[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <aJIZ4v0X74zox1xZ@willie-the-truck>
Date: Tue, 5 Aug 2025 15:49:06 +0100
From: Will Deacon <will@...nel.org>
To: Marc Zyngier <maz@...nel.org>
Cc: perlarsen@...gle.com, Oliver Upton <oliver.upton@...ux.dev>,
Joey Gouly <joey.gouly@....com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Zenghui Yu <yuzenghui@...wei.com>,
Catalin Marinas <catalin.marinas@....com>,
Sudeep Holla <sudeep.holla@....com>,
linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev,
linux-kernel@...r.kernel.org, ahomescu@...gle.com,
armellel@...gle.com, arve@...roid.com, ayrton@...gle.com,
qperret@...gle.com, sebastianene@...gle.com, qwandor@...gle.com
Subject: Re: [PATCH v7 4/5] KVM: arm64: Bump the supported version of FF-A to
1.2
Hey Marc,
(we discussed this very briefly offline but I wanted to reply for the
benefit of everybody else and also because I don't recall quite where we
ended up)
On Thu, Jul 31, 2025 at 08:56:59AM +0100, Marc Zyngier wrote:
> On Fri, 18 Jul 2025 14:45:17 +0100,
> Will Deacon <will@...nel.org> wrote:
> > On Tue, Jul 01, 2025 at 10:06:37PM +0000, Per Larsen via B4 Relay wrote:
> > > From: Per Larsen <perlarsen@...gle.com>
> > > @@ -734,7 +741,10 @@ static int hyp_ffa_post_init(void)
> > > if (res.a0 != FFA_SUCCESS)
> > > return -EOPNOTSUPP;
> > >
> > > - switch (res.a2) {
> > > + if ((res.a2 & GENMASK(15, 2)) != 0 || res.a3 != 0)
> > > + return -EINVAL;
> >
> > Why are you checking bits a2[15:2] and a3? The spec says they MBZ,
> > so we shouldn't care about enforcing that. In fact, adding the check
> > probably means we'll fail if those bits get allocated in future.
>
> I have the exact opposite approach. If we don't check that they are 0
> for v1.2 and previous versions, we won't be able to tell what they
> mean when they are finally allocated to mean something in version
> 1.337.
>
> Until we support such version, MBZ should be enforced, because we
> otherwise don't understand what the "client" is trying to say. And we
> don't understand, we're guaranteed to do the wrong thing.
We've lost a bunch of context in the diff here, but there are two
important things to keep in mind at this point:
1. We've negotiated a known version of FF-A, so it won't be v1.337 and
we _should_ be able rely on the spec authors not breaking stuff
retrospectively (famous last words...)
2. The response we're parsing here is something that has come back
from TZ after we (the hypervisor) have called FFA_FEATURES. If
those MBZ bits are non-zero, I think should just ignore them.
Cheers,
Will
Powered by blists - more mailing lists