[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Reg. Tee init fail...
[AMD Official Use Only - General] +team -----Original Message----- From: Stefano Stabellini <sstabellini@xxxxxxxxxx> Sent: Thursday, June 30, 2022 1:34 AM To: Julien Grall <julien@xxxxxxx> Cc: SK, SivaSangeetha (Siva Sangeetha) <SivaSangeetha.SK@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx; Stefano Stabellini <sstabellini@xxxxxxxxxx>; Bertrand Marquis <bertrand.marquis@xxxxxxx>; Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>; jgross@xxxxxxxx; boris.ostrovsky@xxxxxxxxxx Subject: Re: Reg. Tee init fail... Adding Juergen and Boris because this is a Linux/x86 issue. As you can see from this Linux driver: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Felixir.bootlin.com%2Flinux%2Flatest%2Fsource%2Fdrivers%2Fcrypto%2Fccp%2Ftee-dev.c%23L132&data=05%7C01%7CSivaSangeetha.SK%40amd.com%7Ce962a907794f4917a80b08da5a0a7b3b%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637921298315828104%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NxmMUckiDRGLv3qLJrhZKBt2zNTuomEZqYJdV74tXxA%3D&reserved=0 Linux as dom0 on x86 is trying to communicate with firmware (TEE). Linux is calling __pa to pass a physical address to firmware. However, __pa returns a "fake" address not an mfn. I imagine that a quick workaround would be to call "virt_to_machine" instead of "__pa" in tee-dev.c. Normally, if this was a device, the "right fix" would be to use swiotlb-xen:xen_swiotlb_map_page to get back a real physical address. However, xen_swiotlb_map_page is meant to be used as part of the dma_ops API and takes a struct device *dev as input parameter. Maybe xen_swiotlb_map_page can be used for tee-dev as well? Basically tee-dev would need to call dma_map_page before passing addresses to firmware, and dma_unmap_page when it is done. E.g.: cmd_buffer = dma_map_page(dev, virt_to_page(cmd), cmd & ~PAGE_MASK, ring_size, DMA_TO_DEVICE); Juergen, Boris, what do you think? On Fri, 24 Jun 2022, Julien Grall wrote: > Hi, > > (moving the discussion to xen-devel as I think it is more appropriate) > > On 24/06/2022 10:53, SK, SivaSangeetha (Siva Sangeetha) wrote: > > [AMD Official Use Only - General] > > Not clear what this means. > > > > > Hi Xen team, > > > > In TEE driver, We allocate a ring buffer, get its physical address > > from > > __pa() macro, pass the physical address to secure processor for > > mapping it and using in secure processor side. > > > > Source: > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fel > > ixir.bootlin.com%2Flinux%2Flatest%2Fsource%2Fdrivers%2Fcrypto%2Fccp% > > 2Ftee-dev.c%23L132&data=05%7C01%7CSivaSangeetha.SK%40amd.com%7Ce > > 962a907794f4917a80b08da5a0a7b3b%7C3dd8961fe4884e608e11a82d994e183d%7 > > C0%7C0%7C637921298315828104%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw > > MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&a > > mp;sdata=NxmMUckiDRGLv3qLJrhZKBt2zNTuomEZqYJdV74tXxA%3D&reserved > > =0 > > > > This works good natively in Dom0 on the target. > > When we boot the same Dom0 kernel, with Xen hypervisor enabled, ring > > init fails. > > Do you have any error message or error code? > > > > > > > We suspect that the address passed to secure processor, is not same > > when xen is enabled, and when xen is enabled, some level of address > > translation might be required to get exact physical address. > > If you are using Xen upstream, Dom0 will be mapped with IPA == PA. So > there should be no need for translation. > > Can you provide more details on your setup (version of Xen, Linux...)? > > Cheers, > > -- > Julien Grall >
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |