docs(zhihu): Tier 1 batch — 10 new deep-dive articles (part10-19)#10
Conversation
First of the Tier 1 batch (10 articles to write today). Style attempt: scene-led, present-tense, fewer bullet lists, less hedging, less AI flavor, more 阿婆 (Christie) — concrete details, trust the reader, no trailing summaries. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
10 Tier 1 articles written in one batch. Style: 阿婆 (Agatha Christie)
— scene-led, present-tense, less hedging, fewer bullet lists, no
trailing abstract summaries. Each article reviewed by Codex during
writing; fixes applied inline.
- part10 — FF-A 内存共享生命周期(6 SMCs · 2 ledgers · 4 PTE states)
- part11 — Stage-2 演进与堆 gap(IdentityMapper → DynamicIdentityMapper,
break-before-make,heap-in-PA-but-Stage-2-unmapped 防御)
- part12 — GICv3 虚拟化从零(4 LR、HW=1 物理-虚拟 EOI 联动、EOImode 分离、
TALL1 SGI1R trap、ELRSR 槽位回收)
- part13 — HPFAR_EL2 vs FAR_EL2(Stage-2 fault 时 FAR_EL2 是 guest VA,
IPA 在 HPFAR;48-bit IPA 公式 + EC 0x24 lower-EL)
- part14 — TF-A 启动链 & SPKG 打包陷阱(FIP UUID 反序、SPKG 0x4000 offset、
CTX_INCLUDE_FPREGS 三 flag 互锁)
- part15 — FF-A v1.1 协议机制(4 层嵌套描述符、packed read_unaligned、
RXTX rx_held_by_proxy 状态机、fragmentation)
- part16 — virtio-blk + virtio-net 从零(virtqueue 三 ring、blk 三段式、
net 12B virtio_net_hdr_v1 前缀、RX SPSC ring 异步注入)
- part17 — Secondary CPU warm-boot 完整版(六步:VBAR → HCR.VM → CPTR
清 trap → S-EL2 Stage-1 MMU → GICR PPI → FFA_MSG_WAIT)
- part18 — HCR_EL2.TSC 非对称语义(EL2 自发 SMC 不被自己 trap;ELR 不前移)
- part19 — ICC_SGI1R_EL1 位域(TargetList[15:0]、INTID[27:24]、Aff1[23:16],
位置反直觉 + helper 写法)
7 个 deep-dive(A 档,~250-330 行)+ 3 个聚焦短篇(B 档,~120-180 行)。
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Codex batch review found 5 must-fix + 4 minor across the 10 new articles. part13 (HPFAR_EL2) was GREEN no fix; part18 (HCR_TSC) left as-is (its claim that SMC trap ELR_EL2 needs +4 is confirmed by CLAUDE.md). The remaining 8 fixes: must-fix: - part10 opening: SHARE vs LEND framing was wrong — the distinction is about sender retaining access, not whether receiver may write. - part12 EOImode flow: tighten LR state-transition wording so it doesn't waver between active/invalid on the EOIR/DIR boundary. - part14 opening: confused BL33 vs BL32 names. Our SPMC is BL32. - part15: clarify the FragmentState 4096-byte buffer is a hard cap on total descriptor length (FFA_INVALID_PARAMETERS above 4 KB). - part19: the 'correct version' code example had `1u64 << 0` with comment 'CPU 1' — bit 0 = CPU 0. Fixed to `1u64 << 1`. minor: - part11: GICR description — each GICR is 128 KB (RD_base + SGI_base each 64 KB), useful regs in first 4 KB of each frame, not just '4 KB total'. - part16: virtio-net header is 10 B without VIRTIO_NET_F_MRG_RXBUF and 12 B with it; we negotiate so use 12 B. Noted both. - part17: 'VBAR_EL2/HCR_EL2 不是 banked' was reversed — they ARE per-PE (each CPU has its own copy). Rephrased. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5cec2f0c29
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| ## virtio-net 的 12 字节前缀 | ||
|
|
||
| virtio-net 跟 virtio-blk 的结构类似——两个 virtqueue(RX queue 0,TX queue 1),descriptor 链,scatter-gather。但有个特别的细节:**每个数据包前面有一个 header 前缀**——协商了 `VIRTIO_NET_F_MRG_RXBUF` feature(我们这边默认协商)就是 `virtio_net_hdr_v1`,**12 字节**;没协商就是更老的 `virtio_net_hdr`,**10 字节**(差那 2 字节就是 `num_buffers` 字段)。我们这边一律按 12 字节走。 |
There was a problem hiding this comment.
In the current backend I inspected, src/devices/virtio/net.rs::device_features() returns only VIRTIO_F_VERSION_1 | VIRTIO_NET_F_MAC | VIRTIO_NET_F_STATUS, so the guest does not negotiate VIRTIO_NET_F_MRG_RXBUF. This sentence tells readers that the 12-byte header is because that feature is negotiated by default, which sends anyone debugging the present virtio-net path to the wrong feature bit; either the device needs to advertise MRG_RXBUF or the article should explain the actual VERSION_1/Linux 12-byte assumption.
Useful? React with 👍 / 👎.
| 两件事都需要 hypervisor 介入。所以我们把 ICC_SGI1R 的写**强制 trap**: | ||
|
|
||
| ```rust | ||
| // ICH_HCR_TALL1 = bit 11 |
There was a problem hiding this comment.
This comment contradicts the implementation I inspected: src/arch/aarch64/defs.rs defines ICH_HCR_TALL1 as 1 << 13, and the design docs also call bit 13 TALL1. If a reader copies the documented bit 11 value while wiring SGI traps, ICC_SGI1R_EL1 writes will not be trapped in the same way this hypervisor expects.
Useful? React with 👍 / 👎.
| let lr_value = (LR_STATE_PENDING as u64) << 62 | ||
| | LR_HW_BIT | ||
| | ((priority as u64) << 48) | ||
| | ((physical_intid as u64 & 0x1FFF) << 32) |
There was a problem hiding this comment.
The article's LR builder masks the physical INTID with 0x1FFF and describes bits [44:32], but the backend I inspected encodes pintid with LR_PINTID_MASK = 0x3FF at shift 32. As written, anyone using this snippet for hardware-linked LR encoding can set bits the current implementation never sets, making the deep-dive disagree with the code it claims to simplify.
Useful? React with 👍 / 👎.
1 participant
What
10 new 知乎 deep-dive articles written in one batch, applying the requested style adjustment toward 阿婆 (Agatha Christie):
Articles
part10-ffa-mem-share.mdpart11-stage2-heap-gap.mdpart12-gicv3-virt.mdpart13-hpfar-el2.mdpart14-tfa-boot-chain.mdpart15-ffa-protocol-mechanics.mdpart16-virtio-from-scratch.mdpart17-secondary-warmboot.mdpart18-hcr-tsc.mdpart19-icc-sgi1r-bitfield.mdReview trail
Each article was reviewed by Codex during writing with style + tech checks. Then a unified batch Codex review at the end found:
All 8 actionable fixes applied in the second commit on this branch. Highlights:
Publish plan
After merge, this 10-article batch + existing 2 pending (part0b, e2e-on-arm-fieldnotes) gives 12 articles of runway for daily 知乎 posting. Updated
PUBLISHING.mdwill be a follow-up PR once a publish ordering for the new batch is decided.🤖 Generated with Claude Code