| Message ID | 20220919091238.2068052-1-jens.wiklander@linaro.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | Xen FF-A mediator | expand |
Hi, I understand that you're busy with the Xen release. When you have time to resume reviewing this patch set please let me know if I should rebase it first. Thanks, Jens On Mon, Sep 19, 2022 at 11:12 AM Jens Wiklander <jens.wiklander@linaro.org> wrote: > > Hi, > > This patch sets add a FF-A [1] mediator modeled after the TEE mediator > already present in Xen. The FF-A mediator implements the subset of the FF-A > 1.1 specification needed to communicate with OP-TEE using FF-A as transport > mechanism instead of SMC/HVC as with the TEE mediator. It allows a similar > design in OP-TEE as with the TEE mediator where OP-TEE presents one virtual > partition of itself to each guest in Xen. > > The FF-A mediator is generic in the sense it has nothing OP-TEE specific > except that only the subset needed for OP-TEE is implemented so far. The > hooks needed to inform OP-TEE that a guest is created or destroyed is part > of the FF-A specification. > > It should be possible to extend the FF-A mediator to implement a larger > portion of the FF-A 1.1 specification without breaking with the way OP-TEE > is communicated with here. So it should be possible to support any TEE or > Secure Partition using FF-A as transport with this mediator. > > [1] https://developer.arm.com/documentation/den0077/latest > > Thanks, > Jens > > v5->v6: > * Updated "xen/arm: move regpair_to_uint64() and uint64_to_regpair() to regs.h" > commit message and moved the patch right before the patch which needs it. > Applied Michal Orzel's R-B tag. > * Renamed the guest configuration option "ffa_enabled" to "ffa" and > updated the description. > * More tools update in "xen/arm: add a primitive FF-A mediator" with the "ffa" > option, including golang and ocaml. > * Update ffa_domain_init() to return an error if communication with > the SPMC can't be established. > * Factored out a ffa_domain_destroy() from ffa_relinquish_resources(). > * Added ffa_get_call_count() to give an accurate number of FF-A function, > updated in each patch as new FF-A functions are added. > * Added a flags field in struct xen_arch_domainconfig that replaces the > ffa_enabled field. > * Made check_mandatory_feature() __init > * Replaced a few printk() calls with gprintk() where needed. > * Rebased on staging as of 2022-09-14 > > V4->v5: > * Added "xen/arm: move regpair_to_uint64() and uint64_to_regpair() to regs.h" > * Added documentation for the "ffa_enabled" guest config flag > * Changed to GPL license for xen/arch/arm/ffa.c > * Added __read_mostly and const where applicable > * Added more describing comments in the code > * Moved list of shared memory object ("ffa_mem_list") into the guest context > as they are guest specific > * Simplified a few of the simple wrapper functions for SMC to SPMC > * Added a BUILD_BUG_ON(PAGE_SIZE != FFA_PAGE_SIZE) since the mediator > currently depends on the page size to be same as FFA_PAGE_SIZE (4k). > * Added max number of shared memory object per guest and max number of > size of each shared memory object > * Added helper macros to calculate offsets of different FF-A data structures > in the communication buffer instead of relying on pointer arithmetic > * Addressed style issues and other comments > * Broke the commit "xen/arm: add FF-A mediator" into multiple parts, trying > to add a few features at a time as requested > * Added a missing call to rxtx_unmap() in ffa_relinquish_resources() > * Assignment of "ffa_enabled" is kept as is until I have something definitive > on the type etc. > * Tested with CONFIG_DEBUG=y > > v3->v4: > * Missed v3 and sent a v4 instead by mistake. > > v2->v3: > * Generates offsets into struct arm_smccc_1_2_regs with asm-offsets.c in > order to avoid hard coded offsets in the assembly function > arm_smccc_1_2_smc() > * Adds an entry in SUPPORT.md on the FF-A status > * Adds a configuration variable "ffa_enabled" to tell if FF-A should be > enabled for a particular domu guest > * Moves the ffa_frag_list for fragmented memory share requests into > struct ffa_ctx instead to keep it per guest in order to avoid mixups > and simplify locking > * Adds a spinlock to struct ffa_ctx for per guest locking > * Addressing style issues and suggestions > * Uses FFA_FEATURES to check that all the needed features are available > before initializing the mediator > * Rebased on staging as of 2022-06-20 > > v1->v2: > * Rebased on staging to resolve some merge conflicts as requested > > Jens Wiklander (9): > xen/arm: smccc: add support for SMCCCv1.2 extended input/output > registers > xen/arm: add a primitive FF-A mediator > xen/arm: ffa: add direct request support > xen/arm: ffa: map SPMC rx/tx buffers > xen/arm: ffa: send guest events to Secure Partitions > xen/arm: ffa: support mapping guest RX/TX buffers > xen/arm: ffa: support guest FFA_PARTITION_INFO_GET > xen/arm: move regpair_to_uint64() and uint64_to_regpair() to regs.h > xen/arm: ffa: support sharing memory > > SUPPORT.md | 7 + > docs/man/xl.cfg.5.pod.in | 15 + > tools/golang/xenlight/helpers.gen.go | 6 + > tools/golang/xenlight/types.gen.go | 1 + > tools/include/libxl.h | 6 + > tools/libs/light/libxl_arm.c | 6 + > tools/libs/light/libxl_types.idl | 1 + > tools/ocaml/libs/xc/xenctrl.ml | 1 + > tools/ocaml/libs/xc/xenctrl.mli | 1 + > tools/xl/xl_parse.c | 1 + > xen/arch/arm/Kconfig | 11 + > xen/arch/arm/Makefile | 1 + > xen/arch/arm/arm64/asm-offsets.c | 9 + > xen/arch/arm/arm64/smc.S | 42 + > xen/arch/arm/domain.c | 11 + > xen/arch/arm/domain_build.c | 1 + > xen/arch/arm/ffa.c | 1827 ++++++++++++++++++++++++++ > xen/arch/arm/include/asm/domain.h | 4 + > xen/arch/arm/include/asm/ffa.h | 78 ++ > xen/arch/arm/include/asm/regs.h | 12 + > xen/arch/arm/include/asm/smccc.h | 40 + > xen/arch/arm/tee/optee.c | 11 - > xen/arch/arm/vsmc.c | 19 +- > xen/include/public/arch-arm.h | 4 + > 24 files changed, 2100 insertions(+), 15 deletions(-) > create mode 100644 xen/arch/arm/ffa.c > create mode 100644 xen/arch/arm/include/asm/ffa.h > > -- > 2.31.1 >
Hi, This patch sets add a FF-A [1] mediator modeled after the TEE mediator already present in Xen. The FF-A mediator implements the subset of the FF-A 1.1 specification needed to communicate with OP-TEE using FF-A as transport mechanism instead of SMC/HVC as with the TEE mediator. It allows a similar design in OP-TEE as with the TEE mediator where OP-TEE presents one virtual partition of itself to each guest in Xen. The FF-A mediator is generic in the sense it has nothing OP-TEE specific except that only the subset needed for OP-TEE is implemented so far. The hooks needed to inform OP-TEE that a guest is created or destroyed is part of the FF-A specification. It should be possible to extend the FF-A mediator to implement a larger portion of the FF-A 1.1 specification without breaking with the way OP-TEE is communicated with here. So it should be possible to support any TEE or Secure Partition using FF-A as transport with this mediator. [1] https://developer.arm.com/documentation/den0077/latest Thanks, Jens v5->v6: * Updated "xen/arm: move regpair_to_uint64() and uint64_to_regpair() to regs.h" commit message and moved the patch right before the patch which needs it. Applied Michal Orzel's R-B tag. * Renamed the guest configuration option "ffa_enabled" to "ffa" and updated the description. * More tools update in "xen/arm: add a primitive FF-A mediator" with the "ffa" option, including golang and ocaml. * Update ffa_domain_init() to return an error if communication with the SPMC can't be established. * Factored out a ffa_domain_destroy() from ffa_relinquish_resources(). * Added ffa_get_call_count() to give an accurate number of FF-A function, updated in each patch as new FF-A functions are added. * Added a flags field in struct xen_arch_domainconfig that replaces the ffa_enabled field. * Made check_mandatory_feature() __init * Replaced a few printk() calls with gprintk() where needed. * Rebased on staging as of 2022-09-14 V4->v5: * Added "xen/arm: move regpair_to_uint64() and uint64_to_regpair() to regs.h" * Added documentation for the "ffa_enabled" guest config flag * Changed to GPL license for xen/arch/arm/ffa.c * Added __read_mostly and const where applicable * Added more describing comments in the code * Moved list of shared memory object ("ffa_mem_list") into the guest context as they are guest specific * Simplified a few of the simple wrapper functions for SMC to SPMC * Added a BUILD_BUG_ON(PAGE_SIZE != FFA_PAGE_SIZE) since the mediator currently depends on the page size to be same as FFA_PAGE_SIZE (4k). * Added max number of shared memory object per guest and max number of size of each shared memory object * Added helper macros to calculate offsets of different FF-A data structures in the communication buffer instead of relying on pointer arithmetic * Addressed style issues and other comments * Broke the commit "xen/arm: add FF-A mediator" into multiple parts, trying to add a few features at a time as requested * Added a missing call to rxtx_unmap() in ffa_relinquish_resources() * Assignment of "ffa_enabled" is kept as is until I have something definitive on the type etc. * Tested with CONFIG_DEBUG=y v3->v4: * Missed v3 and sent a v4 instead by mistake. v2->v3: * Generates offsets into struct arm_smccc_1_2_regs with asm-offsets.c in order to avoid hard coded offsets in the assembly function arm_smccc_1_2_smc() * Adds an entry in SUPPORT.md on the FF-A status * Adds a configuration variable "ffa_enabled" to tell if FF-A should be enabled for a particular domu guest * Moves the ffa_frag_list for fragmented memory share requests into struct ffa_ctx instead to keep it per guest in order to avoid mixups and simplify locking * Adds a spinlock to struct ffa_ctx for per guest locking * Addressing style issues and suggestions * Uses FFA_FEATURES to check that all the needed features are available before initializing the mediator * Rebased on staging as of 2022-06-20 v1->v2: * Rebased on staging to resolve some merge conflicts as requested Jens Wiklander (9): xen/arm: smccc: add support for SMCCCv1.2 extended input/output registers xen/arm: add a primitive FF-A mediator xen/arm: ffa: add direct request support xen/arm: ffa: map SPMC rx/tx buffers xen/arm: ffa: send guest events to Secure Partitions xen/arm: ffa: support mapping guest RX/TX buffers xen/arm: ffa: support guest FFA_PARTITION_INFO_GET xen/arm: move regpair_to_uint64() and uint64_to_regpair() to regs.h xen/arm: ffa: support sharing memory SUPPORT.md | 7 + docs/man/xl.cfg.5.pod.in | 15 + tools/golang/xenlight/helpers.gen.go | 6 + tools/golang/xenlight/types.gen.go | 1 + tools/include/libxl.h | 6 + tools/libs/light/libxl_arm.c | 6 + tools/libs/light/libxl_types.idl | 1 + tools/ocaml/libs/xc/xenctrl.ml | 1 + tools/ocaml/libs/xc/xenctrl.mli | 1 + tools/xl/xl_parse.c | 1 + xen/arch/arm/Kconfig | 11 + xen/arch/arm/Makefile | 1 + xen/arch/arm/arm64/asm-offsets.c | 9 + xen/arch/arm/arm64/smc.S | 42 + xen/arch/arm/domain.c | 11 + xen/arch/arm/domain_build.c | 1 + xen/arch/arm/ffa.c | 1827 ++++++++++++++++++++++++++ xen/arch/arm/include/asm/domain.h | 4 + xen/arch/arm/include/asm/ffa.h | 78 ++ xen/arch/arm/include/asm/regs.h | 12 + xen/arch/arm/include/asm/smccc.h | 40 + xen/arch/arm/tee/optee.c | 11 - xen/arch/arm/vsmc.c | 19 +- xen/include/public/arch-arm.h | 4 + 24 files changed, 2100 insertions(+), 15 deletions(-) create mode 100644 xen/arch/arm/ffa.c create mode 100644 xen/arch/arm/include/asm/ffa.h