From nobody Tue Mar 3 04:56:17 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=arm.com Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1772466301553449.5930747700827; Mon, 2 Mar 2026 07:45:01 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1244375.1543840 (Exim 4.92) (envelope-from ) id 1vx5Rr-0006n4-Ip; Mon, 02 Mar 2026 15:44:43 +0000 Received: by outflank-mailman (output) from mailman id 1244375.1543840; Mon, 02 Mar 2026 15:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rr-0006mx-Fx; Mon, 02 Mar 2026 15:44:43 +0000 Received: by outflank-mailman (input) for mailman id 1244375; Mon, 02 Mar 2026 15:44:42 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rq-00060E-2A for xen-devel@lists.xenproject.org; Mon, 02 Mar 2026 15:44:42 +0000 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by se1-gles-flk1.inumbo.com (Halon) with ESMTP id b949a518-164e-11f1-9ccf-f158ae23cfc8; Mon, 02 Mar 2026 16:44:39 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F17D21570; Mon, 2 Mar 2026 07:44:32 -0800 (PST) Received: from C3HXLD123V.arm.com (unknown [10.57.82.225]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E32103F73B; Mon, 2 Mar 2026 07:44:37 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b949a518-164e-11f1-9ccf-f158ae23cfc8 From: Bertrand Marquis To: xen-devel@lists.xenproject.org Cc: Volodymyr Babchuk , Jens Wiklander , Stefano Stabellini , Julien Grall , Michal Orzel Subject: [PATCH v2 3/4] xen/arm: ffa: Drop SP subscriber lists Date: Mon, 2 Mar 2026 16:44:12 +0100 Message-ID: <055bed7c55f298a0916518fb61929bfc7dac6ef2.1772464956.git.bertrand.marquis@arm.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1772466302392158500 Content-Type: text/plain; charset="utf-8" The init-time SP cache already contains partition properties, but the code still builds separate subscriber arrays for VM created/destroyed notifications. That duplicates state and allocation. Use the cached SP list directly to: - decide which SPs receive created/destroyed notifications - build the per-domain destroy bitmap - skip destroy notifications for SPs not notified on create Also switch cached SP entry field reads in VM create/destroy notification paths to unaligned-safe helpers, as cache entries are variable-size and should not be dereferenced via struct pointers. No functional changes. Signed-off-by: Bertrand Marquis --- Changes since v1: - use unaligned-safe reads for cached SP entry fields (id/partition_properties) in VM create/destroy notification paths --- xen/arch/arm/tee/ffa_partinfo.c | 170 +++++++++----------------------- 1 file changed, 47 insertions(+), 123 deletions(-) diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinf= o.c index b933becaa55a..419e19510f6f 100644 --- a/xen/arch/arm/tee/ffa_partinfo.c +++ b/xen/arch/arm/tee/ffa_partinfo.c @@ -29,12 +29,6 @@ struct ffa_partition_info_1_1 { uint8_t uuid[16]; }; =20 -/* SPs subscribing to VM_CREATE and VM_DESTROYED events */ -static uint16_t *subscr_vm_created __read_mostly; -static uint16_t subscr_vm_created_count __read_mostly; -static uint16_t *subscr_vm_destroyed __read_mostly; -static uint16_t subscr_vm_destroyed_count __read_mostly; - /* SP list cache (secure endpoints only); populated at init. */ static void *sp_list __read_mostly; static uint32_t sp_list_count __read_mostly; @@ -92,6 +86,14 @@ static uint16_t ffa_sp_entry_read_id(const void *entry) offsetof(struct ffa_partition_info_1_0, id)); } =20 +static uint32_t ffa_sp_entry_read_partition_properties(const void *entry) +{ + return get_unaligned_t(uint32_t, + (const uint8_t *)entry + + offsetof(struct ffa_partition_info_1_0, + partition_properties)); +} + static bool ffa_sp_entry_matches_uuid(const void *entry, struct ffa_uuid u= uid) { struct ffa_uuid sp_uuid; @@ -440,14 +442,6 @@ static void ffa_sp_list_cache_free(void) sp_list_entry_size =3D 0; } =20 -static void uninit_subscribers(void) -{ - subscr_vm_created_count =3D 0; - subscr_vm_destroyed_count =3D 0; - XFREE(subscr_vm_created); - XFREE(subscr_vm_destroyed); -} - static bool ffa_sp_list_cache_init(const void *buf, uint32_t count, uint32_t fpi_size) { @@ -505,79 +499,6 @@ static bool ffa_sp_list_cache_init(const void *buf, ui= nt32_t count, return true; } =20 -static bool init_subscribers(void *buf, uint16_t count, uint32_t fpi_size) -{ - uint16_t n; - uint16_t c_pos; - uint16_t d_pos; - struct ffa_partition_info_1_1 *fpi; - - if ( fpi_size < sizeof(struct ffa_partition_info_1_1) ) - { - printk(XENLOG_ERR "ffa: partition info size invalid: %u\n", fpi_si= ze); - return false; - } - - subscr_vm_created_count =3D 0; - subscr_vm_destroyed_count =3D 0; - for ( n =3D 0; n < count; n++ ) - { - fpi =3D buf + n * fpi_size; - - /* - * We need to have secure partitions using bit 15 set convention f= or - * secure partition IDs. - * Inform the user with a log and discard giving created or destroy - * event to those IDs. - */ - if ( !FFA_ID_IS_SECURE(fpi->id) ) - { - printk_once(XENLOG_ERR - "ffa: Firmware is not using bit 15 convention for = IDs !!\n"); - printk(XENLOG_ERR - "ffa: Secure partition with id 0x%04x cannot be used\n", - fpi->id); - } - else - { - if ( fpi->partition_properties & FFA_PART_PROP_NOTIF_CREATED ) - subscr_vm_created_count++; - if ( fpi->partition_properties & FFA_PART_PROP_NOTIF_DESTROYED= ) - subscr_vm_destroyed_count++; - } - } - - if ( subscr_vm_created_count ) - subscr_vm_created =3D xzalloc_array(uint16_t, subscr_vm_created_co= unt); - if ( subscr_vm_destroyed_count ) - subscr_vm_destroyed =3D xzalloc_array(uint16_t, - subscr_vm_destroyed_count); - if ( (subscr_vm_created_count && !subscr_vm_created) || - (subscr_vm_destroyed_count && !subscr_vm_destroyed) ) - { - printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n"); - uninit_subscribers(); - return false; - } - - for ( c_pos =3D 0, d_pos =3D 0, n =3D 0; n < count; n++ ) - { - fpi =3D buf + n * fpi_size; - - if ( FFA_ID_IS_SECURE(fpi->id) ) - { - if ( fpi->partition_properties & FFA_PART_PROP_NOTIF_CREATED ) - subscr_vm_created[c_pos++] =3D fpi->id; - if ( fpi->partition_properties & FFA_PART_PROP_NOTIF_DESTROYED= ) - subscr_vm_destroyed[d_pos++] =3D fpi->id; - } - } - - return true; -} - - - bool ffa_partinfo_init(void) { bool ret =3D false; @@ -617,52 +538,39 @@ bool ffa_partinfo_init(void) goto out_release_rx; } =20 - if ( !init_subscribers(sp_list, sp_list_count, sp_list_entry_size) ) - goto out_free_sp_cache; - ret =3D true; goto out_release_rx; =20 -out_free_sp_cache: - ffa_sp_list_cache_free(); - out_release_rx: e =3D ffa_rxtx_spmc_rx_release(notify_fw); if ( e ) printk(XENLOG_WARNING "ffa: Error releasing SPMC RX buffer: %d\n",= e); - + if ( !ret ) + ffa_sp_list_cache_free(); return ret; } =20 -static bool is_in_subscr_list(const uint16_t *subscr, uint16_t start, - uint16_t end, uint16_t sp_id) +static void vm_destroy_bitmap_init(struct ffa_ctx *ctx, + unsigned int first_unnotified) { unsigned int n; =20 - for ( n =3D start; n < end; n++ ) + for ( n =3D 0; n < sp_list_count; n++ ) { - if ( subscr[n] =3D=3D sp_id ) - return true; - } - - return false; -} + const void *entry =3D sp_list + n * sp_list_entry_size; + uint32_t partition_props =3D + ffa_sp_entry_read_partition_properties(entry); =20 -static void vm_destroy_bitmap_init(struct ffa_ctx *ctx, - unsigned int create_signal_count) -{ - unsigned int n; + if ( !(partition_props & FFA_PART_PROP_NOTIF_DESTROYED) ) + continue; =20 - for ( n =3D 0; n < subscr_vm_destroyed_count; n++ ) - { /* * Skip SPs subscribed to the VM created event that never was * notified of the VM creation due to an error during * ffa_domain_init(). */ - if ( is_in_subscr_list(subscr_vm_created, create_signal_count, - subscr_vm_created_count, - subscr_vm_destroyed[n]) ) + if ( (partition_props & FFA_PART_PROP_NOTIF_CREATED) && + n >=3D first_unnotified ) continue; =20 set_bit(n, ctx->vm_destroy_bitmap); @@ -671,32 +579,42 @@ static void vm_destroy_bitmap_init(struct ffa_ctx *ct= x, =20 int32_t ffa_partinfo_domain_init(struct domain *d) { - unsigned int count =3D BITS_TO_LONGS(subscr_vm_destroyed_count); + unsigned int count =3D BITS_TO_LONGS(sp_list_count); struct ffa_ctx *ctx =3D d->arch.tee; unsigned int n; + unsigned int first_unnotified =3D sp_list_count; int32_t res; =20 - if ( !ffa_fw_supports_fid(FFA_MSG_SEND_DIRECT_REQ_32) ) + if ( !ffa_fw_supports_fid(FFA_MSG_SEND_DIRECT_REQ_32) || !sp_list_coun= t ) return 0; =20 ctx->vm_destroy_bitmap =3D xzalloc_array(unsigned long, count); if ( !ctx->vm_destroy_bitmap ) return -ENOMEM; =20 - for ( n =3D 0; n < subscr_vm_created_count; n++ ) + for ( n =3D 0; n < sp_list_count; n++ ) { - res =3D ffa_direct_req_send_vm(subscr_vm_created[n], ffa_get_vm_id= (d), + const void *entry =3D sp_list + n * sp_list_entry_size; + uint32_t partition_props =3D + ffa_sp_entry_read_partition_properties(entry); + uint16_t id =3D ffa_sp_entry_read_id(entry); + + if ( !(partition_props & FFA_PART_PROP_NOTIF_CREATED) ) + continue; + + res =3D ffa_direct_req_send_vm(id, ffa_get_vm_id(d), FFA_MSG_SEND_VM_CREATED); if ( res ) { printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u = to %u: res %d\n", - ffa_get_vm_id(d), subscr_vm_created[n], res); + ffa_get_vm_id(d), id, res); + first_unnotified =3D n; break; } } - vm_destroy_bitmap_init(ctx, n); + vm_destroy_bitmap_init(ctx, first_unnotified); =20 - if ( n !=3D subscr_vm_created_count ) + if ( first_unnotified !=3D sp_list_count ) return -EIO; =20 return 0; @@ -711,18 +629,24 @@ bool ffa_partinfo_domain_destroy(struct domain *d) if ( !ctx->vm_destroy_bitmap ) return true; =20 - for ( n =3D 0; n < subscr_vm_destroyed_count; n++ ) + for ( n =3D 0; n < sp_list_count; n++ ) { + const void *entry; + uint16_t id; + if ( !test_bit(n, ctx->vm_destroy_bitmap) ) continue; =20 - res =3D ffa_direct_req_send_vm(subscr_vm_destroyed[n], ffa_get_vm_= id(d), + entry =3D sp_list + n * sp_list_entry_size; + id =3D ffa_sp_entry_read_id(entry); + + res =3D ffa_direct_req_send_vm(id, ffa_get_vm_id(d), FFA_MSG_SEND_VM_DESTROYED); =20 if ( res && printk_ratelimit() ) printk(XENLOG_WARNING "%pd: ffa: Failed to report destruction of vm_id %u to = %u: res %d\n", - d, ffa_get_vm_id(d), subscr_vm_destroyed[n], res); + d, ffa_get_vm_id(d), id, res); =20 /* * For these two error codes the hypervisor is expected to resend @@ -734,7 +658,7 @@ bool ffa_partinfo_domain_destroy(struct domain *d) clear_bit(n, ctx->vm_destroy_bitmap); } =20 - if ( bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) + if ( bitmap_empty(ctx->vm_destroy_bitmap, sp_list_count) ) XFREE(ctx->vm_destroy_bitmap); =20 return !ctx->vm_destroy_bitmap; --=20 2.52.0