Hi,
On 01/09/2025 14:51, Ayan Kumar Halder wrote:
Hi Michal,
On 01/09/2025 14:17, Orzel, Michal wrote:
On 01/09/2025 14:31, Ayan Kumar Halder wrote:
Xen gives a panic if certain nodes are not present in the device
tree. In order
to prevent this panic, scripts/dt_sanity.py is written so that it
checks if the
node/s are present. If the node/s are not present, the script gives
an error.
User is expected to run the script against the device tree before
booting Xen
with dtb.
One thing I forgot to mention is that as part of safety certification,
we do need to do "Failure mode and error analysis". This means
describing the scenarios in which Xen can fail to perform its regular
functionality and coming up with prevention, detection and mitigation
measures.
One can argue that the panics caused by system misconfiguration, are the
most straightforward of all the errors. However, we do need to define
prevention mechanisms to avoid these panics. For this particular
failure, the prevention mechanism can be described as manually looking
into the device tree to ensure that the nodes expected by Xen, are
present. The script aims to provide a better alternative.
This script is not meant to catch all possible panics. However we do
want to have such scripts and utilities wherever possible, and document
them as part of our FMEA.
May be a safety expert can comment if the approach makes sense.
- Ayan
