[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 11/12] xen/arm: ffa: Add MEM_SHARE page diagnostics

  • To: Bertrand Marquis <bertrand.marquis@xxxxxxx>
  • From: Jens Wiklander <jens.wiklander@xxxxxxxxxx>
  • Date: Wed, 11 Feb 2026 11:08:11 +0100
  • Arc-authentication-results: i=1; mx.google.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=fqM7RKB6quCku8tMvd8VdIKk5k371oawDTVd6sVsdV4=; fh=wNLC6Hyb5Ukz/ErppBRQBwv8vwa/OMsdh6R8bnNsiPU=; b=fdb1o4x6cLZcF1e3P+2QnDkKRl6wPEtS4x2rk7eZADjbhHXKmc0HGtHAFZ134NWAwc 1rDuMOQpEflQh/PGZGGQiWkiWJDNJEydXJ9Zv6/+zlbiEiNd/igpOXweDH2uy9UgUKio eguA0F0edpmi+SyMeawJPxKeKxzt1Is5F7NnBysQsVfWS/yRrJCeBQFVUtotXy/cNhiE S8M40FRSpx9m2wVtDN6Z8bxe00lDBWffZGqFkYzb0MzeGcRZ7vuH5i4rk9M4soy2EQj+ bgKqingISyU/cjrWb0Vo2PLil/4OEnmCO70WTvgpCJvOok+woXUi3A2gvSpL077aZnwP 1BNQ==; darn=lists.xenproject.org
  • Arc-seal: i=1; a=rsa-sha256; t=1770804505; cv=none; d=google.com; s=arc-20240605; b=lH0nrhT+Zobz0NYUeAvQPGDXMnNSfmb8YOpwAsDGgNgAKO/ARsCy+Q6VPr1e5a1vQ2 LcJH7sFIoYHJ+xpplKstkaU0gmT3uudQRTgVF7W7YU0QMWRFc8d4unhPsQ5FHszUnjeS 699N4MZsMo5x/44pdidCE0q7NbRs7FItgwFACeZs2yflVTqj4P2UrW8X7ObLc9ftlDc1 9NeL31RO3Uk/zQ/CwQEdheQK4vUGaNgZ1M87Mtvug6lRjE5wLIc7QgrcwhnXOLKeaBx0 nKVPqvWcNo7PGjDFRAEq+dE024kYCQfcbJAYFER69sv1QwB/JFHWAc9yKjbd6QyWJbYV ZFWQ==
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Wed, 11 Feb 2026 10:08:35 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Bertrand,

On Tue, Feb 3, 2026 at 6:38 PM Bertrand Marquis
<bertrand.marquis@xxxxxxx> wrote:
>
> MEM_SHARE failures in get_shm_pages() are silent, which makes malformed
> ranges and page mapping failures hard to diagnose.
>
> Add debug logging for page validation failures:
> - descriptor validation failures (unaligned, range short/overflow)
> - per-page mapping failures (unmapped GFN, wrong p2m type)
> - address overflow detection in range walks
>
> Ratelimit temporary reclaim failures and log permanent reclaim failures
> as errors.
>
> No functional changes.
>
> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
> ---
>  xen/arch/arm/tee/ffa_shm.c | 73 ++++++++++++++++++++++++++++++++------
>  1 file changed, 63 insertions(+), 10 deletions(-)
>
> diff --git a/xen/arch/arm/tee/ffa_shm.c b/xen/arch/arm/tee/ffa_shm.c
> index 905a64e3db01..89161753e922 100644
> --- a/xen/arch/arm/tee/ffa_shm.c
> +++ b/xen/arch/arm/tee/ffa_shm.c
> @@ -169,6 +169,12 @@ static int32_t get_shm_pages(struct domain *d, struct 
> ffa_shm_mem *shm,
>      uint64_t addr;
>      uint64_t page_count;
>      uint64_t gaddr;
> +    int32_t ret = FFA_RET_OK;
> +    const char *reason = NULL;
> +    unsigned int bad_rg = 0;
> +    unsigned int bad_pg = 0;
> +    unsigned long bad_addr = 0;
> +    p2m_type_t bad_t = p2m_invalid;
>
>      for ( n = 0; n < range_count; n++ )
>      {
> @@ -176,34 +182,78 @@ static int32_t get_shm_pages(struct domain *d, struct 
> ffa_shm_mem *shm,
>          addr = ACCESS_ONCE(range[n].address);
>
>          if ( !IS_ALIGNED(addr, FFA_PAGE_SIZE) )
> -            return FFA_RET_INVALID_PARAMETERS;
> +        {
> +            ret = FFA_RET_INVALID_PARAMETERS;
> +            reason = "unaligned";
> +            bad_rg = n;
> +            bad_addr = (unsigned long)addr;
> +            goto out;

The extra help variables clutter the code, and the debug message
requires one to read the code to understand it. I'd prefer separate
prints for each error location. For example:
gdprintk(XENLOG_DEBUG, "ffa: mem share pages invalid: unalinged range
%u address %#lx\n", ...)
return FFA_RET_INVALID_PARAMETERS;

It should result in fewer lines of code and clearer debug messages.

Cheers,
Jens

> +        }
>
>          for ( m = 0; m < page_count; m++ )
>          {
>              if ( pg_idx >= shm->page_count )
> -                return FFA_RET_INVALID_PARAMETERS;
> +            {
> +                ret = FFA_RET_INVALID_PARAMETERS;
> +                reason = "range overflow";
> +                bad_rg = n;
> +                bad_pg = m;
> +                goto out;
> +            }
>
>              if ( !ffa_safe_addr_add(addr, m) )
> -                return FFA_RET_INVALID_PARAMETERS;
> +            {
> +                ret = FFA_RET_INVALID_PARAMETERS;
> +                reason = "addr overflow";
> +                bad_rg = n;
> +                bad_pg = m;
> +                bad_addr = (unsigned long)addr;
> +                goto out;
> +            }
>
>              gaddr = addr + m * FFA_PAGE_SIZE;
>              gfn = gaddr_to_gfn(gaddr);
>              shm->pages[pg_idx] = get_page_from_gfn(d, gfn_x(gfn), &t,
>                                                    P2M_ALLOC);
>              if ( !shm->pages[pg_idx] )
> -                return FFA_RET_DENIED;
> +            {
> +                ret = FFA_RET_DENIED;
> +                reason = "gfn unmapped";
> +                bad_rg = n;
> +                bad_pg = m;
> +                bad_addr = (unsigned long)gaddr;
> +                goto out;
> +            }
>              /* Only normal RW RAM for now */
>              if ( t != p2m_ram_rw )
> -                return FFA_RET_DENIED;
> +            {
> +                ret = FFA_RET_DENIED;
> +                reason = "p2m type";
> +                bad_rg = n;
> +                bad_pg = m;
> +                bad_addr = (unsigned long)gaddr;
> +                bad_t = t;
> +                goto out;
> +            }
>              pg_idx++;
>          }
>      }
>
>      /* The ranges must add up */
>      if ( pg_idx < shm->page_count )
> -        return FFA_RET_INVALID_PARAMETERS;
> +    {
> +        ret = FFA_RET_INVALID_PARAMETERS;
> +        reason = "range short";
> +        bad_pg = pg_idx;
> +        goto out;
> +    }
>
> -    return FFA_RET_OK;
> +out:
> +    if ( ret )
> +        gdprintk(XENLOG_DEBUG,
> +                 "ffa: mem share pages invalid: %s rg %u pg %u addr %#lx p2m 
> %u\n",
> +                 reason ? reason : "unknown", bad_rg, bad_pg, bad_addr, 
> bad_t);
> +    return ret;
>  }
>
>  static void put_shm_pages(struct ffa_shm_mem *shm)
> @@ -759,8 +809,10 @@ bool ffa_shm_domain_destroy(struct domain *d)
>               * A temporary error that may get resolved a bit later, it's
>               * worth retrying.
>               */
> -            printk(XENLOG_G_INFO "%pd: ffa: Failed to reclaim handle %#lx : 
> %d\n",
> -                   d, shm->handle, res);
> +            if ( printk_ratelimit() )
> +                printk(XENLOG_G_WARNING
> +                       "%pd: ffa: Failed to reclaim handle %#lx : %d\n",
> +                       d, shm->handle, res);
>              break; /* We will retry later */
>          default:
>              /*
> @@ -772,7 +824,8 @@ bool ffa_shm_domain_destroy(struct domain *d)
>               * FFA_RET_NO_MEMORY might be a temporary error as it it could
>               * succeed if retried later, but treat it as permanent for now.
>               */
> -            printk(XENLOG_G_INFO "%pd: ffa: Permanent failure to reclaim 
> handle %#lx : %d\n",
> +            printk(XENLOG_G_ERR
> +                   "%pd: ffa: Permanent failure to reclaim handle %#lx : 
> %d\n",
>                     d, shm->handle, res);
>
>              /*
> --
> 2.50.1 (Apple Git-155)
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.