[PATCH v2] virt: arm-cca-guest: use raw variant of smp_processor_id() in arm_cca_report

public inbox for linux-arm-kernel@lists.infradead.org 
 help / color / mirror / Atom feed

* [PATCH v2] virt: arm-cca-guest: use raw variant of smp_processor_id() in arm_cca_report_new()
@ 2026-05-19 10:12 Kohei Enju
  2026-06-02 11:01 ` Will Deacon
  0 siblings, 1 reply; 4+ messages in thread
From: Kohei Enju @ 2026-05-19 10:12 UTC (permalink / raw)
  To: Catalin Marinas, Will Deacon
  Cc: Sami Mujawar, Gavin Shan, Steven Price, Suzuki K Poulose,
	linux-arm-kernel, linux-kernel, Kohei Enju

With CONFIG_DEBUG_PREEMPT=y, smp_processor_id() becomes an alias of
debug_smp_processor_id(). This debug function complains when certain
conditions that ensure CPU ID stability are not met, specifically when
it's called from a preemptible context.

In arm_cca_report_new(), which runs in a preemptible context,
smp_processor_id() triggers a splat [0] due to this.

However, the CPU ID obtained here is used as the target CPU for
smp_call_function_single() to designate a specific CPU for subsequent
operations, not to assert that the current thread will continue to
execute on the same CPU. Therefore, snapshotting the CPU ID itself is
correct, and thus there's no actual harm except for the splat.

Use raw_smp_processor_id() instead, to directly retrieve the current CPU
ID without the debug checks, avoiding the unnecessary warning message
while preserving the correct functional behavior.

Note that while migrate_disable() would pin the task to the current CPU,
this path should not block CPU hotplug events. Therefore, we snapshot
the current CPU ID and accept that smp_call_function_single() may fail
if the CPU goes offline.

[0]
 BUG: using smp_processor_id() in preemptible [00000000] code: cca-workload-at/134
 caller is debug_smp_processor_id+0x20/0x2c
 CPU: 0 UID: 0 PID: 134 Comm: cca-workload-at Not tainted 7.0.0-rc1-gc74a64d12073 #1 PREEMPT
 Hardware name: linux,dummy-virt (DT)
 Call trace:
  [...]
  check_preemption_disabled+0xf8/0x100
  debug_smp_processor_id+0x20/0x2c
  arm_cca_report_new+0x54/0x230
  tsm_report_read+0x184/0x260
  tsm_report_outblob_read+0x18/0x38
  configfs_bin_read_iter+0xf4/0x1dc
  vfs_read+0x230/0x31c
  [...]

Reviewed-by: Gavin Shan <gshan@redhat•com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm•com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm•com>
Fixes: 7999edc484ca ("virt: arm-cca-guest: TSM_REPORT support for realms")
Signed-off-by: Kohei Enju <enju.kohei@fujitsu•com>
---
 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c b/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c
index 0c9ea24a200c..b463bf35bf30 100644
--- a/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c
+++ b/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c
@@ -107,8 +107,15 @@ static int arm_cca_report_new(struct tsm_report *report, void *data)
 	 * instead of simply calling get_cpu() because of the need to
 	 * allocate outblob based on the returned value from the 'init'
 	 * call and that cannot be done in an atomic context.
+	 *
+	 * While migrate_disable() would pin the task to the current CPU,
+	 * this path should not block CPU hotplug events. Therefore, we
+	 * snapshot the current CPU ID and accept that
+	 * smp_call_function_single() may fail if the CPU goes offline.
+	 * Any resulting error is propagated to user-space, which is
+	 * expected to handle it.
 	 */
-	cpu = smp_processor_id();
+	cpu = raw_smp_processor_id();

 	info.challenge = desc->inblob;
 	info.challenge_size = desc->inblob_len;
-- 
2.47.3

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] virt: arm-cca-guest: use raw variant of smp_processor_id() in arm_cca_report_new()
  2026-05-19 10:12 [PATCH v2] virt: arm-cca-guest: use raw variant of smp_processor_id() in arm_cca_report_new() Kohei Enju
@ 2026-06-02 11:01 ` Will Deacon
  2026-06-02 15:48   ` Suzuki K Poulose
  0 siblings, 1 reply; 4+ messages in thread
From: Will Deacon @ 2026-06-02 11:01 UTC (permalink / raw)
  To: Kohei Enju
  Cc: Catalin Marinas, Sami Mujawar, Gavin Shan, Steven Price,
	Suzuki K Poulose, linux-arm-kernel, linux-kernel

On Tue, May 19, 2026 at 07:12:08PM +0900, Kohei Enju wrote:
> With CONFIG_DEBUG_PREEMPT=y, smp_processor_id() becomes an alias of
> debug_smp_processor_id(). This debug function complains when certain
> conditions that ensure CPU ID stability are not met, specifically when
> it's called from a preemptible context.
> 
> In arm_cca_report_new(), which runs in a preemptible context,
> smp_processor_id() triggers a splat [0] due to this.
> 
> However, the CPU ID obtained here is used as the target CPU for
> smp_call_function_single() to designate a specific CPU for subsequent
> operations, not to assert that the current thread will continue to
> execute on the same CPU. Therefore, snapshotting the CPU ID itself is
> correct, and thus there's no actual harm except for the splat.
> 
> Use raw_smp_processor_id() instead, to directly retrieve the current CPU
> ID without the debug checks, avoiding the unnecessary warning message
> while preserving the correct functional behavior.

That's pretty disgusting imo so I'd like to see some more justification
for this approach.

> Note that while migrate_disable() would pin the task to the current CPU,
> this path should not block CPU hotplug events. Therefore, we snapshot
> the current CPU ID and accept that smp_call_function_single() may fail
> if the CPU goes offline.

Why shouldn't it block CPU hotplug events? What happens if the CPU goes
offline and comes back online again during the loop of continue calls?

Will


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] virt: arm-cca-guest: use raw variant of smp_processor_id() in arm_cca_report_new()
  2026-06-02 11:01 ` Will Deacon
@ 2026-06-02 15:48   ` Suzuki K Poulose
  2026-06-03 11:48     ` Will Deacon
  0 siblings, 1 reply; 4+ messages in thread
From: Suzuki K Poulose @ 2026-06-02 15:48 UTC (permalink / raw)
  To: Will Deacon, Kohei Enju
  Cc: Catalin Marinas, Sami Mujawar, Gavin Shan, Steven Price,
	linux-arm-kernel, linux-kernel

Hi Will

On 02/06/2026 12:01, Will Deacon wrote:
> On Tue, May 19, 2026 at 07:12:08PM +0900, Kohei Enju wrote:
>> With CONFIG_DEBUG_PREEMPT=y, smp_processor_id() becomes an alias of
>> debug_smp_processor_id(). This debug function complains when certain
>> conditions that ensure CPU ID stability are not met, specifically when
>> it's called from a preemptible context.
>>
>> In arm_cca_report_new(), which runs in a preemptible context,
>> smp_processor_id() triggers a splat [0] due to this.
>>
>> However, the CPU ID obtained here is used as the target CPU for
>> smp_call_function_single() to designate a specific CPU for subsequent
>> operations, not to assert that the current thread will continue to
>> execute on the same CPU. Therefore, snapshotting the CPU ID itself is
>> correct, and thus there's no actual harm except for the splat.
>>
>> Use raw_smp_processor_id() instead, to directly retrieve the current CPU
>> ID without the debug checks, avoiding the unnecessary warning message
>> while preserving the correct functional behavior.
> 
> That's pretty disgusting imo so I'd like to see some more justification
> for this approach.
> 
>> Note that while migrate_disable() would pin the task to the current CPU,
>> this path should not block CPU hotplug events. Therefore, we snapshot
>> the current CPU ID and accept that smp_call_function_single() may fail
>> if the CPU goes offline.
> 
> Why shouldn't it block CPU hotplug events? What happens if the CPU goes
> offline and comes back online again during the loop of continue calls?

It need not. It can continue the calls. The RMM keeps track of the 
internal progress in the "REC" object for this "VCPU". Hotplug ON/OFF
doesn't change the REC object in CCA Guest. So, a REC can come back and
execute it. But the Linux could fail the operation if the CPU isn't 
available for fetching the report, after we do a RSI_ATTEST_TOKEN_INIT.

Suzuki



> 
> Will



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] virt: arm-cca-guest: use raw variant of smp_processor_id() in arm_cca_report_new()
  2026-06-02 15:48   ` Suzuki K Poulose
@ 2026-06-03 11:48     ` Will Deacon
  0 siblings, 0 replies; 4+ messages in thread
From: Will Deacon @ 2026-06-03 11:48 UTC (permalink / raw)
  To: Suzuki K Poulose
  Cc: Kohei Enju, Catalin Marinas, Sami Mujawar, Gavin Shan,
	Steven Price, linux-arm-kernel, linux-kernel

On Tue, Jun 02, 2026 at 04:48:43PM +0100, Suzuki K Poulose wrote:
> On 02/06/2026 12:01, Will Deacon wrote:
> > On Tue, May 19, 2026 at 07:12:08PM +0900, Kohei Enju wrote:
> > > With CONFIG_DEBUG_PREEMPT=y, smp_processor_id() becomes an alias of
> > > debug_smp_processor_id(). This debug function complains when certain
> > > conditions that ensure CPU ID stability are not met, specifically when
> > > it's called from a preemptible context.
> > > 
> > > In arm_cca_report_new(), which runs in a preemptible context,
> > > smp_processor_id() triggers a splat [0] due to this.
> > > 
> > > However, the CPU ID obtained here is used as the target CPU for
> > > smp_call_function_single() to designate a specific CPU for subsequent
> > > operations, not to assert that the current thread will continue to
> > > execute on the same CPU. Therefore, snapshotting the CPU ID itself is
> > > correct, and thus there's no actual harm except for the splat.
> > > 
> > > Use raw_smp_processor_id() instead, to directly retrieve the current CPU
> > > ID without the debug checks, avoiding the unnecessary warning message
> > > while preserving the correct functional behavior.
> > 
> > That's pretty disgusting imo so I'd like to see some more justification
> > for this approach.
> > 
> > > Note that while migrate_disable() would pin the task to the current CPU,
> > > this path should not block CPU hotplug events. Therefore, we snapshot
> > > the current CPU ID and accept that smp_call_function_single() may fail
> > > if the CPU goes offline.
> > 
> > Why shouldn't it block CPU hotplug events? What happens if the CPU goes
> > offline and comes back online again during the loop of continue calls?
> 
> It need not. It can continue the calls. The RMM keeps track of the internal
> progress in the "REC" object for this "VCPU". Hotplug ON/OFF
> doesn't change the REC object in CCA Guest. So, a REC can come back and
> execute it. But the Linux could fail the operation if the CPU isn't
> available for fetching the report, after we do a RSI_ATTEST_TOKEN_INIT.

I couldn't really shake that out of the RMM spec tbh:
RSI_ATTESTATION_TOKEN_CONTINUE is allowed to return RSI_ERROR_UNKNOWN
and I couldn't find anything about hotplug.

But my main point, really, is why are we not using migrate_disable()
here? I can't see the justification.

Will


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-06-03 11:48 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-19 10:12 [PATCH v2] virt: arm-cca-guest: use raw variant of smp_processor_id() in arm_cca_report_new() Kohei Enju
2026-06-02 11:01 ` Will Deacon
2026-06-02 15:48   ` Suzuki K Poulose
2026-06-03 11:48     ` Will Deacon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox