GICA frames are used by devices like PCIe controllers that support MSIs so that they can issue a dma transactions to set pending SPIs.
The number of interrupts that can be set shall be within the range specified on GICA TYPER.
[28:16] INTID: The INTID of the lowest or first SPI that is assigned to the frame.
[10:0] NumSPIs: Returns the number of SPIs that are assigned to the frame.
Q1: What if I try to set an out of range IRQ? what would be the expected behavior?
1st assumption: we have a GICv3 implementation with GICv2m extensions (only one GICA frame is supported).
2nd assumption: we have a virtualized environment with two dedicated VMs driving two different PCIe controllers.
- The SMMU shall be set in a way that allows the each PCI controller to write to the GICA frame.
Q2: How can we prevent each VM from set/clear interrupts that are not assigned to it?
This breaks VM isolation since a VM can maliciously set/clear interrupts on other VM. Is my understanding correct?
If so, what could be the suggested hw configuration to have proper isolation?
Can you have the PCIe devices send their MSIs to the ITS instead? The ITS provides interrupt translation, which can prevent one device from spoofing another.