[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/5] xen/arm: optee: check for preemption while freeing shared buffers

  • To: Julien Grall <julien.grall@xxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Wed, 11 Sep 2019 18:53:14 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d0MS1Iw51oHBM4Y386QriJQ+wkx2DiLVqzdjXi9Oln0=; b=lGtEN9+giH7Tx/ubPJ24vXo/IL3yc72IXoXglq2dkGo9ncueW9WxmjQIbd7WYCK6E3Ai1mIKDLJotptl2QzWDvvEtkRD81R8K3WpmJ9ocR39jLfyumSw37JkEeuMu7qsbaEQFgtSBrdacG7/0ZrYCTGLo8FJSS6foeKBsxMNALrqL5WjnkE3naU0mzIRuP5KCjCIuo1QwCOHoHsXWh3d0+qK0bQwa2H00Yto8Ac3Oa1pylgwl3binaKBvofKABGf1NmPMov5a/dDPvrzDG/fYROXRtI5Ptymg2TlH7/8D0XVekD5fDeb8Uj8fblu1P413T+NaYJ+h1L43JQFGVux5g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iap8kwEdeGmpAZqaBOLq98eqb3T8vjF8AonYczrTve0Aqin/GebXJ/RmBzrTJZ6AF+OevcxxRk0CHMolVaSJmKA8Rwyw9F4vIJyOymBGND1HmlHcLb4ZIBfJChaoV1NcUyrlOF2srrgd8ZHgQzSXtlBSrSHXZyhns+o7ErTvzu7WcQYg4KJW3/gOikBYZo/OGycSCtsw46X5F7zLNg/W1kxeBcgXu09Na9mgdLFx+Ctm3mPXjX1wTR1FqhknoCOxxfir6glb+55XE2VWHr+VQ1wq30hrFf1/EiXVaF4srcZHin1QN6KquttyLe6CoROiSDhmr/OdoEIIujpVMpSgEw==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@xxxxxxxx;
  • Cc: "tee-dev@xxxxxxxxxxxxxxxx" <tee-dev@xxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Wed, 11 Sep 2019 18:53:28 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVWeNlIytwW28PUEKII1lAK5bjtackBZ8AgALq7YA=
  • Thread-topic: [PATCH 2/5] xen/arm: optee: check for preemption while freeing shared buffers

Julien Grall writes:

> Hi Volodymyr,
> On 8/23/19 7:48 PM, Volodymyr Babchuk wrote:
>> Now we have limit for one shared buffer size, so we can be sure that
>> one call to free_optee_shm_buf() will not free all
>> MAX_TOTAL_SMH_BUF_PG pages at once. Thus, we now can check for
>> hypercall_preempt_check() in the loop inside
>> optee_relinquish_resources() and this will ensure that we are not
>> missing preemption.
> I am not sure to understand the correlation between the two
> sentences. Even if previously the guest could pin up to
> MAX_TOTAL_SHM_BUF_PG in one call, a well-behaved guest would result to
> do multiple calls and therefore preemption would have been useful.
Looks like now I don't understand you.

I'm talking about shared buffers. We have limited shared buffer to some
reasonable size. There is bad- or well-behaving guests in this context,
because guest can't share one big buffer in multiple calls. In other
worlds, if guest *needs* to share 512MB buffer with OP-TEE, it will be
forced to do this in one call. But we are forbidding big buffers right

optee_relinquish_resources() is called during domain destruction. At
this time we can have a number of still living shared buffers, each of
one is no bigger than 512 pages. Thanks to this, we can call
hypercall_preempt_check() only in optee_relinquish_resources(), but not
in free_optee_shm_buf().

If we will allow guest to register bigger buffer, than we will be forced
to check for preemption in free_optee_shm_buf() as well.

This is what I meant in the commit message.

> So I think the commit message needs some rewording.
Probably yes...

>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
>> ---
>>   xen/arch/arm/tee/optee.c | 10 +++++-----
>>   1 file changed, 5 insertions(+), 5 deletions(-)
>> diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
>> index f4fa8a7758..a84ffa3089 100644
>> --- a/xen/arch/arm/tee/optee.c
>> +++ b/xen/arch/arm/tee/optee.c
>> @@ -634,14 +634,14 @@ static int optee_relinquish_resources(struct domain *d)
>>       if ( hypercall_preempt_check() )
>>           return -ERESTART;
>>   -    /*
>> -     * TODO: Guest can pin up to MAX_TOTAL_SMH_BUF_PG pages and all of
>> -     * them will be put in this loop. It is worth considering to
>> -     * check for preemption inside the loop.
>> -     */
>>       list_for_each_entry_safe( optee_shm_buf, optee_shm_buf_tmp,
>>                                 &ctx->optee_shm_buf_list, list )
>> +    {
>> +        if ( hypercall_preempt_check() )
> So on the first iteration, you will check twice preemption (one before
> the loop and just entering). hypercall_preempt_check(). The function
> is not entirely free on Arm because of the implementation of
> vgic_vcpu_pending_irq(). So preventing pointless call would be nice.
> In this case, the hypercall_preempt_check() before the loop could be
> dropped.
Yes, you are right.

>> +            return -ERESTART;
>> +
>>           free_optee_shm_buf(ctx, optee_shm_buf->cookie);
>> +    }
>>         if ( hypercall_preempt_check() )
>>           return -ERESTART;
> Cheers,

Volodymyr Babchuk at EPAM
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.