffa;
> +#endif
> +
> bool directmap;
> } __cacheline_aligned;
>
> diff --git a/xen/arch/arm/include/asm/ffa.h b/xen/arch/arm/include/asm/ffa.h
> new file mode 100644
> index 000000000000..1c6ce6421294
> --- /dev/null
> +++ b/xen/arch/arm/include/asm/ffa.h
> @@ -0,0 +1,71 @@
> +/*
> + * xen/arch/arm/ffa.c
> + *
> + * Arm Firmware Framework for ARMv8-A(FFA) mediator
> + *
> + * Copyright (C) 2021 Linaro Limited
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without restriction,
> + * including without limitation the rights to use, copy, modify, merge,
> + * publish, distribute, sublicense, and/or sell copies of the Software,
> + * and to permit persons to whom the Software is furnished to do so,
> + * subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
> + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
> + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
> + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
> + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
> + */
> +
> +#ifndef __ASM_ARM_FFA_H__
> +#define __ASM_ARM_FFA_H__
> +
> +#include <xen/const.h>
> +
> +#include <asm/smccc.h>
> +#include <asm/types.h>
> +
> +#define FFA_FNUM_MIN_VALUE _AC(0x60,U)
> +#define FFA_FNUM_MAX_VALUE _AC(0x86,U)
> +
> +static inline bool is_ffa_fid(uint32_t fid)
> +{
> + uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
> +
> + return fn >= FFA_FNUM_MIN_VALUE && fn <= FFA_FNUM_MAX_VALUE;
> +}
> +
> +#ifdef CONFIG_FFA
> +#define FFA_NR_FUNCS 11
> +
> +bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid);
> +int ffa_domain_init(struct domain *d);
> +int ffa_relinquish_resources(struct domain *d);
> +#else
> +#define FFA_NR_FUNCS 0
> +
> +static inline bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
> +{
> + return false;
> +}
> +
> +static inline int ffa_domain_init(struct domain *d)
> +{
> + return 0;
> +}
> +
> +static inline int ffa_relinquish_resources(struct domain *d)
> +{
> + return 0;
> +}
> +#endif
> +
> +#endif /*__ASM_ARM_FFA_H__*/
> diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
> index 6f90c08a6304..34586025eff8 100644
> --- a/xen/arch/arm/vsmc.c
> +++ b/xen/arch/arm/vsmc.c
> @@ -20,6 +20,7 @@
> #include <public/arch-arm/smccc.h>
> #include <asm/cpuerrata.h>
> #include <asm/cpufeature.h>
> +#include <asm/ffa.h>
> #include <asm/monitor.h>
> #include <asm/regs.h>
> #include <asm/smccc.h>
> @@ -32,7 +33,7 @@
> #define XEN_SMCCC_FUNCTION_COUNT 3
>
> /* Number of functions currently supported by Standard Service Service Calls. */
> -#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS)
> +#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS + FFA_NR_FUNCS)
>
> static bool fill_uid(struct cpu_user_regs *regs, xen_uuid_t uuid)
> {
> @@ -196,13 +197,23 @@ static bool handle_existing_apis(struct cpu_user_regs *regs)
> return do_vpsci_0_1_call(regs, fid);
> }
>
> +static bool is_psci_fid(uint32_t fid)
> +{
> + uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
> +
> + return fn >= 0 && fn <= 0x1fU;
> +}
> +
> /* PSCI 0.2 interface and other Standard Secure Calls */
> static bool handle_sssc(struct cpu_user_regs *regs)
> {
> uint32_t fid = (uint32_t)get_user_reg(regs, 0);
>
> - if ( do_vpsci_0_2_call(regs, fid) )
> - return true;
> + if ( is_psci_fid(fid) )
> + return do_vpsci_0_2_call(regs, fid);
> +
> + if ( is_ffa_fid(fid) )
> + return ffa_handle_call(regs, fid);
>
> switch ( fid )
> {
> --
> 2.31.1
>
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-11 1:23 ` Stefano Stabellini
@ 2022-06-11 9:08 ` Julien Grall
2022-06-13 23:18 ` Stefano Stabellini
2022-06-16 18:05 ` Jens Wiklander
1 sibling, 1 reply; 21+ messages in thread
From: Julien Grall @ 2022-06-11 9:08 UTC (permalink / raw)
To: Stefano Stabellini, Jens Wiklander
Cc: xen-devel, Volodymyr Babchuk, Bertrand.Marquis
Hi,
On 11/06/2022 02:23, Stefano Stabellini wrote:
>> +static uint32_t ffa_rxtx_map(register_t tx_addr, register_t rx_addr,
>> + uint32_t page_count)
>> +{
>> + const struct arm_smccc_1_2_regs arg = {
>> +#ifdef CONFIG_ARM_64
>> + .a0 = FFA_RXTX_MAP_64,
>> +#endif
>
> This ifdef is unnecessary given that FFA depends on ARM64 and SMCCCv1.2
> is only implemented on ARM64. It also applies to all the other ifdefs in
> this file. You can remove the code under #ifdef CONFIG_ARM_32.
To me the #ifdef indicates that it would be possible to use FFA on
arm32. So I think it is better to keep them rather than having to
retrofitting them in the future.
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-11 0:41 ` Stefano Stabellini
@ 2022-06-11 9:41 ` Julien Grall
2022-06-13 23:18 ` Stefano Stabellini
2022-06-15 15:58 ` Jens Wiklander
2022-06-15 19:43 ` Julien Grall
2 siblings, 1 reply; 21+ messages in thread
From: Julien Grall @ 2022-06-11 9:41 UTC (permalink / raw)
To: Stefano Stabellini, Jens Wiklander; +Cc: xen-devel, Volodymyr Babchuk
Hi Stefano,
On 11/06/2022 01:41, Stefano Stabellini wrote:
> On Thu, 9 Jun 2022, Jens Wiklander wrote:
>> + /* Store the registers x0 - x17 into the result structure */
>> + stp x0, x1, [x19, #0]
>> + stp x2, x3, [x19, #16]
>> + stp x4, x5, [x19, #32]
>> + stp x6, x7, [x19, #48]
>> + stp x8, x9, [x19, #64]
>> + stp x10, x11, [x19, #80]
>> + stp x12, x13, [x19, #96]
>> + stp x14, x15, [x19, #112]
>> + stp x16, x17, [x19, #128]
>
> I noticed that in the original commit the offsets are declared as
> ARM_SMCCC_1_2_REGS_X0_OFFS, etc. In Xen we could add them to
> xen/arch/arm/arm64/asm-offsets.c given that they are only used in asm.
>
> That said, there isn't a huge value in declaring them given that they
> are always read and written in order and there is nothing else in the
> struct, so I am fine either way.
While we don't support big-endian in Xen (yet?), the offsets will be
inverted.
Furthermore, I prefer to avoid open-coded value (in particular when they
are related to offset). They are unlikely going to change, but at least
we have the compiler that will compute them for us (so less chance for a
problem).
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-11 9:08 ` Julien Grall
@ 2022-06-13 23:18 ` Stefano Stabellini
0 siblings, 0 replies; 21+ messages in thread
From: Stefano Stabellini @ 2022-06-13 23:18 UTC (permalink / raw)
To: Julien Grall
Cc: Stefano Stabellini, Jens Wiklander, xen-devel, Volodymyr Babchuk,
Bertrand.Marquis
On Sat, 11 Jun 2022, Julien Grall wrote:
> On 11/06/2022 02:23, Stefano Stabellini wrote:
> > > +static uint32_t ffa_rxtx_map(register_t tx_addr, register_t rx_addr,
> > > + uint32_t page_count)
> > > +{
> > > + const struct arm_smccc_1_2_regs arg = {
> > > +#ifdef CONFIG_ARM_64
> > > + .a0 = FFA_RXTX_MAP_64,
> > > +#endif
> >
> > This ifdef is unnecessary given that FFA depends on ARM64 and SMCCCv1.2
> > is only implemented on ARM64. It also applies to all the other ifdefs in
> > this file. You can remove the code under #ifdef CONFIG_ARM_32.
>
> To me the #ifdef indicates that it would be possible to use FFA on arm32. So I
> think it is better to keep them rather than having to retrofitting them in the
> future.
OK, fair enough
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-11 9:41 ` Julien Grall
@ 2022-06-13 23:18 ` Stefano Stabellini
0 siblings, 0 replies; 21+ messages in thread
From: Stefano Stabellini @ 2022-06-13 23:18 UTC (permalink / raw)
To: Julien Grall
Cc: Stefano Stabellini, Jens Wiklander, xen-devel, Volodymyr Babchuk
On Sat, 11 Jun 2022, Julien Grall wrote:
> Hi Stefano,
>
> On 11/06/2022 01:41, Stefano Stabellini wrote:
> > On Thu, 9 Jun 2022, Jens Wiklander wrote:
> > > + /* Store the registers x0 - x17 into the result structure */
> > > + stp x0, x1, [x19, #0]
> > > + stp x2, x3, [x19, #16]
> > > + stp x4, x5, [x19, #32]
> > > + stp x6, x7, [x19, #48]
> > > + stp x8, x9, [x19, #64]
> > > + stp x10, x11, [x19, #80]
> > > + stp x12, x13, [x19, #96]
> > > + stp x14, x15, [x19, #112]
> > > + stp x16, x17, [x19, #128]
> >
> > I noticed that in the original commit the offsets are declared as
> > ARM_SMCCC_1_2_REGS_X0_OFFS, etc. In Xen we could add them to
> > xen/arch/arm/arm64/asm-offsets.c given that they are only used in asm.
> >
> > That said, there isn't a huge value in declaring them given that they
> > are always read and written in order and there is nothing else in the
> > struct, so I am fine either way.
>
> While we don't support big-endian in Xen (yet?), the offsets will be inverted.
>
> Furthermore, I prefer to avoid open-coded value (in particular when they are
> related to offset). They are unlikely going to change, but at least we have
> the compiler that will compute them for us (so less chance for a problem).
I am OK with that
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-09 6:18 ` [PATCH v2 2/2] xen/arm: add FF-A mediator Jens Wiklander
2022-06-11 1:23 ` Stefano Stabellini
@ 2022-06-14 19:47 ` Volodymyr Babchuk
2022-06-15 18:15 ` Julien Grall
2022-06-16 22:37 ` Jens Wiklander
1 sibling, 2 replies; 21+ messages in thread
From: Volodymyr Babchuk @ 2022-06-14 19:47 UTC (permalink / raw)
To: Jens Wiklander; +Cc: xen-devel, Stefano Stabellini, Julien Grall
Hello Jens,
Sorry for late review, I was busy with internal projects.
This is preliminary review. I gave up at scatter-gather operations. Need
more time to review them properly.
One thing that bothers me is that Xen is non-preemptive and there are
plenty potentially long-running operations.
Jens Wiklander <jens.wiklander@linaro.org> writes:
> Adds a FF-A version 1.1 [1] mediator to communicate with a Secure
> Partition in secure world.
>
> The implementation is the bare minimum to be able to communicate with
> OP-TEE running as an SPMC at S-EL1.
>
> This is loosely based on the TEE mediator framework and the OP-TEE
> mediator.
>
> [1] https://urldefense.com/v3/__https://developer.arm.com/documentation/den0077/latest__;!!GF_29dbcQIUBPA!1rn9xKdmcgMXOyZ_CvNIVq-wAS1ZI_Ews1w-Gqt0YPwSXyyTJedeFQgD65WhhOwIf_-cIa4EINzmwM4o62XPcMt1cTLcMZ7d$ [developer[.]arm[.]com]
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> ---
> xen/arch/arm/Kconfig | 11 +
> xen/arch/arm/Makefile | 1 +
> xen/arch/arm/domain.c | 10 +
> xen/arch/arm/ffa.c | 1624 +++++++++++++++++++++++++++++
> xen/arch/arm/include/asm/domain.h | 4 +
> xen/arch/arm/include/asm/ffa.h | 71 ++
> xen/arch/arm/vsmc.c | 17 +-
> 7 files changed, 1735 insertions(+), 3 deletions(-)
> create mode 100644 xen/arch/arm/ffa.c
> create mode 100644 xen/arch/arm/include/asm/ffa.h
>
> diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> index ecfa6822e4d3..5b75067e2745 100644
> --- a/xen/arch/arm/Kconfig
> +++ b/xen/arch/arm/Kconfig
> @@ -106,6 +106,17 @@ config TEE
>
> source "arch/arm/tee/Kconfig"
>
> +config FFA
> + bool "Enable FF-A mediator support" if EXPERT
> + default n
> + depends on ARM_64
> + help
> + This option enables a minamal FF-A mediator. The mediator is
> + generic as it follows the FF-A specification [1], but it only
> + implements a small substet of the specification.
> +
> + [1] https://urldefense.com/v3/__https://developer.arm.com/documentation/den0077/latest__;!!GF_29dbcQIUBPA!1rn9xKdmcgMXOyZ_CvNIVq-wAS1ZI_Ews1w-Gqt0YPwSXyyTJedeFQgD65WhhOwIf_-cIa4EINzmwM4o62XPcMt1cTLcMZ7d$ [developer[.]arm[.]com]
> +
> endmenu
>
> menu "ARM errata workaround via the alternative framework"
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 1d862351d111..dbf5e593a069 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -20,6 +20,7 @@ obj-y += domain.o
> obj-y += domain_build.init.o
> obj-y += domctl.o
> obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
> +obj-$(CONFIG_FFA) += ffa.o
> obj-y += gic.o
> obj-y += gic-v2.o
> obj-$(CONFIG_GICV3) += gic-v3.o
> diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> index 8110c1df8638..a93e6a9c4aef 100644
> --- a/xen/arch/arm/domain.c
> +++ b/xen/arch/arm/domain.c
> @@ -27,6 +27,7 @@
> #include <asm/cpufeature.h>
> #include <asm/current.h>
> #include <asm/event.h>
> +#include <asm/ffa.h>
> #include <asm/gic.h>
> #include <asm/guest_atomics.h>
> #include <asm/irq.h>
> @@ -756,6 +757,9 @@ int arch_domain_create(struct domain *d,
> if ( (rc = tee_domain_init(d, config->arch.tee_type)) != 0 )
> goto fail;
>
> + if ( (rc = ffa_domain_init(d)) != 0 )
So, FFA support will be enabled for each domain? I think that this is
fine for experimental feature, but I want to hear maintainer's opinion.
> + goto fail;
> +
> update_domain_wallclock_time(d);
>
> /*
> @@ -998,6 +1002,7 @@ static int relinquish_memory(struct domain *d, struct page_list_head *list)
> enum {
> PROG_pci = 1,
> PROG_tee,
> + PROG_ffa,
> PROG_xen,
> PROG_page,
> PROG_mapping,
> @@ -1046,6 +1051,11 @@ int domain_relinquish_resources(struct domain *d)
> if (ret )
> return ret;
>
> + PROGRESS(ffa):
> + ret = ffa_relinquish_resources(d);
> + if (ret )
Coding style: if ( ret )
> + return ret;
> +
> PROGRESS(xen):
> ret = relinquish_memory(d, &d->xenpage_list);
> if ( ret )
> diff --git a/xen/arch/arm/ffa.c b/xen/arch/arm/ffa.c
> new file mode 100644
> index 000000000000..9063b7f2b59e
> --- /dev/null
> +++ b/xen/arch/arm/ffa.c
> @@ -0,0 +1,1624 @@
> +/*
> + * xen/arch/arm/ffa.c
> + *
> + * Arm Firmware Framework for ARMv8-A(FFA) mediator
> + *
> + * Copyright (C) 2021 Linaro Limited
It is 2022 already :)
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without restriction,
> + * including without limitation the rights to use, copy, modify, merge,
> + * publish, distribute, sublicense, and/or sell copies of the Software,
> + * and to permit persons to whom the Software is furnished to do so,
> + * subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
> + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
> + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
> + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
> + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
> + */
> +
> +#include <xen/domain_page.h>
> +#include <xen/errno.h>
> +#include <xen/init.h>
> +#include <xen/lib.h>
> +#include <xen/sched.h>
> +#include <xen/types.h>
> +#include <xen/sizes.h>
> +#include <xen/bitops.h>
> +
> +#include <asm/smccc.h>
> +#include <asm/event.h>
> +#include <asm/ffa.h>
> +#include <asm/regs.h>
> +
> +/* Error codes */
> +#define FFA_RET_OK 0
> +#define FFA_RET_NOT_SUPPORTED -1
> +#define FFA_RET_INVALID_PARAMETERS -2
> +#define FFA_RET_NO_MEMORY -3
> +#define FFA_RET_BUSY -4
> +#define FFA_RET_INTERRUPTED -5
> +#define FFA_RET_DENIED -6
> +#define FFA_RET_RETRY -7
> +#define FFA_RET_ABORTED -8
> +
> +/* FFA_VERSION helpers */
> +#define FFA_VERSION_MAJOR _AC(1,U)
> +#define FFA_VERSION_MAJOR_SHIFT _AC(16,U)
> +#define FFA_VERSION_MAJOR_MASK _AC(0x7FFF,U)
> +#define FFA_VERSION_MINOR _AC(1,U)
> +#define FFA_VERSION_MINOR_SHIFT _AC(0,U)
> +#define FFA_VERSION_MINOR_MASK _AC(0xFFFF,U)
> +#define MAKE_FFA_VERSION(major, minor) \
> + ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \
> + ((minor) & FFA_VERSION_MINOR_MASK))
> +
> +#define FFA_MIN_VERSION MAKE_FFA_VERSION(1, 0)
> +#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0)
> +#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1)
> +#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_VERSION_MAJOR, \
> + FFA_VERSION_MINOR)
> +
> +
> +#define FFA_HANDLE_HYP_FLAG BIT(63,ULL)
> +
> +/* Memory attributes: Normal memory, Write-Back cacheable, Inner shareable */
> +#define FFA_NORMAL_MEM_REG_ATTR _AC(0x2f,U)
> +
> +/* Memory access permissions: Read-write */
> +#define FFA_MEM_ACC_RW _AC(0x2,U)
> +
> +/* Clear memory before mapping in receiver */
> +#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U)
> +/* Relayer may time slice this operation */
> +#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U)
> +/* Clear memory after receiver relinquishes it */
> +#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U)
> +
> +/* Share memory transaction */
> +#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (_AC(1,U) << 3)
> +/* Relayer must choose the alignment boundary */
> +#define FFA_MEMORY_REGION_FLAG_ANY_ALIGNMENT _AC(0,U)
BIT(0, U)?
> +
> +#define FFA_HANDLE_INVALID _AC(0xffffffffffffffff,ULL)
> +
> +/* Framework direct request/response */
> +#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U)
> +#define FFA_MSG_TYPE_MASK _AC(0xFF,U);
> +#define FFA_MSG_PSCI _AC(0x0,U)
> +#define FFA_MSG_SEND_VM_CREATED _AC(0x4,U)
> +#define FFA_MSG_RESP_VM_CREATED _AC(0x5,U)
> +#define FFA_MSG_SEND_VM_DESTROYED _AC(0x6,U)
> +#define FFA_MSG_RESP_VM_DESTROYED _AC(0x7,U)
> +
> +/*
> + * Flags used for the FFA_PARTITION_INFO_GET return message:
> + * BIT(0): Supports receipt of direct requests
> + * BIT(1): Can send direct requests
> + * BIT(2): Can send and receive indirect messages
> + * BIT(3): Supports receipt of notifications
> + * BIT(4-5): Partition ID is a PE endpoint ID
> + */
> +#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0,U)
> +#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1,U)
> +#define FFA_PART_PROP_INDIRECT_MSGS BIT(2,U)
> +#define FFA_PART_PROP_RECV_NOTIF BIT(3,U)
> +#define FFA_PART_PROP_IS_PE_ID (_AC(0,U) << 4)
> +#define FFA_PART_PROP_IS_SEPID_INDEP (_AC(1,U) << 4)
> +#define FFA_PART_PROP_IS_SEPID_DEP (_AC(2,U) << 4)
> +#define FFA_PART_PROP_IS_AUX_ID (_AC(3,U) << 4)
> +#define FFA_PART_PROP_NOTIF_CREATED BIT(6,U)
> +#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7,U)
> +#define FFA_PART_PROP_AARCH64_STATE BIT(8,U)
> +
> +/* Function IDs */
> +#define FFA_ERROR _AC(0x84000060,U)
> +#define FFA_SUCCESS_32 _AC(0x84000061,U)
> +#define FFA_SUCCESS_64 _AC(0xC4000061,U)
> +#define FFA_INTERRUPT _AC(0x84000062,U)
> +#define FFA_VERSION _AC(0x84000063,U)
> +#define FFA_FEATURES _AC(0x84000064,U)
> +#define FFA_RX_ACQUIRE _AC(0x84000084,U)
> +#define FFA_RX_RELEASE _AC(0x84000065,U)
> +#define FFA_RXTX_MAP_32 _AC(0x84000066,U)
> +#define FFA_RXTX_MAP_64 _AC(0xC4000066,U)
> +#define FFA_RXTX_UNMAP _AC(0x84000067,U)
> +#define FFA_PARTITION_INFO_GET _AC(0x84000068,U)
> +#define FFA_ID_GET _AC(0x84000069,U)
> +#define FFA_SPM_ID_GET _AC(0x84000085,U)
> +#define FFA_MSG_WAIT _AC(0x8400006B,U)
> +#define FFA_MSG_YIELD _AC(0x8400006C,U)
> +#define FFA_MSG_RUN _AC(0x8400006D,U)
> +#define FFA_MSG_SEND2 _AC(0x84000086,U)
> +#define FFA_MSG_SEND_DIRECT_REQ_32 _AC(0x8400006F,U)
> +#define FFA_MSG_SEND_DIRECT_REQ_64 _AC(0xC400006F,U)
> +#define FFA_MSG_SEND_DIRECT_RESP_32 _AC(0x84000070,U)
> +#define FFA_MSG_SEND_DIRECT_RESP_64 _AC(0xC4000070,U)
> +#define FFA_MEM_DONATE_32 _AC(0x84000071,U)
> +#define FFA_MEM_DONATE_64 _AC(0xC4000071,U)
> +#define FFA_MEM_LEND_32 _AC(0x84000072,U)
> +#define FFA_MEM_LEND_64 _AC(0xC4000072,U)
> +#define FFA_MEM_SHARE_32 _AC(0x84000073,U)
> +#define FFA_MEM_SHARE_64 _AC(0xC4000073,U)
> +#define FFA_MEM_RETRIEVE_REQ_32 _AC(0x84000074,U)
> +#define FFA_MEM_RETRIEVE_REQ_64 _AC(0xC4000074,U)
> +#define FFA_MEM_RETRIEVE_RESP _AC(0x84000075,U)
> +#define FFA_MEM_RELINQUISH _AC(0x84000076,U)
> +#define FFA_MEM_RECLAIM _AC(0x84000077,U)
> +#define FFA_MEM_FRAG_RX _AC(0x8400007A,U)
> +#define FFA_MEM_FRAG_TX _AC(0x8400007B,U)
> +#define FFA_MSG_SEND _AC(0x8400006E,U)
> +#define FFA_MSG_POLL _AC(0x8400006A,U)
> +
> +/* Partition information descriptor */
> +struct ffa_partition_info_1_0 {
> + uint16_t id;
> + uint16_t execution_context;
> + uint32_t partition_properties;
> +};
> +
> +struct ffa_partition_info_1_1 {
> + uint16_t id;
> + uint16_t execution_context;
> + uint32_t partition_properties;
> + uint8_t uuid[16];
> +};
> +
> +/* Constituent memory region descriptor */
> +struct ffa_address_range {
> + uint64_t address;
> + uint32_t page_count;
> + uint32_t reserved;
> +};
> +
> +/* Composite memory region descriptor */
> +struct ffa_mem_region {
> + uint32_t total_page_count;
> + uint32_t address_range_count;
> + uint64_t reserved;
> + struct ffa_address_range address_range_array[];
> +};
> +
> +/* Memory access permissions descriptor */
> +struct ffa_mem_access_perm {
> + uint16_t endpoint_id;
> + uint8_t perm;
> + uint8_t flags;
> +};
> +
> +/* Endpoint memory access descriptor */
> +struct ffa_mem_access {
> + struct ffa_mem_access_perm access_perm;
> + uint32_t region_offs;
> + uint64_t reserved;
> +};
> +
> +/* Lend, donate or share memory transaction descriptor */
> +struct ffa_mem_transaction_1_0 {
> + uint16_t sender_id;
> + uint8_t mem_reg_attr;
> + uint8_t reserved0;
> + uint32_t flags;
> + uint64_t global_handle;
> + uint64_t tag;
> + uint32_t reserved1;
> + uint32_t mem_access_count;
> + struct ffa_mem_access mem_access_array[];
> +};
> +
> +struct ffa_mem_transaction_1_1 {
> + uint16_t sender_id;
> + uint16_t mem_reg_attr;
> + uint32_t flags;
> + uint64_t global_handle;
> + uint64_t tag;
> + uint32_t mem_access_size;
> + uint32_t mem_access_count;
> + uint32_t mem_access_offs;
> + uint8_t reserved[12];
> +};
> +
> +/*
> + * The parts needed from struct ffa_mem_transaction_1_0 or struct
> + * ffa_mem_transaction_1_1, used to provide an abstraction of difference in
> + * data structures between version 1.0 and 1.1. This is just an internal
> + * interface and can be changed without changing any ABI.
> + */
> +struct ffa_mem_transaction_x {
> + uint16_t sender_id;
> + uint8_t mem_reg_attr;
> + uint8_t flags;
> + uint8_t mem_access_size;
> + uint8_t mem_access_count;
> + uint16_t mem_access_offs;
> + uint64_t global_handle;
> + uint64_t tag;
> +};
> +
> +/* Endpoint RX/TX descriptor */
> +struct ffa_endpoint_rxtx_descriptor_1_0 {
> + uint16_t sender_id;
> + uint16_t reserved;
> + uint32_t rx_range_count;
> + uint32_t tx_range_count;
> +};
> +
> +struct ffa_endpoint_rxtx_descriptor_1_1 {
> + uint16_t sender_id;
> + uint16_t reserved;
> + uint32_t rx_region_offs;
> + uint32_t tx_region_offs;
> +};
> +
> +struct ffa_ctx {
> + void *rx;
> + void *tx;
> + struct page_info *rx_pg;
> + struct page_info *tx_pg;
> + unsigned int page_count;
> + uint32_t guest_vers;
> + bool tx_is_mine;
> + bool interrupted;
> +};
> +
> +struct ffa_shm_mem {
> + struct list_head list;
> + uint16_t sender_id;
> + uint16_t ep_id; /* endpoint, the one lending */
> + uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */
> + unsigned int page_count;
> + struct page_info *pages[];
> +};
> +
> +struct mem_frag_state {
> + struct list_head list;
> + struct ffa_shm_mem *shm;
> + uint32_t range_count;
> + unsigned int current_page_idx;
> + unsigned int frag_offset;
> + unsigned int range_offset;
> + uint8_t *buf;
> + unsigned int buf_size;
> + struct ffa_address_range range;
> +};
> +
> +/*
> + * Our rx/rx buffer shared with the SPMC
> + */
> +static uint32_t ffa_version;
> +static uint16_t *subsr_vm_created;
> +static unsigned int subsr_vm_created_count;
> +static uint16_t *subsr_vm_destroyed;
> +static unsigned int subsr_vm_destroyed_count;
> +static void *ffa_rx;
> +static void *ffa_tx;
> +static unsigned int ffa_page_count;
> +static spinlock_t ffa_buffer_lock = SPIN_LOCK_UNLOCKED;
> +
> +static struct list_head ffa_mem_list = LIST_HEAD_INIT(ffa_mem_list);
> +static struct list_head ffa_frag_list = LIST_HEAD_INIT(ffa_frag_list);
> +static spinlock_t ffa_mem_list_lock = SPIN_LOCK_UNLOCKED;
> +
> +static uint64_t next_handle = FFA_HANDLE_HYP_FLAG;
> +
> +static uint64_t reg_pair_to_64(uint32_t reg0, uint32_t reg1)
> +{
> + return (uint64_t)reg0 << 32 | reg1;
> +}
> +
> +static void reg_pair_from_64(uint32_t *reg0, uint32_t *reg1, uint64_t val)
> +{
> + *reg0 = val >> 32;
> + *reg1 = val;
> +}
> +
> +static bool ffa_get_version(uint32_t *vers)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_VERSION, .a1 = FFA_MY_VERSION,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> + if ( resp.a0 == FFA_RET_NOT_SUPPORTED )
> + {
> + printk(XENLOG_ERR "ffa: FFA_VERSION returned not supported\n");
> + return false;
> + }
> +
> + *vers = resp.a0;
> + return true;
> +}
> +
> +static uint32_t ffa_rxtx_map(register_t tx_addr, register_t rx_addr,
> + uint32_t page_count)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> +#ifdef CONFIG_ARM_64
> + .a0 = FFA_RXTX_MAP_64,
> +#endif
> +#ifdef CONFIG_ARM_32
> + .a0 = FFA_RXTX_MAP_32,
> +#endif
> + .a1 = tx_addr, .a2 = rx_addr,
> + .a3 = page_count,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
What if we get SMCCC_NOT_SUPPORTED there?
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + return FFA_RET_OK;
> +}
> +
> +static uint32_t ffa_rxtx_unmap(uint16_t vm_id)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_RXTX_UNMAP, .a1 = vm_id,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
The same question. I believe it is better to test against FFA_SUCCESS.
Also looks like this code can be extracted into some helper function,
because it repeats again and again.
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + return FFA_RET_OK;
> +}
> +
> +static uint32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
> + uint32_t w4, uint32_t w5,
> + uint32_t *count)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_PARTITION_INFO_GET, .a1 = w1, .a2 = w2, .a3 = w3, .a4 = w4,
> + .a5 = w5,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + *count = resp.a2;
> +
> + return FFA_RET_OK;
> +}
> +
> +static uint32_t ffa_rx_release(void)
> +{
> + const struct arm_smccc_1_2_regs arg = { .a0 = FFA_RX_RELEASE, };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + return FFA_RET_OK;
> +}
> +
> +static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len,
> + register_t addr, uint32_t pg_count,
> + uint64_t *handle)
> +{
> + struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_MEM_SHARE_32, .a1 = tot_len, .a2 = frag_len, .a3 = addr,
> + .a4 = pg_count,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + /*
> + * For arm64 we must use 64-bit calling convention if the buffer isn't
> + * passed in our tx buffer.
> + */
> + if (sizeof(addr) > 4 && addr)
> + arg.a0 = FFA_MEM_SHARE_64;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + switch ( resp.a0 ) {
> + case FFA_ERROR:
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + case FFA_SUCCESS_32:
> + *handle = reg_pair_to_64(resp.a3, resp.a2);
> + return FFA_RET_OK;
> + case FFA_MEM_FRAG_RX:
> + *handle = reg_pair_to_64(resp.a2, resp.a1);
> + return resp.a3;
> + default:
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +}
> +
> +static int32_t ffa_mem_frag_tx(uint64_t handle, uint32_t frag_len,
> + uint16_t sender_id)
> +{
> + struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_MEM_FRAG_TX, .a1 = handle & UINT32_MAX, .a2 = handle >> 32,
> + .a3 = frag_len, .a4 = (uint32_t)sender_id << 16,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + switch ( resp.a0 ) {
> + case FFA_ERROR:
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + case FFA_SUCCESS_32:
> + return FFA_RET_OK;
> + case FFA_MEM_FRAG_RX:
> + return resp.a3;
> + default:
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +}
> +
> +static uint32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi,
> + uint32_t flags)
> +{
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_MEM_RECLAIM, .a1 = handle_lo, .a2 = handle_hi, .a3 = flags,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + if ( resp.a0 == FFA_ERROR )
> + {
> + if ( resp.a2 )
> + return resp.a2;
> + else
> + return FFA_RET_NOT_SUPPORTED;
> + }
> +
> + return FFA_RET_OK;
> +}
> +
> +static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id,
> + uint8_t msg)
> +{
> + uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK;
> + int32_t res;
> +
> + if ( msg != FFA_MSG_SEND_VM_CREATED && msg !=FFA_MSG_SEND_VM_DESTROYED )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + if ( msg == FFA_MSG_SEND_VM_CREATED )
> + exp_resp |= FFA_MSG_RESP_VM_CREATED;
> + else
> + exp_resp |= FFA_MSG_RESP_VM_DESTROYED;
> +
> + do {
> + const struct arm_smccc_1_2_regs arg = {
> + .a0 = FFA_MSG_SEND_DIRECT_REQ_32,
> + .a1 = sp_id,
> + .a2 = FFA_MSG_FLAG_FRAMEWORK | msg,
> + .a5 = vm_id,
> + };
> + struct arm_smccc_1_2_regs resp;
> +
> + arm_smccc_1_2_smc(&arg, &resp);
> + if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) {
> + /*
> + * This is an invalid response, likely due to some error in the
> + * implementation of the ABI.
> + */
> + return FFA_RET_INVALID_PARAMETERS;
> + }
> + res = resp.a3;
> + } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY );
How long this loop can ran? XEN is not preemptive unfortunately. So,
maybe we need some way to restart this call.
> +
> + return res;
> +}
> +
> +static u16 get_vm_id(struct domain *d)
> +{
> + /* +1 since 0 is reserved for the hypervisor in FF-A */
> + return d->domain_id + 1;
> +}
> +
> +static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1,
> + register_t v2, register_t v3, register_t v4, register_t v5,
> + register_t v6, register_t v7)
> +{
> + set_user_reg(regs, 0, v0);
> + set_user_reg(regs, 1, v1);
> + set_user_reg(regs, 2, v2);
> + set_user_reg(regs, 3, v3);
> + set_user_reg(regs, 4, v4);
> + set_user_reg(regs, 5, v5);
> + set_user_reg(regs, 6, v6);
> + set_user_reg(regs, 7, v7);
> +}
> +
> +static void set_regs_error(struct cpu_user_regs *regs, uint32_t error_code)
> +{
> + set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0);
> +}
> +
> +static void set_regs_success(struct cpu_user_regs *regs, uint32_t w2,
> + uint32_t w3)
> +{
> + set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0);
> +}
> +
> +static void set_regs_frag_rx(struct cpu_user_regs *regs, uint32_t handle_lo,
> + uint32_t handle_hi, uint32_t frag_offset,
> + uint16_t sender_id)
> +{
> + set_regs(regs, FFA_MEM_FRAG_RX, handle_lo, handle_hi, frag_offset,
> + (uint32_t)sender_id << 16, 0, 0, 0);
> +}
> +
> +static void handle_version(struct cpu_user_regs *regs)
> +{
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + uint32_t vers = get_user_reg(regs, 1);
> +
> + if ( vers < FFA_VERSION_1_1 )
> + vers = FFA_VERSION_1_0;
> + else
> + vers = FFA_VERSION_1_1;
> +
> + ctx->guest_vers = vers;
> + set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
> +}
> +
> +static uint32_t handle_rxtx_map(uint32_t fid, register_t tx_addr,
> + register_t rx_addr, uint32_t page_count)
> +{
> + uint32_t ret = FFA_RET_NOT_SUPPORTED;
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + struct page_info *tx_pg;
> + struct page_info *rx_pg;
> + p2m_type_t t;
> + void *rx;
> + void *tx;
> +
> + if ( !smccc_is_conv_64(fid) )
> + {
> + tx_addr &= UINT32_MAX;
> + rx_addr &= UINT32_MAX;
> + }
> +
> + /* For now to keep things simple, only deal with a single page */
> + if ( page_count != 1 )
> + return FFA_RET_NOT_SUPPORTED;
> +
> + /* Already mapped */
> + if ( ctx->rx )
> + return FFA_RET_DENIED;
> +
> + tx_pg = get_page_from_gfn(d, gaddr_to_gfn(tx_addr), &t, P2M_ALLOC);
> + if ( !tx_pg )
> + return FFA_RET_NOT_SUPPORTED;
> + /* Only normal RAM for now */
> + if (t != p2m_ram_rw)
> + goto err_put_tx_pg;
> +
> + rx_pg = get_page_from_gfn(d, gaddr_to_gfn(rx_addr), &t, P2M_ALLOC);
> + if ( !tx_pg )
> + goto err_put_tx_pg;
> + /* Only normal RAM for now */
> + if ( t != p2m_ram_rw )
> + goto err_put_rx_pg;
> +
> + tx = __map_domain_page_global(tx_pg);
> + if ( !tx )
> + goto err_put_rx_pg;
> +
> + rx = __map_domain_page_global(rx_pg);
> + if ( !rx )
> + goto err_unmap_tx;
> +
> + ctx->rx = rx;
> + ctx->tx = tx;
> + ctx->rx_pg = rx_pg;
> + ctx->tx_pg = tx_pg;
> + ctx->page_count = 1;
> + ctx->tx_is_mine = true;
> + return FFA_RET_OK;
> +
> +err_unmap_tx:
> + unmap_domain_page_global(tx);
> +err_put_rx_pg:
> + put_page(rx_pg);
> +err_put_tx_pg:
> + put_page(tx_pg);
> + return ret;
> +}
> +
> +static uint32_t handle_rxtx_unmap(void)
> +{
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + uint32_t ret;
> +
> + if ( !ctx-> rx )
coding style: ctx->rx
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + ret = ffa_rxtx_unmap(get_vm_id(d));
> + if ( ret )
> + return ret;
> +
> + unmap_domain_page_global(ctx->rx);
> + unmap_domain_page_global(ctx->tx);
> + put_page(ctx->rx_pg);
> + put_page(ctx->tx_pg);
> + ctx->rx = NULL;
> + ctx->tx = NULL;
> + ctx->rx_pg = NULL;
> + ctx->tx_pg = NULL;
> + ctx->page_count = 0;
> + ctx->tx_is_mine = false;
> +
> + return FFA_RET_OK;
> +}
> +
> +static uint32_t handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
> + uint32_t w4, uint32_t w5,
> + uint32_t *count)
> +{
> + uint32_t ret = FFA_RET_DENIED;
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> +
> + if ( !ffa_page_count )
> + return FFA_RET_DENIED;
> +
> + spin_lock(&ffa_buffer_lock);
> + if ( !ctx->page_count || !ctx->tx_is_mine )
> + goto out;
> + ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count);
> + if ( ret )
> + goto out;
> + if ( ctx->guest_vers == FFA_VERSION_1_0 ) {
> + size_t n;
> + struct ffa_partition_info_1_1 *src = ffa_rx;
> + struct ffa_partition_info_1_0 *dst = ctx->rx;
> +
> + for ( n = 0; n < *count; n++ ) {
> + dst[n].id = src[n].id;
> + dst[n].execution_context = src[n].execution_context;
> + dst[n].partition_properties = src[n].partition_properties;
> + }
> + } else {
Maybe it is worth to check version in this branch? Or at least
put ASSERT(ctx->guest_vers == FFA_VERSION_1_1).
> + size_t sz = *count * sizeof(struct ffa_partition_info_1_1);
> +
> + memcpy(ctx->rx, ffa_rx, sz);
> + }
> + ffa_rx_release();
> + ctx->tx_is_mine = false;
> +out:
> + spin_unlock(&ffa_buffer_lock);
> +
> + return ret;
> +}
> +
> +static uint32_t handle_rx_release(void)
> +{
> + uint32_t ret = FFA_RET_DENIED;
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> +
> + spin_lock(&ffa_buffer_lock);
> + if ( !ctx->page_count || ctx->tx_is_mine )
> + goto out;
> + ret = FFA_RET_OK;
> + ctx->tx_is_mine = true;
> +out:
> + spin_unlock(&ffa_buffer_lock);
> +
> + return ret;
> +}
> +
> +static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid)
> +{
> + struct arm_smccc_1_2_regs arg = { .a0 = fid, };
> + struct arm_smccc_1_2_regs resp = { };
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + uint32_t src_dst;
> + uint64_t mask;
> +
> + if ( smccc_is_conv_64(fid) )
> + mask = 0xffffffffffffffff;
> + else
> + mask = 0xffffffff;
> +
> + src_dst = get_user_reg(regs, 1);
Should you apply mask there?
> + if ( (src_dst >> 16) != get_vm_id(d) )
> + {
> + resp.a0 = FFA_ERROR;
> + resp.a2 = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> +
> + arg.a1 = src_dst;
... or there?
> + arg.a2 = get_user_reg(regs, 2) & mask;
> + arg.a3 = get_user_reg(regs, 3) & mask;
> + arg.a4 = get_user_reg(regs, 4) & mask;
> + arg.a5 = get_user_reg(regs, 5) & mask;
> + arg.a6 = get_user_reg(regs, 6) & mask;
> + arg.a7 = get_user_reg(regs, 7) & mask;
> +
> + while ( true ) {
> + arm_smccc_1_2_smc(&arg, &resp);
> +
> + switch ( resp.a0 )
> + {
> + case FFA_INTERRUPT:
> + ctx->interrupted = true;
> + goto out;
> + case FFA_ERROR:
> + case FFA_SUCCESS_32:
> + case FFA_SUCCESS_64:
> + case FFA_MSG_SEND_DIRECT_RESP_32:
> + case FFA_MSG_SEND_DIRECT_RESP_64:
> + goto out;
> + default:
> + /* Bad fid, report back. */
> + memset(&arg, 0, sizeof(arg));
> + arg.a0 = FFA_ERROR;
> + arg.a1 = src_dst;
> + arg.a2 = FFA_RET_NOT_SUPPORTED;
> + continue;
> + }
> + }
> +
> +out:
> + set_user_reg(regs, 0, resp.a0);
> + set_user_reg(regs, 2, resp.a2 & mask);
> + set_user_reg(regs, 1, resp.a1 & mask);
Looks like you need to swap two lines above.
> + set_user_reg(regs, 3, resp.a3 & mask);
> + set_user_reg(regs, 4, resp.a4 & mask);
> + set_user_reg(regs, 5, resp.a5 & mask);
> + set_user_reg(regs, 6, resp.a6 & mask);
> + set_user_reg(regs, 7, resp.a7 & mask);
> +}
> +
> +static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm,
> + struct ffa_address_range *range, uint32_t range_count,
> + unsigned int start_page_idx,
> + unsigned int *last_page_idx)
> +{
> + unsigned int pg_idx = start_page_idx;
> + unsigned long gfn;
> + unsigned int n;
> + unsigned int m;
> + p2m_type_t t;
> + uint64_t addr;
> +
> + for ( n = 0; n < range_count; n++ ) {
> + for ( m = 0; m < range[n].page_count; m++ ) {
> + if ( pg_idx >= shm->page_count )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + addr = read_atomic(&range[n].address);
> + gfn = gaddr_to_gfn(addr + m * PAGE_SIZE);
> + shm->pages[pg_idx] = get_page_from_gfn(d, gfn, &t, P2M_ALLOC);
> + if ( !shm->pages[pg_idx] )
> + return FFA_RET_DENIED;
> + pg_idx++;
> + /* Only normal RAM for now */
> + if ( t != p2m_ram_rw )
> + return FFA_RET_DENIED;
> + }
> + }
> +
> + *last_page_idx = pg_idx;
> +
> + return FFA_RET_OK;
> +}
> +
> +static void put_shm_pages(struct ffa_shm_mem *shm)
> +{
> + unsigned int n;
> +
> + for ( n = 0; n < shm->page_count && shm->pages[n]; n++ )
> + {
> + if ( shm->pages[n] ) {
Looks like this check is redundant, you already checking the same in the
`if` block.
> + put_page(shm->pages[n]);
> + shm->pages[n] = NULL;
> + }
> + }
> +}
> +
> +static void init_range(struct ffa_address_range *addr_range,
> + paddr_t pa)
> +{
> + memset(addr_range, 0, sizeof(*addr_range));
> + addr_range->address = pa;
> + addr_range->page_count = 1;
> +}
> +
> +static int share_shm(struct ffa_shm_mem *shm)
> +{
> + uint32_t max_frag_len = ffa_page_count * PAGE_SIZE;
> + struct ffa_mem_transaction_1_1 *descr = ffa_tx;
> + struct ffa_mem_access *mem_access_array;
> + struct ffa_mem_region *region_descr;
> + struct ffa_address_range *addr_range;
> + paddr_t pa;
> + paddr_t last_pa;
> + unsigned int n;
> + uint32_t frag_len;
> + uint32_t tot_len;
> + int ret;
> + unsigned int range_count;
> + unsigned int range_base;
> + bool first;
> +
> + memset(descr, 0, sizeof(*descr));
> + descr->sender_id = shm->sender_id;
> + descr->global_handle = shm->handle;
> + descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR;
> + descr->mem_access_count = 1;
> + descr->mem_access_size = sizeof(*mem_access_array);
> + descr->mem_access_offs = sizeof(*descr);
> + mem_access_array = (void *)(descr + 1);
> + region_descr = (void *)(mem_access_array + 1);
> +
> + memset(mem_access_array, 0, sizeof(*mem_access_array));
> + mem_access_array[0].access_perm.endpoint_id = shm->ep_id;
> + mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW;
> + mem_access_array[0].region_offs = (vaddr_t)region_descr - (vaddr_t)ffa_tx;
> +
> + memset(region_descr, 0, sizeof(*region_descr));
> + region_descr->total_page_count = shm->page_count;
> +
> + region_descr->address_range_count = 1;
> + last_pa = page_to_maddr(shm->pages[0]);
> + for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
> + {
> + pa = page_to_maddr(shm->pages[n]);
> + if ( last_pa + PAGE_SIZE == pa )
> + {
> + continue;
> + }
> + region_descr->address_range_count++;
> + }
> +
> + tot_len = sizeof(*descr) + sizeof(*mem_access_array) +
> + sizeof(*region_descr) +
> + region_descr->address_range_count * sizeof(*addr_range);
> +
> + addr_range = region_descr->address_range_array;
> + frag_len = (vaddr_t)(addr_range + 1) - (vaddr_t)ffa_tx;
> + last_pa = page_to_maddr(shm->pages[0]);
> + init_range(addr_range, last_pa);
> + first = true;
> + range_count = 1;
> + range_base = 0;
> + for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
> + {
> + pa = page_to_maddr(shm->pages[n]);
> + if ( last_pa + PAGE_SIZE == pa )
> + {
> + addr_range->page_count++;
> + continue;
> + }
> +
> + if (frag_len == max_frag_len) {
coding stlyle: if ( ... )
{
> + if (first)
coding stlyle if ( ... )
> + {
> + ret = ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
> + first = false;
> + }
> + else
> + {
> + ret = ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
> + }
> + if (ret <= 0)
> + return ret;
> + range_base = range_count;
> + range_count = 0;
> + frag_len = sizeof(*addr_range);
> + addr_range = ffa_tx;
> + } else {
> + frag_len += sizeof(*addr_range);
> + addr_range++;
> + }
> + init_range(addr_range, pa);
> + range_count++;
> + }
> +
> + if (first)
> + return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
> + else
> + return ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
> +}
> +
> +static int read_mem_transaction(uint32_t ffa_vers, void *buf, size_t blen,
> + struct ffa_mem_transaction_x *trans)
> +{
> + uint16_t mem_reg_attr;
> + uint32_t flags;
> + uint32_t count;
> + uint32_t offs;
> + uint32_t size;
> +
> + if (ffa_vers >= FFA_VERSION_1_1) {
coding style: if ( ... )
{
> + struct ffa_mem_transaction_1_1 *descr;
> +
> + if (blen < sizeof(*descr))
coding style: if ( ... )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + descr = buf;
> + trans->sender_id = read_atomic(&descr->sender_id);
> + mem_reg_attr = read_atomic(&descr->mem_reg_attr);
> + flags = read_atomic(&descr->flags);
> + trans->global_handle = read_atomic(&descr->global_handle);
> + trans->tag = read_atomic(&descr->tag);
> +
> + count = read_atomic(&descr->mem_access_count);
> + size = read_atomic(&descr->mem_access_size);
> + offs = read_atomic(&descr->mem_access_offs);
> + } else {
coding style:
}
else
{
> + struct ffa_mem_transaction_1_0 *descr;
> +
> + if (blen < sizeof(*descr))
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + descr = buf;
> + trans->sender_id = read_atomic(&descr->sender_id);
> + mem_reg_attr = read_atomic(&descr->mem_reg_attr);
> + flags = read_atomic(&descr->flags);
> + trans->global_handle = read_atomic(&descr->global_handle);
> + trans->tag = read_atomic(&descr->tag);
> +
> + count = read_atomic(&descr->mem_access_count);
> + size = sizeof(struct ffa_mem_access);
> + offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array);
> + }
> +
> + if (mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX ||
> + count > UINT8_MAX || offs > UINT16_MAX)
coding style: if ( ... )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + /* Check that the endpoint memory access descriptor array fits */
> + if (size * count + offs > blen)
the same
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + trans->mem_reg_attr = mem_reg_attr;
> + trans->flags = flags;
> + trans->mem_access_size = size;
> + trans->mem_access_count = count;
> + trans->mem_access_offs = offs;
> + return 0;
> +}
> +
> +static int add_mem_share_frag(struct mem_frag_state *s, unsigned int offs,
> + unsigned int frag_len)
> +{
> + struct domain *d = current->domain;
> + unsigned int o = offs;
> + unsigned int l;
> + int ret;
> +
> + if (frag_len < o)
the same
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + /* Fill up the first struct ffa_address_range */
> + l = min_t(unsigned int, frag_len - o, sizeof(s->range) - s->range_offset);
> + memcpy((uint8_t *)&s->range + s->range_offset, s->buf + o, l);
> + s->range_offset += l;
> + o += l;
> + if (s->range_offset != sizeof(s->range))
> + goto out;
> + s->range_offset = 0;
> +
> + while (true) {
the same
> + ret = get_shm_pages(d, s->shm, &s->range, 1, s->current_page_idx,
> + &s->current_page_idx);
> + if (ret)
> + return ret;
> + if (s->range_count == 1)
> + return 0;
> + s->range_count--;
> + if (frag_len - o < sizeof(s->range))
> + break;
> + memcpy(&s->range, s->buf + o, sizeof(s->range));
> + o += sizeof(s->range);
> + }
> +
> + /* Collect any remaining bytes for the next struct ffa_address_range */
> + s->range_offset = frag_len - o;
> + memcpy(&s->range, s->buf + o, frag_len - o);
> +out:
> + s->frag_offset += frag_len;
> + return s->frag_offset;
> +}
> +
> +static void handle_mem_share(struct cpu_user_regs *regs)
> +{
> + uint32_t tot_len = get_user_reg(regs, 1);
> + uint32_t frag_len = get_user_reg(regs, 2);
> + uint64_t addr = get_user_reg(regs, 3);
> + uint32_t page_count = get_user_reg(regs, 4);
> + struct ffa_mem_transaction_x trans;
> + struct ffa_mem_access *mem_access;
> + struct ffa_mem_region *region_descr;
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + struct ffa_shm_mem *shm = NULL;
> + unsigned int last_page_idx = 0;
> + uint32_t range_count;
> + uint32_t region_offs;
> + int ret = FFA_RET_DENIED;
> + uint32_t handle_hi = 0;
> + uint32_t handle_lo = 0;
> +
> + /*
> + * We're only accepting memory transaction descriptors via the rx/tx
> + * buffer.
> + */
> + if ( addr ) {
coding style
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out_unlock;
> + }
> +
> + /* Check that fragment legnth doesn't exceed total length */
> + if (frag_len > tot_len) {
coding style
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out_unlock;
> + }
> +
> + spin_lock(&ffa_buffer_lock);
> +
> + if ( frag_len > ctx->page_count * PAGE_SIZE )
> + goto out_unlock;
> +
> + if ( !ffa_page_count ) {
> + ret = FFA_RET_NO_MEMORY;
> + goto out_unlock;
> + }
> +
> + ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans);
> + if (ret)
coding style
> + goto out_unlock;
> +
> + if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR )
> + {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out;
> + }
> +
> + /* Only supports sharing it with one SP for now */
> + if ( trans.mem_access_count != 1 )
> + {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out_unlock;
> + }
> +
> + if ( trans.sender_id != get_vm_id(d) )
> + {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out_unlock;
> + }
> +
> + /* Check that it fits in the supplied data */
> + if ( trans.mem_access_offs + trans.mem_access_size > frag_len)
> + goto out_unlock;
> +
> + mem_access = (void *)((vaddr_t)ctx->tx + trans.mem_access_offs);
> + if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW )
> + {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out_unlock;
> + }
> +
> + region_offs = read_atomic(&mem_access->region_offs);
> + if (sizeof(*region_descr) + region_offs > frag_len) {
> + ret = FFA_RET_NOT_SUPPORTED;
> + goto out_unlock;
> + }
> +
> + region_descr = (void *)((vaddr_t)ctx->tx + region_offs);
> + range_count = read_atomic(®ion_descr->address_range_count);
> + page_count = read_atomic(®ion_descr->total_page_count);
> +
> + shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count);
> + if ( !shm )
> + {
> + ret = FFA_RET_NO_MEMORY;
> + goto out;
> + }
> + shm->sender_id = trans.sender_id;
> + shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id);
> + shm->page_count = page_count;
> +
> + if (frag_len != tot_len) {
> + struct mem_frag_state *s = xzalloc(struct mem_frag_state);
> +
> + if (!s) {
> + ret = FFA_RET_NO_MEMORY;
> + goto out;
> + }
> + s->shm = shm;
> + s->range_count = range_count;
> + s->buf = ctx->tx;
> + s->buf_size = ffa_page_count * PAGE_SIZE;
> + ret = add_mem_share_frag(s, sizeof(*region_descr) + region_offs,
> + frag_len);
> + if (ret <= 0) {
> + xfree(s);
> + if (ret < 0)
> + goto out;
> + } else {
> + shm->handle = next_handle++;
> + reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
> + spin_lock(&ffa_mem_list_lock);
> + list_add_tail(&s->list, &ffa_frag_list);
> + spin_unlock(&ffa_mem_list_lock);
> + }
> + goto out_unlock;
> + }
> +
> + /*
> + * Check that the Composite memory region descriptor fits.
> + */
> + if ( sizeof(*region_descr) + region_offs +
> + range_count * sizeof(struct ffa_address_range) > frag_len) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> +
> + ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count,
> + 0, &last_page_idx);
> + if ( ret )
> + goto out;
> + if (last_page_idx != shm->page_count) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> +
> + /* Note that share_shm() uses our tx buffer */
> + ret = share_shm(shm);
> + if ( ret )
> + goto out;
> +
> + spin_lock(&ffa_mem_list_lock);
> + list_add_tail(&shm->list, &ffa_mem_list);
> + spin_unlock(&ffa_mem_list_lock);
> +
> + reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
> +
> +out:
> + if ( ret && shm )
> + {
> + put_shm_pages(shm);
> + xfree(shm);
> + }
> +out_unlock:
> + spin_unlock(&ffa_buffer_lock);
> +
> + if ( ret > 0 )
> + set_regs_frag_rx(regs, handle_lo, handle_hi, ret, trans.sender_id);
> + else if ( ret == 0)
> + set_regs_success(regs, handle_lo, handle_hi);
> + else
> + set_regs_error(regs, ret);
> +}
> +
> +static struct mem_frag_state *find_frag_state(uint64_t handle)
> +{
> + struct mem_frag_state *s;
> +
> + list_for_each_entry(s, &ffa_frag_list, list)
> + if ( s->shm->handle == handle)
> + return s;
> +
> + return NULL;
> +}
> +
> +static void handle_mem_frag_tx(struct cpu_user_regs *regs)
> +{
> + uint32_t frag_len = get_user_reg(regs, 3);
> + uint32_t handle_lo = get_user_reg(regs, 1);
> + uint32_t handle_hi = get_user_reg(regs, 2);
> + uint64_t handle = reg_pair_to_64(handle_hi, handle_lo);
> + struct mem_frag_state *s;
> + uint16_t sender_id = 0;
> + int ret;
> +
> + spin_lock(&ffa_buffer_lock);
> + s = find_frag_state(handle);
> + if (!s) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> + sender_id = s->shm->sender_id;
> +
> + if (frag_len > s->buf_size) {
> + ret = FFA_RET_INVALID_PARAMETERS;
> + goto out;
> + }
> +
> + ret = add_mem_share_frag(s, 0, frag_len);
> + if (ret == 0) {
> + /* Note that share_shm() uses our tx buffer */
> + ret = share_shm(s->shm);
> + if (ret == 0) {
> + spin_lock(&ffa_mem_list_lock);
> + list_add_tail(&s->shm->list, &ffa_mem_list);
> + spin_unlock(&ffa_mem_list_lock);
> + } else {
> + put_shm_pages(s->shm);
> + xfree(s->shm);
> + }
> + spin_lock(&ffa_mem_list_lock);
> + list_del(&s->list);
> + spin_unlock(&ffa_mem_list_lock);
> + xfree(s);
> + } else if (ret < 0) {
> + put_shm_pages(s->shm);
> + xfree(s->shm);
> + spin_lock(&ffa_mem_list_lock);
> + list_del(&s->list);
> + spin_unlock(&ffa_mem_list_lock);
> + xfree(s);
> + }
> +out:
> + spin_unlock(&ffa_buffer_lock);
> +
> + if ( ret > 0 )
> + set_regs_frag_rx(regs, handle_lo, handle_hi, ret, sender_id);
> + else if ( ret == 0)
> + set_regs_success(regs, handle_lo, handle_hi);
> + else
> + set_regs_error(regs, ret);
> +}
> +
> +static int handle_mem_reclaim(uint64_t handle, uint32_t flags)
> +{
> + struct ffa_shm_mem *shm;
> + uint32_t handle_hi;
> + uint32_t handle_lo;
> + int ret;
> +
> + spin_lock(&ffa_mem_list_lock);
> + list_for_each_entry(shm, &ffa_mem_list, list) {
> + if ( shm->handle == handle )
> + goto found_it;
> + }
> + shm = NULL;
> +found_it:
> + spin_unlock(&ffa_mem_list_lock);
> +
> + if ( !shm )
> + return FFA_RET_INVALID_PARAMETERS;
> +
> + reg_pair_from_64(&handle_hi, &handle_lo, handle);
> + ret = ffa_mem_reclaim(handle_lo, handle_hi, flags);
> + if ( ret )
> + return ret;
> +
> + spin_lock(&ffa_mem_list_lock);
> + list_del(&shm->list);
> + spin_unlock(&ffa_mem_list_lock);
> +
> + put_shm_pages(shm);
> + xfree(shm);
> +
> + return ret;
> +}
> +
> +bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
> +{
> + struct domain *d = current->domain;
> + struct ffa_ctx *ctx = d->arch.ffa;
> + uint32_t count;
> + uint32_t e;
> +
> + if ( !ctx )
> + return false;
> +
> + switch ( fid )
> + {
> + case FFA_VERSION:
> + handle_version(regs);
> + return true;
> + case FFA_ID_GET:
> + set_regs_success(regs, get_vm_id(d), 0);
> + return true;
> + case FFA_RXTX_MAP_32:
> +#ifdef CONFIG_ARM_64
> + case FFA_RXTX_MAP_64:
> +#endif
> + e = handle_rxtx_map(fid, get_user_reg(regs, 1), get_user_reg(regs, 2),
> + get_user_reg(regs, 3));
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, 0, 0);
> + return true;
> + case FFA_RXTX_UNMAP:
> + e = handle_rxtx_unmap();
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, 0, 0);
> + return true;
> + case FFA_PARTITION_INFO_GET:
> + e = handle_partition_info_get(get_user_reg(regs, 1),
> + get_user_reg(regs, 2),
> + get_user_reg(regs, 3),
> + get_user_reg(regs, 4),
> + get_user_reg(regs, 5), &count);
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, count, 0);
> + return true;
> + case FFA_RX_RELEASE:
> + e = handle_rx_release();
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, 0, 0);
> + return true;
> + case FFA_MSG_SEND_DIRECT_REQ_32:
> +#ifdef CONFIG_ARM_64
> + case FFA_MSG_SEND_DIRECT_REQ_64:
> +#endif
> + handle_msg_send_direct_req(regs, fid);
> + return true;
> + case FFA_MEM_SHARE_32:
> +#ifdef CONFIG_ARM_64
> + case FFA_MEM_SHARE_64:
> +#endif
> + handle_mem_share(regs);
> + return true;
> + case FFA_MEM_RECLAIM:
> + e = handle_mem_reclaim(reg_pair_to_64(get_user_reg(regs, 2),
> + get_user_reg(regs, 1)),
> + get_user_reg(regs, 3));
> + if ( e )
> + set_regs_error(regs, e);
> + else
> + set_regs_success(regs, 0, 0);
> + return true;
> + case FFA_MEM_FRAG_TX:
> + handle_mem_frag_tx(regs);
> + return true;
> +
> + default:
> + printk(XENLOG_ERR "ffa: unhandled fid 0x%x\n", fid);
> + return false;
> + }
> +}
> +
> +int ffa_domain_init(struct domain *d)
> +{
> + struct ffa_ctx *ctx;
> + unsigned int n;
> + unsigned int m;
> + unsigned int c_pos;
> + int32_t res;
> +
> + if ( !ffa_version )
> + return 0;
> +
> + ctx = xzalloc(struct ffa_ctx);
> + if ( !ctx )
> + return -ENOMEM;
> +
> + for ( n = 0; n < subsr_vm_created_count; n++ ) {
> + res = ffa_direct_req_send_vm(subsr_vm_created[n], get_vm_id(d),
> + FFA_MSG_SEND_VM_CREATED);
> + if ( res ) {
> + printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n",
> + get_vm_id(d), subsr_vm_created[n], res);
> + c_pos = n;
> + goto err;
> + }
> + }
> +
> + d->arch.ffa = ctx;
> +
> + return 0;
> +
> +err:
> + /* Undo any already sent vm created messaged */
> + for ( n = 0; n < c_pos; n++ )
> + for ( m = 0; m < subsr_vm_destroyed_count; m++ )
> + if ( subsr_vm_destroyed[m] == subsr_vm_created[n] )
> + ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
> + FFA_MSG_SEND_VM_DESTROYED);
> + return -ENOMEM;
> +}
> +
> +int ffa_relinquish_resources(struct domain *d)
> +{
> + struct ffa_ctx *ctx = d->arch.ffa;
> + unsigned int n;
> + int32_t res;
> +
> + if ( !ctx )
> + return 0;
> +
> + for ( n = 0; n < subsr_vm_destroyed_count; n++ ) {
> + res = ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
> + FFA_MSG_SEND_VM_DESTROYED);
> +
> + if ( res )
> + printk(XENLOG_ERR "ffa: Failed to report destruction of vm_id %u to %u: res %d\n",
> + get_vm_id(d), subsr_vm_destroyed[n], res);
> + }
> +
> + XFREE(d->arch.ffa);
> +
> + return 0;
> +}
> +
> +static bool __init init_subscribers(void)
> +{
> + struct ffa_partition_info_1_1 *fpi;
> + bool ret = false;
> + uint32_t count;
> + uint32_t e;
> + uint32_t n;
> + uint32_t c_pos;
> + uint32_t d_pos;
> +
> + if ( ffa_version < FFA_VERSION_1_1 )
> + return true;
> +
> + e = ffa_partition_info_get(0, 0, 0, 0, 1, &count);
> + ffa_rx_release();
> + if ( e ) {
> + printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", (int)e);
> + goto out;
> + }
> +
> + fpi = ffa_rx;
> + subsr_vm_created_count = 0;
> + subsr_vm_destroyed_count = 0;
> + for ( n = 0; n < count; n++ ) {
> + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
> + subsr_vm_created_count++;
> + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
> + subsr_vm_destroyed_count++;
> + }
> +
> + if ( subsr_vm_created_count )
> + subsr_vm_created = xzalloc_array(uint16_t, subsr_vm_created_count);
> + if ( subsr_vm_destroyed_count )
> + subsr_vm_destroyed = xzalloc_array(uint16_t, subsr_vm_destroyed_count);
> + if ( (subsr_vm_created_count && !subsr_vm_created) ||
> + (subsr_vm_destroyed_count && !subsr_vm_destroyed) ) {
> + printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n");
> + subsr_vm_created_count = 0;
> + subsr_vm_destroyed_count = 0;
> + XFREE(subsr_vm_created);
> + XFREE(subsr_vm_destroyed);
> + goto out;
> + }
> +
> + for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) {
> + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
> + subsr_vm_created[c_pos++] = fpi[n].id;
> + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
> + subsr_vm_destroyed[d_pos++] = fpi[n].id;
> + }
> +
> + ret = true;
> +out:
> + ffa_rx_release();
> + return ret;
> +}
> +
> +static int __init ffa_init(void)
> +{
> + uint32_t vers;
> + uint32_t e;
> + unsigned int major_vers;
> + unsigned int minor_vers;
> +
> + /*
> + * psci_init_smccc() updates this value with what's reported by EL-3
> + * or secure world.
> + */
> + if ( smccc_ver < ARM_SMCCC_VERSION_1_2 )
> + {
> + printk(XENLOG_ERR
> + "ffa: unsupported SMCCC version %#x (need at least %#x)\n",
> + smccc_ver, ARM_SMCCC_VERSION_1_2);
> + return 0;
> + }
> +
> + if ( !ffa_get_version(&vers) )
> + return 0;
> +
> + if ( vers < FFA_MIN_VERSION || vers > FFA_MY_VERSION )
> + {
> + printk(XENLOG_ERR "ffa: Incompatible version %#x found\n", vers);
> + return 0;
> + }
> +
> + major_vers = (vers >> FFA_VERSION_MAJOR_SHIFT) & FFA_VERSION_MAJOR_MASK;
> + minor_vers = vers & FFA_VERSION_MINOR_MASK;
> + printk(XENLOG_ERR "ARM FF-A Mediator version %u.%u\n",
> + FFA_VERSION_MAJOR, FFA_VERSION_MINOR);
> + printk(XENLOG_ERR "ARM FF-A Firmware version %u.%u\n",
> + major_vers, minor_vers);
> +
> + ffa_rx = alloc_xenheap_pages(0, 0);
> + if ( !ffa_rx )
> + return 0;
> +
> + ffa_tx = alloc_xenheap_pages(0, 0);
> + if ( !ffa_tx )
> + goto err_free_ffa_rx;
> +
> + e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), 1);
> + if ( e )
> + {
> + printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", (int)e);
> + goto err_free_ffa_tx;
> + }
> + ffa_page_count = 1;
> + ffa_version = vers;
> +
> + if ( !init_subscribers() )
> + goto err_free_ffa_tx;
> +
> + return 0;
> +
> +err_free_ffa_tx:
> + free_xenheap_pages(ffa_tx, 0);
> + ffa_tx = NULL;
> +err_free_ffa_rx:
> + free_xenheap_pages(ffa_rx, 0);
> + ffa_rx = NULL;
> + ffa_page_count = 0;
> + ffa_version = 0;
> + XFREE(subsr_vm_created);
> + subsr_vm_created_count = 0;
> + XFREE(subsr_vm_destroyed);
> + subsr_vm_destroyed_count = 0;
> + return 0;
> +}
> +
> +__initcall(ffa_init);
> diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h
> index ed63c2b6f91f..b3dee269bced 100644
> --- a/xen/arch/arm/include/asm/domain.h
> +++ b/xen/arch/arm/include/asm/domain.h
> @@ -103,6 +103,10 @@ struct arch_domain
> void *tee;
> #endif
>
> +#ifdef CONFIG_FFA
> + void *ffa;
> +#endif
> +
> bool directmap;
> } __cacheline_aligned;
>
> diff --git a/xen/arch/arm/include/asm/ffa.h b/xen/arch/arm/include/asm/ffa.h
> new file mode 100644
> index 000000000000..1c6ce6421294
> --- /dev/null
> +++ b/xen/arch/arm/include/asm/ffa.h
> @@ -0,0 +1,71 @@
> +/*
> + * xen/arch/arm/ffa.c
> + *
> + * Arm Firmware Framework for ARMv8-A(FFA) mediator
> + *
> + * Copyright (C) 2021 Linaro Limited
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without restriction,
> + * including without limitation the rights to use, copy, modify, merge,
> + * publish, distribute, sublicense, and/or sell copies of the Software,
> + * and to permit persons to whom the Software is furnished to do so,
> + * subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
> + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
> + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
> + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
> + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
> + */
> +
> +#ifndef __ASM_ARM_FFA_H__
> +#define __ASM_ARM_FFA_H__
> +
> +#include <xen/const.h>
> +
> +#include <asm/smccc.h>
> +#include <asm/types.h>
> +
> +#define FFA_FNUM_MIN_VALUE _AC(0x60,U)
> +#define FFA_FNUM_MAX_VALUE _AC(0x86,U)
> +
> +static inline bool is_ffa_fid(uint32_t fid)
> +{
> + uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
> +
> + return fn >= FFA_FNUM_MIN_VALUE && fn <= FFA_FNUM_MAX_VALUE;
> +}
> +
> +#ifdef CONFIG_FFA
> +#define FFA_NR_FUNCS 11
> +
> +bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid);
> +int ffa_domain_init(struct domain *d);
> +int ffa_relinquish_resources(struct domain *d);
> +#else
> +#define FFA_NR_FUNCS 0
> +
> +static inline bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
> +{
> + return false;
> +}
> +
> +static inline int ffa_domain_init(struct domain *d)
> +{
> + return 0;
> +}
> +
> +static inline int ffa_relinquish_resources(struct domain *d)
> +{
> + return 0;
> +}
> +#endif
> +
> +#endif /*__ASM_ARM_FFA_H__*/
> diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
> index 6f90c08a6304..34586025eff8 100644
> --- a/xen/arch/arm/vsmc.c
> +++ b/xen/arch/arm/vsmc.c
> @@ -20,6 +20,7 @@
> #include <public/arch-arm/smccc.h>
> #include <asm/cpuerrata.h>
> #include <asm/cpufeature.h>
> +#include <asm/ffa.h>
> #include <asm/monitor.h>
> #include <asm/regs.h>
> #include <asm/smccc.h>
> @@ -32,7 +33,7 @@
> #define XEN_SMCCC_FUNCTION_COUNT 3
>
> /* Number of functions currently supported by Standard Service Service Calls. */
> -#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS)
> +#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS + FFA_NR_FUNCS)
>
> static bool fill_uid(struct cpu_user_regs *regs, xen_uuid_t uuid)
> {
> @@ -196,13 +197,23 @@ static bool handle_existing_apis(struct cpu_user_regs *regs)
> return do_vpsci_0_1_call(regs, fid);
> }
>
> +static bool is_psci_fid(uint32_t fid)
> +{
> + uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
> +
> + return fn >= 0 && fn <= 0x1fU;
> +}
> +
> /* PSCI 0.2 interface and other Standard Secure Calls */
> static bool handle_sssc(struct cpu_user_regs *regs)
> {
> uint32_t fid = (uint32_t)get_user_reg(regs, 0);
>
> - if ( do_vpsci_0_2_call(regs, fid) )
> - return true;
> + if ( is_psci_fid(fid) )
> + return do_vpsci_0_2_call(regs, fid);
> +
> + if ( is_ffa_fid(fid) )
> + return ffa_handle_call(regs, fid);
>
> switch ( fid )
> {
--
Volodymyr Babchuk at EPAM
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-11 0:41 ` Stefano Stabellini
2022-06-11 9:41 ` Julien Grall
@ 2022-06-15 15:58 ` Jens Wiklander
2022-06-15 19:01 ` Julien Grall
2022-06-15 19:43 ` Julien Grall
2 siblings, 1 reply; 21+ messages in thread
From: Jens Wiklander @ 2022-06-15 15:58 UTC (permalink / raw)
To: Stefano Stabellini; +Cc: xen-devel, Julien Grall, Volodymyr Babchuk
On Fri, Jun 10, 2022 at 05:41:33PM -0700, Stefano Stabellini wrote:
> On Thu, 9 Jun 2022, Jens Wiklander wrote:
> > SMCCC v1.2 AArch64 allows x0-x17 to be used as both parameter registers
> > and result registers for the SMC and HVC instructions.
> >
> > Arm Firmware Framework for Armv8-A specification makes use of x0-x7 as
> > parameter and result registers.
> >
> > Let us add new interface to support this extended set of input/output
> > registers.
> >
> > This is based on 3fdc0cb59d97 ("arm64: smccc: Add support for SMCCCv1.2
> > extended input/output registers") by Sudeep Holla from the Linux kernel
> >
> > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > ---
> > xen/arch/arm/arm64/smc.S | 43 ++++++++++++++++++++++++++++++++
> > xen/arch/arm/include/asm/smccc.h | 42 +++++++++++++++++++++++++++++++
> > xen/arch/arm/vsmc.c | 2 +-
> > 3 files changed, 86 insertions(+), 1 deletion(-)
> >
> > diff --git a/xen/arch/arm/arm64/smc.S b/xen/arch/arm/arm64/smc.S
> > index 91bae62dd4d2..1570bc8eb9d4 100644
> > --- a/xen/arch/arm/arm64/smc.S
> > +++ b/xen/arch/arm/arm64/smc.S
> > @@ -27,3 +27,46 @@ ENTRY(__arm_smccc_1_0_smc)
> > stp x2, x3, [x4, #SMCCC_RES_a2]
> > 1:
> > ret
> > +
> > +
> > +/*
> > + * void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args,
> > + * struct arm_smccc_1_2_regs *res)
> > + */
> > +ENTRY(arm_smccc_1_2_smc)
> > + /* Save `res` and free a GPR that won't be clobbered */
> > + stp x1, x19, [sp, #-16]!
> > +
> > + /* Ensure `args` won't be clobbered while loading regs in next step */
> > + mov x19, x0
> > +
> > + /* Load the registers x0 - x17 from the struct arm_smccc_1_2_regs */
> > + ldp x0, x1, [x19, #0]
> > + ldp x2, x3, [x19, #16]
> > + ldp x4, x5, [x19, #32]
> > + ldp x6, x7, [x19, #48]
> > + ldp x8, x9, [x19, #64]
> > + ldp x10, x11, [x19, #80]
> > + ldp x12, x13, [x19, #96]
> > + ldp x14, x15, [x19, #112]
> > + ldp x16, x17, [x19, #128]
> > +
> > + smc #0
> > +
> > + /* Load the `res` from the stack */
> > + ldr x19, [sp]
> > +
> > + /* Store the registers x0 - x17 into the result structure */
> > + stp x0, x1, [x19, #0]
> > + stp x2, x3, [x19, #16]
> > + stp x4, x5, [x19, #32]
> > + stp x6, x7, [x19, #48]
> > + stp x8, x9, [x19, #64]
> > + stp x10, x11, [x19, #80]
> > + stp x12, x13, [x19, #96]
> > + stp x14, x15, [x19, #112]
> > + stp x16, x17, [x19, #128]
>
> I noticed that in the original commit the offsets are declared as
> ARM_SMCCC_1_2_REGS_X0_OFFS, etc. In Xen we could add them to
> xen/arch/arm/arm64/asm-offsets.c given that they are only used in asm.
>
> That said, there isn't a huge value in declaring them given that they
> are always read and written in order and there is nothing else in the
> struct, so I am fine either way.
>
> I am also happy to have them declared if other maintainers prefer it
> that way.
OK, I'll update with asm-offsets.c since Julien asked for that too.
>
>
> > + /* Restore original x19 */
> > + ldp xzr, x19, [sp], #16
> > + ret
> > diff --git a/xen/arch/arm/include/asm/smccc.h b/xen/arch/arm/include/asm/smccc.h
> > index b3dbeecc90ad..316adf968e74 100644
> > --- a/xen/arch/arm/include/asm/smccc.h
> > +++ b/xen/arch/arm/include/asm/smccc.h
> > @@ -33,6 +33,7 @@
> >
> > #define ARM_SMCCC_VERSION_1_0 SMCCC_VERSION(1, 0)
> > #define ARM_SMCCC_VERSION_1_1 SMCCC_VERSION(1, 1)
> > +#define ARM_SMCCC_VERSION_1_2 SMCCC_VERSION(1, 2)
> >
> > /*
> > * This file provides common defines for ARM SMC Calling Convention as
> > @@ -217,6 +218,7 @@ struct arm_smccc_res {
> > #ifdef CONFIG_ARM_32
> > #define arm_smccc_1_0_smc(...) arm_smccc_1_1_smc(__VA_ARGS__)
> > #define arm_smccc_smc(...) arm_smccc_1_1_smc(__VA_ARGS__)
> > +
> > #else
>
> Spurious change
>
>
> > void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2,
> > @@ -265,8 +267,48 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2,
> > else \
> > arm_smccc_1_0_smc(__VA_ARGS__); \
> > } while ( 0 )
> > +
> > +/**
> > + * struct arm_smccc_1_2_regs - Arguments for or Results from SMC call
> > + * @a0-a17 argument values from registers 0 to 17
> > + */
> > +struct arm_smccc_1_2_regs {
> > + unsigned long a0;
> > + unsigned long a1;
> > + unsigned long a2;
> > + unsigned long a3;
> > + unsigned long a4;
> > + unsigned long a5;
> > + unsigned long a6;
> > + unsigned long a7;
> > + unsigned long a8;
> > + unsigned long a9;
> > + unsigned long a10;
> > + unsigned long a11;
> > + unsigned long a12;
> > + unsigned long a13;
> > + unsigned long a14;
> > + unsigned long a15;
> > + unsigned long a16;
> > + unsigned long a17;
> > +};
> > #endif /* CONFIG_ARM_64 */
> >
> > +/**
> > + * arm_smccc_1_2_smc() - make SMC calls
> > + * @args: arguments passed via struct arm_smccc_1_2_regs
> > + * @res: result values via struct arm_smccc_1_2_regs
> > + *
> > + * This function is used to make SMC calls following SMC Calling Convention
> > + * v1.2 or above. The content of the supplied param are copied from the
> > + * structure to registers prior to the SMC instruction. The return values
> > + * are updated with the content from registers on return from the SMC
> > + * instruction.
> > + */
> > +void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args,
> > + struct arm_smccc_1_2_regs *res);
> > +
>
> As arm_smccc_1_2_smc is not implemented in ARM32 it is better to place
> the declaration inside the #ifdef CONFIG_ARM_64.
I'll fix.
>
>
> > #endif /* __ASSEMBLY__ */
> >
> > /*
> > diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
> > index 676740ef1520..6f90c08a6304 100644
> > --- a/xen/arch/arm/vsmc.c
> > +++ b/xen/arch/arm/vsmc.c
> > @@ -93,7 +93,7 @@ static bool handle_arch(struct cpu_user_regs *regs)
> > switch ( fid )
> > {
> > case ARM_SMCCC_VERSION_FID:
> > - set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_1);
> > + set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_2);
> > return true;
>
> This is going to be a problem for ARM32 given that ARM_SMCCC_VERSION_1_2
> is unimplemented on ARM32. If there is an ARM32 implementation in Linux
> for ARM_SMCCC_VERSION_1_2 you might as well import it too.
>
> Otherwise we'll have to abstract it away, e.g.:
>
> #ifdef CONFIG_ARM_64
> #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_2
> #else
> #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_1
> #endif
I couldn't find an ARM32 implementation for ARM_SMCCC_VERSION_1_2. But
I'm not sure it's needed at this point. From what I've understood r4-17
are either preserved or updated by the function ID in question. So
claiming ARM_SMCCC_VERSION_1_2 shouldn't break anything. The FF-A
functions will mostly update r4-r7, but we don't use FF-A with ARM32
yet. I'l update with you're proposal if that's what you prefer.
Thanks,
Jens
>
> > case ARM_SMCCC_ARCH_FEATURES_FID:
> > --
> > 2.31.1
> >
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-14 19:47 ` Volodymyr Babchuk
@ 2022-06-15 18:15 ` Julien Grall
2022-06-16 22:37 ` Jens Wiklander
1 sibling, 0 replies; 21+ messages in thread
From: Julien Grall @ 2022-06-15 18:15 UTC (permalink / raw)
To: Volodymyr Babchuk, Jens Wiklander; +Cc: xen-devel, Stefano Stabellini
Hi,
On 14/06/2022 20:47, Volodymyr Babchuk wrote:
>> menu "ARM errata workaround via the alternative framework"
>> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
>> index 1d862351d111..dbf5e593a069 100644
>> --- a/xen/arch/arm/Makefile
>> +++ b/xen/arch/arm/Makefile
>> @@ -20,6 +20,7 @@ obj-y += domain.o
>> obj-y += domain_build.init.o
>> obj-y += domctl.o
>> obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
>> +obj-$(CONFIG_FFA) += ffa.o
>> obj-y += gic.o
>> obj-y += gic-v2.o
>> obj-$(CONFIG_GICV3) += gic-v3.o
>> diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
>> index 8110c1df8638..a93e6a9c4aef 100644
>> --- a/xen/arch/arm/domain.c
>> +++ b/xen/arch/arm/domain.c
>> @@ -27,6 +27,7 @@
>> #include <asm/cpufeature.h>
>> #include <asm/current.h>
>> #include <asm/event.h>
>> +#include <asm/ffa.h>
>> #include <asm/gic.h>
>> #include <asm/guest_atomics.h>
>> #include <asm/irq.h>
>> @@ -756,6 +757,9 @@ int arch_domain_create(struct domain *d,
>> if ( (rc = tee_domain_init(d, config->arch.tee_type)) != 0 )
>> goto fail;
>>
>> + if ( (rc = ffa_domain_init(d)) != 0 )
>
> So, FFA support will be enabled for each domain? I think that this is
> fine for experimental feature, but I want to hear maintainer's opinion.
I would prefer if we add a flag to allow per-domain support. This would
allow someone to use FFA with a trusted domain (e.g dom0) but not on
non-trusted VMs
(I don't yet know how secure it will be to expose it to everyone).
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-15 15:58 ` Jens Wiklander
@ 2022-06-15 19:01 ` Julien Grall
2022-06-15 22:09 ` Jens Wiklander
0 siblings, 1 reply; 21+ messages in thread
From: Julien Grall @ 2022-06-15 19:01 UTC (permalink / raw)
To: Jens Wiklander, Stefano Stabellini; +Cc: xen-devel, Volodymyr Babchuk
Hi,
On 15/06/2022 16:58, Jens Wiklander wrote:
> On Fri, Jun 10, 2022 at 05:41:33PM -0700, Stefano Stabellini wrote:
>>> #endif /* __ASSEMBLY__ */
>>>
>>> /*
>>> diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
>>> index 676740ef1520..6f90c08a6304 100644
>>> --- a/xen/arch/arm/vsmc.c
>>> +++ b/xen/arch/arm/vsmc.c
>>> @@ -93,7 +93,7 @@ static bool handle_arch(struct cpu_user_regs *regs)
>>> switch ( fid )
>>> {
>>> case ARM_SMCCC_VERSION_FID:
>>> - set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_1);
>>> + set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_2);
>>> return true;
>>
>> This is going to be a problem for ARM32 given that ARM_SMCCC_VERSION_1_2
>> is unimplemented on ARM32. If there is an ARM32 implementation in Linux
>> for ARM_SMCCC_VERSION_1_2 you might as well import it too.
>>
>> Otherwise we'll have to abstract it away, e.g.:
>>
>> #ifdef CONFIG_ARM_64
>> #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_2
>> #else
>> #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_1
>> #endif
>
> I couldn't find an ARM32 implementation for ARM_SMCCC_VERSION_1_2. But
> I'm not sure it's needed at this point. From what I've understood r4-17
> are either preserved or updated by the function ID in question. So
> claiming ARM_SMCCC_VERSION_1_2 shouldn't break anything.
So in Xen, we always take a snapshot of the registers on entry to the
hypervisor and only touch it when necessary. Therefore, it doesn't
matter whether we claim to be complaient with 1.1 or 1.2 based on the
argument passing convention.
However, the spec is not only about arguments. For instance, SMCCC v1.1
also added some mandatory functions (e.g. detection the version). I
haven't looked closely on whether the SMCCC v1.2 introduced such thing.
Can you confirm what mandatory feature comes with 1.2?
Furthermore, your commit message explain why arm_smccc_1_2_smc() was
introduced. But it seems to miss some words about exposing SMCCC v2.1 to
the VM.
In general, I think it is better to split the host support from the VM
support. The two are technically not independent (caller vs
implementation) and there are different problematics for each (see above
for an example). I don't think there are a lot to add here, so I would
be OK to keep it in the same patch with a few words.
Lastly, can you provide a link to the spec in the commit message? This
would help to find the pdf easily. I think in this case, you are using
ARM DEN 0028C (this is not the latest but describe 1.2):
https://developer.arm.com/documentation/den0028/c/?lang=en
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-11 0:41 ` Stefano Stabellini
2022-06-11 9:41 ` Julien Grall
2022-06-15 15:58 ` Jens Wiklander
@ 2022-06-15 19:43 ` Julien Grall
2022-06-16 0:09 ` Stefano Stabellini
2 siblings, 1 reply; 21+ messages in thread
From: Julien Grall @ 2022-06-15 19:43 UTC (permalink / raw)
To: Stefano Stabellini, Jens Wiklander; +Cc: xen-devel, Volodymyr Babchuk
Hi Stefano,
On 11/06/2022 01:41, Stefano Stabellini wrote:
>> #endif /* __ASSEMBLY__ */
>>
>> /*
>> diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
>> index 676740ef1520..6f90c08a6304 100644
>> --- a/xen/arch/arm/vsmc.c
>> +++ b/xen/arch/arm/vsmc.c
>> @@ -93,7 +93,7 @@ static bool handle_arch(struct cpu_user_regs *regs)
>> switch ( fid )
>> {
>> case ARM_SMCCC_VERSION_FID:
>> - set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_1);
>> + set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_2);
>> return true;
>
> This is going to be a problem for ARM32 given that ARM_SMCCC_VERSION_1_2
> is unimplemented on ARM32. If there is an ARM32 implementation in Linux
> for ARM_SMCCC_VERSION_1_2 you might as well import it too.
>
> Otherwise we'll have to abstract it away, e.g.:
>
> #ifdef CONFIG_ARM_64
> #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_2
> #else
> #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_1
> #endif
I don't understand why you want to tie the virtual and host SMCCC version.
In theory, it would be possible for us to implement a subsystem to fully
emulate, lets say, FFA. We would to tell the VM that we are v1.2
compliant but we would not need the helper as no calls would be forwarded.
When a 32-bit guest is running on Xen Arm64, we are going to say that
SMCCC v1.2 will be available. This is not much different from running a
32-bit guest on 32-bit hardware. So I think we should expose 1.2 unless
we think there is a problem in the Xen 32-bit specific code.
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-15 19:01 ` Julien Grall
@ 2022-06-15 22:09 ` Jens Wiklander
2022-06-16 15:13 ` Julien Grall
0 siblings, 1 reply; 21+ messages in thread
From: Jens Wiklander @ 2022-06-15 22:09 UTC (permalink / raw)
To: Julien Grall; +Cc: Stefano Stabellini, xen-devel, Volodymyr Babchuk
On Wed, Jun 15, 2022 at 08:01:28PM +0100, Julien Grall wrote:
> Hi,
>
> On 15/06/2022 16:58, Jens Wiklander wrote:
> > On Fri, Jun 10, 2022 at 05:41:33PM -0700, Stefano Stabellini wrote:
> > > > #endif /* __ASSEMBLY__ */
> > > > /*
> > > > diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
> > > > index 676740ef1520..6f90c08a6304 100644
> > > > --- a/xen/arch/arm/vsmc.c
> > > > +++ b/xen/arch/arm/vsmc.c
> > > > @@ -93,7 +93,7 @@ static bool handle_arch(struct cpu_user_regs *regs)
> > > > switch ( fid )
> > > > {
> > > > case ARM_SMCCC_VERSION_FID:
> > > > - set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_1);
> > > > + set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_2);
> > > > return true;
> > > This is going to be a problem for ARM32 given that ARM_SMCCC_VERSION_1_2
> > > is unimplemented on ARM32. If there is an ARM32 implementation in Linux
> > > for ARM_SMCCC_VERSION_1_2 you might as well import it too.
> > >
> > > Otherwise we'll have to abstract it away, e.g.:
> > >
> > > #ifdef CONFIG_ARM_64
> > > #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_2
> > > #else
> > > #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_1
> > > #endif
> >
> > I couldn't find an ARM32 implementation for ARM_SMCCC_VERSION_1_2. But
> > I'm not sure it's needed at this point. From what I've understood r4-17
> > are either preserved or updated by the function ID in question. So
> > claiming ARM_SMCCC_VERSION_1_2 shouldn't break anything.
>
> So in Xen, we always take a snapshot of the registers on entry to the
> hypervisor and only touch it when necessary. Therefore, it doesn't matter
> whether we claim to be complaient with 1.1 or 1.2 based on the argument
> passing convention.
>
> However, the spec is not only about arguments. For instance, SMCCC v1.1 also
> added some mandatory functions (e.g. detection the version). I haven't
> looked closely on whether the SMCCC v1.2 introduced such thing. Can you
> confirm what mandatory feature comes with 1.2?
There's a nice summary in a table at the end of the C version of DEN0028
you linked below. For SMCCC v1.2:
Argument/Result register set:
Permits calls to use R4—R7 as return register (Section 4.1).
Permits calls to use X4—X17 as return registers(Section3.1).
Permits calls to use X8—X17 as argument registers (Section 3.1).
Introduces:
SMCCC_ARCH_SOC_ID (Section 7.4)
Deprecates:
UID, Revision Queries on Arm Architecture Service (Section 6.2)
Count Query on all services (Section 6.2)
As far a I can tell nothing mandatory is introduced with version 1.2.
>
> Furthermore, your commit message explain why arm_smccc_1_2_smc() was
> introduced. But it seems to miss some words about exposing SMCCC v2.1 to the
> VM.
>
> In general, I think it is better to split the host support from the VM
> support. The two are technically not independent (caller vs implementation)
> and there are different problematics for each (see above for an example). I
> don't think there are a lot to add here, so I would be OK to keep it in the
> same patch with a few words.
>
> Lastly, can you provide a link to the spec in the commit message? This would
> help to find the pdf easily. I think in this case, you are using
> ARM DEN 0028C (this is not the latest but describe 1.2):
>
> https://developer.arm.com/documentation/den0028/c/?lang=en
I'll update the commit message.
Thanks,
Jens
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-15 19:43 ` Julien Grall
@ 2022-06-16 0:09 ` Stefano Stabellini
0 siblings, 0 replies; 21+ messages in thread
From: Stefano Stabellini @ 2022-06-16 0:09 UTC (permalink / raw)
To: Julien Grall
Cc: Stefano Stabellini, Jens Wiklander, xen-devel, Volodymyr Babchuk
On Wed, 15 Jun 2022, Julien Grall wrote:
> On 11/06/2022 01:41, Stefano Stabellini wrote:
> > > #endif /* __ASSEMBLY__ */
> > > /*
> > > diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
> > > index 676740ef1520..6f90c08a6304 100644
> > > --- a/xen/arch/arm/vsmc.c
> > > +++ b/xen/arch/arm/vsmc.c
> > > @@ -93,7 +93,7 @@ static bool handle_arch(struct cpu_user_regs *regs)
> > > switch ( fid )
> > > {
> > > case ARM_SMCCC_VERSION_FID:
> > > - set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_1);
> > > + set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_2);
> > > return true;
> > This is going to be a problem for ARM32 given that ARM_SMCCC_VERSION_1_2
> > is unimplemented on ARM32. If there is an ARM32 implementation in Linux
> > for ARM_SMCCC_VERSION_1_2 you might as well import it too.
> >
> > Otherwise we'll have to abstract it away, e.g.:
> >
> > #ifdef CONFIG_ARM_64
> > #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_2
> > #else
> > #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_1
> > #endif
>
> I don't understand why you want to tie the virtual and host SMCCC version.
>
> In theory, it would be possible for us to implement a subsystem to fully
> emulate, lets say, FFA. We would to tell the VM that we are v1.2 compliant but
> we would not need the helper as no calls would be forwarded.
>
> When a 32-bit guest is running on Xen Arm64, we are going to say that SMCCC
> v1.2 will be available. This is not much different from running a 32-bit guest
> on 32-bit hardware.
In a few places (especially platform specific code, such as Xilinx EEMI)
the guest SMC call traps in Xen, then Xen repeats the same SMC call to
the firmware.
I realize this is not a good reason to keep virtual SMCCC 1.1 because
the firmware could support SMCCC 1.0 or older. Some argument conversions
are to be expected. In reality I have been working with SMCCC 1.1
virtual and SMCCC 1.1 firmware for a long time so the problem didn't
exist, and I didn't really think it through :-)
> So I think we should expose 1.2 unless we think there is a
> problem in the Xen 32-bit specific code.
Yeah, I am OK with that.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers
2022-06-15 22:09 ` Jens Wiklander
@ 2022-06-16 15:13 ` Julien Grall
0 siblings, 0 replies; 21+ messages in thread
From: Julien Grall @ 2022-06-16 15:13 UTC (permalink / raw)
To: Jens Wiklander; +Cc: Stefano Stabellini, xen-devel, Volodymyr Babchuk
Hi Jens,
On 15/06/2022 23:09, Jens Wiklander wrote:
> On Wed, Jun 15, 2022 at 08:01:28PM +0100, Julien Grall wrote:
>> Hi,
>>
>> On 15/06/2022 16:58, Jens Wiklander wrote:
>>> On Fri, Jun 10, 2022 at 05:41:33PM -0700, Stefano Stabellini wrote:
>>>>> #endif /* __ASSEMBLY__ */
>>>>> /*
>>>>> diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
>>>>> index 676740ef1520..6f90c08a6304 100644
>>>>> --- a/xen/arch/arm/vsmc.c
>>>>> +++ b/xen/arch/arm/vsmc.c
>>>>> @@ -93,7 +93,7 @@ static bool handle_arch(struct cpu_user_regs *regs)
>>>>> switch ( fid )
>>>>> {
>>>>> case ARM_SMCCC_VERSION_FID:
>>>>> - set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_1);
>>>>> + set_user_reg(regs, 0, ARM_SMCCC_VERSION_1_2);
>>>>> return true;
>>>> This is going to be a problem for ARM32 given that ARM_SMCCC_VERSION_1_2
>>>> is unimplemented on ARM32. If there is an ARM32 implementation in Linux
>>>> for ARM_SMCCC_VERSION_1_2 you might as well import it too.
>>>>
>>>> Otherwise we'll have to abstract it away, e.g.:
>>>>
>>>> #ifdef CONFIG_ARM_64
>>>> #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_2
>>>> #else
>>>> #define ARM_VSMCCC_VERSION ARM_SMCCC_VERSION_1_1
>>>> #endif
>>>
>>> I couldn't find an ARM32 implementation for ARM_SMCCC_VERSION_1_2. But
>>> I'm not sure it's needed at this point. From what I've understood r4-17
>>> are either preserved or updated by the function ID in question. So
>>> claiming ARM_SMCCC_VERSION_1_2 shouldn't break anything.
>>
>> So in Xen, we always take a snapshot of the registers on entry to the
>> hypervisor and only touch it when necessary. Therefore, it doesn't matter
>> whether we claim to be complaient with 1.1 or 1.2 based on the argument
>> passing convention.
>>
>> However, the spec is not only about arguments. For instance, SMCCC v1.1 also
>> added some mandatory functions (e.g. detection the version). I haven't
>> looked closely on whether the SMCCC v1.2 introduced such thing. Can you
>> confirm what mandatory feature comes with 1.2?
>
> There's a nice summary in a table at the end of the C version of DEN0028
> you linked below. For SMCCC v1.2:
> Argument/Result register set:
> Permits calls to use R4—R7 as return register (Section 4.1).
> Permits calls to use X4—X17 as return registers(Section3.1).
> Permits calls to use X8—X17 as argument registers (Section 3.1).
> Introduces:
> SMCCC_ARCH_SOC_ID (Section 7.4)
> Deprecates:
> UID, Revision Queries on Arm Architecture Service (Section 6.2)
> Count Query on all services (Section 6.2)
Thanks for posting here!
>
> As far a I can tell nothing mandatory is introduced with version 1.2.
Agree. So it is safe to expose 1.2 unconditionally to the VMs.
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-11 1:23 ` Stefano Stabellini
2022-06-11 9:08 ` Julien Grall
@ 2022-06-16 18:05 ` Jens Wiklander
1 sibling, 0 replies; 21+ messages in thread
From: Jens Wiklander @ 2022-06-16 18:05 UTC (permalink / raw)
To: Stefano Stabellini
Cc: xen-devel, Julien Grall, Volodymyr Babchuk, Bertrand.Marquis
On Fri, Jun 10, 2022 at 06:23:52PM -0700, Stefano Stabellini wrote:
> On Thu, 9 Jun 2022, Jens Wiklander wrote:
> > Adds a FF-A version 1.1 [1] mediator to communicate with a Secure
> > Partition in secure world.
> >
> > The implementation is the bare minimum to be able to communicate with
> > OP-TEE running as an SPMC at S-EL1.
> >
> > This is loosely based on the TEE mediator framework and the OP-TEE
> > mediator.
> >
> > [1] https://developer.arm.com/documentation/den0077/latest
> > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
>
> Hi Jens, thanks for rebasing. This is not a full review because I ran
> out of time but some initial comments.
Thanks a lot for the early feedback.
>
>
> > ---
> > xen/arch/arm/Kconfig | 11 +
> > xen/arch/arm/Makefile | 1 +
> > xen/arch/arm/domain.c | 10 +
> > xen/arch/arm/ffa.c | 1624 +++++++++++++++++++++++++++++
> > xen/arch/arm/include/asm/domain.h | 4 +
> > xen/arch/arm/include/asm/ffa.h | 71 ++
> > xen/arch/arm/vsmc.c | 17 +-
> > 7 files changed, 1735 insertions(+), 3 deletions(-)
> > create mode 100644 xen/arch/arm/ffa.c
> > create mode 100644 xen/arch/arm/include/asm/ffa.h
> >
> > diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> > index ecfa6822e4d3..5b75067e2745 100644
> > --- a/xen/arch/arm/Kconfig
> > +++ b/xen/arch/arm/Kconfig
> > @@ -106,6 +106,17 @@ config TEE
> >
> > source "arch/arm/tee/Kconfig"
> >
> > +config FFA
> > + bool "Enable FF-A mediator support" if EXPERT
> > + default n
> > + depends on ARM_64
> > + help
> > + This option enables a minamal FF-A mediator. The mediator is
> > + generic as it follows the FF-A specification [1], but it only
> > + implements a small substet of the specification.
> > +
> > + [1] https://developer.arm.com/documentation/den0077/latest
> > +
> > endmenu
> >
> > menu "ARM errata workaround via the alternative framework"
> > diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> > index 1d862351d111..dbf5e593a069 100644
> > --- a/xen/arch/arm/Makefile
> > +++ b/xen/arch/arm/Makefile
> > @@ -20,6 +20,7 @@ obj-y += domain.o
> > obj-y += domain_build.init.o
> > obj-y += domctl.o
> > obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
> > +obj-$(CONFIG_FFA) += ffa.o
> > obj-y += gic.o
> > obj-y += gic-v2.o
> > obj-$(CONFIG_GICV3) += gic-v3.o
> > diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> > index 8110c1df8638..a93e6a9c4aef 100644
> > --- a/xen/arch/arm/domain.c
> > +++ b/xen/arch/arm/domain.c
> > @@ -27,6 +27,7 @@
> > #include <asm/cpufeature.h>
> > #include <asm/current.h>
> > #include <asm/event.h>
> > +#include <asm/ffa.h>
> > #include <asm/gic.h>
> > #include <asm/guest_atomics.h>
> > #include <asm/irq.h>
> > @@ -756,6 +757,9 @@ int arch_domain_create(struct domain *d,
> > if ( (rc = tee_domain_init(d, config->arch.tee_type)) != 0 )
> > goto fail;
> >
> > + if ( (rc = ffa_domain_init(d)) != 0 )
> > + goto fail;
> > +
> > update_domain_wallclock_time(d);
> >
> > /*
> > @@ -998,6 +1002,7 @@ static int relinquish_memory(struct domain *d, struct page_list_head *list)
> > enum {
> > PROG_pci = 1,
> > PROG_tee,
> > + PROG_ffa,
> > PROG_xen,
> > PROG_page,
> > PROG_mapping,
> > @@ -1046,6 +1051,11 @@ int domain_relinquish_resources(struct domain *d)
> > if (ret )
> > return ret;
> >
> > + PROGRESS(ffa):
> > + ret = ffa_relinquish_resources(d);
> > + if (ret )
> > + return ret;
> > +
> > PROGRESS(xen):
> > ret = relinquish_memory(d, &d->xenpage_list);
> > if ( ret )
> > diff --git a/xen/arch/arm/ffa.c b/xen/arch/arm/ffa.c
> > new file mode 100644
> > index 000000000000..9063b7f2b59e
> > --- /dev/null
> > +++ b/xen/arch/arm/ffa.c
> > @@ -0,0 +1,1624 @@
> > +/*
> > + * xen/arch/arm/ffa.c
> > + *
> > + * Arm Firmware Framework for ARMv8-A(FFA) mediator
> > + *
> > + * Copyright (C) 2021 Linaro Limited
> > + *
> > + * Permission is hereby granted, free of charge, to any person
> > + * obtaining a copy of this software and associated documentation
> > + * files (the "Software"), to deal in the Software without restriction,
> > + * including without limitation the rights to use, copy, modify, merge,
> > + * publish, distribute, sublicense, and/or sell copies of the Software,
> > + * and to permit persons to whom the Software is furnished to do so,
> > + * subject to the following conditions:
> > + *
> > + * The above copyright notice and this permission notice shall be
> > + * included in all copies or substantial portions of the Software.
> > + *
> > + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> > + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> > + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
> > + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
> > + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
> > + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
> > + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
> > + */
> > +
> > +#include <xen/domain_page.h>
> > +#include <xen/errno.h>
> > +#include <xen/init.h>
> > +#include <xen/lib.h>
> > +#include <xen/sched.h>
> > +#include <xen/types.h>
> > +#include <xen/sizes.h>
> > +#include <xen/bitops.h>
> > +
> > +#include <asm/smccc.h>
> > +#include <asm/event.h>
> > +#include <asm/ffa.h>
> > +#include <asm/regs.h>
> > +
> > +/* Error codes */
> > +#define FFA_RET_OK 0
> > +#define FFA_RET_NOT_SUPPORTED -1
> > +#define FFA_RET_INVALID_PARAMETERS -2
> > +#define FFA_RET_NO_MEMORY -3
> > +#define FFA_RET_BUSY -4
> > +#define FFA_RET_INTERRUPTED -5
> > +#define FFA_RET_DENIED -6
> > +#define FFA_RET_RETRY -7
> > +#define FFA_RET_ABORTED -8
> > +
> > +/* FFA_VERSION helpers */
> > +#define FFA_VERSION_MAJOR _AC(1,U)
> > +#define FFA_VERSION_MAJOR_SHIFT _AC(16,U)
> > +#define FFA_VERSION_MAJOR_MASK _AC(0x7FFF,U)
> > +#define FFA_VERSION_MINOR _AC(1,U)
> > +#define FFA_VERSION_MINOR_SHIFT _AC(0,U)
> > +#define FFA_VERSION_MINOR_MASK _AC(0xFFFF,U)
> > +#define MAKE_FFA_VERSION(major, minor) \
> > + ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \
> > + ((minor) & FFA_VERSION_MINOR_MASK))
> > +
> > +#define FFA_MIN_VERSION MAKE_FFA_VERSION(1, 0)
> > +#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0)
> > +#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1)
> > +#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_VERSION_MAJOR, \
> > + FFA_VERSION_MINOR)
> > +
> > +
> > +#define FFA_HANDLE_HYP_FLAG BIT(63,ULL)
> > +
> > +/* Memory attributes: Normal memory, Write-Back cacheable, Inner shareable */
> > +#define FFA_NORMAL_MEM_REG_ATTR _AC(0x2f,U)
> > +
> > +/* Memory access permissions: Read-write */
> > +#define FFA_MEM_ACC_RW _AC(0x2,U)
> > +
> > +/* Clear memory before mapping in receiver */
> > +#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U)
> > +/* Relayer may time slice this operation */
> > +#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U)
> > +/* Clear memory after receiver relinquishes it */
> > +#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U)
> > +
> > +/* Share memory transaction */
> > +#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (_AC(1,U) << 3)
> > +/* Relayer must choose the alignment boundary */
> > +#define FFA_MEMORY_REGION_FLAG_ANY_ALIGNMENT _AC(0,U)
> > +
> > +#define FFA_HANDLE_INVALID _AC(0xffffffffffffffff,ULL)
> > +
> > +/* Framework direct request/response */
> > +#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U)
> > +#define FFA_MSG_TYPE_MASK _AC(0xFF,U);
> > +#define FFA_MSG_PSCI _AC(0x0,U)
> > +#define FFA_MSG_SEND_VM_CREATED _AC(0x4,U)
> > +#define FFA_MSG_RESP_VM_CREATED _AC(0x5,U)
> > +#define FFA_MSG_SEND_VM_DESTROYED _AC(0x6,U)
> > +#define FFA_MSG_RESP_VM_DESTROYED _AC(0x7,U)
> > +
> > +/*
> > + * Flags used for the FFA_PARTITION_INFO_GET return message:
> > + * BIT(0): Supports receipt of direct requests
> > + * BIT(1): Can send direct requests
> > + * BIT(2): Can send and receive indirect messages
> > + * BIT(3): Supports receipt of notifications
> > + * BIT(4-5): Partition ID is a PE endpoint ID
> > + */
> > +#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0,U)
> > +#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1,U)
> > +#define FFA_PART_PROP_INDIRECT_MSGS BIT(2,U)
> > +#define FFA_PART_PROP_RECV_NOTIF BIT(3,U)
> > +#define FFA_PART_PROP_IS_PE_ID (_AC(0,U) << 4)
> > +#define FFA_PART_PROP_IS_SEPID_INDEP (_AC(1,U) << 4)
> > +#define FFA_PART_PROP_IS_SEPID_DEP (_AC(2,U) << 4)
> > +#define FFA_PART_PROP_IS_AUX_ID (_AC(3,U) << 4)
> > +#define FFA_PART_PROP_NOTIF_CREATED BIT(6,U)
> > +#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7,U)
> > +#define FFA_PART_PROP_AARCH64_STATE BIT(8,U)
> > +
> > +/* Function IDs */
> > +#define FFA_ERROR _AC(0x84000060,U)
> > +#define FFA_SUCCESS_32 _AC(0x84000061,U)
> > +#define FFA_SUCCESS_64 _AC(0xC4000061,U)
> > +#define FFA_INTERRUPT _AC(0x84000062,U)
> > +#define FFA_VERSION _AC(0x84000063,U)
> > +#define FFA_FEATURES _AC(0x84000064,U)
> > +#define FFA_RX_ACQUIRE _AC(0x84000084,U)
> > +#define FFA_RX_RELEASE _AC(0x84000065,U)
> > +#define FFA_RXTX_MAP_32 _AC(0x84000066,U)
> > +#define FFA_RXTX_MAP_64 _AC(0xC4000066,U)
> > +#define FFA_RXTX_UNMAP _AC(0x84000067,U)
> > +#define FFA_PARTITION_INFO_GET _AC(0x84000068,U)
> > +#define FFA_ID_GET _AC(0x84000069,U)
> > +#define FFA_SPM_ID_GET _AC(0x84000085,U)
> > +#define FFA_MSG_WAIT _AC(0x8400006B,U)
> > +#define FFA_MSG_YIELD _AC(0x8400006C,U)
> > +#define FFA_MSG_RUN _AC(0x8400006D,U)
> > +#define FFA_MSG_SEND2 _AC(0x84000086,U)
> > +#define FFA_MSG_SEND_DIRECT_REQ_32 _AC(0x8400006F,U)
> > +#define FFA_MSG_SEND_DIRECT_REQ_64 _AC(0xC400006F,U)
> > +#define FFA_MSG_SEND_DIRECT_RESP_32 _AC(0x84000070,U)
> > +#define FFA_MSG_SEND_DIRECT_RESP_64 _AC(0xC4000070,U)
> > +#define FFA_MEM_DONATE_32 _AC(0x84000071,U)
> > +#define FFA_MEM_DONATE_64 _AC(0xC4000071,U)
> > +#define FFA_MEM_LEND_32 _AC(0x84000072,U)
> > +#define FFA_MEM_LEND_64 _AC(0xC4000072,U)
> > +#define FFA_MEM_SHARE_32 _AC(0x84000073,U)
> > +#define FFA_MEM_SHARE_64 _AC(0xC4000073,U)
> > +#define FFA_MEM_RETRIEVE_REQ_32 _AC(0x84000074,U)
> > +#define FFA_MEM_RETRIEVE_REQ_64 _AC(0xC4000074,U)
> > +#define FFA_MEM_RETRIEVE_RESP _AC(0x84000075,U)
> > +#define FFA_MEM_RELINQUISH _AC(0x84000076,U)
> > +#define FFA_MEM_RECLAIM _AC(0x84000077,U)
> > +#define FFA_MEM_FRAG_RX _AC(0x8400007A,U)
> > +#define FFA_MEM_FRAG_TX _AC(0x8400007B,U)
> > +#define FFA_MSG_SEND _AC(0x8400006E,U)
> > +#define FFA_MSG_POLL _AC(0x8400006A,U)
> > +
> > +/* Partition information descriptor */
> > +struct ffa_partition_info_1_0 {
> > + uint16_t id;
> > + uint16_t execution_context;
> > + uint32_t partition_properties;
> > +};
> > +
> > +struct ffa_partition_info_1_1 {
> > + uint16_t id;
> > + uint16_t execution_context;
> > + uint32_t partition_properties;
> > + uint8_t uuid[16];
> > +};
> > +
> > +/* Constituent memory region descriptor */
> > +struct ffa_address_range {
> > + uint64_t address;
> > + uint32_t page_count;
> > + uint32_t reserved;
> > +};
> > +
> > +/* Composite memory region descriptor */
> > +struct ffa_mem_region {
> > + uint32_t total_page_count;
> > + uint32_t address_range_count;
> > + uint64_t reserved;
> > + struct ffa_address_range address_range_array[];
> > +};
> > +
> > +/* Memory access permissions descriptor */
> > +struct ffa_mem_access_perm {
> > + uint16_t endpoint_id;
> > + uint8_t perm;
> > + uint8_t flags;
> > +};
> > +
> > +/* Endpoint memory access descriptor */
> > +struct ffa_mem_access {
> > + struct ffa_mem_access_perm access_perm;
> > + uint32_t region_offs;
> > + uint64_t reserved;
> > +};
> > +
> > +/* Lend, donate or share memory transaction descriptor */
> > +struct ffa_mem_transaction_1_0 {
> > + uint16_t sender_id;
> > + uint8_t mem_reg_attr;
> > + uint8_t reserved0;
> > + uint32_t flags;
> > + uint64_t global_handle;
> > + uint64_t tag;
> > + uint32_t reserved1;
> > + uint32_t mem_access_count;
> > + struct ffa_mem_access mem_access_array[];
> > +};
> > +
> > +struct ffa_mem_transaction_1_1 {
> > + uint16_t sender_id;
> > + uint16_t mem_reg_attr;
> > + uint32_t flags;
> > + uint64_t global_handle;
> > + uint64_t tag;
> > + uint32_t mem_access_size;
> > + uint32_t mem_access_count;
> > + uint32_t mem_access_offs;
> > + uint8_t reserved[12];
> > +};
> > +
> > +/*
> > + * The parts needed from struct ffa_mem_transaction_1_0 or struct
> > + * ffa_mem_transaction_1_1, used to provide an abstraction of difference in
> > + * data structures between version 1.0 and 1.1. This is just an internal
> > + * interface and can be changed without changing any ABI.
> > + */
> > +struct ffa_mem_transaction_x {
> > + uint16_t sender_id;
> > + uint8_t mem_reg_attr;
> > + uint8_t flags;
> > + uint8_t mem_access_size;
> > + uint8_t mem_access_count;
> > + uint16_t mem_access_offs;
> > + uint64_t global_handle;
> > + uint64_t tag;
> > +};
> > +
> > +/* Endpoint RX/TX descriptor */
> > +struct ffa_endpoint_rxtx_descriptor_1_0 {
> > + uint16_t sender_id;
> > + uint16_t reserved;
> > + uint32_t rx_range_count;
> > + uint32_t tx_range_count;
> > +};
> > +
> > +struct ffa_endpoint_rxtx_descriptor_1_1 {
> > + uint16_t sender_id;
> > + uint16_t reserved;
> > + uint32_t rx_region_offs;
> > + uint32_t tx_region_offs;
> > +};
> > +
> > +struct ffa_ctx {
> > + void *rx;
> > + void *tx;
> > + struct page_info *rx_pg;
> > + struct page_info *tx_pg;
> > + unsigned int page_count;
> > + uint32_t guest_vers;
> > + bool tx_is_mine;
> > + bool interrupted;
> > +};
> > +
> > +struct ffa_shm_mem {
> > + struct list_head list;
> > + uint16_t sender_id;
> > + uint16_t ep_id; /* endpoint, the one lending */
> > + uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */
> > + unsigned int page_count;
> > + struct page_info *pages[];
> > +};
> > +
> > +struct mem_frag_state {
> > + struct list_head list;
> > + struct ffa_shm_mem *shm;
> > + uint32_t range_count;
> > + unsigned int current_page_idx;
> > + unsigned int frag_offset;
> > + unsigned int range_offset;
> > + uint8_t *buf;
> > + unsigned int buf_size;
> > + struct ffa_address_range range;
> > +};
> > +
> > +/*
> > + * Our rx/rx buffer shared with the SPMC
> > + */
> > +static uint32_t ffa_version;
> > +static uint16_t *subsr_vm_created;
> > +static unsigned int subsr_vm_created_count;
> > +static uint16_t *subsr_vm_destroyed;
> > +static unsigned int subsr_vm_destroyed_count;
> > +static void *ffa_rx;
> > +static void *ffa_tx;
> > +static unsigned int ffa_page_count;
> > +static spinlock_t ffa_buffer_lock = SPIN_LOCK_UNLOCKED;
>
> DEFINE_SPINLOCK. But actually shouldn't the spin_locks be per-domain? It
> looks like that at least some of the locks don't need to be global.
You're right. I'll add better granularity.
>
>
> > +static struct list_head ffa_mem_list = LIST_HEAD_INIT(ffa_mem_list);
> > +static struct list_head ffa_frag_list = LIST_HEAD_INIT(ffa_frag_list);
>
> LIST_HEAD(ffa_mem_list);
> LIST_HEAD(ffa_frag_list);
>
> > +static spinlock_t ffa_mem_list_lock = SPIN_LOCK_UNLOCKED;
>
> DEFINE_SPINLOCK
>
>
> > +static uint64_t next_handle = FFA_HANDLE_HYP_FLAG;
> > +
> > +static uint64_t reg_pair_to_64(uint32_t reg0, uint32_t reg1)
> > +{
> > + return (uint64_t)reg0 << 32 | reg1;
> > +}
> > +
> > +static void reg_pair_from_64(uint32_t *reg0, uint32_t *reg1, uint64_t val)
> > +{
> > + *reg0 = val >> 32;
> > + *reg1 = val;
> > +}
>
> I think these two should be static inline
I don't suppose it will make any difference for the generated code, but I'll
change that if that's the preferred style.
>
>
> > +static bool ffa_get_version(uint32_t *vers)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_VERSION, .a1 = FFA_MY_VERSION,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > + if ( resp.a0 == FFA_RET_NOT_SUPPORTED )
> > + {
> > + printk(XENLOG_ERR "ffa: FFA_VERSION returned not supported\n");
> > + return false;
> > + }
> > +
> > + *vers = resp.a0;
> > + return true;
> > +}
> > +
> > +static uint32_t ffa_rxtx_map(register_t tx_addr, register_t rx_addr,
> > + uint32_t page_count)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > +#ifdef CONFIG_ARM_64
> > + .a0 = FFA_RXTX_MAP_64,
> > +#endif
>
> This ifdef is unnecessary given that FFA depends on ARM64 and SMCCCv1.2
> is only implemented on ARM64. It also applies to all the other ifdefs in
> this file. You can remove the code under #ifdef CONFIG_ARM_32.
>
>
> > +#ifdef CONFIG_ARM_32
> > + .a0 = FFA_RXTX_MAP_32,
> > +#endif
> > + .a1 = tx_addr, .a2 = rx_addr,
> > + .a3 = page_count,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static uint32_t ffa_rxtx_unmap(uint16_t vm_id)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_RXTX_UNMAP, .a1 = vm_id,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static uint32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
> > + uint32_t w4, uint32_t w5,
> > + uint32_t *count)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_PARTITION_INFO_GET, .a1 = w1, .a2 = w2, .a3 = w3, .a4 = w4,
> > + .a5 = w5,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + *count = resp.a2;
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static uint32_t ffa_rx_release(void)
> > +{
> > + const struct arm_smccc_1_2_regs arg = { .a0 = FFA_RX_RELEASE, };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len,
> > + register_t addr, uint32_t pg_count,
> > + uint64_t *handle)
> > +{
> > + struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_MEM_SHARE_32, .a1 = tot_len, .a2 = frag_len, .a3 = addr,
> > + .a4 = pg_count,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + /*
> > + * For arm64 we must use 64-bit calling convention if the buffer isn't
> > + * passed in our tx buffer.
> > + */
> > + if (sizeof(addr) > 4 && addr)
> > + arg.a0 = FFA_MEM_SHARE_64;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + switch ( resp.a0 ) {
> > + case FFA_ERROR:
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + case FFA_SUCCESS_32:
> > + *handle = reg_pair_to_64(resp.a3, resp.a2);
> > + return FFA_RET_OK;
> > + case FFA_MEM_FRAG_RX:
> > + *handle = reg_pair_to_64(resp.a2, resp.a1);
> > + return resp.a3;
> > + default:
> > + return FFA_RET_NOT_SUPPORTED;
>
> coding style: alignment
>
>
> > + }
> > +}
> > +
> > +static int32_t ffa_mem_frag_tx(uint64_t handle, uint32_t frag_len,
> > + uint16_t sender_id)
> > +{
> > + struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_MEM_FRAG_TX, .a1 = handle & UINT32_MAX, .a2 = handle >> 32,
> > + .a3 = frag_len, .a4 = (uint32_t)sender_id << 16,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + switch ( resp.a0 ) {
> > + case FFA_ERROR:
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + case FFA_SUCCESS_32:
> > + return FFA_RET_OK;
> > + case FFA_MEM_FRAG_RX:
> > + return resp.a3;
> > + default:
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +}
> > +
> > +static uint32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi,
> > + uint32_t flags)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_MEM_RECLAIM, .a1 = handle_lo, .a2 = handle_hi, .a3 = flags,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id,
> > + uint8_t msg)
> > +{
> > + uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK;
> > + int32_t res;
> > +
> > + if ( msg != FFA_MSG_SEND_VM_CREATED && msg !=FFA_MSG_SEND_VM_DESTROYED )
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + if ( msg == FFA_MSG_SEND_VM_CREATED )
> > + exp_resp |= FFA_MSG_RESP_VM_CREATED;
> > + else
> > + exp_resp |= FFA_MSG_RESP_VM_DESTROYED;
> > +
> > + do {
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_MSG_SEND_DIRECT_REQ_32,
> > + .a1 = sp_id,
> > + .a2 = FFA_MSG_FLAG_FRAMEWORK | msg,
> > + .a5 = vm_id,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > + if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) {
> > + /*
> > + * This is an invalid response, likely due to some error in the
> > + * implementation of the ABI.
> > + */
> > + return FFA_RET_INVALID_PARAMETERS;
> > + }
> > + res = resp.a3;
> > + } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY );
> > +
> > + return res;
> > +}
> > +
> > +static u16 get_vm_id(struct domain *d)
> > +{
> > + /* +1 since 0 is reserved for the hypervisor in FF-A */
> > + return d->domain_id + 1;
> > +}
> > +
> > +static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1,
> > + register_t v2, register_t v3, register_t v4, register_t v5,
> > + register_t v6, register_t v7)
> > +{
> > + set_user_reg(regs, 0, v0);
> > + set_user_reg(regs, 1, v1);
> > + set_user_reg(regs, 2, v2);
> > + set_user_reg(regs, 3, v3);
> > + set_user_reg(regs, 4, v4);
> > + set_user_reg(regs, 5, v5);
> > + set_user_reg(regs, 6, v6);
> > + set_user_reg(regs, 7, v7);
> > +}
> > +
> > +static void set_regs_error(struct cpu_user_regs *regs, uint32_t error_code)
> > +{
> > + set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0);
> > +}
> > +
> > +static void set_regs_success(struct cpu_user_regs *regs, uint32_t w2,
> > + uint32_t w3)
> > +{
> > + set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0);
> > +}
> > +
> > +static void set_regs_frag_rx(struct cpu_user_regs *regs, uint32_t handle_lo,
> > + uint32_t handle_hi, uint32_t frag_offset,
> > + uint16_t sender_id)
> > +{
> > + set_regs(regs, FFA_MEM_FRAG_RX, handle_lo, handle_hi, frag_offset,
> > + (uint32_t)sender_id << 16, 0, 0, 0);
> > +}
> > +
> > +static void handle_version(struct cpu_user_regs *regs)
> > +{
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + uint32_t vers = get_user_reg(regs, 1);
> > +
> > + if ( vers < FFA_VERSION_1_1 )
> > + vers = FFA_VERSION_1_0;
> > + else
> > + vers = FFA_VERSION_1_1;
> > +
> > + ctx->guest_vers = vers;
> > + set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
> > +}
> > +
> > +static uint32_t handle_rxtx_map(uint32_t fid, register_t tx_addr,
> > + register_t rx_addr, uint32_t page_count)
> > +{
> > + uint32_t ret = FFA_RET_NOT_SUPPORTED;
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + struct page_info *tx_pg;
> > + struct page_info *rx_pg;
> > + p2m_type_t t;
> > + void *rx;
> > + void *tx;
> > +
> > + if ( !smccc_is_conv_64(fid) )
> > + {
> > + tx_addr &= UINT32_MAX;
> > + rx_addr &= UINT32_MAX;
> > + }
> > +
> > + /* For now to keep things simple, only deal with a single page */
> > + if ( page_count != 1 )
> > + return FFA_RET_NOT_SUPPORTED;
> > +
> > + /* Already mapped */
> > + if ( ctx->rx )
> > + return FFA_RET_DENIED;
> > +
> > + tx_pg = get_page_from_gfn(d, gaddr_to_gfn(tx_addr), &t, P2M_ALLOC);
> > + if ( !tx_pg )
> > + return FFA_RET_NOT_SUPPORTED;
>
> It looks like this should be another error: if get_page_from_gfn fails
> it is probably because the provided page is invalid, so we should return
> FFA_RET_INVALID_PARAMETERS ?
Makes sense, I'll fix here and below. I suppose all the failures below
are more likely due to some problem with the provided page.
>
>
> > + /* Only normal RAM for now */
> > + if (t != p2m_ram_rw)
> > + goto err_put_tx_pg;
> > +
> > + rx_pg = get_page_from_gfn(d, gaddr_to_gfn(rx_addr), &t, P2M_ALLOC);
> > + if ( !tx_pg )
> > + goto err_put_tx_pg;
>
> same here?
>
>
> > + /* Only normal RAM for now */
> > + if ( t != p2m_ram_rw )
> > + goto err_put_rx_pg;
> > +
> > + tx = __map_domain_page_global(tx_pg);
> > + if ( !tx )
> > + goto err_put_rx_pg;
> > +
> > + rx = __map_domain_page_global(rx_pg);
> > + if ( !rx )
> > + goto err_unmap_tx;
> > +
> > + ctx->rx = rx;
> > + ctx->tx = tx;
> > + ctx->rx_pg = rx_pg;
> > + ctx->tx_pg = tx_pg;
> > + ctx->page_count = 1;
> > + ctx->tx_is_mine = true;
> > + return FFA_RET_OK;
> > +
> > +err_unmap_tx:
> > + unmap_domain_page_global(tx);
> > +err_put_rx_pg:
> > + put_page(rx_pg);
> > +err_put_tx_pg:
> > + put_page(tx_pg);
> > + return ret;
> > +}
> > +
> > +static uint32_t handle_rxtx_unmap(void)
> > +{
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + uint32_t ret;
> > +
> > + if ( !ctx-> rx )
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + ret = ffa_rxtx_unmap(get_vm_id(d));
> > + if ( ret )
> > + return ret;
> > +
> > + unmap_domain_page_global(ctx->rx);
> > + unmap_domain_page_global(ctx->tx);
> > + put_page(ctx->rx_pg);
> > + put_page(ctx->tx_pg);
> > + ctx->rx = NULL;
> > + ctx->tx = NULL;
> > + ctx->rx_pg = NULL;
> > + ctx->tx_pg = NULL;
> > + ctx->page_count = 0;
> > + ctx->tx_is_mine = false;
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static uint32_t handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
> > + uint32_t w4, uint32_t w5,
> > + uint32_t *count)
> > +{
> > + uint32_t ret = FFA_RET_DENIED;
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > +
> > + if ( !ffa_page_count )
> > + return FFA_RET_DENIED;
> > +
> > + spin_lock(&ffa_buffer_lock);
> > + if ( !ctx->page_count || !ctx->tx_is_mine )
> > + goto out;
> > + ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count);
> > + if ( ret )
> > + goto out;
> > + if ( ctx->guest_vers == FFA_VERSION_1_0 ) {
> > + size_t n;
> > + struct ffa_partition_info_1_1 *src = ffa_rx;
> > + struct ffa_partition_info_1_0 *dst = ctx->rx;
> > +
> > + for ( n = 0; n < *count; n++ ) {
> > + dst[n].id = src[n].id;
> > + dst[n].execution_context = src[n].execution_context;
> > + dst[n].partition_properties = src[n].partition_properties;
> > + }
> > + } else {
> > + size_t sz = *count * sizeof(struct ffa_partition_info_1_1);
> > +
> > + memcpy(ctx->rx, ffa_rx, sz);
> > + }
> > + ffa_rx_release();
> > + ctx->tx_is_mine = false;
> > +out:
> > + spin_unlock(&ffa_buffer_lock);
> > +
> > + return ret;
> > +}
> > +
> > +static uint32_t handle_rx_release(void)
> > +{
> > + uint32_t ret = FFA_RET_DENIED;
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > +
> > + spin_lock(&ffa_buffer_lock);
> > + if ( !ctx->page_count || ctx->tx_is_mine )
> > + goto out;
> > + ret = FFA_RET_OK;
> > + ctx->tx_is_mine = true;
> > +out:
> > + spin_unlock(&ffa_buffer_lock);
> > +
> > + return ret;
> > +}
> > +
> > +static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid)
> > +{
> > + struct arm_smccc_1_2_regs arg = { .a0 = fid, };
> > + struct arm_smccc_1_2_regs resp = { };
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + uint32_t src_dst;
> > + uint64_t mask;
> > +
> > + if ( smccc_is_conv_64(fid) )
> > + mask = 0xffffffffffffffff;
> > + else
> > + mask = 0xffffffff;
> > +
> > + src_dst = get_user_reg(regs, 1);
> > + if ( (src_dst >> 16) != get_vm_id(d) )
> > + {
> > + resp.a0 = FFA_ERROR;
> > + resp.a2 = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > +
> > + arg.a1 = src_dst;
> > + arg.a2 = get_user_reg(regs, 2) & mask;
> > + arg.a3 = get_user_reg(regs, 3) & mask;
> > + arg.a4 = get_user_reg(regs, 4) & mask;
> > + arg.a5 = get_user_reg(regs, 5) & mask;
> > + arg.a6 = get_user_reg(regs, 6) & mask;
> > + arg.a7 = get_user_reg(regs, 7) & mask;
> > +
> > + while ( true ) {
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + switch ( resp.a0 )
> > + {
> > + case FFA_INTERRUPT:
> > + ctx->interrupted = true;
> > + goto out;
> > + case FFA_ERROR:
> > + case FFA_SUCCESS_32:
> > + case FFA_SUCCESS_64:
> > + case FFA_MSG_SEND_DIRECT_RESP_32:
> > + case FFA_MSG_SEND_DIRECT_RESP_64:
> > + goto out;
> > + default:
> > + /* Bad fid, report back. */
> > + memset(&arg, 0, sizeof(arg));
> > + arg.a0 = FFA_ERROR;
> > + arg.a1 = src_dst;
> > + arg.a2 = FFA_RET_NOT_SUPPORTED;
> > + continue;
> > + }
> > + }
> > +
> > +out:
> > + set_user_reg(regs, 0, resp.a0);
> > + set_user_reg(regs, 2, resp.a2 & mask);
> > + set_user_reg(regs, 1, resp.a1 & mask);
> > + set_user_reg(regs, 3, resp.a3 & mask);
> > + set_user_reg(regs, 4, resp.a4 & mask);
> > + set_user_reg(regs, 5, resp.a5 & mask);
> > + set_user_reg(regs, 6, resp.a6 & mask);
> > + set_user_reg(regs, 7, resp.a7 & mask);
> > +}
> > +
> > +static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm,
> > + struct ffa_address_range *range, uint32_t range_count,
> > + unsigned int start_page_idx,
> > + unsigned int *last_page_idx)
> > +{
> > + unsigned int pg_idx = start_page_idx;
> > + unsigned long gfn;
> > + unsigned int n;
> > + unsigned int m;
> > + p2m_type_t t;
> > + uint64_t addr;
> > +
> > + for ( n = 0; n < range_count; n++ ) {
> > + for ( m = 0; m < range[n].page_count; m++ ) {
> > + if ( pg_idx >= shm->page_count )
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + addr = read_atomic(&range[n].address);
> > + gfn = gaddr_to_gfn(addr + m * PAGE_SIZE);
> > + shm->pages[pg_idx] = get_page_from_gfn(d, gfn, &t, P2M_ALLOC);
> > + if ( !shm->pages[pg_idx] )
> > + return FFA_RET_DENIED;
> > + pg_idx++;
> > + /* Only normal RAM for now */
> > + if ( t != p2m_ram_rw )
> > + return FFA_RET_DENIED;
> > + }
> > + }
> > +
> > + *last_page_idx = pg_idx;
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static void put_shm_pages(struct ffa_shm_mem *shm)
> > +{
> > + unsigned int n;
> > +
> > + for ( n = 0; n < shm->page_count && shm->pages[n]; n++ )
> > + {
> > + if ( shm->pages[n] ) {
> > + put_page(shm->pages[n]);
> > + shm->pages[n] = NULL;
> > + }
> > + }
> > +}
> > +
> > +static void init_range(struct ffa_address_range *addr_range,
> > + paddr_t pa)
> > +{
> > + memset(addr_range, 0, sizeof(*addr_range));
> > + addr_range->address = pa;
> > + addr_range->page_count = 1;
> > +}
> > +
> > +static int share_shm(struct ffa_shm_mem *shm)
> > +{
> > + uint32_t max_frag_len = ffa_page_count * PAGE_SIZE;
> > + struct ffa_mem_transaction_1_1 *descr = ffa_tx;
> > + struct ffa_mem_access *mem_access_array;
> > + struct ffa_mem_region *region_descr;
> > + struct ffa_address_range *addr_range;
> > + paddr_t pa;
> > + paddr_t last_pa;
> > + unsigned int n;
> > + uint32_t frag_len;
> > + uint32_t tot_len;
> > + int ret;
> > + unsigned int range_count;
> > + unsigned int range_base;
> > + bool first;
> > +
> > + memset(descr, 0, sizeof(*descr));
> > + descr->sender_id = shm->sender_id;
> > + descr->global_handle = shm->handle;
> > + descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR;
> > + descr->mem_access_count = 1;
> > + descr->mem_access_size = sizeof(*mem_access_array);
> > + descr->mem_access_offs = sizeof(*descr);
> > + mem_access_array = (void *)(descr + 1);
> > + region_descr = (void *)(mem_access_array + 1);
> > +
> > + memset(mem_access_array, 0, sizeof(*mem_access_array));
> > + mem_access_array[0].access_perm.endpoint_id = shm->ep_id;
> > + mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW;
> > + mem_access_array[0].region_offs = (vaddr_t)region_descr - (vaddr_t)ffa_tx;
> > +
> > + memset(region_descr, 0, sizeof(*region_descr));
> > + region_descr->total_page_count = shm->page_count;
> > +
> > + region_descr->address_range_count = 1;
> > + last_pa = page_to_maddr(shm->pages[0]);
> > + for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
> > + {
> > + pa = page_to_maddr(shm->pages[n]);
> > + if ( last_pa + PAGE_SIZE == pa )
> > + {
> > + continue;
> > + }
> > + region_descr->address_range_count++;
> > + }
> > +
> > + tot_len = sizeof(*descr) + sizeof(*mem_access_array) +
> > + sizeof(*region_descr) +
> > + region_descr->address_range_count * sizeof(*addr_range);
> > +
> > + addr_range = region_descr->address_range_array;
> > + frag_len = (vaddr_t)(addr_range + 1) - (vaddr_t)ffa_tx;
> > + last_pa = page_to_maddr(shm->pages[0]);
> > + init_range(addr_range, last_pa);
> > + first = true;
> > + range_count = 1;
> > + range_base = 0;
> > + for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
> > + {
> > + pa = page_to_maddr(shm->pages[n]);
> > + if ( last_pa + PAGE_SIZE == pa )
> > + {
> > + addr_range->page_count++;
> > + continue;
> > + }
> > +
> > + if (frag_len == max_frag_len) {
> > + if (first)
> > + {
> > + ret = ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
> > + first = false;
> > + }
> > + else
> > + {
> > + ret = ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
> > + }
> > + if (ret <= 0)
> > + return ret;
> > + range_base = range_count;
> > + range_count = 0;
> > + frag_len = sizeof(*addr_range);
> > + addr_range = ffa_tx;
> > + } else {
> > + frag_len += sizeof(*addr_range);
> > + addr_range++;
> > + }
> > + init_range(addr_range, pa);
> > + range_count++;
> > + }
> > +
> > + if (first)
> > + return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
> > + else
> > + return ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
> > +}
> > +
> > +static int read_mem_transaction(uint32_t ffa_vers, void *buf, size_t blen,
> > + struct ffa_mem_transaction_x *trans)
> > +{
> > + uint16_t mem_reg_attr;
> > + uint32_t flags;
> > + uint32_t count;
> > + uint32_t offs;
> > + uint32_t size;
> > +
> > + if (ffa_vers >= FFA_VERSION_1_1) {
> > + struct ffa_mem_transaction_1_1 *descr;
> > +
> > + if (blen < sizeof(*descr))
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + descr = buf;
> > + trans->sender_id = read_atomic(&descr->sender_id);
> > + mem_reg_attr = read_atomic(&descr->mem_reg_attr);
> > + flags = read_atomic(&descr->flags);
> > + trans->global_handle = read_atomic(&descr->global_handle);
> > + trans->tag = read_atomic(&descr->tag);
> > +
> > + count = read_atomic(&descr->mem_access_count);
> > + size = read_atomic(&descr->mem_access_size);
> > + offs = read_atomic(&descr->mem_access_offs);
> > + } else {
> > + struct ffa_mem_transaction_1_0 *descr;
> > +
> > + if (blen < sizeof(*descr))
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + descr = buf;
> > + trans->sender_id = read_atomic(&descr->sender_id);
> > + mem_reg_attr = read_atomic(&descr->mem_reg_attr);
> > + flags = read_atomic(&descr->flags);
> > + trans->global_handle = read_atomic(&descr->global_handle);
> > + trans->tag = read_atomic(&descr->tag);
> > +
> > + count = read_atomic(&descr->mem_access_count);
> > + size = sizeof(struct ffa_mem_access);
> > + offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array);
> > + }
> > +
> > + if (mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX ||
> > + count > UINT8_MAX || offs > UINT16_MAX)
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + /* Check that the endpoint memory access descriptor array fits */
> > + if (size * count + offs > blen)
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + trans->mem_reg_attr = mem_reg_attr;
> > + trans->flags = flags;
> > + trans->mem_access_size = size;
> > + trans->mem_access_count = count;
> > + trans->mem_access_offs = offs;
> > + return 0;
> > +}
> > +
> > +static int add_mem_share_frag(struct mem_frag_state *s, unsigned int offs,
> > + unsigned int frag_len)
> > +{
> > + struct domain *d = current->domain;
> > + unsigned int o = offs;
> > + unsigned int l;
> > + int ret;
> > +
> > + if (frag_len < o)
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + /* Fill up the first struct ffa_address_range */
> > + l = min_t(unsigned int, frag_len - o, sizeof(s->range) - s->range_offset);
> > + memcpy((uint8_t *)&s->range + s->range_offset, s->buf + o, l);
> > + s->range_offset += l;
> > + o += l;
> > + if (s->range_offset != sizeof(s->range))
> > + goto out;
> > + s->range_offset = 0;
> > +
> > + while (true) {
> > + ret = get_shm_pages(d, s->shm, &s->range, 1, s->current_page_idx,
> > + &s->current_page_idx);
> > + if (ret)
> > + return ret;
> > + if (s->range_count == 1)
> > + return 0;
> > + s->range_count--;
> > + if (frag_len - o < sizeof(s->range))
> > + break;
> > + memcpy(&s->range, s->buf + o, sizeof(s->range));
> > + o += sizeof(s->range);
> > + }
> > +
> > + /* Collect any remaining bytes for the next struct ffa_address_range */
> > + s->range_offset = frag_len - o;
> > + memcpy(&s->range, s->buf + o, frag_len - o);
> > +out:
> > + s->frag_offset += frag_len;
> > + return s->frag_offset;
> > +}
> > +
> > +static void handle_mem_share(struct cpu_user_regs *regs)
> > +{
> > + uint32_t tot_len = get_user_reg(regs, 1);
> > + uint32_t frag_len = get_user_reg(regs, 2);
> > + uint64_t addr = get_user_reg(regs, 3);
> > + uint32_t page_count = get_user_reg(regs, 4);
> > + struct ffa_mem_transaction_x trans;
> > + struct ffa_mem_access *mem_access;
> > + struct ffa_mem_region *region_descr;
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + struct ffa_shm_mem *shm = NULL;
> > + unsigned int last_page_idx = 0;
> > + uint32_t range_count;
> > + uint32_t region_offs;
> > + int ret = FFA_RET_DENIED;
> > + uint32_t handle_hi = 0;
> > + uint32_t handle_lo = 0;
> > +
> > + /*
> > + * We're only accepting memory transaction descriptors via the rx/tx
> > + * buffer.
> > + */
> > + if ( addr ) {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out_unlock;
> > + }
> > +
> > + /* Check that fragment legnth doesn't exceed total length */
> > + if (frag_len > tot_len) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out_unlock;
> > + }
> > +
> > + spin_lock(&ffa_buffer_lock);
> > +
> > + if ( frag_len > ctx->page_count * PAGE_SIZE )
> > + goto out_unlock;
> > +
> > + if ( !ffa_page_count ) {
> > + ret = FFA_RET_NO_MEMORY;
> > + goto out_unlock;
> > + }
> > +
> > + ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans);
> > + if (ret)
> > + goto out_unlock;
> > +
> > + if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR )
> > + {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out;
> > + }
> > +
> > + /* Only supports sharing it with one SP for now */
> > + if ( trans.mem_access_count != 1 )
> > + {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out_unlock;
> > + }
> > +
> > + if ( trans.sender_id != get_vm_id(d) )
> > + {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out_unlock;
> > + }
> > +
> > + /* Check that it fits in the supplied data */
> > + if ( trans.mem_access_offs + trans.mem_access_size > frag_len)
> > + goto out_unlock;
> > +
> > + mem_access = (void *)((vaddr_t)ctx->tx + trans.mem_access_offs);
> > + if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW )
> > + {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out_unlock;
> > + }
> > +
> > + region_offs = read_atomic(&mem_access->region_offs);
> > + if (sizeof(*region_descr) + region_offs > frag_len) {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out_unlock;
> > + }
> > +
> > + region_descr = (void *)((vaddr_t)ctx->tx + region_offs);
> > + range_count = read_atomic(®ion_descr->address_range_count);
> > + page_count = read_atomic(®ion_descr->total_page_count);
> > +
> > + shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count);
> > + if ( !shm )
> > + {
> > + ret = FFA_RET_NO_MEMORY;
> > + goto out;
> > + }
> > + shm->sender_id = trans.sender_id;
> > + shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id);
> > + shm->page_count = page_count;
> > +
> > + if (frag_len != tot_len) {
> > + struct mem_frag_state *s = xzalloc(struct mem_frag_state);
> > +
> > + if (!s) {
> > + ret = FFA_RET_NO_MEMORY;
> > + goto out;
> > + }
> > + s->shm = shm;
> > + s->range_count = range_count;
> > + s->buf = ctx->tx;
> > + s->buf_size = ffa_page_count * PAGE_SIZE;
> > + ret = add_mem_share_frag(s, sizeof(*region_descr) + region_offs,
> > + frag_len);
> > + if (ret <= 0) {
> > + xfree(s);
> > + if (ret < 0)
> > + goto out;
> > + } else {
> > + shm->handle = next_handle++;
> > + reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
> > + spin_lock(&ffa_mem_list_lock);
> > + list_add_tail(&s->list, &ffa_frag_list);
> > + spin_unlock(&ffa_mem_list_lock);
> > + }
> > + goto out_unlock;
> > + }
> > +
> > + /*
> > + * Check that the Composite memory region descriptor fits.
> > + */
> > + if ( sizeof(*region_descr) + region_offs +
> > + range_count * sizeof(struct ffa_address_range) > frag_len) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > +
> > + ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count,
> > + 0, &last_page_idx);
> > + if ( ret )
> > + goto out;
> > + if (last_page_idx != shm->page_count) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > +
> > + /* Note that share_shm() uses our tx buffer */
> > + ret = share_shm(shm);
> > + if ( ret )
> > + goto out;
> > +
> > + spin_lock(&ffa_mem_list_lock);
> > + list_add_tail(&shm->list, &ffa_mem_list);
> > + spin_unlock(&ffa_mem_list_lock);
> > +
> > + reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
> > +
> > +out:
> > + if ( ret && shm )
> > + {
> > + put_shm_pages(shm);
> > + xfree(shm);
> > + }
> > +out_unlock:
> > + spin_unlock(&ffa_buffer_lock);
> > +
> > + if ( ret > 0 )
> > + set_regs_frag_rx(regs, handle_lo, handle_hi, ret, trans.sender_id);
> > + else if ( ret == 0)
> > + set_regs_success(regs, handle_lo, handle_hi);
> > + else
> > + set_regs_error(regs, ret);
> > +}
> > +
> > +static struct mem_frag_state *find_frag_state(uint64_t handle)
> > +{
> > + struct mem_frag_state *s;
> > +
> > + list_for_each_entry(s, &ffa_frag_list, list)
> > + if ( s->shm->handle == handle)
> > + return s;
> > +
> > + return NULL;
> > +}
> > +
> > +static void handle_mem_frag_tx(struct cpu_user_regs *regs)
> > +{
> > + uint32_t frag_len = get_user_reg(regs, 3);
> > + uint32_t handle_lo = get_user_reg(regs, 1);
> > + uint32_t handle_hi = get_user_reg(regs, 2);
> > + uint64_t handle = reg_pair_to_64(handle_hi, handle_lo);
> > + struct mem_frag_state *s;
> > + uint16_t sender_id = 0;
> > + int ret;
> > +
> > + spin_lock(&ffa_buffer_lock);
> > + s = find_frag_state(handle);
> > + if (!s) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > + sender_id = s->shm->sender_id;
> > +
> > + if (frag_len > s->buf_size) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > +
> > + ret = add_mem_share_frag(s, 0, frag_len);
> > + if (ret == 0) {
> > + /* Note that share_shm() uses our tx buffer */
> > + ret = share_shm(s->shm);
> > + if (ret == 0) {
> > + spin_lock(&ffa_mem_list_lock);
> > + list_add_tail(&s->shm->list, &ffa_mem_list);
> > + spin_unlock(&ffa_mem_list_lock);
> > + } else {
> > + put_shm_pages(s->shm);
> > + xfree(s->shm);
> > + }
> > + spin_lock(&ffa_mem_list_lock);
> > + list_del(&s->list);
> > + spin_unlock(&ffa_mem_list_lock);
> > + xfree(s);
> > + } else if (ret < 0) {
> > + put_shm_pages(s->shm);
> > + xfree(s->shm);
> > + spin_lock(&ffa_mem_list_lock);
> > + list_del(&s->list);
> > + spin_unlock(&ffa_mem_list_lock);
> > + xfree(s);
> > + }
> > +out:
> > + spin_unlock(&ffa_buffer_lock);
> > +
> > + if ( ret > 0 )
> > + set_regs_frag_rx(regs, handle_lo, handle_hi, ret, sender_id);
> > + else if ( ret == 0)
> > + set_regs_success(regs, handle_lo, handle_hi);
> > + else
> > + set_regs_error(regs, ret);
> > +}
> > +
> > +static int handle_mem_reclaim(uint64_t handle, uint32_t flags)
> > +{
> > + struct ffa_shm_mem *shm;
> > + uint32_t handle_hi;
> > + uint32_t handle_lo;
> > + int ret;
> > +
> > + spin_lock(&ffa_mem_list_lock);
> > + list_for_each_entry(shm, &ffa_mem_list, list) {
> > + if ( shm->handle == handle )
> > + goto found_it;
> > + }
> > + shm = NULL;
> > +found_it:
> > + spin_unlock(&ffa_mem_list_lock);
> > +
> > + if ( !shm )
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + reg_pair_from_64(&handle_hi, &handle_lo, handle);
> > + ret = ffa_mem_reclaim(handle_lo, handle_hi, flags);
> > + if ( ret )
> > + return ret;
> > +
> > + spin_lock(&ffa_mem_list_lock);
> > + list_del(&shm->list);
> > + spin_unlock(&ffa_mem_list_lock);
> > +
> > + put_shm_pages(shm);
> > + xfree(shm);
> > +
> > + return ret;
> > +}
> > +
> > +bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
> > +{
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + uint32_t count;
> > + uint32_t e;
> > +
> > + if ( !ctx )
> > + return false;
> > +
> > + switch ( fid )
> > + {
> > + case FFA_VERSION:
> > + handle_version(regs);
> > + return true;
> > + case FFA_ID_GET:
> > + set_regs_success(regs, get_vm_id(d), 0);
> > + return true;
> > + case FFA_RXTX_MAP_32:
> > +#ifdef CONFIG_ARM_64
> > + case FFA_RXTX_MAP_64:
> > +#endif
> > + e = handle_rxtx_map(fid, get_user_reg(regs, 1), get_user_reg(regs, 2),
> > + get_user_reg(regs, 3));
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, 0, 0);
> > + return true;
> > + case FFA_RXTX_UNMAP:
> > + e = handle_rxtx_unmap();
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, 0, 0);
> > + return true;
> > + case FFA_PARTITION_INFO_GET:
> > + e = handle_partition_info_get(get_user_reg(regs, 1),
> > + get_user_reg(regs, 2),
> > + get_user_reg(regs, 3),
> > + get_user_reg(regs, 4),
> > + get_user_reg(regs, 5), &count);
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, count, 0);
> > + return true;
> > + case FFA_RX_RELEASE:
> > + e = handle_rx_release();
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, 0, 0);
> > + return true;
> > + case FFA_MSG_SEND_DIRECT_REQ_32:
> > +#ifdef CONFIG_ARM_64
> > + case FFA_MSG_SEND_DIRECT_REQ_64:
> > +#endif
> > + handle_msg_send_direct_req(regs, fid);
> > + return true;
> > + case FFA_MEM_SHARE_32:
> > +#ifdef CONFIG_ARM_64
> > + case FFA_MEM_SHARE_64:
> > +#endif
> > + handle_mem_share(regs);
> > + return true;
> > + case FFA_MEM_RECLAIM:
> > + e = handle_mem_reclaim(reg_pair_to_64(get_user_reg(regs, 2),
> > + get_user_reg(regs, 1)),
> > + get_user_reg(regs, 3));
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, 0, 0);
> > + return true;
> > + case FFA_MEM_FRAG_TX:
> > + handle_mem_frag_tx(regs);
> > + return true;
> > +
> > + default:
> > + printk(XENLOG_ERR "ffa: unhandled fid 0x%x\n", fid);
> > + return false;
> > + }
> > +}
> > +
> > +int ffa_domain_init(struct domain *d)
> > +{
> > + struct ffa_ctx *ctx;
> > + unsigned int n;
> > + unsigned int m;
> > + unsigned int c_pos;
> > + int32_t res;
> > +
> > + if ( !ffa_version )
> > + return 0;
> > +
> > + ctx = xzalloc(struct ffa_ctx);
> > + if ( !ctx )
> > + return -ENOMEM;
> > +
> > + for ( n = 0; n < subsr_vm_created_count; n++ ) {
> > + res = ffa_direct_req_send_vm(subsr_vm_created[n], get_vm_id(d),
> > + FFA_MSG_SEND_VM_CREATED);
> > + if ( res ) {
> > + printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n",
> > + get_vm_id(d), subsr_vm_created[n], res);
> > + c_pos = n;
> > + goto err;
> > + }
> > + }
> > +
> > + d->arch.ffa = ctx;
> > +
> > + return 0;
> > +
> > +err:
> > + /* Undo any already sent vm created messaged */
> > + for ( n = 0; n < c_pos; n++ )
> > + for ( m = 0; m < subsr_vm_destroyed_count; m++ )
> > + if ( subsr_vm_destroyed[m] == subsr_vm_created[n] )
> > + ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
> > + FFA_MSG_SEND_VM_DESTROYED);
> > + return -ENOMEM;
> > +}
> > +
> > +int ffa_relinquish_resources(struct domain *d)
> > +{
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + unsigned int n;
> > + int32_t res;
> > +
> > + if ( !ctx )
> > + return 0;
> > +
> > + for ( n = 0; n < subsr_vm_destroyed_count; n++ ) {
> > + res = ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
> > + FFA_MSG_SEND_VM_DESTROYED);
> > +
> > + if ( res )
> > + printk(XENLOG_ERR "ffa: Failed to report destruction of vm_id %u to %u: res %d\n",
> > + get_vm_id(d), subsr_vm_destroyed[n], res);
> > + }
> > +
> > + XFREE(d->arch.ffa);
> > +
> > + return 0;
> > +}
> > +
> > +static bool __init init_subscribers(void)
> > +{
> > + struct ffa_partition_info_1_1 *fpi;
> > + bool ret = false;
> > + uint32_t count;
> > + uint32_t e;
> > + uint32_t n;
> > + uint32_t c_pos;
> > + uint32_t d_pos;
> > +
> > + if ( ffa_version < FFA_VERSION_1_1 )
> > + return true;
> > +
> > + e = ffa_partition_info_get(0, 0, 0, 0, 1, &count);
> > + ffa_rx_release();
> > + if ( e ) {
> > + printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", (int)e);
> > + goto out;
> > + }
> > +
> > + fpi = ffa_rx;
> > + subsr_vm_created_count = 0;
> > + subsr_vm_destroyed_count = 0;
> > + for ( n = 0; n < count; n++ ) {
> > + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
> > + subsr_vm_created_count++;
> > + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
> > + subsr_vm_destroyed_count++;
> > + }
> > +
> > + if ( subsr_vm_created_count )
> > + subsr_vm_created = xzalloc_array(uint16_t, subsr_vm_created_count);
> > + if ( subsr_vm_destroyed_count )
> > + subsr_vm_destroyed = xzalloc_array(uint16_t, subsr_vm_destroyed_count);
> > + if ( (subsr_vm_created_count && !subsr_vm_created) ||
> > + (subsr_vm_destroyed_count && !subsr_vm_destroyed) ) {
> > + printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n");
> > + subsr_vm_created_count = 0;
> > + subsr_vm_destroyed_count = 0;
> > + XFREE(subsr_vm_created);
> > + XFREE(subsr_vm_destroyed);
> > + goto out;
> > + }
> > +
> > + for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) {
> > + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
> > + subsr_vm_created[c_pos++] = fpi[n].id;
> > + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
> > + subsr_vm_destroyed[d_pos++] = fpi[n].id;
> > + }
> > +
> > + ret = true;
> > +out:
> > + ffa_rx_release();
> > + return ret;
> > +}
> > +
> > +static int __init ffa_init(void)
> > +{
> > + uint32_t vers;
> > + uint32_t e;
> > + unsigned int major_vers;
> > + unsigned int minor_vers;
> > +
> > + /*
> > + * psci_init_smccc() updates this value with what's reported by EL-3
> > + * or secure world.
> > + */
> > + if ( smccc_ver < ARM_SMCCC_VERSION_1_2 )
> > + {
> > + printk(XENLOG_ERR
> > + "ffa: unsupported SMCCC version %#x (need at least %#x)\n",
> > + smccc_ver, ARM_SMCCC_VERSION_1_2);
> > + return 0;
> > + }
> > +
> > + if ( !ffa_get_version(&vers) )
> > + return 0;
> > +
> > + if ( vers < FFA_MIN_VERSION || vers > FFA_MY_VERSION )
> > + {
> > + printk(XENLOG_ERR "ffa: Incompatible version %#x found\n", vers);
> > + return 0;
> > + }
> > +
> > + major_vers = (vers >> FFA_VERSION_MAJOR_SHIFT) & FFA_VERSION_MAJOR_MASK;
> > + minor_vers = vers & FFA_VERSION_MINOR_MASK;
> > + printk(XENLOG_ERR "ARM FF-A Mediator version %u.%u\n",
> > + FFA_VERSION_MAJOR, FFA_VERSION_MINOR);
> > + printk(XENLOG_ERR "ARM FF-A Firmware version %u.%u\n",
> > + major_vers, minor_vers);
>
> XENLOG_INFO
I'll fix. Thanks for looking at this.
Cheers,
Jens
>
>
> > + ffa_rx = alloc_xenheap_pages(0, 0);
> > + if ( !ffa_rx )
> > + return 0;
> > +
> > + ffa_tx = alloc_xenheap_pages(0, 0);
> > + if ( !ffa_tx )
> > + goto err_free_ffa_rx;
> > +
> > + e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), 1);
> > + if ( e )
> > + {
> > + printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", (int)e);
> > + goto err_free_ffa_tx;
> > + }
> > + ffa_page_count = 1;
> > + ffa_version = vers;
> > +
> > + if ( !init_subscribers() )
> > + goto err_free_ffa_tx;
> > +
> > + return 0;
> > +
> > +err_free_ffa_tx:
> > + free_xenheap_pages(ffa_tx, 0);
> > + ffa_tx = NULL;
> > +err_free_ffa_rx:
> > + free_xenheap_pages(ffa_rx, 0);
> > + ffa_rx = NULL;
> > + ffa_page_count = 0;
> > + ffa_version = 0;
> > + XFREE(subsr_vm_created);
> > + subsr_vm_created_count = 0;
> > + XFREE(subsr_vm_destroyed);
> > + subsr_vm_destroyed_count = 0;
> > + return 0;
> > +}
> > +
> > +__initcall(ffa_init);
> > diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h
> > index ed63c2b6f91f..b3dee269bced 100644
> > --- a/xen/arch/arm/include/asm/domain.h
> > +++ b/xen/arch/arm/include/asm/domain.h
> > @@ -103,6 +103,10 @@ struct arch_domain
> > void *tee;
> > #endif
> >
> > +#ifdef CONFIG_FFA
> > + void *ffa;
> > +#endif
> > +
> > bool directmap;
> > } __cacheline_aligned;
> >
> > diff --git a/xen/arch/arm/include/asm/ffa.h b/xen/arch/arm/include/asm/ffa.h
> > new file mode 100644
> > index 000000000000..1c6ce6421294
> > --- /dev/null
> > +++ b/xen/arch/arm/include/asm/ffa.h
> > @@ -0,0 +1,71 @@
> > +/*
> > + * xen/arch/arm/ffa.c
> > + *
> > + * Arm Firmware Framework for ARMv8-A(FFA) mediator
> > + *
> > + * Copyright (C) 2021 Linaro Limited
> > + *
> > + * Permission is hereby granted, free of charge, to any person
> > + * obtaining a copy of this software and associated documentation
> > + * files (the "Software"), to deal in the Software without restriction,
> > + * including without limitation the rights to use, copy, modify, merge,
> > + * publish, distribute, sublicense, and/or sell copies of the Software,
> > + * and to permit persons to whom the Software is furnished to do so,
> > + * subject to the following conditions:
> > + *
> > + * The above copyright notice and this permission notice shall be
> > + * included in all copies or substantial portions of the Software.
> > + *
> > + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> > + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> > + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
> > + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
> > + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
> > + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
> > + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
> > + */
> > +
> > +#ifndef __ASM_ARM_FFA_H__
> > +#define __ASM_ARM_FFA_H__
> > +
> > +#include <xen/const.h>
> > +
> > +#include <asm/smccc.h>
> > +#include <asm/types.h>
> > +
> > +#define FFA_FNUM_MIN_VALUE _AC(0x60,U)
> > +#define FFA_FNUM_MAX_VALUE _AC(0x86,U)
> > +
> > +static inline bool is_ffa_fid(uint32_t fid)
> > +{
> > + uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
> > +
> > + return fn >= FFA_FNUM_MIN_VALUE && fn <= FFA_FNUM_MAX_VALUE;
> > +}
> > +
> > +#ifdef CONFIG_FFA
> > +#define FFA_NR_FUNCS 11
> > +
> > +bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid);
> > +int ffa_domain_init(struct domain *d);
> > +int ffa_relinquish_resources(struct domain *d);
> > +#else
> > +#define FFA_NR_FUNCS 0
> > +
> > +static inline bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
> > +{
> > + return false;
> > +}
> > +
> > +static inline int ffa_domain_init(struct domain *d)
> > +{
> > + return 0;
> > +}
> > +
> > +static inline int ffa_relinquish_resources(struct domain *d)
> > +{
> > + return 0;
> > +}
> > +#endif
> > +
> > +#endif /*__ASM_ARM_FFA_H__*/
> > diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
> > index 6f90c08a6304..34586025eff8 100644
> > --- a/xen/arch/arm/vsmc.c
> > +++ b/xen/arch/arm/vsmc.c
> > @@ -20,6 +20,7 @@
> > #include <public/arch-arm/smccc.h>
> > #include <asm/cpuerrata.h>
> > #include <asm/cpufeature.h>
> > +#include <asm/ffa.h>
> > #include <asm/monitor.h>
> > #include <asm/regs.h>
> > #include <asm/smccc.h>
> > @@ -32,7 +33,7 @@
> > #define XEN_SMCCC_FUNCTION_COUNT 3
> >
> > /* Number of functions currently supported by Standard Service Service Calls. */
> > -#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS)
> > +#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS + FFA_NR_FUNCS)
> >
> > static bool fill_uid(struct cpu_user_regs *regs, xen_uuid_t uuid)
> > {
> > @@ -196,13 +197,23 @@ static bool handle_existing_apis(struct cpu_user_regs *regs)
> > return do_vpsci_0_1_call(regs, fid);
> > }
> >
> > +static bool is_psci_fid(uint32_t fid)
> > +{
> > + uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
> > +
> > + return fn >= 0 && fn <= 0x1fU;
> > +}
> > +
> > /* PSCI 0.2 interface and other Standard Secure Calls */
> > static bool handle_sssc(struct cpu_user_regs *regs)
> > {
> > uint32_t fid = (uint32_t)get_user_reg(regs, 0);
> >
> > - if ( do_vpsci_0_2_call(regs, fid) )
> > - return true;
> > + if ( is_psci_fid(fid) )
> > + return do_vpsci_0_2_call(regs, fid);
> > +
> > + if ( is_ffa_fid(fid) )
> > + return ffa_handle_call(regs, fid);
> >
> > switch ( fid )
> > {
> > --
> > 2.31.1
> >
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-14 19:47 ` Volodymyr Babchuk
2022-06-15 18:15 ` Julien Grall
@ 2022-06-16 22:37 ` Jens Wiklander
2022-06-17 8:16 ` Julien Grall
1 sibling, 1 reply; 21+ messages in thread
From: Jens Wiklander @ 2022-06-16 22:37 UTC (permalink / raw)
To: Volodymyr Babchuk; +Cc: xen-devel, Stefano Stabellini, Julien Grall
Hi Volodymyr,
On Tue, Jun 14, 2022 at 07:47:18PM +0000, Volodymyr Babchuk wrote:
>
> Hello Jens,
>
> Sorry for late review, I was busy with internal projects.
>
> This is preliminary review. I gave up at scatter-gather operations. Need
> more time to review them properly.
No problem, thanks for taking the time.
>
> One thing that bothers me is that Xen is non-preemptive and there are
> plenty potentially long-running operations.
There's room to deal with that in the FF-A specification. These scatter
gather operation are quite complicated so I started with the minimum. We
can as a future optimization address the problem with long running
operations.
>
> Jens Wiklander <jens.wiklander@linaro.org> writes:
>
> > Adds a FF-A version 1.1 [1] mediator to communicate with a Secure
> > Partition in secure world.
> >
> > The implementation is the bare minimum to be able to communicate with
> > OP-TEE running as an SPMC at S-EL1.
> >
> > This is loosely based on the TEE mediator framework and the OP-TEE
> > mediator.
> >
> > [1] https://urldefense.com/v3/__https://developer.arm.com/documentation/den0077/latest__;!!GF_29dbcQIUBPA!1rn9xKdmcgMXOyZ_CvNIVq-wAS1ZI_Ews1w-Gqt0YPwSXyyTJedeFQgD65WhhOwIf_-cIa4EINzmwM4o62XPcMt1cTLcMZ7d$ [developer[.]arm[.]com]
> > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> > ---
> > xen/arch/arm/Kconfig | 11 +
> > xen/arch/arm/Makefile | 1 +
> > xen/arch/arm/domain.c | 10 +
> > xen/arch/arm/ffa.c | 1624 +++++++++++++++++++++++++++++
> > xen/arch/arm/include/asm/domain.h | 4 +
> > xen/arch/arm/include/asm/ffa.h | 71 ++
> > xen/arch/arm/vsmc.c | 17 +-
> > 7 files changed, 1735 insertions(+), 3 deletions(-)
> > create mode 100644 xen/arch/arm/ffa.c
> > create mode 100644 xen/arch/arm/include/asm/ffa.h
> >
> > diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> > index ecfa6822e4d3..5b75067e2745 100644
> > --- a/xen/arch/arm/Kconfig
> > +++ b/xen/arch/arm/Kconfig
> > @@ -106,6 +106,17 @@ config TEE
> >
> > source "arch/arm/tee/Kconfig"
> >
> > +config FFA
> > + bool "Enable FF-A mediator support" if EXPERT
> > + default n
> > + depends on ARM_64
> > + help
> > + This option enables a minamal FF-A mediator. The mediator is
> > + generic as it follows the FF-A specification [1], but it only
> > + implements a small substet of the specification.
> > +
> > + [1] https://urldefense.com/v3/__https://developer.arm.com/documentation/den0077/latest__;!!GF_29dbcQIUBPA!1rn9xKdmcgMXOyZ_CvNIVq-wAS1ZI_Ews1w-Gqt0YPwSXyyTJedeFQgD65WhhOwIf_-cIa4EINzmwM4o62XPcMt1cTLcMZ7d$ [developer[.]arm[.]com]
> > +
> > endmenu
> >
> > menu "ARM errata workaround via the alternative framework"
> > diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> > index 1d862351d111..dbf5e593a069 100644
> > --- a/xen/arch/arm/Makefile
> > +++ b/xen/arch/arm/Makefile
> > @@ -20,6 +20,7 @@ obj-y += domain.o
> > obj-y += domain_build.init.o
> > obj-y += domctl.o
> > obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
> > +obj-$(CONFIG_FFA) += ffa.o
> > obj-y += gic.o
> > obj-y += gic-v2.o
> > obj-$(CONFIG_GICV3) += gic-v3.o
> > diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> > index 8110c1df8638..a93e6a9c4aef 100644
> > --- a/xen/arch/arm/domain.c
> > +++ b/xen/arch/arm/domain.c
> > @@ -27,6 +27,7 @@
> > #include <asm/cpufeature.h>
> > #include <asm/current.h>
> > #include <asm/event.h>
> > +#include <asm/ffa.h>
> > #include <asm/gic.h>
> > #include <asm/guest_atomics.h>
> > #include <asm/irq.h>
> > @@ -756,6 +757,9 @@ int arch_domain_create(struct domain *d,
> > if ( (rc = tee_domain_init(d, config->arch.tee_type)) != 0 )
> > goto fail;
> >
> > + if ( (rc = ffa_domain_init(d)) != 0 )
>
> So, FFA support will be enabled for each domain? I think that this is
> fine for experimental feature, but I want to hear maintainer's opinion.
>
> > + goto fail;
> > +
> > update_domain_wallclock_time(d);
> >
> > /*
> > @@ -998,6 +1002,7 @@ static int relinquish_memory(struct domain *d, struct page_list_head *list)
> > enum {
> > PROG_pci = 1,
> > PROG_tee,
> > + PROG_ffa,
> > PROG_xen,
> > PROG_page,
> > PROG_mapping,
> > @@ -1046,6 +1051,11 @@ int domain_relinquish_resources(struct domain *d)
> > if (ret )
> > return ret;
> >
> > + PROGRESS(ffa):
> > + ret = ffa_relinquish_resources(d);
> > + if (ret )
>
> Coding style: if ( ret )
>
> > + return ret;
> > +
> > PROGRESS(xen):
> > ret = relinquish_memory(d, &d->xenpage_list);
> > if ( ret )
> > diff --git a/xen/arch/arm/ffa.c b/xen/arch/arm/ffa.c
> > new file mode 100644
> > index 000000000000..9063b7f2b59e
> > --- /dev/null
> > +++ b/xen/arch/arm/ffa.c
> > @@ -0,0 +1,1624 @@
> > +/*
> > + * xen/arch/arm/ffa.c
> > + *
> > + * Arm Firmware Framework for ARMv8-A(FFA) mediator
> > + *
> > + * Copyright (C) 2021 Linaro Limited
>
> It is 2022 already :)
Haha, time flies. :-)
>
> > + *
> > + * Permission is hereby granted, free of charge, to any person
> > + * obtaining a copy of this software and associated documentation
> > + * files (the "Software"), to deal in the Software without restriction,
> > + * including without limitation the rights to use, copy, modify, merge,
> > + * publish, distribute, sublicense, and/or sell copies of the Software,
> > + * and to permit persons to whom the Software is furnished to do so,
> > + * subject to the following conditions:
> > + *
> > + * The above copyright notice and this permission notice shall be
> > + * included in all copies or substantial portions of the Software.
> > + *
> > + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> > + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> > + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
> > + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
> > + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
> > + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
> > + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
> > + */
> > +
> > +#include <xen/domain_page.h>
> > +#include <xen/errno.h>
> > +#include <xen/init.h>
> > +#include <xen/lib.h>
> > +#include <xen/sched.h>
> > +#include <xen/types.h>
> > +#include <xen/sizes.h>
> > +#include <xen/bitops.h>
> > +
> > +#include <asm/smccc.h>
> > +#include <asm/event.h>
> > +#include <asm/ffa.h>
> > +#include <asm/regs.h>
> > +
> > +/* Error codes */
> > +#define FFA_RET_OK 0
> > +#define FFA_RET_NOT_SUPPORTED -1
> > +#define FFA_RET_INVALID_PARAMETERS -2
> > +#define FFA_RET_NO_MEMORY -3
> > +#define FFA_RET_BUSY -4
> > +#define FFA_RET_INTERRUPTED -5
> > +#define FFA_RET_DENIED -6
> > +#define FFA_RET_RETRY -7
> > +#define FFA_RET_ABORTED -8
> > +
> > +/* FFA_VERSION helpers */
> > +#define FFA_VERSION_MAJOR _AC(1,U)
> > +#define FFA_VERSION_MAJOR_SHIFT _AC(16,U)
> > +#define FFA_VERSION_MAJOR_MASK _AC(0x7FFF,U)
> > +#define FFA_VERSION_MINOR _AC(1,U)
> > +#define FFA_VERSION_MINOR_SHIFT _AC(0,U)
> > +#define FFA_VERSION_MINOR_MASK _AC(0xFFFF,U)
> > +#define MAKE_FFA_VERSION(major, minor) \
> > + ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \
> > + ((minor) & FFA_VERSION_MINOR_MASK))
> > +
> > +#define FFA_MIN_VERSION MAKE_FFA_VERSION(1, 0)
> > +#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0)
> > +#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1)
> > +#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_VERSION_MAJOR, \
> > + FFA_VERSION_MINOR)
> > +
> > +
> > +#define FFA_HANDLE_HYP_FLAG BIT(63,ULL)
> > +
> > +/* Memory attributes: Normal memory, Write-Back cacheable, Inner shareable */
> > +#define FFA_NORMAL_MEM_REG_ATTR _AC(0x2f,U)
> > +
> > +/* Memory access permissions: Read-write */
> > +#define FFA_MEM_ACC_RW _AC(0x2,U)
> > +
> > +/* Clear memory before mapping in receiver */
> > +#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U)
> > +/* Relayer may time slice this operation */
> > +#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U)
> > +/* Clear memory after receiver relinquishes it */
> > +#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U)
> > +
> > +/* Share memory transaction */
> > +#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (_AC(1,U) << 3)
> > +/* Relayer must choose the alignment boundary */
> > +#define FFA_MEMORY_REGION_FLAG_ANY_ALIGNMENT _AC(0,U)
> BIT(0, U)?
No, it's rather bit 9 set to 0. This is unused, I'll remove it instead.
>
> > +
> > +#define FFA_HANDLE_INVALID _AC(0xffffffffffffffff,ULL)
> > +
> > +/* Framework direct request/response */
> > +#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U)
> > +#define FFA_MSG_TYPE_MASK _AC(0xFF,U);
> > +#define FFA_MSG_PSCI _AC(0x0,U)
> > +#define FFA_MSG_SEND_VM_CREATED _AC(0x4,U)
> > +#define FFA_MSG_RESP_VM_CREATED _AC(0x5,U)
> > +#define FFA_MSG_SEND_VM_DESTROYED _AC(0x6,U)
> > +#define FFA_MSG_RESP_VM_DESTROYED _AC(0x7,U)
> > +
> > +/*
> > + * Flags used for the FFA_PARTITION_INFO_GET return message:
> > + * BIT(0): Supports receipt of direct requests
> > + * BIT(1): Can send direct requests
> > + * BIT(2): Can send and receive indirect messages
> > + * BIT(3): Supports receipt of notifications
> > + * BIT(4-5): Partition ID is a PE endpoint ID
> > + */
> > +#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0,U)
> > +#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1,U)
> > +#define FFA_PART_PROP_INDIRECT_MSGS BIT(2,U)
> > +#define FFA_PART_PROP_RECV_NOTIF BIT(3,U)
> > +#define FFA_PART_PROP_IS_PE_ID (_AC(0,U) << 4)
> > +#define FFA_PART_PROP_IS_SEPID_INDEP (_AC(1,U) << 4)
> > +#define FFA_PART_PROP_IS_SEPID_DEP (_AC(2,U) << 4)
> > +#define FFA_PART_PROP_IS_AUX_ID (_AC(3,U) << 4)
> > +#define FFA_PART_PROP_NOTIF_CREATED BIT(6,U)
> > +#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7,U)
> > +#define FFA_PART_PROP_AARCH64_STATE BIT(8,U)
> > +
> > +/* Function IDs */
> > +#define FFA_ERROR _AC(0x84000060,U)
> > +#define FFA_SUCCESS_32 _AC(0x84000061,U)
> > +#define FFA_SUCCESS_64 _AC(0xC4000061,U)
> > +#define FFA_INTERRUPT _AC(0x84000062,U)
> > +#define FFA_VERSION _AC(0x84000063,U)
> > +#define FFA_FEATURES _AC(0x84000064,U)
> > +#define FFA_RX_ACQUIRE _AC(0x84000084,U)
> > +#define FFA_RX_RELEASE _AC(0x84000065,U)
> > +#define FFA_RXTX_MAP_32 _AC(0x84000066,U)
> > +#define FFA_RXTX_MAP_64 _AC(0xC4000066,U)
> > +#define FFA_RXTX_UNMAP _AC(0x84000067,U)
> > +#define FFA_PARTITION_INFO_GET _AC(0x84000068,U)
> > +#define FFA_ID_GET _AC(0x84000069,U)
> > +#define FFA_SPM_ID_GET _AC(0x84000085,U)
> > +#define FFA_MSG_WAIT _AC(0x8400006B,U)
> > +#define FFA_MSG_YIELD _AC(0x8400006C,U)
> > +#define FFA_MSG_RUN _AC(0x8400006D,U)
> > +#define FFA_MSG_SEND2 _AC(0x84000086,U)
> > +#define FFA_MSG_SEND_DIRECT_REQ_32 _AC(0x8400006F,U)
> > +#define FFA_MSG_SEND_DIRECT_REQ_64 _AC(0xC400006F,U)
> > +#define FFA_MSG_SEND_DIRECT_RESP_32 _AC(0x84000070,U)
> > +#define FFA_MSG_SEND_DIRECT_RESP_64 _AC(0xC4000070,U)
> > +#define FFA_MEM_DONATE_32 _AC(0x84000071,U)
> > +#define FFA_MEM_DONATE_64 _AC(0xC4000071,U)
> > +#define FFA_MEM_LEND_32 _AC(0x84000072,U)
> > +#define FFA_MEM_LEND_64 _AC(0xC4000072,U)
> > +#define FFA_MEM_SHARE_32 _AC(0x84000073,U)
> > +#define FFA_MEM_SHARE_64 _AC(0xC4000073,U)
> > +#define FFA_MEM_RETRIEVE_REQ_32 _AC(0x84000074,U)
> > +#define FFA_MEM_RETRIEVE_REQ_64 _AC(0xC4000074,U)
> > +#define FFA_MEM_RETRIEVE_RESP _AC(0x84000075,U)
> > +#define FFA_MEM_RELINQUISH _AC(0x84000076,U)
> > +#define FFA_MEM_RECLAIM _AC(0x84000077,U)
> > +#define FFA_MEM_FRAG_RX _AC(0x8400007A,U)
> > +#define FFA_MEM_FRAG_TX _AC(0x8400007B,U)
> > +#define FFA_MSG_SEND _AC(0x8400006E,U)
> > +#define FFA_MSG_POLL _AC(0x8400006A,U)
> > +
> > +/* Partition information descriptor */
> > +struct ffa_partition_info_1_0 {
> > + uint16_t id;
> > + uint16_t execution_context;
> > + uint32_t partition_properties;
> > +};
> > +
> > +struct ffa_partition_info_1_1 {
> > + uint16_t id;
> > + uint16_t execution_context;
> > + uint32_t partition_properties;
> > + uint8_t uuid[16];
> > +};
> > +
> > +/* Constituent memory region descriptor */
> > +struct ffa_address_range {
> > + uint64_t address;
> > + uint32_t page_count;
> > + uint32_t reserved;
> > +};
> > +
> > +/* Composite memory region descriptor */
> > +struct ffa_mem_region {
> > + uint32_t total_page_count;
> > + uint32_t address_range_count;
> > + uint64_t reserved;
> > + struct ffa_address_range address_range_array[];
> > +};
> > +
> > +/* Memory access permissions descriptor */
> > +struct ffa_mem_access_perm {
> > + uint16_t endpoint_id;
> > + uint8_t perm;
> > + uint8_t flags;
> > +};
> > +
> > +/* Endpoint memory access descriptor */
> > +struct ffa_mem_access {
> > + struct ffa_mem_access_perm access_perm;
> > + uint32_t region_offs;
> > + uint64_t reserved;
> > +};
> > +
> > +/* Lend, donate or share memory transaction descriptor */
> > +struct ffa_mem_transaction_1_0 {
> > + uint16_t sender_id;
> > + uint8_t mem_reg_attr;
> > + uint8_t reserved0;
> > + uint32_t flags;
> > + uint64_t global_handle;
> > + uint64_t tag;
> > + uint32_t reserved1;
> > + uint32_t mem_access_count;
> > + struct ffa_mem_access mem_access_array[];
> > +};
> > +
> > +struct ffa_mem_transaction_1_1 {
> > + uint16_t sender_id;
> > + uint16_t mem_reg_attr;
> > + uint32_t flags;
> > + uint64_t global_handle;
> > + uint64_t tag;
> > + uint32_t mem_access_size;
> > + uint32_t mem_access_count;
> > + uint32_t mem_access_offs;
> > + uint8_t reserved[12];
> > +};
> > +
> > +/*
> > + * The parts needed from struct ffa_mem_transaction_1_0 or struct
> > + * ffa_mem_transaction_1_1, used to provide an abstraction of difference in
> > + * data structures between version 1.0 and 1.1. This is just an internal
> > + * interface and can be changed without changing any ABI.
> > + */
> > +struct ffa_mem_transaction_x {
> > + uint16_t sender_id;
> > + uint8_t mem_reg_attr;
> > + uint8_t flags;
> > + uint8_t mem_access_size;
> > + uint8_t mem_access_count;
> > + uint16_t mem_access_offs;
> > + uint64_t global_handle;
> > + uint64_t tag;
> > +};
> > +
> > +/* Endpoint RX/TX descriptor */
> > +struct ffa_endpoint_rxtx_descriptor_1_0 {
> > + uint16_t sender_id;
> > + uint16_t reserved;
> > + uint32_t rx_range_count;
> > + uint32_t tx_range_count;
> > +};
> > +
> > +struct ffa_endpoint_rxtx_descriptor_1_1 {
> > + uint16_t sender_id;
> > + uint16_t reserved;
> > + uint32_t rx_region_offs;
> > + uint32_t tx_region_offs;
> > +};
> > +
> > +struct ffa_ctx {
> > + void *rx;
> > + void *tx;
> > + struct page_info *rx_pg;
> > + struct page_info *tx_pg;
> > + unsigned int page_count;
> > + uint32_t guest_vers;
> > + bool tx_is_mine;
> > + bool interrupted;
> > +};
> > +
> > +struct ffa_shm_mem {
> > + struct list_head list;
> > + uint16_t sender_id;
> > + uint16_t ep_id; /* endpoint, the one lending */
> > + uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */
> > + unsigned int page_count;
> > + struct page_info *pages[];
> > +};
> > +
> > +struct mem_frag_state {
> > + struct list_head list;
> > + struct ffa_shm_mem *shm;
> > + uint32_t range_count;
> > + unsigned int current_page_idx;
> > + unsigned int frag_offset;
> > + unsigned int range_offset;
> > + uint8_t *buf;
> > + unsigned int buf_size;
> > + struct ffa_address_range range;
> > +};
> > +
> > +/*
> > + * Our rx/rx buffer shared with the SPMC
> > + */
> > +static uint32_t ffa_version;
> > +static uint16_t *subsr_vm_created;
> > +static unsigned int subsr_vm_created_count;
> > +static uint16_t *subsr_vm_destroyed;
> > +static unsigned int subsr_vm_destroyed_count;
> > +static void *ffa_rx;
> > +static void *ffa_tx;
> > +static unsigned int ffa_page_count;
> > +static spinlock_t ffa_buffer_lock = SPIN_LOCK_UNLOCKED;
> > +
> > +static struct list_head ffa_mem_list = LIST_HEAD_INIT(ffa_mem_list);
> > +static struct list_head ffa_frag_list = LIST_HEAD_INIT(ffa_frag_list);
> > +static spinlock_t ffa_mem_list_lock = SPIN_LOCK_UNLOCKED;
> > +
> > +static uint64_t next_handle = FFA_HANDLE_HYP_FLAG;
> > +
> > +static uint64_t reg_pair_to_64(uint32_t reg0, uint32_t reg1)
> > +{
> > + return (uint64_t)reg0 << 32 | reg1;
> > +}
> > +
> > +static void reg_pair_from_64(uint32_t *reg0, uint32_t *reg1, uint64_t val)
> > +{
> > + *reg0 = val >> 32;
> > + *reg1 = val;
> > +}
> > +
> > +static bool ffa_get_version(uint32_t *vers)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_VERSION, .a1 = FFA_MY_VERSION,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > + if ( resp.a0 == FFA_RET_NOT_SUPPORTED )
> > + {
> > + printk(XENLOG_ERR "ffa: FFA_VERSION returned not supported\n");
> > + return false;
> > + }
> > +
> > + *vers = resp.a0;
> > + return true;
> > +}
> > +
> > +static uint32_t ffa_rxtx_map(register_t tx_addr, register_t rx_addr,
> > + uint32_t page_count)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > +#ifdef CONFIG_ARM_64
> > + .a0 = FFA_RXTX_MAP_64,
> > +#endif
> > +#ifdef CONFIG_ARM_32
> > + .a0 = FFA_RXTX_MAP_32,
> > +#endif
> > + .a1 = tx_addr, .a2 = rx_addr,
> > + .a3 = page_count,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
>
> What if we get SMCCC_NOT_SUPPORTED there?
Good point, I'll fix.
>
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static uint32_t ffa_rxtx_unmap(uint16_t vm_id)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_RXTX_UNMAP, .a1 = vm_id,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
>
> The same question. I believe it is better to test against FFA_SUCCESS.
> Also looks like this code can be extracted into some helper function,
> because it repeats again and again.
Yeah, I'll add a helper function.
>
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static uint32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
> > + uint32_t w4, uint32_t w5,
> > + uint32_t *count)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_PARTITION_INFO_GET, .a1 = w1, .a2 = w2, .a3 = w3, .a4 = w4,
> > + .a5 = w5,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + *count = resp.a2;
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static uint32_t ffa_rx_release(void)
> > +{
> > + const struct arm_smccc_1_2_regs arg = { .a0 = FFA_RX_RELEASE, };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len,
> > + register_t addr, uint32_t pg_count,
> > + uint64_t *handle)
> > +{
> > + struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_MEM_SHARE_32, .a1 = tot_len, .a2 = frag_len, .a3 = addr,
> > + .a4 = pg_count,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + /*
> > + * For arm64 we must use 64-bit calling convention if the buffer isn't
> > + * passed in our tx buffer.
> > + */
> > + if (sizeof(addr) > 4 && addr)
> > + arg.a0 = FFA_MEM_SHARE_64;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + switch ( resp.a0 ) {
> > + case FFA_ERROR:
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + case FFA_SUCCESS_32:
> > + *handle = reg_pair_to_64(resp.a3, resp.a2);
> > + return FFA_RET_OK;
> > + case FFA_MEM_FRAG_RX:
> > + *handle = reg_pair_to_64(resp.a2, resp.a1);
> > + return resp.a3;
> > + default:
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +}
> > +
> > +static int32_t ffa_mem_frag_tx(uint64_t handle, uint32_t frag_len,
> > + uint16_t sender_id)
> > +{
> > + struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_MEM_FRAG_TX, .a1 = handle & UINT32_MAX, .a2 = handle >> 32,
> > + .a3 = frag_len, .a4 = (uint32_t)sender_id << 16,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + switch ( resp.a0 ) {
> > + case FFA_ERROR:
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + case FFA_SUCCESS_32:
> > + return FFA_RET_OK;
> > + case FFA_MEM_FRAG_RX:
> > + return resp.a3;
> > + default:
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +}
> > +
> > +static uint32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi,
> > + uint32_t flags)
> > +{
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_MEM_RECLAIM, .a1 = handle_lo, .a2 = handle_hi, .a3 = flags,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + if ( resp.a0 == FFA_ERROR )
> > + {
> > + if ( resp.a2 )
> > + return resp.a2;
> > + else
> > + return FFA_RET_NOT_SUPPORTED;
> > + }
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id,
> > + uint8_t msg)
> > +{
> > + uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK;
> > + int32_t res;
> > +
> > + if ( msg != FFA_MSG_SEND_VM_CREATED && msg !=FFA_MSG_SEND_VM_DESTROYED )
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + if ( msg == FFA_MSG_SEND_VM_CREATED )
> > + exp_resp |= FFA_MSG_RESP_VM_CREATED;
> > + else
> > + exp_resp |= FFA_MSG_RESP_VM_DESTROYED;
> > +
> > + do {
> > + const struct arm_smccc_1_2_regs arg = {
> > + .a0 = FFA_MSG_SEND_DIRECT_REQ_32,
> > + .a1 = sp_id,
> > + .a2 = FFA_MSG_FLAG_FRAMEWORK | msg,
> > + .a5 = vm_id,
> > + };
> > + struct arm_smccc_1_2_regs resp;
> > +
> > + arm_smccc_1_2_smc(&arg, &resp);
> > + if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) {
> > + /*
> > + * This is an invalid response, likely due to some error in the
> > + * implementation of the ABI.
> > + */
> > + return FFA_RET_INVALID_PARAMETERS;
> > + }
> > + res = resp.a3;
> > + } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY );
>
> How long this loop can ran? XEN is not preemptive unfortunately. So,
> maybe we need some way to restart this call.
That's a good question. As long as we don't have any non-secure
interrupts pending (and masked in CPSR) while entering secure world we
should not be able to get FFA_RET_INTERRUPTED. The spec doesn't say why
FFA_RET_RETRY except that secure world may be able to recover from
something if we try again. In the use case I'm aiming for, OP-TEE as
SPMC at S-EL1 without any SPs only TAs, neither of these cases can
happen. So I added this code more for completeness.
>
> > +
> > + return res;
> > +}
> > +
> > +static u16 get_vm_id(struct domain *d)
> > +{
> > + /* +1 since 0 is reserved for the hypervisor in FF-A */
> > + return d->domain_id + 1;
> > +}
> > +
> > +static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1,
> > + register_t v2, register_t v3, register_t v4, register_t v5,
> > + register_t v6, register_t v7)
> > +{
> > + set_user_reg(regs, 0, v0);
> > + set_user_reg(regs, 1, v1);
> > + set_user_reg(regs, 2, v2);
> > + set_user_reg(regs, 3, v3);
> > + set_user_reg(regs, 4, v4);
> > + set_user_reg(regs, 5, v5);
> > + set_user_reg(regs, 6, v6);
> > + set_user_reg(regs, 7, v7);
> > +}
> > +
> > +static void set_regs_error(struct cpu_user_regs *regs, uint32_t error_code)
> > +{
> > + set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0);
> > +}
> > +
> > +static void set_regs_success(struct cpu_user_regs *regs, uint32_t w2,
> > + uint32_t w3)
> > +{
> > + set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0);
> > +}
> > +
> > +static void set_regs_frag_rx(struct cpu_user_regs *regs, uint32_t handle_lo,
> > + uint32_t handle_hi, uint32_t frag_offset,
> > + uint16_t sender_id)
> > +{
> > + set_regs(regs, FFA_MEM_FRAG_RX, handle_lo, handle_hi, frag_offset,
> > + (uint32_t)sender_id << 16, 0, 0, 0);
> > +}
> > +
> > +static void handle_version(struct cpu_user_regs *regs)
> > +{
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + uint32_t vers = get_user_reg(regs, 1);
> > +
> > + if ( vers < FFA_VERSION_1_1 )
> > + vers = FFA_VERSION_1_0;
> > + else
> > + vers = FFA_VERSION_1_1;
> > +
> > + ctx->guest_vers = vers;
> > + set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
> > +}
> > +
> > +static uint32_t handle_rxtx_map(uint32_t fid, register_t tx_addr,
> > + register_t rx_addr, uint32_t page_count)
> > +{
> > + uint32_t ret = FFA_RET_NOT_SUPPORTED;
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + struct page_info *tx_pg;
> > + struct page_info *rx_pg;
> > + p2m_type_t t;
> > + void *rx;
> > + void *tx;
> > +
> > + if ( !smccc_is_conv_64(fid) )
> > + {
> > + tx_addr &= UINT32_MAX;
> > + rx_addr &= UINT32_MAX;
> > + }
> > +
> > + /* For now to keep things simple, only deal with a single page */
> > + if ( page_count != 1 )
> > + return FFA_RET_NOT_SUPPORTED;
> > +
> > + /* Already mapped */
> > + if ( ctx->rx )
> > + return FFA_RET_DENIED;
> > +
> > + tx_pg = get_page_from_gfn(d, gaddr_to_gfn(tx_addr), &t, P2M_ALLOC);
> > + if ( !tx_pg )
> > + return FFA_RET_NOT_SUPPORTED;
> > + /* Only normal RAM for now */
> > + if (t != p2m_ram_rw)
> > + goto err_put_tx_pg;
> > +
> > + rx_pg = get_page_from_gfn(d, gaddr_to_gfn(rx_addr), &t, P2M_ALLOC);
> > + if ( !tx_pg )
> > + goto err_put_tx_pg;
> > + /* Only normal RAM for now */
> > + if ( t != p2m_ram_rw )
> > + goto err_put_rx_pg;
> > +
> > + tx = __map_domain_page_global(tx_pg);
> > + if ( !tx )
> > + goto err_put_rx_pg;
> > +
> > + rx = __map_domain_page_global(rx_pg);
> > + if ( !rx )
> > + goto err_unmap_tx;
> > +
> > + ctx->rx = rx;
> > + ctx->tx = tx;
> > + ctx->rx_pg = rx_pg;
> > + ctx->tx_pg = tx_pg;
> > + ctx->page_count = 1;
> > + ctx->tx_is_mine = true;
> > + return FFA_RET_OK;
> > +
> > +err_unmap_tx:
> > + unmap_domain_page_global(tx);
> > +err_put_rx_pg:
> > + put_page(rx_pg);
> > +err_put_tx_pg:
> > + put_page(tx_pg);
> > + return ret;
> > +}
> > +
> > +static uint32_t handle_rxtx_unmap(void)
> > +{
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + uint32_t ret;
> > +
> > + if ( !ctx-> rx )
>
> coding style: ctx->rx
>
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + ret = ffa_rxtx_unmap(get_vm_id(d));
> > + if ( ret )
> > + return ret;
> > +
> > + unmap_domain_page_global(ctx->rx);
> > + unmap_domain_page_global(ctx->tx);
> > + put_page(ctx->rx_pg);
> > + put_page(ctx->tx_pg);
> > + ctx->rx = NULL;
> > + ctx->tx = NULL;
> > + ctx->rx_pg = NULL;
> > + ctx->tx_pg = NULL;
> > + ctx->page_count = 0;
> > + ctx->tx_is_mine = false;
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static uint32_t handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3,
> > + uint32_t w4, uint32_t w5,
> > + uint32_t *count)
> > +{
> > + uint32_t ret = FFA_RET_DENIED;
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > +
> > + if ( !ffa_page_count )
> > + return FFA_RET_DENIED;
> > +
> > + spin_lock(&ffa_buffer_lock);
> > + if ( !ctx->page_count || !ctx->tx_is_mine )
> > + goto out;
> > + ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count);
> > + if ( ret )
> > + goto out;
> > + if ( ctx->guest_vers == FFA_VERSION_1_0 ) {
> > + size_t n;
> > + struct ffa_partition_info_1_1 *src = ffa_rx;
> > + struct ffa_partition_info_1_0 *dst = ctx->rx;
> > +
> > + for ( n = 0; n < *count; n++ ) {
> > + dst[n].id = src[n].id;
> > + dst[n].execution_context = src[n].execution_context;
> > + dst[n].partition_properties = src[n].partition_properties;
> > + }
> > + } else {
>
> Maybe it is worth to check version in this branch? Or at least
> put ASSERT(ctx->guest_vers == FFA_VERSION_1_1).
This is actually on purpose. If a newer version is introduced, depending
on what's changed this may very well continue to work. I suppose one
purpose with such an assert would be to catch all the places you need to
double check when increasing the version, but that seems a little messy.
>
> > + size_t sz = *count * sizeof(struct ffa_partition_info_1_1);
> > +
> > + memcpy(ctx->rx, ffa_rx, sz);
> > + }
> > + ffa_rx_release();
> > + ctx->tx_is_mine = false;
> > +out:
> > + spin_unlock(&ffa_buffer_lock);
> > +
> > + return ret;
> > +}
> > +
> > +static uint32_t handle_rx_release(void)
> > +{
> > + uint32_t ret = FFA_RET_DENIED;
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > +
> > + spin_lock(&ffa_buffer_lock);
> > + if ( !ctx->page_count || ctx->tx_is_mine )
> > + goto out;
> > + ret = FFA_RET_OK;
> > + ctx->tx_is_mine = true;
> > +out:
> > + spin_unlock(&ffa_buffer_lock);
> > +
> > + return ret;
> > +}
> > +
> > +static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid)
> > +{
> > + struct arm_smccc_1_2_regs arg = { .a0 = fid, };
> > + struct arm_smccc_1_2_regs resp = { };
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + uint32_t src_dst;
> > + uint64_t mask;
> > +
> > + if ( smccc_is_conv_64(fid) )
> > + mask = 0xffffffffffffffff;
> > + else
> > + mask = 0xffffffff;
> > +
> > + src_dst = get_user_reg(regs, 1);
>
> Should you apply mask there?
src_dst is already an uint32_t so eventual higher bits will be removed in
the assignment.
>
> > + if ( (src_dst >> 16) != get_vm_id(d) )
> > + {
> > + resp.a0 = FFA_ERROR;
> > + resp.a2 = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > +
> > + arg.a1 = src_dst;
> ... or there?
>
>
> > + arg.a2 = get_user_reg(regs, 2) & mask;
> > + arg.a3 = get_user_reg(regs, 3) & mask;
> > + arg.a4 = get_user_reg(regs, 4) & mask;
> > + arg.a5 = get_user_reg(regs, 5) & mask;
> > + arg.a6 = get_user_reg(regs, 6) & mask;
> > + arg.a7 = get_user_reg(regs, 7) & mask;
> > +
> > + while ( true ) {
> > + arm_smccc_1_2_smc(&arg, &resp);
> > +
> > + switch ( resp.a0 )
> > + {
> > + case FFA_INTERRUPT:
> > + ctx->interrupted = true;
> > + goto out;
> > + case FFA_ERROR:
> > + case FFA_SUCCESS_32:
> > + case FFA_SUCCESS_64:
> > + case FFA_MSG_SEND_DIRECT_RESP_32:
> > + case FFA_MSG_SEND_DIRECT_RESP_64:
> > + goto out;
> > + default:
> > + /* Bad fid, report back. */
> > + memset(&arg, 0, sizeof(arg));
> > + arg.a0 = FFA_ERROR;
> > + arg.a1 = src_dst;
> > + arg.a2 = FFA_RET_NOT_SUPPORTED;
> > + continue;
> > + }
> > + }
> > +
> > +out:
> > + set_user_reg(regs, 0, resp.a0);
> > + set_user_reg(regs, 2, resp.a2 & mask);
> > + set_user_reg(regs, 1, resp.a1 & mask);
> Looks like you need to swap two lines above.
Sure, it looks a bit funny.
>
> > + set_user_reg(regs, 3, resp.a3 & mask);
> > + set_user_reg(regs, 4, resp.a4 & mask);
> > + set_user_reg(regs, 5, resp.a5 & mask);
> > + set_user_reg(regs, 6, resp.a6 & mask);
> > + set_user_reg(regs, 7, resp.a7 & mask);
> > +}
> > +
> > +static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm,
> > + struct ffa_address_range *range, uint32_t range_count,
> > + unsigned int start_page_idx,
> > + unsigned int *last_page_idx)
> > +{
> > + unsigned int pg_idx = start_page_idx;
> > + unsigned long gfn;
> > + unsigned int n;
> > + unsigned int m;
> > + p2m_type_t t;
> > + uint64_t addr;
> > +
> > + for ( n = 0; n < range_count; n++ ) {
> > + for ( m = 0; m < range[n].page_count; m++ ) {
> > + if ( pg_idx >= shm->page_count )
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + addr = read_atomic(&range[n].address);
> > + gfn = gaddr_to_gfn(addr + m * PAGE_SIZE);
> > + shm->pages[pg_idx] = get_page_from_gfn(d, gfn, &t, P2M_ALLOC);
> > + if ( !shm->pages[pg_idx] )
> > + return FFA_RET_DENIED;
> > + pg_idx++;
> > + /* Only normal RAM for now */
> > + if ( t != p2m_ram_rw )
> > + return FFA_RET_DENIED;
> > + }
> > + }
> > +
> > + *last_page_idx = pg_idx;
> > +
> > + return FFA_RET_OK;
> > +}
> > +
> > +static void put_shm_pages(struct ffa_shm_mem *shm)
> > +{
> > + unsigned int n;
> > +
> > + for ( n = 0; n < shm->page_count && shm->pages[n]; n++ )
> > + {
> > + if ( shm->pages[n] ) {
> Looks like this check is redundant, you already checking the same in the
> `if` block.
Well spotted, I'll fix.
>
> > + put_page(shm->pages[n]);
> > + shm->pages[n] = NULL;
> > + }
> > + }
> > +}
> > +
> > +static void init_range(struct ffa_address_range *addr_range,
> > + paddr_t pa)
> > +{
> > + memset(addr_range, 0, sizeof(*addr_range));
> > + addr_range->address = pa;
> > + addr_range->page_count = 1;
> > +}
> > +
> > +static int share_shm(struct ffa_shm_mem *shm)
> > +{
> > + uint32_t max_frag_len = ffa_page_count * PAGE_SIZE;
> > + struct ffa_mem_transaction_1_1 *descr = ffa_tx;
> > + struct ffa_mem_access *mem_access_array;
> > + struct ffa_mem_region *region_descr;
> > + struct ffa_address_range *addr_range;
> > + paddr_t pa;
> > + paddr_t last_pa;
> > + unsigned int n;
> > + uint32_t frag_len;
> > + uint32_t tot_len;
> > + int ret;
> > + unsigned int range_count;
> > + unsigned int range_base;
> > + bool first;
> > +
> > + memset(descr, 0, sizeof(*descr));
> > + descr->sender_id = shm->sender_id;
> > + descr->global_handle = shm->handle;
> > + descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR;
> > + descr->mem_access_count = 1;
> > + descr->mem_access_size = sizeof(*mem_access_array);
> > + descr->mem_access_offs = sizeof(*descr);
> > + mem_access_array = (void *)(descr + 1);
> > + region_descr = (void *)(mem_access_array + 1);
> > +
> > + memset(mem_access_array, 0, sizeof(*mem_access_array));
> > + mem_access_array[0].access_perm.endpoint_id = shm->ep_id;
> > + mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW;
> > + mem_access_array[0].region_offs = (vaddr_t)region_descr - (vaddr_t)ffa_tx;
> > +
> > + memset(region_descr, 0, sizeof(*region_descr));
> > + region_descr->total_page_count = shm->page_count;
> > +
> > + region_descr->address_range_count = 1;
> > + last_pa = page_to_maddr(shm->pages[0]);
> > + for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
> > + {
> > + pa = page_to_maddr(shm->pages[n]);
> > + if ( last_pa + PAGE_SIZE == pa )
> > + {
> > + continue;
> > + }
> > + region_descr->address_range_count++;
> > + }
> > +
> > + tot_len = sizeof(*descr) + sizeof(*mem_access_array) +
> > + sizeof(*region_descr) +
> > + region_descr->address_range_count * sizeof(*addr_range);
> > +
> > + addr_range = region_descr->address_range_array;
> > + frag_len = (vaddr_t)(addr_range + 1) - (vaddr_t)ffa_tx;
> > + last_pa = page_to_maddr(shm->pages[0]);
> > + init_range(addr_range, last_pa);
> > + first = true;
> > + range_count = 1;
> > + range_base = 0;
> > + for ( n = 1; n < shm->page_count; last_pa = pa, n++ )
> > + {
> > + pa = page_to_maddr(shm->pages[n]);
> > + if ( last_pa + PAGE_SIZE == pa )
> > + {
> > + addr_range->page_count++;
> > + continue;
> > + }
> > +
> > + if (frag_len == max_frag_len) {
> coding stlyle: if ( ... )
> {
>
> > + if (first)
>
> coding stlyle if ( ... )
>
> > + {
> > + ret = ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
> > + first = false;
> > + }
> > + else
> > + {
> > + ret = ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
> > + }
> > + if (ret <= 0)
> > + return ret;
> > + range_base = range_count;
> > + range_count = 0;
> > + frag_len = sizeof(*addr_range);
> > + addr_range = ffa_tx;
> > + } else {
> > + frag_len += sizeof(*addr_range);
> > + addr_range++;
> > + }
> > + init_range(addr_range, pa);
> > + range_count++;
> > + }
> > +
> > + if (first)
> > + return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle);
> > + else
> > + return ffa_mem_frag_tx(shm->handle, frag_len, shm->sender_id);
> > +}
> > +
> > +static int read_mem_transaction(uint32_t ffa_vers, void *buf, size_t blen,
> > + struct ffa_mem_transaction_x *trans)
> > +{
> > + uint16_t mem_reg_attr;
> > + uint32_t flags;
> > + uint32_t count;
> > + uint32_t offs;
> > + uint32_t size;
> > +
> > + if (ffa_vers >= FFA_VERSION_1_1) {
> coding style: if ( ... )
> {
> > + struct ffa_mem_transaction_1_1 *descr;
> > +
> > + if (blen < sizeof(*descr))
> coding style: if ( ... )
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + descr = buf;
> > + trans->sender_id = read_atomic(&descr->sender_id);
> > + mem_reg_attr = read_atomic(&descr->mem_reg_attr);
> > + flags = read_atomic(&descr->flags);
> > + trans->global_handle = read_atomic(&descr->global_handle);
> > + trans->tag = read_atomic(&descr->tag);
> > +
> > + count = read_atomic(&descr->mem_access_count);
> > + size = read_atomic(&descr->mem_access_size);
> > + offs = read_atomic(&descr->mem_access_offs);
> > + } else {
> coding style:
> }
> else
> {
> > + struct ffa_mem_transaction_1_0 *descr;
> > +
> > + if (blen < sizeof(*descr))
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + descr = buf;
> > + trans->sender_id = read_atomic(&descr->sender_id);
> > + mem_reg_attr = read_atomic(&descr->mem_reg_attr);
> > + flags = read_atomic(&descr->flags);
> > + trans->global_handle = read_atomic(&descr->global_handle);
> > + trans->tag = read_atomic(&descr->tag);
> > +
> > + count = read_atomic(&descr->mem_access_count);
> > + size = sizeof(struct ffa_mem_access);
> > + offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array);
> > + }
> > +
> > + if (mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX ||
> > + count > UINT8_MAX || offs > UINT16_MAX)
> coding style: if ( ... )
>
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + /* Check that the endpoint memory access descriptor array fits */
> > + if (size * count + offs > blen)
> the same
>
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + trans->mem_reg_attr = mem_reg_attr;
> > + trans->flags = flags;
> > + trans->mem_access_size = size;
> > + trans->mem_access_count = count;
> > + trans->mem_access_offs = offs;
> > + return 0;
> > +}
> > +
> > +static int add_mem_share_frag(struct mem_frag_state *s, unsigned int offs,
> > + unsigned int frag_len)
> > +{
> > + struct domain *d = current->domain;
> > + unsigned int o = offs;
> > + unsigned int l;
> > + int ret;
> > +
> > + if (frag_len < o)
> the same
>
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + /* Fill up the first struct ffa_address_range */
> > + l = min_t(unsigned int, frag_len - o, sizeof(s->range) - s->range_offset);
> > + memcpy((uint8_t *)&s->range + s->range_offset, s->buf + o, l);
> > + s->range_offset += l;
> > + o += l;
> > + if (s->range_offset != sizeof(s->range))
> > + goto out;
> > + s->range_offset = 0;
> > +
> > + while (true) {
> the same
>
> > + ret = get_shm_pages(d, s->shm, &s->range, 1, s->current_page_idx,
> > + &s->current_page_idx);
> > + if (ret)
> > + return ret;
> > + if (s->range_count == 1)
> > + return 0;
> > + s->range_count--;
> > + if (frag_len - o < sizeof(s->range))
> > + break;
> > + memcpy(&s->range, s->buf + o, sizeof(s->range));
> > + o += sizeof(s->range);
> > + }
> > +
> > + /* Collect any remaining bytes for the next struct ffa_address_range */
> > + s->range_offset = frag_len - o;
> > + memcpy(&s->range, s->buf + o, frag_len - o);
> > +out:
> > + s->frag_offset += frag_len;
> > + return s->frag_offset;
> > +}
> > +
> > +static void handle_mem_share(struct cpu_user_regs *regs)
> > +{
> > + uint32_t tot_len = get_user_reg(regs, 1);
> > + uint32_t frag_len = get_user_reg(regs, 2);
> > + uint64_t addr = get_user_reg(regs, 3);
> > + uint32_t page_count = get_user_reg(regs, 4);
> > + struct ffa_mem_transaction_x trans;
> > + struct ffa_mem_access *mem_access;
> > + struct ffa_mem_region *region_descr;
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + struct ffa_shm_mem *shm = NULL;
> > + unsigned int last_page_idx = 0;
> > + uint32_t range_count;
> > + uint32_t region_offs;
> > + int ret = FFA_RET_DENIED;
> > + uint32_t handle_hi = 0;
> > + uint32_t handle_lo = 0;
> > +
> > + /*
> > + * We're only accepting memory transaction descriptors via the rx/tx
> > + * buffer.
> > + */
> > + if ( addr ) {
> coding style
>
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out_unlock;
> > + }
> > +
> > + /* Check that fragment legnth doesn't exceed total length */
> > + if (frag_len > tot_len) {
> coding style
>
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out_unlock;
> > + }
> > +
> > + spin_lock(&ffa_buffer_lock);
> > +
> > + if ( frag_len > ctx->page_count * PAGE_SIZE )
> > + goto out_unlock;
> > +
> > + if ( !ffa_page_count ) {
> > + ret = FFA_RET_NO_MEMORY;
> > + goto out_unlock;
> > + }
> > +
> > + ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans);
> > + if (ret)
> coding style
>
> > + goto out_unlock;
> > +
> > + if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR )
> > + {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out;
> > + }
> > +
> > + /* Only supports sharing it with one SP for now */
> > + if ( trans.mem_access_count != 1 )
> > + {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out_unlock;
> > + }
> > +
> > + if ( trans.sender_id != get_vm_id(d) )
> > + {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out_unlock;
> > + }
> > +
> > + /* Check that it fits in the supplied data */
> > + if ( trans.mem_access_offs + trans.mem_access_size > frag_len)
> > + goto out_unlock;
> > +
> > + mem_access = (void *)((vaddr_t)ctx->tx + trans.mem_access_offs);
> > + if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW )
> > + {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out_unlock;
> > + }
> > +
> > + region_offs = read_atomic(&mem_access->region_offs);
> > + if (sizeof(*region_descr) + region_offs > frag_len) {
> > + ret = FFA_RET_NOT_SUPPORTED;
> > + goto out_unlock;
> > + }
> > +
> > + region_descr = (void *)((vaddr_t)ctx->tx + region_offs);
> > + range_count = read_atomic(®ion_descr->address_range_count);
> > + page_count = read_atomic(®ion_descr->total_page_count);
> > +
> > + shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count);
> > + if ( !shm )
> > + {
> > + ret = FFA_RET_NO_MEMORY;
> > + goto out;
> > + }
> > + shm->sender_id = trans.sender_id;
> > + shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id);
> > + shm->page_count = page_count;
> > +
> > + if (frag_len != tot_len) {
> > + struct mem_frag_state *s = xzalloc(struct mem_frag_state);
> > +
> > + if (!s) {
> > + ret = FFA_RET_NO_MEMORY;
> > + goto out;
> > + }
> > + s->shm = shm;
> > + s->range_count = range_count;
> > + s->buf = ctx->tx;
> > + s->buf_size = ffa_page_count * PAGE_SIZE;
> > + ret = add_mem_share_frag(s, sizeof(*region_descr) + region_offs,
> > + frag_len);
> > + if (ret <= 0) {
> > + xfree(s);
> > + if (ret < 0)
> > + goto out;
> > + } else {
> > + shm->handle = next_handle++;
> > + reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
> > + spin_lock(&ffa_mem_list_lock);
> > + list_add_tail(&s->list, &ffa_frag_list);
> > + spin_unlock(&ffa_mem_list_lock);
> > + }
> > + goto out_unlock;
> > + }
> > +
> > + /*
> > + * Check that the Composite memory region descriptor fits.
> > + */
> > + if ( sizeof(*region_descr) + region_offs +
> > + range_count * sizeof(struct ffa_address_range) > frag_len) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > +
> > + ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count,
> > + 0, &last_page_idx);
> > + if ( ret )
> > + goto out;
> > + if (last_page_idx != shm->page_count) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > +
> > + /* Note that share_shm() uses our tx buffer */
> > + ret = share_shm(shm);
> > + if ( ret )
> > + goto out;
> > +
> > + spin_lock(&ffa_mem_list_lock);
> > + list_add_tail(&shm->list, &ffa_mem_list);
> > + spin_unlock(&ffa_mem_list_lock);
> > +
> > + reg_pair_from_64(&handle_hi, &handle_lo, shm->handle);
> > +
> > +out:
> > + if ( ret && shm )
> > + {
> > + put_shm_pages(shm);
> > + xfree(shm);
> > + }
> > +out_unlock:
> > + spin_unlock(&ffa_buffer_lock);
> > +
> > + if ( ret > 0 )
> > + set_regs_frag_rx(regs, handle_lo, handle_hi, ret, trans.sender_id);
> > + else if ( ret == 0)
> > + set_regs_success(regs, handle_lo, handle_hi);
> > + else
> > + set_regs_error(regs, ret);
> > +}
> > +
> > +static struct mem_frag_state *find_frag_state(uint64_t handle)
> > +{
> > + struct mem_frag_state *s;
> > +
> > + list_for_each_entry(s, &ffa_frag_list, list)
> > + if ( s->shm->handle == handle)
> > + return s;
> > +
> > + return NULL;
> > +}
> > +
> > +static void handle_mem_frag_tx(struct cpu_user_regs *regs)
> > +{
> > + uint32_t frag_len = get_user_reg(regs, 3);
> > + uint32_t handle_lo = get_user_reg(regs, 1);
> > + uint32_t handle_hi = get_user_reg(regs, 2);
> > + uint64_t handle = reg_pair_to_64(handle_hi, handle_lo);
> > + struct mem_frag_state *s;
> > + uint16_t sender_id = 0;
> > + int ret;
> > +
> > + spin_lock(&ffa_buffer_lock);
> > + s = find_frag_state(handle);
> > + if (!s) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > + sender_id = s->shm->sender_id;
> > +
> > + if (frag_len > s->buf_size) {
> > + ret = FFA_RET_INVALID_PARAMETERS;
> > + goto out;
> > + }
> > +
> > + ret = add_mem_share_frag(s, 0, frag_len);
> > + if (ret == 0) {
> > + /* Note that share_shm() uses our tx buffer */
> > + ret = share_shm(s->shm);
> > + if (ret == 0) {
> > + spin_lock(&ffa_mem_list_lock);
> > + list_add_tail(&s->shm->list, &ffa_mem_list);
> > + spin_unlock(&ffa_mem_list_lock);
> > + } else {
> > + put_shm_pages(s->shm);
> > + xfree(s->shm);
> > + }
> > + spin_lock(&ffa_mem_list_lock);
> > + list_del(&s->list);
> > + spin_unlock(&ffa_mem_list_lock);
> > + xfree(s);
> > + } else if (ret < 0) {
> > + put_shm_pages(s->shm);
> > + xfree(s->shm);
> > + spin_lock(&ffa_mem_list_lock);
> > + list_del(&s->list);
> > + spin_unlock(&ffa_mem_list_lock);
> > + xfree(s);
> > + }
> > +out:
> > + spin_unlock(&ffa_buffer_lock);
> > +
> > + if ( ret > 0 )
> > + set_regs_frag_rx(regs, handle_lo, handle_hi, ret, sender_id);
> > + else if ( ret == 0)
> > + set_regs_success(regs, handle_lo, handle_hi);
> > + else
> > + set_regs_error(regs, ret);
> > +}
> > +
> > +static int handle_mem_reclaim(uint64_t handle, uint32_t flags)
> > +{
> > + struct ffa_shm_mem *shm;
> > + uint32_t handle_hi;
> > + uint32_t handle_lo;
> > + int ret;
> > +
> > + spin_lock(&ffa_mem_list_lock);
> > + list_for_each_entry(shm, &ffa_mem_list, list) {
> > + if ( shm->handle == handle )
> > + goto found_it;
> > + }
> > + shm = NULL;
> > +found_it:
> > + spin_unlock(&ffa_mem_list_lock);
> > +
> > + if ( !shm )
> > + return FFA_RET_INVALID_PARAMETERS;
> > +
> > + reg_pair_from_64(&handle_hi, &handle_lo, handle);
> > + ret = ffa_mem_reclaim(handle_lo, handle_hi, flags);
> > + if ( ret )
> > + return ret;
> > +
> > + spin_lock(&ffa_mem_list_lock);
> > + list_del(&shm->list);
> > + spin_unlock(&ffa_mem_list_lock);
> > +
> > + put_shm_pages(shm);
> > + xfree(shm);
> > +
> > + return ret;
> > +}
> > +
> > +bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
> > +{
> > + struct domain *d = current->domain;
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + uint32_t count;
> > + uint32_t e;
> > +
> > + if ( !ctx )
> > + return false;
> > +
> > + switch ( fid )
> > + {
> > + case FFA_VERSION:
> > + handle_version(regs);
> > + return true;
> > + case FFA_ID_GET:
> > + set_regs_success(regs, get_vm_id(d), 0);
> > + return true;
> > + case FFA_RXTX_MAP_32:
> > +#ifdef CONFIG_ARM_64
> > + case FFA_RXTX_MAP_64:
> > +#endif
> > + e = handle_rxtx_map(fid, get_user_reg(regs, 1), get_user_reg(regs, 2),
> > + get_user_reg(regs, 3));
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, 0, 0);
> > + return true;
> > + case FFA_RXTX_UNMAP:
> > + e = handle_rxtx_unmap();
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, 0, 0);
> > + return true;
> > + case FFA_PARTITION_INFO_GET:
> > + e = handle_partition_info_get(get_user_reg(regs, 1),
> > + get_user_reg(regs, 2),
> > + get_user_reg(regs, 3),
> > + get_user_reg(regs, 4),
> > + get_user_reg(regs, 5), &count);
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, count, 0);
> > + return true;
> > + case FFA_RX_RELEASE:
> > + e = handle_rx_release();
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, 0, 0);
> > + return true;
> > + case FFA_MSG_SEND_DIRECT_REQ_32:
> > +#ifdef CONFIG_ARM_64
> > + case FFA_MSG_SEND_DIRECT_REQ_64:
> > +#endif
> > + handle_msg_send_direct_req(regs, fid);
> > + return true;
> > + case FFA_MEM_SHARE_32:
> > +#ifdef CONFIG_ARM_64
> > + case FFA_MEM_SHARE_64:
> > +#endif
> > + handle_mem_share(regs);
> > + return true;
> > + case FFA_MEM_RECLAIM:
> > + e = handle_mem_reclaim(reg_pair_to_64(get_user_reg(regs, 2),
> > + get_user_reg(regs, 1)),
> > + get_user_reg(regs, 3));
> > + if ( e )
> > + set_regs_error(regs, e);
> > + else
> > + set_regs_success(regs, 0, 0);
> > + return true;
> > + case FFA_MEM_FRAG_TX:
> > + handle_mem_frag_tx(regs);
> > + return true;
> > +
> > + default:
> > + printk(XENLOG_ERR "ffa: unhandled fid 0x%x\n", fid);
> > + return false;
> > + }
> > +}
> > +
> > +int ffa_domain_init(struct domain *d)
> > +{
> > + struct ffa_ctx *ctx;
> > + unsigned int n;
> > + unsigned int m;
> > + unsigned int c_pos;
> > + int32_t res;
> > +
> > + if ( !ffa_version )
> > + return 0;
> > +
> > + ctx = xzalloc(struct ffa_ctx);
> > + if ( !ctx )
> > + return -ENOMEM;
> > +
> > + for ( n = 0; n < subsr_vm_created_count; n++ ) {
> > + res = ffa_direct_req_send_vm(subsr_vm_created[n], get_vm_id(d),
> > + FFA_MSG_SEND_VM_CREATED);
> > + if ( res ) {
> > + printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n",
> > + get_vm_id(d), subsr_vm_created[n], res);
> > + c_pos = n;
> > + goto err;
> > + }
> > + }
> > +
> > + d->arch.ffa = ctx;
> > +
> > + return 0;
> > +
> > +err:
> > + /* Undo any already sent vm created messaged */
> > + for ( n = 0; n < c_pos; n++ )
> > + for ( m = 0; m < subsr_vm_destroyed_count; m++ )
> > + if ( subsr_vm_destroyed[m] == subsr_vm_created[n] )
> > + ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
> > + FFA_MSG_SEND_VM_DESTROYED);
> > + return -ENOMEM;
> > +}
> > +
> > +int ffa_relinquish_resources(struct domain *d)
> > +{
> > + struct ffa_ctx *ctx = d->arch.ffa;
> > + unsigned int n;
> > + int32_t res;
> > +
> > + if ( !ctx )
> > + return 0;
> > +
> > + for ( n = 0; n < subsr_vm_destroyed_count; n++ ) {
> > + res = ffa_direct_req_send_vm(subsr_vm_destroyed[n], get_vm_id(d),
> > + FFA_MSG_SEND_VM_DESTROYED);
> > +
> > + if ( res )
> > + printk(XENLOG_ERR "ffa: Failed to report destruction of vm_id %u to %u: res %d\n",
> > + get_vm_id(d), subsr_vm_destroyed[n], res);
> > + }
> > +
> > + XFREE(d->arch.ffa);
> > +
> > + return 0;
> > +}
> > +
> > +static bool __init init_subscribers(void)
> > +{
> > + struct ffa_partition_info_1_1 *fpi;
> > + bool ret = false;
> > + uint32_t count;
> > + uint32_t e;
> > + uint32_t n;
> > + uint32_t c_pos;
> > + uint32_t d_pos;
> > +
> > + if ( ffa_version < FFA_VERSION_1_1 )
> > + return true;
> > +
> > + e = ffa_partition_info_get(0, 0, 0, 0, 1, &count);
> > + ffa_rx_release();
> > + if ( e ) {
> > + printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", (int)e);
> > + goto out;
> > + }
> > +
> > + fpi = ffa_rx;
> > + subsr_vm_created_count = 0;
> > + subsr_vm_destroyed_count = 0;
> > + for ( n = 0; n < count; n++ ) {
> > + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
> > + subsr_vm_created_count++;
> > + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
> > + subsr_vm_destroyed_count++;
> > + }
> > +
> > + if ( subsr_vm_created_count )
> > + subsr_vm_created = xzalloc_array(uint16_t, subsr_vm_created_count);
> > + if ( subsr_vm_destroyed_count )
> > + subsr_vm_destroyed = xzalloc_array(uint16_t, subsr_vm_destroyed_count);
> > + if ( (subsr_vm_created_count && !subsr_vm_created) ||
> > + (subsr_vm_destroyed_count && !subsr_vm_destroyed) ) {
> > + printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n");
> > + subsr_vm_created_count = 0;
> > + subsr_vm_destroyed_count = 0;
> > + XFREE(subsr_vm_created);
> > + XFREE(subsr_vm_destroyed);
> > + goto out;
> > + }
> > +
> > + for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) {
> > + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED)
> > + subsr_vm_created[c_pos++] = fpi[n].id;
> > + if (fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED)
> > + subsr_vm_destroyed[d_pos++] = fpi[n].id;
> > + }
> > +
> > + ret = true;
> > +out:
> > + ffa_rx_release();
> > + return ret;
> > +}
> > +
> > +static int __init ffa_init(void)
> > +{
> > + uint32_t vers;
> > + uint32_t e;
> > + unsigned int major_vers;
> > + unsigned int minor_vers;
> > +
> > + /*
> > + * psci_init_smccc() updates this value with what's reported by EL-3
> > + * or secure world.
> > + */
> > + if ( smccc_ver < ARM_SMCCC_VERSION_1_2 )
> > + {
> > + printk(XENLOG_ERR
> > + "ffa: unsupported SMCCC version %#x (need at least %#x)\n",
> > + smccc_ver, ARM_SMCCC_VERSION_1_2);
> > + return 0;
> > + }
> > +
> > + if ( !ffa_get_version(&vers) )
> > + return 0;
> > +
> > + if ( vers < FFA_MIN_VERSION || vers > FFA_MY_VERSION )
> > + {
> > + printk(XENLOG_ERR "ffa: Incompatible version %#x found\n", vers);
> > + return 0;
> > + }
> > +
> > + major_vers = (vers >> FFA_VERSION_MAJOR_SHIFT) & FFA_VERSION_MAJOR_MASK;
> > + minor_vers = vers & FFA_VERSION_MINOR_MASK;
> > + printk(XENLOG_ERR "ARM FF-A Mediator version %u.%u\n",
> > + FFA_VERSION_MAJOR, FFA_VERSION_MINOR);
> > + printk(XENLOG_ERR "ARM FF-A Firmware version %u.%u\n",
> > + major_vers, minor_vers);
> > +
> > + ffa_rx = alloc_xenheap_pages(0, 0);
> > + if ( !ffa_rx )
> > + return 0;
> > +
> > + ffa_tx = alloc_xenheap_pages(0, 0);
> > + if ( !ffa_tx )
> > + goto err_free_ffa_rx;
> > +
> > + e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), 1);
> > + if ( e )
> > + {
> > + printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", (int)e);
> > + goto err_free_ffa_tx;
> > + }
> > + ffa_page_count = 1;
> > + ffa_version = vers;
> > +
> > + if ( !init_subscribers() )
> > + goto err_free_ffa_tx;
> > +
> > + return 0;
> > +
> > +err_free_ffa_tx:
> > + free_xenheap_pages(ffa_tx, 0);
> > + ffa_tx = NULL;
> > +err_free_ffa_rx:
> > + free_xenheap_pages(ffa_rx, 0);
> > + ffa_rx = NULL;
> > + ffa_page_count = 0;
> > + ffa_version = 0;
> > + XFREE(subsr_vm_created);
> > + subsr_vm_created_count = 0;
> > + XFREE(subsr_vm_destroyed);
> > + subsr_vm_destroyed_count = 0;
> > + return 0;
> > +}
> > +
> > +__initcall(ffa_init);
> > diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h
> > index ed63c2b6f91f..b3dee269bced 100644
> > --- a/xen/arch/arm/include/asm/domain.h
> > +++ b/xen/arch/arm/include/asm/domain.h
> > @@ -103,6 +103,10 @@ struct arch_domain
> > void *tee;
> > #endif
> >
> > +#ifdef CONFIG_FFA
> > + void *ffa;
> > +#endif
> > +
> > bool directmap;
> > } __cacheline_aligned;
> >
> > diff --git a/xen/arch/arm/include/asm/ffa.h b/xen/arch/arm/include/asm/ffa.h
> > new file mode 100644
> > index 000000000000..1c6ce6421294
> > --- /dev/null
> > +++ b/xen/arch/arm/include/asm/ffa.h
> > @@ -0,0 +1,71 @@
> > +/*
> > + * xen/arch/arm/ffa.c
> > + *
> > + * Arm Firmware Framework for ARMv8-A(FFA) mediator
> > + *
> > + * Copyright (C) 2021 Linaro Limited
> > + *
> > + * Permission is hereby granted, free of charge, to any person
> > + * obtaining a copy of this software and associated documentation
> > + * files (the "Software"), to deal in the Software without restriction,
> > + * including without limitation the rights to use, copy, modify, merge,
> > + * publish, distribute, sublicense, and/or sell copies of the Software,
> > + * and to permit persons to whom the Software is furnished to do so,
> > + * subject to the following conditions:
> > + *
> > + * The above copyright notice and this permission notice shall be
> > + * included in all copies or substantial portions of the Software.
> > + *
> > + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> > + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> > + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
> > + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
> > + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
> > + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
> > + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
> > + */
> > +
> > +#ifndef __ASM_ARM_FFA_H__
> > +#define __ASM_ARM_FFA_H__
> > +
> > +#include <xen/const.h>
> > +
> > +#include <asm/smccc.h>
> > +#include <asm/types.h>
> > +
> > +#define FFA_FNUM_MIN_VALUE _AC(0x60,U)
> > +#define FFA_FNUM_MAX_VALUE _AC(0x86,U)
> > +
> > +static inline bool is_ffa_fid(uint32_t fid)
> > +{
> > + uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
> > +
> > + return fn >= FFA_FNUM_MIN_VALUE && fn <= FFA_FNUM_MAX_VALUE;
> > +}
> > +
> > +#ifdef CONFIG_FFA
> > +#define FFA_NR_FUNCS 11
> > +
> > +bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid);
> > +int ffa_domain_init(struct domain *d);
> > +int ffa_relinquish_resources(struct domain *d);
> > +#else
> > +#define FFA_NR_FUNCS 0
> > +
> > +static inline bool ffa_handle_call(struct cpu_user_regs *regs, uint32_t fid)
> > +{
> > + return false;
> > +}
> > +
> > +static inline int ffa_domain_init(struct domain *d)
> > +{
> > + return 0;
> > +}
> > +
> > +static inline int ffa_relinquish_resources(struct domain *d)
> > +{
> > + return 0;
> > +}
> > +#endif
> > +
> > +#endif /*__ASM_ARM_FFA_H__*/
> > diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c
> > index 6f90c08a6304..34586025eff8 100644
> > --- a/xen/arch/arm/vsmc.c
> > +++ b/xen/arch/arm/vsmc.c
> > @@ -20,6 +20,7 @@
> > #include <public/arch-arm/smccc.h>
> > #include <asm/cpuerrata.h>
> > #include <asm/cpufeature.h>
> > +#include <asm/ffa.h>
> > #include <asm/monitor.h>
> > #include <asm/regs.h>
> > #include <asm/smccc.h>
> > @@ -32,7 +33,7 @@
> > #define XEN_SMCCC_FUNCTION_COUNT 3
> >
> > /* Number of functions currently supported by Standard Service Service Calls. */
> > -#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS)
> > +#define SSSC_SMCCC_FUNCTION_COUNT (3 + VPSCI_NR_FUNCS + FFA_NR_FUNCS)
> >
> > static bool fill_uid(struct cpu_user_regs *regs, xen_uuid_t uuid)
> > {
> > @@ -196,13 +197,23 @@ static bool handle_existing_apis(struct cpu_user_regs *regs)
> > return do_vpsci_0_1_call(regs, fid);
> > }
> >
> > +static bool is_psci_fid(uint32_t fid)
> > +{
> > + uint32_t fn = fid & ARM_SMCCC_FUNC_MASK;
> > +
> > + return fn >= 0 && fn <= 0x1fU;
> > +}
> > +
> > /* PSCI 0.2 interface and other Standard Secure Calls */
> > static bool handle_sssc(struct cpu_user_regs *regs)
> > {
> > uint32_t fid = (uint32_t)get_user_reg(regs, 0);
> >
> > - if ( do_vpsci_0_2_call(regs, fid) )
> > - return true;
> > + if ( is_psci_fid(fid) )
> > + return do_vpsci_0_2_call(regs, fid);
> > +
> > + if ( is_ffa_fid(fid) )
> > + return ffa_handle_call(regs, fid);
> >
> > switch ( fid )
> > {
>
Thanks for the comments, I'll take care of the style issues.
Cheers,
Jens
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-16 22:37 ` Jens Wiklander
@ 2022-06-17 8:16 ` Julien Grall
2022-06-20 13:05 ` Jens Wiklander
0 siblings, 1 reply; 21+ messages in thread
From: Julien Grall @ 2022-06-17 8:16 UTC (permalink / raw)
To: Jens Wiklander, Volodymyr Babchuk; +Cc: xen-devel, Stefano Stabellini
Hi Jens,
On 16/06/2022 23:37, Jens Wiklander wrote:
> On Tue, Jun 14, 2022 at 07:47:18PM +0000, Volodymyr Babchuk wrote:
>>
>> Hello Jens,
>>
>> Sorry for late review, I was busy with internal projects.
>>
>> This is preliminary review. I gave up at scatter-gather operations. Need
>> more time to review them properly.
>
> No problem, thanks for taking the time.
>
>>
>> One thing that bothers me is that Xen is non-preemptive and there are
>> plenty potentially long-running operations.
>
> There's room to deal with that in the FF-A specification. These scatter
> gather operation are quite complicated so I started with the minimum. We
> can as a future optimization address the problem with long running
> operations.
I would be OK to defer this work. However, I think this should be
written down as Xen community will not be able to security support until
we resolved the known places where a vCPU may hog pCPU longer than
necessary.
This reminds me that this series doesn't add a support statement for the
new subsystem in SUPPORT.md. AFAICT, this should be tech preview for now.
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 2/2] xen/arm: add FF-A mediator
2022-06-17 8:16 ` Julien Grall
@ 2022-06-20 13:05 ` Jens Wiklander
0 siblings, 0 replies; 21+ messages in thread
From: Jens Wiklander @ 2022-06-20 13:05 UTC (permalink / raw)
To: Julien Grall; +Cc: Volodymyr Babchuk, xen-devel, Stefano Stabellini
Hi Julien,
On Fri, Jun 17, 2022 at 10:16 AM Julien Grall <julien@xen.org> wrote:
>
> Hi Jens,
>
> On 16/06/2022 23:37, Jens Wiklander wrote:
> > On Tue, Jun 14, 2022 at 07:47:18PM +0000, Volodymyr Babchuk wrote:
> >>
> >> Hello Jens,
> >>
> >> Sorry for late review, I was busy with internal projects.
> >>
> >> This is preliminary review. I gave up at scatter-gather operations. Need
> >> more time to review them properly.
> >
> > No problem, thanks for taking the time.
> >
> >>
> >> One thing that bothers me is that Xen is non-preemptive and there are
> >> plenty potentially long-running operations.
> >
> > There's room to deal with that in the FF-A specification. These scatter
> > gather operation are quite complicated so I started with the minimum. We
> > can as a future optimization address the problem with long running
> > operations.
>
> I would be OK to defer this work. However, I think this should be
> written down as Xen community will not be able to security support until
> we resolved the known places where a vCPU may hog pCPU longer than
> necessary.
>
> This reminds me that this series doesn't add a support statement for the
> new subsystem in SUPPORT.md. AFAICT, this should be tech preview for now.
I'll add an entry for this.
Thanks,
Jens
^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2022-06-20 13:06 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-09 6:18 [PATCH v2 0/2] Xen FF-A mediator Jens Wiklander
2022-06-09 6:18 ` [PATCH v2 1/2] xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers Jens Wiklander
2022-06-11 0:41 ` Stefano Stabellini
2022-06-11 9:41 ` Julien Grall
2022-06-13 23:18 ` Stefano Stabellini
2022-06-15 15:58 ` Jens Wiklander
2022-06-15 19:01 ` Julien Grall
2022-06-15 22:09 ` Jens Wiklander
2022-06-16 15:13 ` Julien Grall
2022-06-15 19:43 ` Julien Grall
2022-06-16 0:09 ` Stefano Stabellini
2022-06-09 6:18 ` [PATCH v2 2/2] xen/arm: add FF-A mediator Jens Wiklander
2022-06-11 1:23 ` Stefano Stabellini
2022-06-11 9:08 ` Julien Grall
2022-06-13 23:18 ` Stefano Stabellini
2022-06-16 18:05 ` Jens Wiklander
2022-06-14 19:47 ` Volodymyr Babchuk
2022-06-15 18:15 ` Julien Grall
2022-06-16 22:37 ` Jens Wiklander
2022-06-17 8:16 ` Julien Grall
2022-06-20 13:05 ` Jens Wiklander
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.