Xen project Mailing List

Re: [Xen-devel] [PATCH v2 4/6] xen/arm: optee: handle shared buffer translation error

From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Date: Tue, 24 Sep 2019 11:37:24 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qLzU5aFVmGJ6tNyCUUAXas/sZsTJbtPHW/lqf1FhdwA=; b=FALcpVWfdG+26LxLPTQ81A26andpMLAeIpkfwCpxU1L7/BSWzTvlA9IGBtvT421IeyoketxaAPR5+Cd77om5DNujj0bV6sMOY26VInaT3CsSEPI2C2Ux2CXpdo1K00cmSHQvK8ThY00Pgyz6Wy3dMLj8O71w8NBpFd59MaFgXmqgR83RRi/qM13Ym7bk0enTVlwKTqXSCeGt0Gf3lMYpy4MbOCFjvmHmbUmh8GPQez35bDW/ohSH757NWH8kwlIJnNz6X0/IIvkqW/ICw3pTxA4kenY7g2EAGT91sro0vc66BhOr5612toSIwp495RoP2j1s2YD/kQFxMiK78hFE9Q==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FzBA/f2/5t4BYm+WyonAJ3x0JQxy3zKc9Dml3UO3wF/3jwp4JZrAK+dlMFMMDd2eH1m6w+v/XFRMKQOIcjGlvM2WdOf51W1Yv9vjfTC2ZHSQQSF2xw7TI3GuGYoNhXddneX+/cEDgTKMfLiDLjZCFilbUVh8D6oO70jFir2d2CWVJzK/IGItPt3Jfyt/C64ju3s/ElVCOMj0Q0uJz/A9dFv+/+yd53++S4fGmV2CUcUYWQiys9gO/ikLkSzvKVmMdTccpwF2oPsYtInpzGMznZ6U4BNb9vC9v9aoU9y2sOkRGv9DIPx6hDBTofJ89ShO3hkEr49XNMrEAB1/7x7+gg==

Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@xxxxxxxx;

Cc: "tee-dev@xxxxxxxxxxxxxxxx" <tee-dev@xxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Tue, 24 Sep 2019 11:37:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHVblIEDLSpGG3MwUmqKYBWTkOKG6c5CdYAgAGyYoA=

Thread-topic: [PATCH v2 4/6] xen/arm: optee: handle shared buffer translation error

Hi Julien, Julien Grall writes: > Hi, > > On 18/09/2019 19:51, Volodymyr Babchuk wrote: >> +/* Handles return from Xen-issued RPC */ >> +static void handle_xen_rpc_return(struct optee_domain *ctx, >> + struct cpu_user_regs *regs, >> + struct optee_std_call *call, >> + struct shm_rpc *shm_rpc) >> +{ >> + call->state = OPTEE_CALL_NORMAL; >> + >> + /* >> + * Right now we have only one reason to be there - we asked guest >> + * to free shared buffer and it did it. Now we can tell OP-TEE >> + * that buffer allocation failed. We are not storing exact command >> + * type, only type of RPC return. So, this is the only check we >> + * can perform there. >> + */ >> + ASSERT(call->rpc_op == OPTEE_SMC_RPC_FUNC_CMD); > > As I pointed out in v1, ASSERT() is probably the less desirable > solution here as this is an error path. Looks like I misunderstood you :( > Can you explain why you chose that over the 3 solutions I suggested? I think I need some clarification there. ASSERT() is adopted way to tell about invariant. Clearly, this is programming error if ASSERT() fails. But I understand, that ASSERT() is available only in debug build. So, in release it will never fire. As this is very unlikely error path, bug there can live forever. Okay, so ASSERT() is the least desirable way. Warning is not enough, as we are already in incorrect state. So, best way is to crash guest, it this correct? I'll do this in the next version then. -- Volodymyr Babchuk at EPAM _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.