Xen project Mailing List

Re: [PATCH] docs: fusa: Add requirements for mapping domain address to machine address

To: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>

From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>

Date: Tue, 19 Nov 2024 09:18:10 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GUPiuruflUY973woLs3xzsxWQIgJssVRO/EZEaZQwAw=; b=Gc/1RPT+u5Tkodl17iJIYJrrxr31sOP8hbFwtQoi7O5llqBr49jes5vtJ7EpmLUpoJMdaKleZZnINgfLoG+kxoVLzaFanS/cO5USr60Cr7TdxJSO7P9vRQ/X861+5yjNy+0mNXdN9a4kWHrnp5Nh4ByAQygOqXZcj1OYS23dodeZWN0EWwLWol0XmVWpCTORqSb4gYkTxqRIOANTQSUT4voC+4aotspWAiFfy4eQnHJLa3HlVo9uJy7Bq2flaZaVHzpudz2O0b7O1mgJIc4CzXPdEN6ncmdeKDG0buRW3ykzX5BMGnZsoKJpo+Lvd+poR3LkiksD13l16RU1XFfF/Q==

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GUPiuruflUY973woLs3xzsxWQIgJssVRO/EZEaZQwAw=; b=lalR7m6yZeUtxgrkN5Zs6iK4rA2CsScKnIHyc2S2lwjwcENoagsawysWVlW1e/PJPYsyQCcrV9a7Przr3OJgmg5xJojpCcdeEZtI/MVAZGJJWUNvjl1OxxUti7APXOfS1VDsTtwrVtVQMUYNNFCxwXiSbRsAk/vcGiJU5Z3fzzYoaJJdhKoRjd/K756y3K0VUFk315/hmHUMMG1NDhuPFV6o9Lr7z8RQUg5EJy4j+02MaGKCuC6jUy4YioCFTGEu2RniPQTD3+B5d76GzrmxgWIk5JrLUkyz1/eIo88S3NhUtlmTPwDoQBSvrX/qadEvWjdcxTQK2mW6OSo9HEkSGg==

Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=LDNg97vumSDN9oSnTmW1vE3dQpcNIquC4fcIp0qsFsanlKh3j2j7WONnuLLY3iGa3C0ZN13tSC+cFkcLZs8D6bk7LVMyIK22ocC4V2/Bur9VE9oN8BsOC0RPBdfXKu91MzS1/FcVDNqrwc2uRAYtvQ76WTDxgiKXFgy+jymD1fnHyIllIjLoflOtZ4tQWyiSivKfMkWETT5vTmMvCUwKFm7aVamTZzwtm9l7D+9UxXjB3ZtWnGjL3roETN26elLcdnSjzZM48Z+zww7bn7nowxAFNQtY6cI4w5+nmlTBdXzOW9psW3rmfavbpkKi4DV5Yhl7cbAq8H4t7wEag2yGPw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Hv2rKAubCIHJ9OI3iduSLP8yTaJvbzibX7CQlu0dByJ2M1YBGZUUgVr+vJ3pA3Ul0hHtRiy1mL8VxaKEpv4EoYIZrMx1AFVQupbt0mAZ0z/LS/rOJXsHjwM2DkAQX7LceANwqcVUJZ2ytljhs5k5F6tdCDbiaQAojMNssf1ViKfbZkZ1qSKTpyn32dFi/4apwQ/kmBr4GS49EefOADdGuJhC8lYcTlvUWnAwEpEkmbGW/nGW95ERd1qceNtC6YK+vkT37lzJfHbcX9XTQWwtU/oGhqbKKfu4+PF77/QflAJB8fb3DjYOZqbE9oP/vEcYMTfLUAaQcz+yXTzNQPQYnA==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Artem Mygaiev <artem_mygaiev@xxxxxxxx>

Delivery-date: Tue, 19 Nov 2024 09:18:41 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHbLuyoRTuz7iztXUutJtgpv3MjBbK+agEA

Thread-topic: [PATCH] docs: fusa: Add requirements for mapping domain address to machine address

Hi Ayan, First a general comment: you use some terms such as machine address or domain address which are a bit undefined to me. This needs some definition first for those to be clear. Maybe use Virtual, IPA and PA instead all the time. > On 4 Nov 2024, at 20:06, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx> wrote: > > The following are the requirements written mapping :- > domain virtual address to machine address > intermediate physical address to machine address > > Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx> > --- > .../design-reqs/arm64/domain_buffer_copy.rst | 172 ++++++++++++++++++ > docs/fusa/reqs/market-reqs/reqs.rst | 30 +++ > docs/fusa/reqs/product-reqs/arm64/reqs.rst | 40 +++- > 3 files changed, 240 insertions(+), 2 deletions(-) > create mode 100644 docs/fusa/reqs/design-reqs/arm64/domain_buffer_copy.rst > > diff --git a/docs/fusa/reqs/design-reqs/arm64/domain_buffer_copy.rst > b/docs/fusa/reqs/design-reqs/arm64/domain_buffer_copy.rst > new file mode 100644 > index 0000000000..67a70a35c4 > --- /dev/null > +++ b/docs/fusa/reqs/design-reqs/arm64/domain_buffer_copy.rst > @@ -0,0 +1,172 @@ > +.. SPDX-License-Identifier: CC-BY-4.0 > + > +Translate domain address to machine address > +------------------------------------------- > + > +`XenSwdgn~arm64_translate_domain_addr_to_machine_addr~1` > + > +Description: > +Xen shall translate a domain address to machine address using Address > +Translation Stage 1+2 Non-Secure Kernel Read/Write registers. domain address here is a bit unprecise. Do you mean VA or IPA ? Also is this only in the MPU case ? > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~translate_domain_va_to_ma~1` > + > +Get machine address > +------------------- > + > +`XenSwdgn~arm64_get_machine_addr~1` > + > +Description: > +Xen shall be able to get the machine address for a domain by reading > +the physical address register. This needs rephrasing to remove the "be able to": Xen shall use the physical address register to retrieve the machine address. Also what you mean by "machine address" needs to be defined here. > + > +Rationale: > + > +Comments: > +It should return the fault information if the translation has failed. I do not understand this one. Maybe this requirement needs more context to be understood. > + > +Covers: > + - `XenProd~translate_domain_va_to_ma~1` > + - `XenProd~access_check_fetch_page~1` > + > +Translate domain address to intermediate physical address > +--------------------------------------------------------- > + > +`XenSwdgn~arm64_translate_domain_addr_to_ipa~1` > + > +Description: > +Xen shall translate a domain address to intermediate physical address using > +Address Translation Stage 1 Non-Secure Kernel Read/Write registers. > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~access_check_fetch_page~1` > + > +Set domain address as intermediate physical address > +--------------------------------------------------- > + > +`XenSwdgn~arm64_set_ipa_eq_gva~1` > + > +Description: > +Xen shall set domain virtual address as intermediate physical address when > EL1 > +MMU is disabled. Here you start using virtual address. I also do not get what is to be set here. Do you mean that Xen shall consider VA=IPA when EL1 MMU is disabled ? > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~access_check_fetch_page~1` > + > +Walk the domain's stage 1 page tables to translate 4KB domain address to IPA > +---------------------------------------------------------------------------- > + > +`XenSwdgn~arm64_walk_stage1_page_table_4KB_gva_ipa_ttbr0~1` > + > +Description: > +Xen shall walk the stage 1 page tables to translate domain address to > +intermediate physical address for 4KB page granularity using TTBR0 > +for intermediate physical address size = 48 bits. Is this always the case ? aren't there cases where we should not do that ? Do we really want in the certified case to accept to have to walk stage 1 page tables instead of using the hardware way ? > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~access_check_fetch_page~1` > + > +Walk the domain's stage 1 page tables to translate 16KB domain address to IPA > +----------------------------------------------------------------------------- > + > +`XenSwdgn~arm64_walk_stage1_page_table_4KB_gva_ipa_ttbbr0~1` Req is name 4KB for 16KB > + > +Description: > +Xen shall walk the stage 1 page tables to translate domain address to > +intermediate physical address for 16KB page granularity using TTBR0 for > +intermediate physical address size = 48 bits. I am not quite sure that it is a good solution to duplicate for each page table size here. Do you want to support all possibilities ? > + > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~access_check_fetch_page~1` > + > +Walk the domain's stage 1 page tables to translate 64KB domain address to IPA > +----------------------------------------------------------------------------- > + > +`XenSwdgn~arm64_walk_stage1_page_table_4KB_gva_ipa_ttbr0~1` Same here > + > +Description: > +Xen shall walk the stage 1 page tables to translate domain address to > +intermediate physical address for 64KB page granularity using TTBR0 for > +intermediate physical address size = 48 bits. Ditto > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~access_check_fetch_page~1` > + > +Walk the domain's stage 1 page tables to translate 4KB domain address to IPA > +---------------------------------------------------------------------------- > + > +`XenSwdgn~arm64_walk_stage1_page_table_4KB_gva_ipa_ttbr1~1` > + > +Description: > +Xen shall walk the stage 1 page tables to translate domain address to > +intermediate physical address for 4KB page granularity using TTBR1 for > +intermediate physical address size = 48 bits. > + You duplicate the requirement for TTBR1 but do not say when TTBR0 or TTBR1 shall be used. > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~access_check_fetch_page~1` > + > +Walk the domain's stage 1 page tables to translate 16KB domain address to IPA > +----------------------------------------------------------------------------- > + > +`XenSwdgn~arm64_walk_stage1_page_table_4KB_gva_ipa_ttbbr1~1` > + > +Description: > +Xen shall walk the stage 1 page tables to translate domain address to > +intermediate physical address for 16KB page granularity using TTBR1 for > +intermediate physical address size = 48 bits. > + > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~access_check_fetch_page~1` > + > +Walk the domain's stage 1 page tables to translate 64KB domain address to IPA > +----------------------------------------------------------------------------- > + > +`XenSwdgn~arm64_walk_stage1_page_table_4KB_gva_ipa_ttbr1~1` > + > +Description: > +Xen shall walk the stage 1 page tables to translate domain address to > +intermediate physical address for 64KB page granularity using TTBR1 for > +intermediate physical address size = 48 bits. > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenProd~access_check_fetch_page~1` > + > diff --git a/docs/fusa/reqs/market-reqs/reqs.rst > b/docs/fusa/reqs/market-reqs/reqs.rst > index ca020f9a33..9b6852d746 100644 > --- a/docs/fusa/reqs/market-reqs/reqs.rst > +++ b/docs/fusa/reqs/market-reqs/reqs.rst > @@ -60,5 +60,35 @@ Rationale: > > Comments: > > +Needs: > + - XenProd > + > +Copy buffer to domain > +--------------------- > + > +`XenMkt~copy_buffer_to_domain~1` > + > +Description: > +Xen shall support copying a buffer to a domain. What kind of buffer ? This requirement is very generic and not that precise. At the end this is just saying that Xen shall be able to copy memory. > + > +Rationale: > + > +Comments: > + > +Needs: > + - XenProd > + > +Copy buffer from domain > +----------------------- > + > +`XenMkt~copy_buffer_from_domain~1` > + > +Description: > +Xen shall support copying a buffer from a domain. > + > +Rationale: > + > +Comments: > + > Needs: > - XenProd > \ No newline at end of file > diff --git a/docs/fusa/reqs/product-reqs/arm64/reqs.rst > b/docs/fusa/reqs/product-reqs/arm64/reqs.rst > index 0453dbb862..e2ab5ea43e 100644 > --- a/docs/fusa/reqs/product-reqs/arm64/reqs.rst > +++ b/docs/fusa/reqs/product-reqs/arm64/reqs.rst > @@ -53,10 +53,46 @@ Rationale: > > Comments: > > +Covers: > + - `XenMkt~static_vm_definition~1` > + > +Needs: > + - XenSwdgn > + > +Translate domain virtual address to machine address > +--------------------------------------------------- > + > +`XenProd~translate_domain_va_to_ma~1` > + > +Description: > +Xen shall support translating domain's virtual address to machine address. I find the "support" here a bit strange. Maybe it would be simpler to define that Xen shall have a function named xxx to do this ? I am not quite convince this is not only a design req. > + > Rationale: > > +Comments: > + > Covers: > - - `XenMkt~static_vm_definition~1` > + - `XenMkt~copy_buffer_from_domain~1` > + - `XenMkt~copy_buffer_to_domain~1` > > Needs: > - - XenSwdgn > \ No newline at end of file > + - XenSwdgn > + > +Access check and fetch page from domain > +--------------------------------------- > + > +`XenProd~access_check_fetch_page~1` > + > +Description: > +Xen shall support access check and fetching page from a domain. This should be split in 2 reqs. > + > +Rationale: > + > +Comments: > + > +Covers: > + - `XenMkt~copy_buffer_from_domain~1` > + - `XenMkt~copy_buffer_to_domain~1` > + > +Needs: > + - XenSwdgn > -- > 2.25.1 >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.