Xen project Mailing List

Re: [PATCH v7 3/6] xen/arm: ffa: Introduce VM to VM support

From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>

Date: Mon, 11 Aug 2025 07:34:06 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 4.158.2.129) smtp.rcpttodomain=xen.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BhG4rbTSHhy/Sr/3v+F7BVCUauPzVThuTt12zVq3ehk=; b=iTBjlI5bqc1rLjdDZn7bzRJyKTtUk7HDf/bWq6gDwZW556RBnXld6OX3ted124Me+B/kRrRS7NBv0z6LTKGL12dCerZNqXlwqffKHzC5KHVwAT0hY0CuvIg42WMDI1qwbxEAner/GK2so/HwsxDbt8oUgxXgYS04RklvUARBh/lc+UUUGIwPdjR3IQ3x3h7hiNi9WNFVBaNdahO2YtbZQglWxLabOOSMnseevqicN/fpAtw2M7ZRXWidb1BU7QjawlRkTopK/SOJ8D3NURJRtH3rYkUE8gcLybSTE/xLHANTxeBPdMh7hMdSwAqAh9eP27+EmxROSeM3cfIJBTe5oQ==

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BhG4rbTSHhy/Sr/3v+F7BVCUauPzVThuTt12zVq3ehk=; b=I4UFEfn7/LiDsp6wO0gkR9KprCRJ+x275KCKzc3AwVl0Gz188TSIuH5ynx0xmdZpGQWb9HXetR1p01hpGDcvmLftOBsnR+C0QG9vfTXuTIp4SYzn4ErDIGd4KFL/bd1sg5vHBvIAd0p3tqdFdHKILsZqFMS4XIEOvAuj6UQzQidcnL2x5VCWzyM8ME2Q7HxQ3P1hjovPjeEELsOxqd2S8+1JQ/Qc36vLtZZ5Vr1+ZW4enOZOQrgyIoOPLHXk7QozFNHEFzLTFjmWqFMKioBgGcLbvtIlsanvGkoDWOep+xkz6c82/Bm7IuXfmOw1SLxX2Ea+NmeGJpfvH2Ww9Ry0eg==

Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=gOa0uEeNG8pav6Xn3nUfSoTD1OJLbByMR88xy4xNvKE5az42Kp8DVqPtvFnC3xuIVHC4TnSlMJcxbOkOqlSkmZ9nftJjOnf3WYSLu0J1q7n0PqNPGRZxg3gZ9/W8oKKVgEpa6H/BP15FFPOB4fwSKV4UDmF/haGKur0Wwr8Me8cUYi6TtrxMQs2W2P0Nw5q8IgPv1zWBXbnxGfg+U0QdzArtwIW1cagNO0R6DqdgluaCJyQojA0BbDSnmzYrbc2dmFxw8bBRHaRFr6lW+c5i5TOjghYGcyTLcht13OunqOXOP38CCPCPe2gEj5FmX9nyLV9JKmktHpbRjvr7J6zc5g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zIkUHUi/g24AJSRUQuewArLFSwrr0eYUc1tLeeGPlNo3ugfljAUCEuWOBuDGUs8i8N0FxzfVOtJ1CT18GEjAa5eJLxcLDqB7aFFLjA8d6ZBrTRc6t5CdFgL6j21mC33hAUC1qKOj9aQ0s/GzYjatSpYcgFKZuC2eqFJ9EcPefDWNuP9d0POjfBSXLwQhIOKrv6OO+DmCWyi6OJ/pXR5OZ03JE38PaKSjTSPh5F3WLIu/auMY8dSEwbFyKe2ZreXlK/dtrXXcFe4Sy1HPo1WANG6fD+kp1B7DCGDLn6aME0ErBszi8tltmiPzSTlkVLY3ID+IlQvCtvvvjk0AYbEXAg==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "jens.wiklander@xxxxxxxxxx" <jens.wiklander@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>

Delivery-date: Mon, 11 Aug 2025 07:34:59 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Thread-index: AQHb9xP9tgnM92Sxpk+5sdmAsJMirrRZG8AAgAQargA=

Thread-topic: [PATCH v7 3/6] xen/arm: ffa: Introduce VM to VM support

Hi Julien, > On 8 Aug 2025, at 18:53, Julien Grall <julien@xxxxxxx> wrote: > > Hi Bertrand, > > On 17/07/2025 13:11, Bertrand Marquis wrote: >> Create a CONFIG_FFA_VM_TO_VM parameter to activate FFA communication >> between VMs. >> When activated list VMs in the system with FF-A support in part_info_get. >> When VM to VM is activated, Xen will be tainted as Insecure and a >> message is displayed to the user during the boot as there is no >> filtering of VMs in FF-A so any VM can communicate or see any other VM >> in the system. >> WARNING: There is no filtering for now and all VMs are listed !! >> This patch is reorganizing the ffa_ctx structure to make clear which >> lock is protecting what parts. >> This patch is introducing a chain list of the ffa_ctx with a FFA Version >> negociated allowing to create the partinfo results for VMs in parallel >> by using rwlock which only ensure addition/removal of entries are >> protected. >> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx> > > With two remarks below: > > Acked-by: Julien Grall <jgrall@xxxxxxxxxx> > >> --- >> Changes in v7: >> - protect ffa_ctx list with a rw lock to allow several partinfo_get in >> parallel but protect adding/removing entries. >> Changes in v6: >> - remove ACCESS_ONCE for guest_vers access and take the context lock >> before modifying it >> - move guest_vers in context declaration to fields protected by the >> context lock and add a comment to state that lock in only needed when >> modifying it >> Changes in v5: >> - remove invalid comment about 1.1 firmware support >> - rename variables from d and dom to curr_d and dest_d (Julien) >> - add a TODO in the code for potential holding for long of the CPU >> (Julien) >> - use an atomic global variable to store the number of VMs instead of >> recomputing the value each time (Julien) >> - add partinfo information in ffa_ctx (id, cpus and 64bit) and create a >> chain list of ctx. Use this chain list to create the partinfo result >> without holding a global lock to prevent concurrency issues. >> - Move some changes in a preparation patch modifying partinfo for sps to >> reduce this patch size and make the review easier >> Changes in v4: >> - properly handle SPMC version 1.0 header size case in partinfo_get >> - switch to local counting variables instead of *pointer += 1 form >> - coding style issue with missing spaces in if () >> Changes in v3: >> - break partinfo_get in several sub functions to make the implementation >> easier to understand and lock handling easier >> - rework implementation to check size along the way and prevent previous >> implementation limits which had to check that the number of VMs or SPs >> did not change >> - taint Xen as INSECURE when VM to VM is enabled >> Changes in v2: >> - Switch ifdef to IS_ENABLED >> - dom was not switched to d as requested by Jan because there is already >> a variable d pointing to the current domain and it must not be >> shadowed. >> --- >> xen/arch/arm/tee/Kconfig | 11 +++ >> xen/arch/arm/tee/ffa.c | 47 +++++++++++++ >> xen/arch/arm/tee/ffa_partinfo.c | 100 ++++++++++++++++++++++++--- >> xen/arch/arm/tee/ffa_private.h | 117 ++++++++++++++++++++++++++------ >> 4 files changed, 245 insertions(+), 30 deletions(-) >> diff --git a/xen/arch/arm/tee/Kconfig b/xen/arch/arm/tee/Kconfig >> index c5b0f88d7522..88a4c4c99154 100644 >> --- a/xen/arch/arm/tee/Kconfig >> +++ b/xen/arch/arm/tee/Kconfig >> @@ -28,5 +28,16 @@ config FFA >> [1] https://developer.arm.com/documentation/den0077/latest >> +config FFA_VM_TO_VM >> + bool "Enable FF-A between VMs (UNSUPPORTED)" if UNSUPPORTED >> + default n >> + depends on FFA >> + help >> + This option enables to use FF-A between VMs. >> + This is experimental and there is no access control so any >> + guest can communicate with any other guest. >> + >> + If unsure, say N. >> + >> endmenu >> diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c >> index 3bbdd7168a6b..be71eda4869f 100644 >> --- a/xen/arch/arm/tee/ffa.c >> +++ b/xen/arch/arm/tee/ffa.c >> @@ -118,6 +118,13 @@ void *ffa_tx __read_mostly; >> DEFINE_SPINLOCK(ffa_rx_buffer_lock); >> DEFINE_SPINLOCK(ffa_tx_buffer_lock); >> +struct list_head ffa_ctx_head; > > A more common pattern is to use LIST_HEAD(ffa_ctx_head) and ... > >> +/* RW Lock to protect addition/removal and reading in ffa_ctx_head */ >> +rwlock_t ffa_ctx_list_rwlock; > > ... DEFINE_RWLOCK(ffa_ctx_list_rwlock) which will also initialize list/rwlock > for you. So no need for extra code further down and less risk if the > variables are used before they are initialized. I will modify those and push a v7 to the mailing list today. Thanks again. Bertrand > > Cheers, > > -- > Julien Grall

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.