From nobody Tue Mar 3 03:06:20 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=arm.com Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1772466300808840.5451563855943; Mon, 2 Mar 2026 07:45:00 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1244373.1543824 (Exim 4.92) (envelope-from ) id 1vx5Rp-0006Jp-84; Mon, 02 Mar 2026 15:44:41 +0000 Received: by outflank-mailman (output) from mailman id 1244373.1543824; Mon, 02 Mar 2026 15:44:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rp-0006JG-3P; Mon, 02 Mar 2026 15:44:41 +0000 Received: by outflank-mailman (input) for mailman id 1244373; Mon, 02 Mar 2026 15:44:39 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rn-0006Gr-Ro for xen-devel@lists.xenproject.org; Mon, 02 Mar 2026 15:44:39 +0000 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by se1-gles-sth1.inumbo.com (Halon) with ESMTP id b6f7fd03-164e-11f1-b164-2bf370ae4941; Mon, 02 Mar 2026 16:44:36 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4E77F14BF; Mon, 2 Mar 2026 07:44:29 -0800 (PST) Received: from C3HXLD123V.arm.com (unknown [10.57.82.225]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5DC4A3F73B; Mon, 2 Mar 2026 07:44:34 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b6f7fd03-164e-11f1-b164-2bf370ae4941 From: Bertrand Marquis To: xen-devel@lists.xenproject.org Cc: Volodymyr Babchuk , Jens Wiklander , Stefano Stabellini , Julien Grall , Michal Orzel Subject: [PATCH v2 1/4] xen/arm: ffa: Add start_index to VM partinfo helper Date: Mon, 2 Mar 2026 16:44:10 +0100 Message-ID: <59113d382b0f31ae51152887a0afaeb10dcf8420.1772464956.git.bertrand.marquis@arm.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1772466302317158500 Content-Type: text/plain; charset="utf-8" Windowed GET_REGS retrieval needs to emit VM entries starting from an arbitrary index, but ffa_get_vm_partinfo() always starts from index 0. Add a start_index parameter to ffa_get_vm_partinfo() and skip entries until the local index reaches start_index. Update ffa_handle_partition_info_get() to pass start_index=3D0 to preserve existing behavior. No functional changes. Signed-off-by: Bertrand Marquis Reviewed-by: Jens Wiklander --- Changes since v1: - Add Jens R-b --- xen/arch/arm/tee/ffa_partinfo.c | 61 +++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 26 deletions(-) diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinf= o.c index fdb03dae9a0c..6a6f3ffb822e 100644 --- a/xen/arch/arm/tee/ffa_partinfo.c +++ b/xen/arch/arm/tee/ffa_partinfo.c @@ -167,14 +167,15 @@ out: return ret; } =20 -static int32_t ffa_get_vm_partinfo(struct ffa_uuid uuid, uint32_t *vm_coun= t, - void **dst_buf, void *end_buf, - uint32_t dst_size) +static int32_t ffa_get_vm_partinfo(struct ffa_uuid uuid, uint32_t start_in= dex, + uint32_t *vm_count, void **dst_buf, + void *end_buf, uint32_t dst_size) { struct domain *d =3D current->domain; struct ffa_ctx *curr_ctx =3D d->arch.tee; struct ffa_ctx *dest_ctx; uint32_t count =3D 0; + uint32_t idx =3D 0; int32_t ret =3D FFA_RET_OK; /* * We do not have UUID info for VMs so use the 1.0 structure so that w= e set @@ -202,17 +203,21 @@ static int32_t ffa_get_vm_partinfo(struct ffa_uuid uu= id, uint32_t *vm_count, if ( ACCESS_ONCE(curr_ctx->guest_vers) >=3D FFA_VERSION_1_2 ) { /* Add caller VM information */ - info.id =3D curr_ctx->ffa_id; - info.execution_context =3D curr_ctx->num_vcpus; - info.partition_properties =3D FFA_PART_VM_PROP; - if ( is_64bit_domain(d) ) - info.partition_properties |=3D FFA_PART_PROP_AARCH64_STATE; - - ret =3D ffa_copy_info(dst_buf, end_buf, &info, dst_size, sizeof(in= fo)); - if ( ret ) - return ret; + if ( start_index =3D=3D 0) + { + info.id =3D curr_ctx->ffa_id; + info.execution_context =3D curr_ctx->num_vcpus; + info.partition_properties =3D FFA_PART_VM_PROP; + if ( is_64bit_domain(d) ) + info.partition_properties |=3D FFA_PART_PROP_AARCH64_STATE; =20 - count++; + ret =3D ffa_copy_info(dst_buf, end_buf, &info, dst_size, + sizeof(info)); + if ( ret ) + return ret; + count++; + } + idx++; } =20 if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) ) @@ -231,21 +236,25 @@ static int32_t ffa_get_vm_partinfo(struct ffa_uuid uu= id, uint32_t *vm_count, if ( dest_ctx =3D=3D curr_ctx ) continue; =20 - info.id =3D dest_ctx->ffa_id; - info.execution_context =3D dest_ctx->num_vcpus; - info.partition_properties =3D FFA_PART_VM_PROP; - if ( dest_ctx->is_64bit ) - info.partition_properties |=3D FFA_PART_PROP_AARCH64_STATE; - - ret =3D ffa_copy_info(dst_buf, end_buf, &info, dst_size, - sizeof(info)); - if ( ret ) + if ( idx >=3D start_index ) { - read_unlock(&ffa_ctx_list_rwlock); - return ret; + info.id =3D dest_ctx->ffa_id; + info.execution_context =3D dest_ctx->num_vcpus; + info.partition_properties =3D FFA_PART_VM_PROP; + if ( dest_ctx->is_64bit ) + info.partition_properties |=3D FFA_PART_PROP_AARCH64_S= TATE; + + ret =3D ffa_copy_info(dst_buf, end_buf, &info, dst_size, + sizeof(info)); + if ( ret ) + { + read_unlock(&ffa_ctx_list_rwlock); + return ret; + } + count++; } =20 - count++; + idx++; } read_unlock(&ffa_ctx_list_rwlock); } @@ -355,7 +364,7 @@ void ffa_handle_partition_info_get(struct cpu_user_regs= *regs) goto out_rx_release; } =20 - ret =3D ffa_get_vm_partinfo(uuid, &ffa_vm_count, &dst_buf, end_buf, + ret =3D ffa_get_vm_partinfo(uuid, 0, &ffa_vm_count, &dst_buf, end_buf, dst_size); =20 out_rx_release: --=20 2.52.0 From nobody Tue Mar 3 03:06:20 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=arm.com Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1772466294866355.55623727944806; Mon, 2 Mar 2026 07:44:54 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1244372.1543820 (Exim 4.92) (envelope-from ) id 1vx5Ro-0006Hm-VX; Mon, 02 Mar 2026 15:44:40 +0000 Received: by outflank-mailman (output) from mailman id 1244372.1543820; Mon, 02 Mar 2026 15:44:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Ro-0006He-Rp; Mon, 02 Mar 2026 15:44:40 +0000 Received: by outflank-mailman (input) for mailman id 1244372; Mon, 02 Mar 2026 15:44:39 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rn-0006Gr-6s for xen-devel@lists.xenproject.org; Mon, 02 Mar 2026 15:44:39 +0000 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by se1-gles-sth1.inumbo.com (Halon) with ESMTP id b8194af2-164e-11f1-b164-2bf370ae4941; Mon, 02 Mar 2026 16:44:38 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 21967152B; Mon, 2 Mar 2026 07:44:31 -0800 (PST) Received: from C3HXLD123V.arm.com (unknown [10.57.82.225]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 10B3F3F73B; Mon, 2 Mar 2026 07:44:35 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b8194af2-164e-11f1-b164-2bf370ae4941 From: Bertrand Marquis To: xen-devel@lists.xenproject.org Cc: Volodymyr Babchuk , Jens Wiklander , Stefano Stabellini , Julien Grall , Michal Orzel Subject: [PATCH v2 2/4] xen/arm: ffa: Cache SP partition info at init Date: Mon, 2 Mar 2026 16:44:11 +0100 Message-ID: X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1772466296316158500 Content-Type: text/plain; charset="utf-8" FFA_PARTITION_INFO_GET currently queries the SPMC on each call and walks the RX buffer every time. The SP list is expected to be static, so repeated firmware calls and validation are unnecessary. Cache the SPMC partition-info list at init time, keeping only secure endpoints, and reuse the cached entries for SP count and partition-info responses. Initialize the VM create/destroy subscriber lists from the cached list and free the cache on init failure. SP partition info now reflects the init-time snapshot and will not change. Signed-off-by: Bertrand Marquis --- Changes since v1: - removed unneeded NULL assignment after XFREE - remove warned usage and only rely on printk_once to warn on the 15-bit convention - rework ffa_partinfo_init cleanup - ensure we do not do unaligned accesses when building the SP cache - enforce SPMC partinfo size to be at least 1.1 structure size when creating and remove tests when using the cache --- xen/arch/arm/tee/ffa_partinfo.c | 216 +++++++++++++++++++++----------- 1 file changed, 146 insertions(+), 70 deletions(-) diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinf= o.c index 6a6f3ffb822e..b933becaa55a 100644 --- a/xen/arch/arm/tee/ffa_partinfo.c +++ b/xen/arch/arm/tee/ffa_partinfo.c @@ -6,6 +6,8 @@ #include #include #include +#include +#include =20 #include #include @@ -33,6 +35,10 @@ static uint16_t subscr_vm_created_count __read_mostly; static uint16_t *subscr_vm_destroyed __read_mostly; static uint16_t subscr_vm_destroyed_count __read_mostly; =20 +/* SP list cache (secure endpoints only); populated at init. */ +static void *sp_list __read_mostly; +static uint32_t sp_list_count __read_mostly; +static uint32_t sp_list_entry_size __read_mostly; static int32_t ffa_partition_info_get(struct ffa_uuid uuid, uint32_t flags, uint32_t *count, uint32_t *fpi_size) { @@ -79,92 +85,84 @@ static int32_t ffa_copy_info(void **dst, void *dst_end,= const void *src, return FFA_RET_OK; } =20 -static int32_t ffa_get_sp_count(struct ffa_uuid uuid, uint32_t *sp_count) +static uint16_t ffa_sp_entry_read_id(const void *entry) { - uint32_t src_size; - - return ffa_partition_info_get(uuid, FFA_PARTITION_INFO_GET_COUNT_FLAG, - sp_count, &src_size); + return get_unaligned_t(uint16_t, + (const uint8_t *)entry + + offsetof(struct ffa_partition_info_1_0, id)); } =20 -static int32_t ffa_get_sp_partinfo(struct ffa_uuid uuid, uint32_t *sp_coun= t, - void **dst_buf, void *end_buf, - uint32_t dst_size) +static bool ffa_sp_entry_matches_uuid(const void *entry, struct ffa_uuid u= uid) { - int32_t ret; - int32_t release_ret; - uint32_t src_size, real_sp_count; - void *src_buf; - uint32_t count =3D 0; - bool notify_fw =3D false; + struct ffa_uuid sp_uuid; =20 - /* We need to use the RX buffer to receive the list */ - src_buf =3D ffa_rxtx_spmc_rx_acquire(); - if ( !src_buf ) - return FFA_RET_DENIED; + if ( ffa_uuid_is_nil(uuid) ) + return true; =20 - ret =3D ffa_partition_info_get(uuid, 0, &real_sp_count, &src_size); - if ( ret ) - goto out; - notify_fw =3D true; + memcpy(&sp_uuid, + (const uint8_t *)entry + + offsetof(struct ffa_partition_info_1_1, uuid), + sizeof(sp_uuid)); + return ffa_uuid_equal(uuid, sp_uuid); +} =20 - /* Validate the src_size we got */ - if ( src_size < sizeof(struct ffa_partition_info_1_0) || - src_size >=3D FFA_PAGE_SIZE ) +static int32_t ffa_get_sp_count(struct ffa_uuid uuid, uint32_t *sp_count) +{ + uint32_t count =3D 0; + uint32_t n; + + for ( n =3D 0; n < sp_list_count; n++ ) { - ret =3D FFA_RET_NOT_SUPPORTED; - goto out; + void *entry =3D sp_list + n * sp_list_entry_size; + + if ( ffa_sp_entry_matches_uuid(entry, uuid) ) + count++; } =20 - /* - * Limit the maximum time we hold the CPU by limiting the number of SP= s. - * We just ignore the extra ones as this is tested during init in - * ffa_partinfo_init so the only possible reason is SP have been added - * since boot. - */ - if ( real_sp_count > FFA_MAX_NUM_SP ) - real_sp_count =3D FFA_MAX_NUM_SP; + *sp_count =3D count; =20 - /* Make sure the data fits in our buffer */ - if ( real_sp_count > (FFA_RXTX_PAGE_COUNT * FFA_PAGE_SIZE) / src_size ) - { - ret =3D FFA_RET_NOT_SUPPORTED; - goto out; - } + if ( !ffa_uuid_is_nil(uuid) && !count ) + return FFA_RET_INVALID_PARAMETERS; =20 - for ( uint32_t sp_num =3D 0; sp_num < real_sp_count; sp_num++ ) - { - struct ffa_partition_info_1_1 *fpi =3D src_buf; + return FFA_RET_OK; +} =20 - /* filter out SP not following bit 15 convention if any */ - if ( FFA_ID_IS_SECURE(fpi->id) ) - { - /* - * If VM is 1.0 but firmware is 1.1 we could have several entr= ies - * with the same ID but different UUIDs. In this case the VM w= ill - * get a list with several time the same ID. - * This is a non-compliance to the specification but 1.0 VMs s= hould - * handle that on their own to simplify Xen implementation. - */ +static int32_t ffa_get_sp_partinfo(struct ffa_uuid uuid, uint32_t *sp_coun= t, + void **dst_buf, void *end_buf, + uint32_t dst_size) +{ + int32_t ret; + uint32_t count =3D 0; + uint32_t n; =20 - ret =3D ffa_copy_info(dst_buf, end_buf, src_buf, dst_size, src= _size); - if ( ret ) - goto out; + for ( n =3D 0; n < sp_list_count; n++ ) + { + void *entry =3D sp_list + n * sp_list_entry_size; =20 - count++; - } + if ( !ffa_sp_entry_matches_uuid(entry, uuid) ) + continue; + + /* + * If VM is 1.0 but firmware is 1.1 we could have several entries + * with the same ID but different UUIDs. In this case the VM will + * get a list with several time the same ID. + * This is a non-compliance to the specification but 1.0 VMs should + * handle that on their own to simplify Xen implementation. + */ + ret =3D ffa_copy_info(dst_buf, end_buf, entry, dst_size, + sp_list_entry_size); + if ( ret ) + return ret; =20 - src_buf +=3D src_size; + count++; } =20 *sp_count =3D count; =20 -out: - release_ret =3D ffa_rxtx_spmc_rx_release(notify_fw); - if ( release_ret ) - gprintk(XENLOG_WARNING, - "ffa: Error releasing SPMC RX buffer: %d\n", release_ret); - return ret; + if ( !ffa_uuid_is_nil(uuid) && !count ) + return FFA_RET_INVALID_PARAMETERS; + + return FFA_RET_OK; } =20 static int32_t ffa_get_vm_partinfo(struct ffa_uuid uuid, uint32_t start_in= dex, @@ -435,6 +433,13 @@ static int32_t ffa_direct_req_send_vm(uint16_t sp_id, = uint16_t vm_id, return res; } =20 +static void ffa_sp_list_cache_free(void) +{ + XFREE(sp_list); + sp_list_count =3D 0; + sp_list_entry_size =3D 0; +} + static void uninit_subscribers(void) { subscr_vm_created_count =3D 0; @@ -443,6 +448,63 @@ static void uninit_subscribers(void) XFREE(subscr_vm_destroyed); } =20 +static bool ffa_sp_list_cache_init(const void *buf, uint32_t count, + uint32_t fpi_size) +{ + const uint8_t *src =3D buf; + uint32_t secure_count =3D 0; + uint32_t n, idx =3D 0; + + if ( fpi_size < sizeof(struct ffa_partition_info_1_1) || + fpi_size >=3D FFA_PAGE_SIZE ) + return false; + + if ( count > (FFA_RXTX_PAGE_COUNT * FFA_PAGE_SIZE) / fpi_size ) + return false; + + for ( n =3D 0; n < count; n++ ) + { + const uint8_t *entry =3D src + n * fpi_size; + uint16_t id =3D ffa_sp_entry_read_id(entry); + + if ( !FFA_ID_IS_SECURE(id) ) + { + printk_once(XENLOG_ERR + "ffa: Firmware is not using bit 15 convention for = IDs !!\n"); + printk(XENLOG_ERR + "ffa: Secure partition with id 0x%04x cannot be used\n", + id); + continue; + } + + secure_count++; + } + + if ( secure_count ) + { + sp_list =3D xzalloc_bytes(secure_count * fpi_size); + if ( !sp_list ) + return false; + } + + sp_list_count =3D secure_count; + sp_list_entry_size =3D fpi_size; + + for ( n =3D 0; n < count; n++ ) + { + const uint8_t *entry =3D src + n * fpi_size; + uint16_t id =3D ffa_sp_entry_read_id(entry); + + if ( !FFA_ID_IS_SECURE(id) ) + continue; + + memcpy(sp_list + idx * fpi_size, entry, fpi_size); + idx++; + } + + return true; +} + static bool init_subscribers(void *buf, uint16_t count, uint32_t fpi_size) { uint16_t n; @@ -538,7 +600,7 @@ bool ffa_partinfo_init(void) if ( e ) { printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", e); - goto out; + goto out_release_rx; } notify_fw =3D true; =20 @@ -546,15 +608,29 @@ bool ffa_partinfo_init(void) { printk(XENLOG_ERR "ffa: More SPs than the maximum supported: %u - = %u\n", count, FFA_MAX_NUM_SP); - goto out; + goto out_release_rx; + } + + if ( !ffa_sp_list_cache_init(spmc_rx, count, fpi_size) ) + { + printk(XENLOG_ERR "ffa: Failed to cache SP list\n"); + goto out_release_rx; } =20 - ret =3D init_subscribers(spmc_rx, count, fpi_size); + if ( !init_subscribers(sp_list, sp_list_count, sp_list_entry_size) ) + goto out_free_sp_cache; =20 -out: + ret =3D true; + goto out_release_rx; + +out_free_sp_cache: + ffa_sp_list_cache_free(); + +out_release_rx: e =3D ffa_rxtx_spmc_rx_release(notify_fw); if ( e ) printk(XENLOG_WARNING "ffa: Error releasing SPMC RX buffer: %d\n",= e); + return ret; } =20 --=20 2.52.0 From nobody Tue Mar 3 03:06:20 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=arm.com Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1772466301553449.5930747700827; Mon, 2 Mar 2026 07:45:01 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1244375.1543840 (Exim 4.92) (envelope-from ) id 1vx5Rr-0006n4-Ip; Mon, 02 Mar 2026 15:44:43 +0000 Received: by outflank-mailman (output) from mailman id 1244375.1543840; Mon, 02 Mar 2026 15:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rr-0006mx-Fx; Mon, 02 Mar 2026 15:44:43 +0000 Received: by outflank-mailman (input) for mailman id 1244375; Mon, 02 Mar 2026 15:44:42 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rq-00060E-2A for xen-devel@lists.xenproject.org; Mon, 02 Mar 2026 15:44:42 +0000 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by se1-gles-flk1.inumbo.com (Halon) with ESMTP id b949a518-164e-11f1-9ccf-f158ae23cfc8; Mon, 02 Mar 2026 16:44:39 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F17D21570; Mon, 2 Mar 2026 07:44:32 -0800 (PST) Received: from C3HXLD123V.arm.com (unknown [10.57.82.225]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E32103F73B; Mon, 2 Mar 2026 07:44:37 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b949a518-164e-11f1-9ccf-f158ae23cfc8 From: Bertrand Marquis To: xen-devel@lists.xenproject.org Cc: Volodymyr Babchuk , Jens Wiklander , Stefano Stabellini , Julien Grall , Michal Orzel Subject: [PATCH v2 3/4] xen/arm: ffa: Drop SP subscriber lists Date: Mon, 2 Mar 2026 16:44:12 +0100 Message-ID: <055bed7c55f298a0916518fb61929bfc7dac6ef2.1772464956.git.bertrand.marquis@arm.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1772466302392158500 Content-Type: text/plain; charset="utf-8" The init-time SP cache already contains partition properties, but the code still builds separate subscriber arrays for VM created/destroyed notifications. That duplicates state and allocation. Use the cached SP list directly to: - decide which SPs receive created/destroyed notifications - build the per-domain destroy bitmap - skip destroy notifications for SPs not notified on create Also switch cached SP entry field reads in VM create/destroy notification paths to unaligned-safe helpers, as cache entries are variable-size and should not be dereferenced via struct pointers. No functional changes. Signed-off-by: Bertrand Marquis --- Changes since v1: - use unaligned-safe reads for cached SP entry fields (id/partition_properties) in VM create/destroy notification paths --- xen/arch/arm/tee/ffa_partinfo.c | 170 +++++++++----------------------- 1 file changed, 47 insertions(+), 123 deletions(-) diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinf= o.c index b933becaa55a..419e19510f6f 100644 --- a/xen/arch/arm/tee/ffa_partinfo.c +++ b/xen/arch/arm/tee/ffa_partinfo.c @@ -29,12 +29,6 @@ struct ffa_partition_info_1_1 { uint8_t uuid[16]; }; =20 -/* SPs subscribing to VM_CREATE and VM_DESTROYED events */ -static uint16_t *subscr_vm_created __read_mostly; -static uint16_t subscr_vm_created_count __read_mostly; -static uint16_t *subscr_vm_destroyed __read_mostly; -static uint16_t subscr_vm_destroyed_count __read_mostly; - /* SP list cache (secure endpoints only); populated at init. */ static void *sp_list __read_mostly; static uint32_t sp_list_count __read_mostly; @@ -92,6 +86,14 @@ static uint16_t ffa_sp_entry_read_id(const void *entry) offsetof(struct ffa_partition_info_1_0, id)); } =20 +static uint32_t ffa_sp_entry_read_partition_properties(const void *entry) +{ + return get_unaligned_t(uint32_t, + (const uint8_t *)entry + + offsetof(struct ffa_partition_info_1_0, + partition_properties)); +} + static bool ffa_sp_entry_matches_uuid(const void *entry, struct ffa_uuid u= uid) { struct ffa_uuid sp_uuid; @@ -440,14 +442,6 @@ static void ffa_sp_list_cache_free(void) sp_list_entry_size =3D 0; } =20 -static void uninit_subscribers(void) -{ - subscr_vm_created_count =3D 0; - subscr_vm_destroyed_count =3D 0; - XFREE(subscr_vm_created); - XFREE(subscr_vm_destroyed); -} - static bool ffa_sp_list_cache_init(const void *buf, uint32_t count, uint32_t fpi_size) { @@ -505,79 +499,6 @@ static bool ffa_sp_list_cache_init(const void *buf, ui= nt32_t count, return true; } =20 -static bool init_subscribers(void *buf, uint16_t count, uint32_t fpi_size) -{ - uint16_t n; - uint16_t c_pos; - uint16_t d_pos; - struct ffa_partition_info_1_1 *fpi; - - if ( fpi_size < sizeof(struct ffa_partition_info_1_1) ) - { - printk(XENLOG_ERR "ffa: partition info size invalid: %u\n", fpi_si= ze); - return false; - } - - subscr_vm_created_count =3D 0; - subscr_vm_destroyed_count =3D 0; - for ( n =3D 0; n < count; n++ ) - { - fpi =3D buf + n * fpi_size; - - /* - * We need to have secure partitions using bit 15 set convention f= or - * secure partition IDs. - * Inform the user with a log and discard giving created or destroy - * event to those IDs. - */ - if ( !FFA_ID_IS_SECURE(fpi->id) ) - { - printk_once(XENLOG_ERR - "ffa: Firmware is not using bit 15 convention for = IDs !!\n"); - printk(XENLOG_ERR - "ffa: Secure partition with id 0x%04x cannot be used\n", - fpi->id); - } - else - { - if ( fpi->partition_properties & FFA_PART_PROP_NOTIF_CREATED ) - subscr_vm_created_count++; - if ( fpi->partition_properties & FFA_PART_PROP_NOTIF_DESTROYED= ) - subscr_vm_destroyed_count++; - } - } - - if ( subscr_vm_created_count ) - subscr_vm_created =3D xzalloc_array(uint16_t, subscr_vm_created_co= unt); - if ( subscr_vm_destroyed_count ) - subscr_vm_destroyed =3D xzalloc_array(uint16_t, - subscr_vm_destroyed_count); - if ( (subscr_vm_created_count && !subscr_vm_created) || - (subscr_vm_destroyed_count && !subscr_vm_destroyed) ) - { - printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n"); - uninit_subscribers(); - return false; - } - - for ( c_pos =3D 0, d_pos =3D 0, n =3D 0; n < count; n++ ) - { - fpi =3D buf + n * fpi_size; - - if ( FFA_ID_IS_SECURE(fpi->id) ) - { - if ( fpi->partition_properties & FFA_PART_PROP_NOTIF_CREATED ) - subscr_vm_created[c_pos++] =3D fpi->id; - if ( fpi->partition_properties & FFA_PART_PROP_NOTIF_DESTROYED= ) - subscr_vm_destroyed[d_pos++] =3D fpi->id; - } - } - - return true; -} - - - bool ffa_partinfo_init(void) { bool ret =3D false; @@ -617,52 +538,39 @@ bool ffa_partinfo_init(void) goto out_release_rx; } =20 - if ( !init_subscribers(sp_list, sp_list_count, sp_list_entry_size) ) - goto out_free_sp_cache; - ret =3D true; goto out_release_rx; =20 -out_free_sp_cache: - ffa_sp_list_cache_free(); - out_release_rx: e =3D ffa_rxtx_spmc_rx_release(notify_fw); if ( e ) printk(XENLOG_WARNING "ffa: Error releasing SPMC RX buffer: %d\n",= e); - + if ( !ret ) + ffa_sp_list_cache_free(); return ret; } =20 -static bool is_in_subscr_list(const uint16_t *subscr, uint16_t start, - uint16_t end, uint16_t sp_id) +static void vm_destroy_bitmap_init(struct ffa_ctx *ctx, + unsigned int first_unnotified) { unsigned int n; =20 - for ( n =3D start; n < end; n++ ) + for ( n =3D 0; n < sp_list_count; n++ ) { - if ( subscr[n] =3D=3D sp_id ) - return true; - } - - return false; -} + const void *entry =3D sp_list + n * sp_list_entry_size; + uint32_t partition_props =3D + ffa_sp_entry_read_partition_properties(entry); =20 -static void vm_destroy_bitmap_init(struct ffa_ctx *ctx, - unsigned int create_signal_count) -{ - unsigned int n; + if ( !(partition_props & FFA_PART_PROP_NOTIF_DESTROYED) ) + continue; =20 - for ( n =3D 0; n < subscr_vm_destroyed_count; n++ ) - { /* * Skip SPs subscribed to the VM created event that never was * notified of the VM creation due to an error during * ffa_domain_init(). */ - if ( is_in_subscr_list(subscr_vm_created, create_signal_count, - subscr_vm_created_count, - subscr_vm_destroyed[n]) ) + if ( (partition_props & FFA_PART_PROP_NOTIF_CREATED) && + n >=3D first_unnotified ) continue; =20 set_bit(n, ctx->vm_destroy_bitmap); @@ -671,32 +579,42 @@ static void vm_destroy_bitmap_init(struct ffa_ctx *ct= x, =20 int32_t ffa_partinfo_domain_init(struct domain *d) { - unsigned int count =3D BITS_TO_LONGS(subscr_vm_destroyed_count); + unsigned int count =3D BITS_TO_LONGS(sp_list_count); struct ffa_ctx *ctx =3D d->arch.tee; unsigned int n; + unsigned int first_unnotified =3D sp_list_count; int32_t res; =20 - if ( !ffa_fw_supports_fid(FFA_MSG_SEND_DIRECT_REQ_32) ) + if ( !ffa_fw_supports_fid(FFA_MSG_SEND_DIRECT_REQ_32) || !sp_list_coun= t ) return 0; =20 ctx->vm_destroy_bitmap =3D xzalloc_array(unsigned long, count); if ( !ctx->vm_destroy_bitmap ) return -ENOMEM; =20 - for ( n =3D 0; n < subscr_vm_created_count; n++ ) + for ( n =3D 0; n < sp_list_count; n++ ) { - res =3D ffa_direct_req_send_vm(subscr_vm_created[n], ffa_get_vm_id= (d), + const void *entry =3D sp_list + n * sp_list_entry_size; + uint32_t partition_props =3D + ffa_sp_entry_read_partition_properties(entry); + uint16_t id =3D ffa_sp_entry_read_id(entry); + + if ( !(partition_props & FFA_PART_PROP_NOTIF_CREATED) ) + continue; + + res =3D ffa_direct_req_send_vm(id, ffa_get_vm_id(d), FFA_MSG_SEND_VM_CREATED); if ( res ) { printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u = to %u: res %d\n", - ffa_get_vm_id(d), subscr_vm_created[n], res); + ffa_get_vm_id(d), id, res); + first_unnotified =3D n; break; } } - vm_destroy_bitmap_init(ctx, n); + vm_destroy_bitmap_init(ctx, first_unnotified); =20 - if ( n !=3D subscr_vm_created_count ) + if ( first_unnotified !=3D sp_list_count ) return -EIO; =20 return 0; @@ -711,18 +629,24 @@ bool ffa_partinfo_domain_destroy(struct domain *d) if ( !ctx->vm_destroy_bitmap ) return true; =20 - for ( n =3D 0; n < subscr_vm_destroyed_count; n++ ) + for ( n =3D 0; n < sp_list_count; n++ ) { + const void *entry; + uint16_t id; + if ( !test_bit(n, ctx->vm_destroy_bitmap) ) continue; =20 - res =3D ffa_direct_req_send_vm(subscr_vm_destroyed[n], ffa_get_vm_= id(d), + entry =3D sp_list + n * sp_list_entry_size; + id =3D ffa_sp_entry_read_id(entry); + + res =3D ffa_direct_req_send_vm(id, ffa_get_vm_id(d), FFA_MSG_SEND_VM_DESTROYED); =20 if ( res && printk_ratelimit() ) printk(XENLOG_WARNING "%pd: ffa: Failed to report destruction of vm_id %u to = %u: res %d\n", - d, ffa_get_vm_id(d), subscr_vm_destroyed[n], res); + d, ffa_get_vm_id(d), id, res); =20 /* * For these two error codes the hypervisor is expected to resend @@ -734,7 +658,7 @@ bool ffa_partinfo_domain_destroy(struct domain *d) clear_bit(n, ctx->vm_destroy_bitmap); } =20 - if ( bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) + if ( bitmap_empty(ctx->vm_destroy_bitmap, sp_list_count) ) XFREE(ctx->vm_destroy_bitmap); =20 return !ctx->vm_destroy_bitmap; --=20 2.52.0 From nobody Tue Mar 3 03:06:20 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=arm.com Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1772466302490637.3182025339511; Mon, 2 Mar 2026 07:45:02 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1244378.1543849 (Exim 4.92) (envelope-from ) id 1vx5Rt-00073Y-R2; Mon, 02 Mar 2026 15:44:45 +0000 Received: by outflank-mailman (output) from mailman id 1244378.1543849; Mon, 02 Mar 2026 15:44:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rt-00073O-Nr; Mon, 02 Mar 2026 15:44:45 +0000 Received: by outflank-mailman (input) for mailman id 1244378; Mon, 02 Mar 2026 15:44:44 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vx5Rr-00060E-UU for xen-devel@lists.xenproject.org; Mon, 02 Mar 2026 15:44:44 +0000 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by se1-gles-flk1.inumbo.com (Halon) with ESMTP id ba4f9867-164e-11f1-9ccf-f158ae23cfc8; Mon, 02 Mar 2026 16:44:41 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AECAA152B; Mon, 2 Mar 2026 07:44:34 -0800 (PST) Received: from C3HXLD123V.arm.com (unknown [10.57.82.225]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A35133F73B; Mon, 2 Mar 2026 07:44:39 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ba4f9867-164e-11f1-9ccf-f158ae23cfc8 From: Bertrand Marquis To: xen-devel@lists.xenproject.org Cc: Volodymyr Babchuk , Jens Wiklander , Stefano Stabellini , Julien Grall , Michal Orzel Subject: [PATCH v2 4/4] xen/arm: ffa: Add cached GET_REGS support Date: Mon, 2 Mar 2026 16:44:13 +0100 Message-ID: X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1772466304226158500 Content-Type: text/plain; charset="utf-8" FF-A v1.2 defines PARTITION_INFO_GET_REGS for register-based partition info retrieval, but Xen currently only supports the buffer-based GET path for guests. Implement GET_REGS using the cached SP list and VM entries, including the register window layout and input validation. Track VM list changes via the partinfo tag and use it to validate GET_REGS tag inputs. Ensure that when a non-Nil UUID is specified, the UUID fields in both GET and GET_REGS results are MBZ as required by the specification. PARTITION_INFO_GET_REGS is available to v1.2 guests, returning cached SP entries and VM entries with UUIDs zeroed for non-Nil UUID queries. Also publish VM membership updates (VM count, ctx list, and partinfo tag) under the same write-locked section so GET_REGS sees coherent state and concurrent changes are reliably reported via RETRY. Signed-off-by: Bertrand Marquis --- Changes since v1: - ignore x4-x17 not being zero and x3 bits 63-32 not being zero (defined as SBZ in the spec) - detect tag changes during GET_REGS handling and return RETRY - remove strict check of sp_list_entry_size, larger cache entry sizes will now be accepted - publish VM count, ctx list, and partinfo tag updates under ffa_ctx_list_rwlock for coherent visibility --- xen/arch/arm/tee/ffa.c | 23 +++- xen/arch/arm/tee/ffa_partinfo.c | 200 ++++++++++++++++++++++++++++++++ xen/arch/arm/tee/ffa_private.h | 4 +- 3 files changed, 223 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index aa43ae2595d7..d6cae67e1a48 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -44,6 +44,11 @@ * - doesn't support signalling the secondary scheduler of pending * notification for secure partitions * - doesn't support notifications for Xen itself + * o FFA_PARTITION_INFO_GET/GET_REGS: + * - v1.0 guests may see duplicate SP IDs when firmware provides UUIDs + * - SP list is cached at init; SPMC tag changes are not tracked + * between calls + * - SP list is capped at FFA_MAX_NUM_SP entries * * There are some large locked sections with ffa_spmc_tx_lock and * ffa_spmc_rx_lock. Especially the ffa_spmc_tx_lock spinlock used @@ -183,10 +188,11 @@ static bool ffa_negotiate_version(struct cpu_user_reg= s *regs) =20 if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) ) { - /* One more VM with FF-A support available */ - inc_ffa_vm_count(); write_lock(&ffa_ctx_list_rwlock); + /* Publish VM membership changes atomically with tag updates. = */ + inc_ffa_vm_count(); list_add_tail(&ctx->ctx_list, &ffa_ctx_head); + ffa_partinfo_inc_tag(); write_unlock(&ffa_ctx_list_rwlock); } =20 @@ -341,6 +347,12 @@ static void handle_features(struct cpu_user_regs *regs) case FFA_FEATURE_SCHEDULE_RECV_INTR: ffa_set_regs_success(regs, GUEST_FFA_SCHEDULE_RECV_INTR_ID, 0); break; + case FFA_PARTITION_INFO_GET_REGS: + if ( ACCESS_ONCE(ctx->guest_vers) >=3D FFA_VERSION_1_2 ) + ffa_set_regs_success(regs, 0, 0); + else + ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); + break; =20 case FFA_NOTIFICATION_BIND: case FFA_NOTIFICATION_UNBIND: @@ -402,6 +414,9 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) case FFA_PARTITION_INFO_GET: ffa_handle_partition_info_get(regs); return true; + case FFA_PARTITION_INFO_GET_REGS: + ffa_handle_partition_info_get_regs(regs); + return true; case FFA_RX_RELEASE: e =3D ffa_rx_release(ctx); break; @@ -625,9 +640,11 @@ static int ffa_domain_teardown(struct domain *d) =20 if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) && ACCESS_ONCE(ctx->guest_vers) ) { - dec_ffa_vm_count(); write_lock(&ffa_ctx_list_rwlock); + /* Publish VM membership changes atomically with tag updates. */ + dec_ffa_vm_count(); list_del(&ctx->ctx_list); + ffa_partinfo_inc_tag(); write_unlock(&ffa_ctx_list_rwlock); } =20 diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinf= o.c index 419e19510f6f..16da5ee567db 100644 --- a/xen/arch/arm/tee/ffa_partinfo.c +++ b/xen/arch/arm/tee/ffa_partinfo.c @@ -29,10 +29,39 @@ struct ffa_partition_info_1_1 { uint8_t uuid[16]; }; =20 +/* Registers a3..a17 (15 regs) carry partition descriptors, 3 regs each. */ +#define FFA_PARTINFO_REG_MAX_ENTRIES \ + ((15 * sizeof(uint64_t)) / sizeof(struct ffa_partition_info_1_1)) + /* SP list cache (secure endpoints only); populated at init. */ static void *sp_list __read_mostly; static uint32_t sp_list_count __read_mostly; static uint32_t sp_list_entry_size __read_mostly; + +/* SP list is static; tag only moves when VMs are added/removed. */ +static atomic_t ffa_partinfo_tag =3D ATOMIC_INIT(1); + +void ffa_partinfo_inc_tag(void) +{ + atomic_inc(&ffa_partinfo_tag); +} + +static inline uint16_t ffa_partinfo_get_tag(void) +{ + /* + * Tag moves with VM list changes only. + * + * Limitation: we cannot detect an SPMC tag change between calls becau= se we + * do not retain the previous SPMC tag; we only refresh it via the man= datory + * start_index=3D0 call and assume it stays stable while combined_tag = (our + * VM/SP-count tag) is used for guest validation. This means SPMC tag + * changes alone will not trigger RETRY. + */ + if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) ) + return atomic_read(&ffa_partinfo_tag) & GENMASK(15, 0); + else + return 1; +} static int32_t ffa_partition_info_get(struct ffa_uuid uuid, uint32_t flags, uint32_t *count, uint32_t *fpi_size) { @@ -140,6 +169,7 @@ static int32_t ffa_get_sp_partinfo(struct ffa_uuid uuid= , uint32_t *sp_count, for ( n =3D 0; n < sp_list_count; n++ ) { void *entry =3D sp_list + n * sp_list_entry_size; + void *dst_pos; =20 if ( !ffa_sp_entry_matches_uuid(entry, uuid) ) continue; @@ -151,11 +181,20 @@ static int32_t ffa_get_sp_partinfo(struct ffa_uuid uu= id, uint32_t *sp_count, * This is a non-compliance to the specification but 1.0 VMs should * handle that on their own to simplify Xen implementation. */ + dst_pos =3D *dst_buf; ret =3D ffa_copy_info(dst_buf, end_buf, entry, dst_size, sp_list_entry_size); if ( ret ) return ret; =20 + if ( !ffa_uuid_is_nil(uuid) && + dst_size >=3D sizeof(struct ffa_partition_info_1_1) ) + { + struct ffa_partition_info_1_1 *fpi =3D dst_pos; + + memset(fpi->uuid, 0, sizeof(fpi->uuid)); + } + count++; } =20 @@ -167,6 +206,38 @@ static int32_t ffa_get_sp_partinfo(struct ffa_uuid uui= d, uint32_t *sp_count, return FFA_RET_OK; } =20 +static uint16_t ffa_get_sp_partinfo_regs(struct ffa_uuid uuid, + uint16_t start_index, + uint64_t *out_regs, + uint16_t max_entries) +{ + uint32_t idx =3D 0; + uint16_t filled =3D 0; + uint32_t n; + + for ( n =3D 0; n < sp_list_count && filled < max_entries; n++ ) + { + void *entry =3D sp_list + n * sp_list_entry_size; + + if ( !ffa_sp_entry_matches_uuid(entry, uuid) ) + continue; + + if ( idx++ < start_index ) + continue; + + memcpy(&out_regs[filled * 3], entry, + sizeof(struct ffa_partition_info_1_1)); + if ( !ffa_uuid_is_nil(uuid) ) + { + out_regs[filled * 3 + 1] =3D 0; + out_regs[filled * 3 + 2] =3D 0; + } + filled++; + } + + return filled; +} + static int32_t ffa_get_vm_partinfo(struct ffa_uuid uuid, uint32_t start_in= dex, uint32_t *vm_count, void **dst_buf, void *end_buf, uint32_t dst_size) @@ -383,6 +454,135 @@ out: } } =20 +void ffa_handle_partition_info_get_regs(struct cpu_user_regs *regs) +{ + struct domain *d =3D current->domain; + struct ffa_ctx *ctx =3D d->arch.tee; + struct ffa_uuid uuid; + uint32_t sp_count =3D 0, vm_count =3D 0, total_count; + uint16_t start_index, tag; + uint16_t num_entries =3D 0; + uint64_t x3 =3D get_user_reg(regs, 3); + int32_t ret =3D FFA_RET_OK; + uint64_t out_regs[18] =3D { 0 }; + unsigned int n; + uint16_t tag_out, tag_end; + + if ( ACCESS_ONCE(ctx->guest_vers) < FFA_VERSION_1_2 ) + { + ret =3D FFA_RET_NOT_SUPPORTED; + goto out; + } + + /* + * Registers a3..a17 (15 regs) carry partition descriptors, 3 regs eac= h. + * For FF-A 1.2, that yields a maximum of 5 entries per GET_REGS call. + * Enforce the assumed layout so window sizing stays correct. + */ + BUILD_BUG_ON(FFA_PARTINFO_REG_MAX_ENTRIES !=3D 5); + + start_index =3D x3 & GENMASK(15, 0); + tag =3D (x3 >> 16) & GENMASK(15, 0); + + /* Start index must allow room for up to 5 entries without 16-bit over= flow. */ + if ( start_index > (GENMASK(15, 0) - (FFA_PARTINFO_REG_MAX_ENTRIES - 1= )) ) + { + ret =3D FFA_RET_INVALID_PARAMETERS; + goto out; + } + + uuid.val[0] =3D get_user_reg(regs, 1); + uuid.val[1] =3D get_user_reg(regs, 2); + + tag_out =3D ffa_partinfo_get_tag(); + + if ( start_index =3D=3D 0 ) + { + if ( tag ) + { + ret =3D FFA_RET_INVALID_PARAMETERS; + goto out; + } + } + else if ( tag !=3D tag_out ) + { + ret =3D FFA_RET_RETRY; + goto out; + } + + if ( ffa_uuid_is_nil(uuid) ) + { + if ( IS_ENABLED(CONFIG_FFA_VM_TO_VM) ) + vm_count =3D get_ffa_vm_count(); + else + vm_count =3D 1; /* Caller VM only */ + } + + ret =3D ffa_get_sp_count(uuid, &sp_count); + if ( ret ) + goto out; + + total_count =3D sp_count + vm_count; + + if ( total_count =3D=3D 0 || start_index >=3D total_count ) + { + ret =3D FFA_RET_INVALID_PARAMETERS; + goto out; + } + + if ( start_index < sp_count ) + num_entries =3D ffa_get_sp_partinfo_regs(uuid, start_index, &out_r= egs[3], + FFA_PARTINFO_REG_MAX_ENTRIE= S); + + if ( num_entries < FFA_PARTINFO_REG_MAX_ENTRIES ) + { + uint32_t vm_start =3D start_index > sp_count ? + start_index - sp_count : 0; + uint32_t filled =3D 0; + void *vm_dst =3D &out_regs[3 + num_entries * 3]; + void *vm_end =3D &out_regs[18]; + + ret =3D ffa_get_vm_partinfo(uuid, vm_start, &filled, &vm_dst, vm_e= nd, + sizeof(struct ffa_partition_info_1_1)); + if ( ret !=3D FFA_RET_OK && ret !=3D FFA_RET_NO_MEMORY ) + goto out; + + num_entries +=3D filled; + } + + if ( num_entries =3D=3D 0 ) + { + ret =3D FFA_RET_INVALID_PARAMETERS; + goto out; + } + + /* + * Detect list changes while building the response so the caller can r= etry + * with a coherent snapshot tag. + */ + tag_end =3D ffa_partinfo_get_tag(); + if ( tag_end !=3D tag_out ) + { + ret =3D FFA_RET_RETRY; + goto out; + } + + out_regs[0] =3D FFA_SUCCESS_64; + out_regs[2] =3D ((uint64_t)sizeof(struct ffa_partition_info_1_1) << 48= ) | + ((uint64_t)tag_end << 32) | + ((uint64_t)(start_index + num_entries - 1) << 16) | + ((uint64_t)(total_count - 1) & GENMASK(15, 0)); + + for ( n =3D 0; n < ARRAY_SIZE(out_regs); n++ ) + set_user_reg(regs, n, out_regs[n]); + + return; + +out: + if ( ret ) + ffa_set_regs_error(regs, ret); +} + static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, uint8_t msg) { diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h index 1a632983c860..c291f32b56ff 100644 --- a/xen/arch/arm/tee/ffa_private.h +++ b/xen/arch/arm/tee/ffa_private.h @@ -289,7 +289,7 @@ #define FFA_MSG_SEND2 0x84000086U #define FFA_CONSOLE_LOG_32 0x8400008AU #define FFA_CONSOLE_LOG_64 0xC400008AU -#define FFA_PARTITION_INFO_GET_REGS 0x8400008BU +#define FFA_PARTITION_INFO_GET_REGS 0xC400008BU #define FFA_MSG_SEND_DIRECT_REQ2 0xC400008DU #define FFA_MSG_SEND_DIRECT_RESP2 0xC400008EU =20 @@ -452,6 +452,8 @@ bool ffa_partinfo_init(void); int32_t ffa_partinfo_domain_init(struct domain *d); bool ffa_partinfo_domain_destroy(struct domain *d); void ffa_handle_partition_info_get(struct cpu_user_regs *regs); +void ffa_handle_partition_info_get_regs(struct cpu_user_regs *regs); +void ffa_partinfo_inc_tag(void); =20 int32_t ffa_endpoint_domain_lookup(uint16_t endpoint_id, struct domain **d= _out, struct ffa_ctx **ctx_out); --=20 2.52.0