Hello, I've run into a few issues while implementing fragmentation for memory sharing based on the FF-A 1.0 spec, which I think need clarifying or fixing.
1. From section 13.2.2.3 points 2-6, it sounds like the 'sender' in the case of a FFA_MEM_RETRIEVE_RESP_32 from the SPM to the non-secure hypervisor is the SPM. Am I correct in understanding that this means that the sender id for FFA_MEM_FRAG_TX and FFA_MEM_FRAG_RX should thus always be the ID of the SPM, when the hypervisor is retrieving a memory region from the SPM for the purposes of a reclaim operation from a normal world VM?
2. When a normal world VM tries to share memory with a secure partition via FFA_MEM_SHARE, it may be that the buffer between the hypervisor and the SPM is busy because another VM is also sharing memory or doing something else that uses the buffer, on a different physical CPU. This could happen either for the initial fragment sent via FFA_MEM_SHARE or for a subsequent fragment sent with FFA_MEM_FRAG_TX. The spec currently says in section 12.3.1.2, point 13.2 that the hypervisor must return ABORTED in the FFA_MEM_SHARE case, and doesn't allow any relevant error codes in the description of FFA_MEM_FRAG_TX in section 13.2.2.5, though it does mention ABORTED in section 13.2.2.3 point 8.
However, the buffer being busy need not mean that the whole transaction is aborted; it should be possible for the sender to try again after a short time, when hopefully the buffer is available again. So it would make more sense for the hypervisor to return an FFA_BUSY error in this case, as it does in other cases where a buffer is currently unavailable but the caller can try again.