MEM_SHARE failures in get_shm_pages() are silent, which makes malformed ranges and page mapping failures hard to diagnose.
Add debug logging for page validation failures: - descriptor validation failures (unaligned, range short/overflow) - per-page mapping failures (unmapped GFN, wrong p2m type) - address overflow detection in range walks Ratelimit temporary reclaim failures and log permanent reclaim failures as errors. No functional changes. Signed-off-by: Bertrand Marquis <[email protected]> --- xen/arch/arm/tee/ffa_shm.c | 73 ++++++++++++++++++++++++++++++++------ 1 file changed, 63 insertions(+), 10 deletions(-) diff --git a/xen/arch/arm/tee/ffa_shm.c b/xen/arch/arm/tee/ffa_shm.c index 905a64e3db01..89161753e922 100644 --- a/xen/arch/arm/tee/ffa_shm.c +++ b/xen/arch/arm/tee/ffa_shm.c @@ -169,6 +169,12 @@ static int32_t get_shm_pages(struct domain *d, struct ffa_shm_mem *shm, uint64_t addr; uint64_t page_count; uint64_t gaddr; + int32_t ret = FFA_RET_OK; + const char *reason = NULL; + unsigned int bad_rg = 0; + unsigned int bad_pg = 0; + unsigned long bad_addr = 0; + p2m_type_t bad_t = p2m_invalid; for ( n = 0; n < range_count; n++ ) { @@ -176,34 +182,78 @@ static int32_t get_shm_pages(struct domain *d, struct ffa_shm_mem *shm, addr = ACCESS_ONCE(range[n].address); if ( !IS_ALIGNED(addr, FFA_PAGE_SIZE) ) - return FFA_RET_INVALID_PARAMETERS; + { + ret = FFA_RET_INVALID_PARAMETERS; + reason = "unaligned"; + bad_rg = n; + bad_addr = (unsigned long)addr; + goto out; + } for ( m = 0; m < page_count; m++ ) { if ( pg_idx >= shm->page_count ) - return FFA_RET_INVALID_PARAMETERS; + { + ret = FFA_RET_INVALID_PARAMETERS; + reason = "range overflow"; + bad_rg = n; + bad_pg = m; + goto out; + } if ( !ffa_safe_addr_add(addr, m) ) - return FFA_RET_INVALID_PARAMETERS; + { + ret = FFA_RET_INVALID_PARAMETERS; + reason = "addr overflow"; + bad_rg = n; + bad_pg = m; + bad_addr = (unsigned long)addr; + goto out; + } gaddr = addr + m * FFA_PAGE_SIZE; gfn = gaddr_to_gfn(gaddr); shm->pages[pg_idx] = get_page_from_gfn(d, gfn_x(gfn), &t, P2M_ALLOC); if ( !shm->pages[pg_idx] ) - return FFA_RET_DENIED; + { + ret = FFA_RET_DENIED; + reason = "gfn unmapped"; + bad_rg = n; + bad_pg = m; + bad_addr = (unsigned long)gaddr; + goto out; + } /* Only normal RW RAM for now */ if ( t != p2m_ram_rw ) - return FFA_RET_DENIED; + { + ret = FFA_RET_DENIED; + reason = "p2m type"; + bad_rg = n; + bad_pg = m; + bad_addr = (unsigned long)gaddr; + bad_t = t; + goto out; + } pg_idx++; } } /* The ranges must add up */ if ( pg_idx < shm->page_count ) - return FFA_RET_INVALID_PARAMETERS; + { + ret = FFA_RET_INVALID_PARAMETERS; + reason = "range short"; + bad_pg = pg_idx; + goto out; + } - return FFA_RET_OK; +out: + if ( ret ) + gdprintk(XENLOG_DEBUG, + "ffa: mem share pages invalid: %s rg %u pg %u addr %#lx p2m %u\n", + reason ? reason : "unknown", bad_rg, bad_pg, bad_addr, bad_t); + return ret; } static void put_shm_pages(struct ffa_shm_mem *shm) @@ -759,8 +809,10 @@ bool ffa_shm_domain_destroy(struct domain *d) * A temporary error that may get resolved a bit later, it's * worth retrying. */ - printk(XENLOG_G_INFO "%pd: ffa: Failed to reclaim handle %#lx : %d\n", - d, shm->handle, res); + if ( printk_ratelimit() ) + printk(XENLOG_G_WARNING + "%pd: ffa: Failed to reclaim handle %#lx : %d\n", + d, shm->handle, res); break; /* We will retry later */ default: /* @@ -772,7 +824,8 @@ bool ffa_shm_domain_destroy(struct domain *d) * FFA_RET_NO_MEMORY might be a temporary error as it it could * succeed if retried later, but treat it as permanent for now. */ - printk(XENLOG_G_INFO "%pd: ffa: Permanent failure to reclaim handle %#lx : %d\n", + printk(XENLOG_G_ERR + "%pd: ffa: Permanent failure to reclaim handle %#lx : %d\n", d, shm->handle, res); /* -- 2.50.1 (Apple Git-155)
