[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v7 4/6] xen/arm: zynqmp: implement zynqmp_eemi

On Wed, 19 Dec 2018, Julien Grall wrote:
> Hi Stefano,
> 
> On 18/12/2018 22:36, Stefano Stabellini wrote:
> > On Tue, 18 Dec 2018, Julien Grall wrote:
> > > Hi,
> > > 
> > > On 12/17/18 10:10 PM, Stefano Stabellini wrote:
> > > > +    /* These calls are safe and always allowed.  */
> > > > +    case EEMI_FID(ZYNQMP_SIP_SVC_CALL_COUNT):
> > > > +    case EEMI_FID(ZYNQMP_SIP_SVC_UID):
> > > > +    case EEMI_FID(ZYNQMP_SIP_SVC_VERSION):
> > > > +    case EEMI_FID(PM_GET_TRUSTZONE_VERSION):
> > > > +    case EEMI_FID(PM_GET_API_VERSION):
> > > 
> > > Above you say the call to PM_GET_API_VERSION are safe and always allowed.
> > > But
> > > looking at the ATF implementation the first call to PM_GET_API_VERSION
> > > will
> > > enable IPI IRQ.
> > > 
> > > AFAICT, Dom0 will be the only domain to access IPI. So what happen if, in
> > > the
> > > Dom0less case, the guest is booting before and calling PM_GET_API_VERSION?
> > > 
> > > I haven't looked in depth the other SIP functions to see whether there are
> > > other potential issue.
> > 
> > On Xilinx MPSoC, the power management handler runs on a separate
> > processor (a Microblaze processor). Xilinx calls it "PMU". The IPI IRQ
> > enabled by ATF is for it to communicate with the PMU, it should not be
> > exposed to virtual machines. Nothing to do on our side here.
> 
> I am a bit confused, this does not seems to match the comment in the ATF code:
>               /*
>                * Enable IPI IRQ
>                * assume the rich OS is OK to handle callback IRQs now.
>                * Even if we were wrong, it would not enable the IRQ in
>                * the GIC.
>                */
> 
> What would happen if a guest is calling PM_GET_API_VERSION and we are not
> ready to handle callback?

CC'ing Wendy that knows more than me about this.

This comment is truly confusing. As I wrote, the IPI IRQ is used by ATF
to communicate with the PMU. However, ATF can also be configured not to
use the IPI IRQ by disabling the flag ZYNQMP_WDT_RESTART. In that case,
an OS could enable and use the IPI IRQ for itself. Note that upstream
Linux doesn't use this interrupt at all at the moment.

When Xen is present, Linux Dom0 could enable the IPI IRQ as any other
interrupts. In the future, a DomU could enable the IPI IRQ if both the
IRQ and related IPI buffer have been remapped into the virtual machine
(using regular device assignment techniques).

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.