From patchwork Fri Aug 23 18:48:46 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
X-Patchwork-Id: 11112219
Return-Path: <SRS0=xWPo=WT=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 056C814DE
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:25 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id D034321874
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:24 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=epam.com header.i=@epam.com header.b="aY71xuS4"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D034321874
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=quarantine dis=none) header.from=epam.com
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1i1EcF-0001i8-M7; Fri, 23 Aug 2019 18:48:51 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=gZL1=WT=epam.com=volodymyr_babchuk@srs-us1.protection.inumbo.net>)
 id 1i1EcE-0001hy-5Z
 for xen-devel@lists.xenproject.org; Fri, 23 Aug 2019 18:48:50 +0000
X-Inumbo-ID: a4076792-c5d6-11e9-adef-12813bfff9fa
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (unknown
 [40.107.14.44]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id a4076792-c5d6-11e9-adef-12813bfff9fa;
 Fri, 23 Aug 2019 18:48:48 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=lq30uAqT7TttHlpmVWq+uKvkeXhuywLVeFBp0FhzCDazdCOey80K3iDxeP9RfXbHcPIqwL32ZcN+iyi5He1fe6EWJ5aqUrSb8WOPwcD64DGGv5W9eldgeWRphqh7NuSZjmWLMCl0VZTw3biyIcDRacSPZxxjPfqX3LvOnHl5g65hSjS63KnrRAtvayloNGEJ1YbDkbzwRu6HE/LZmhT+37qBvxpDKrNkOcHztBv3fww4ilDbTHxjm/OmoY4FBy0DZ2TNNazYIpoqjydjY7KaPKVhOMMsak4y0IfgAer5aiStgL6NYDyjlyS6S7BkZATX6hYFzCpb/Sq8oJ+3YxxSCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6wcxbcpo/okkTVzuNPy2P6JFd/kTE20LYJk6ij1ASiA=;
 b=BaP732LkfSptowFZe15cMDkYNbboJb9cgjPQtAJRzGzyirn8Yegy5L5BYIJP8Eq5hW6h7oH3wR8BwE/jrSsktM0RcgWw436X9xJO7Kd555RBa642ZAYHItJ2W0s6zWd5aKVVpcLW9J9wVvI8ZFRReBH84Kysuok/1o8kVK2Sk9gvBbawr8Yuj/Sv2GWt4XDAry5tjM0VBSOW5U0L6SrqJS7ps0tY4BCyGhmGsGawl9HrOa9Z+havTQOCUiVsFGe9uNtk/kUrfnp/0VJgeuB8cDvoPZPPiI4bI2GiQ0j3rN2Kr5o5TUG0mSrpW0vMcaOda7rjp0ywLPWa0ZTI4VmPOw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com;
 dkim=pass header.d=epam.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6wcxbcpo/okkTVzuNPy2P6JFd/kTE20LYJk6ij1ASiA=;
 b=aY71xuS46n6jlaCShBuXvM3mP//FqPmLEayKPcdvLCvfFbsR28ty6sLQ5ArmmCtZMvDcuad3Cd5VE3nYsmltHvMHwUH0nEJo8t9TmSCrSaV+lNcQdXf8jeluP4/24i3O9Ge6WgNLfXp4c1xnD98p5JAsbYrmpBQg0Z/pTxrYcSUVEK0/F09qLygBdoJnT6+0DHGN27aaEYV0gTMdD/Nlay1Ge4XM5cN2q58vH7OZZIhO+TwtwCsJkW/4n8u/7IlwOUGhCphLmJlTUuBpU90t+0Trl6vpkUIB12GADBx52loJ6uYnE54+RxMPA6RRL0VKy6ufelbqTfZuYb8eQHcIRw==
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.177.40.10) by
 AM0PR03MB4690.eurprd03.prod.outlook.com (20.177.41.22) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2178.18; Fri, 23 Aug 2019 18:48:46 +0000
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a]) by AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a%5]) with mapi id 15.20.2199.015; Fri, 23 Aug 2019
 18:48:46 +0000
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Thread-Topic: [PATCH 1/5] xen/arm: optee: impose limit on shared buffer size
Thread-Index: AQHVWeNlCY0CqDi7zE2giEuaPhvOCg==
Date: Fri, 23 Aug 2019 18:48:46 +0000
Message-ID: <20190823184826.14525-2-volodymyr_babchuk@epam.com>
References: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
In-Reply-To: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Volodymyr_Babchuk@epam.com;
x-originating-ip: [85.223.209.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a8ddb2ad-9b70-4622-4ef3-08d727fa87ad
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020);
 SRVR:AM0PR03MB4690;
x-ms-traffictypediagnostic: AM0PR03MB4690:|AM0PR03MB4690:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: 
 <AM0PR03MB46904E02BDA4EB07E91D5964E6A40@AM0PR03MB4690.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0138CD935C
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(346002)(136003)(376002)(39860400002)(366004)(396003)(189003)(199004)(52084003)(6436002)(305945005)(25786009)(76176011)(81166006)(71190400001)(478600001)(7736002)(81156014)(5660300002)(8676002)(71200400001)(4326008)(186003)(6506007)(99286004)(2351001)(6486002)(1076003)(2501003)(26005)(2906002)(6916009)(66446008)(55236004)(66946007)(91956017)(14454004)(76116006)(66476007)(66556008)(36756003)(64756008)(6116002)(6512007)(446003)(11346002)(3846002)(476003)(2616005)(316002)(54906003)(86362001)(80792005)(102836004)(5640700003)(8936002)(66066001)(14444005)(486006)(256004)(53936002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB4690;
 H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: epam.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 pljiRIPf4TvJOrfmikttJeu7cen9KdZLvrf4ZdH7TM9LDm9mbp/sykKctRenPu2P38S2DsObNvY9N7xSDSbqzjycBwchv7KUsxGi5CkXP1VG5gJV4jOK68+BM46H6l99lfeM/08z5+6SaAvNK2wWqgUu/b3GsTwR4unbn1zIySJ90HrvEro95frMH5dP2Qg5GyUNMc1i/qrzN+6MT9JjMbr2X0QJVsIEc+tp+qd/7PvVEbnX3ZX5v0lmH8XL1xUuSechz6Z71rwM/ubCdHbWryvnUC1YP3wRBkJJFM9vEtQhbYWbInzL4nu1Y/u3tV3Tx4wLoyhgR/rrtJtRhBsgh93LBmAoAt2wwU1I7qqlU+f3CdKPue3bmpbImBSr+etwfWZyI9qf29FZ6Y+cMjv1aLpEITBKwezZQL+B6XXaeUM=
MIME-Version: 1.0
X-OriginatorOrg: epam.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 a8ddb2ad-9b70-4622-4ef3-08d727fa87ad
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2019 18:48:46.7004 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 fIVLU6+ahhQAguozHQDWqpiPDgJFgdLAiAAoCFphzDhYAnQAj3WQm0CKi3Fmz845bEZW5N0ZkvZX7rluIGtk/ygGqg0kAXMO8J7Jd3mqz8k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB4690
Subject: [Xen-devel] [PATCH 1/5] xen/arm: optee: impose limit on shared
 buffer size
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: "tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
 Julien Grall <julien.grall@arm.com>,
 Stefano Stabellini <sstabellini@kernel.org>,
 Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

We want to limit number of calls to lookup_and_pin_guest_ram_addr()
per one request. There are two ways to do this: either preempt
translate_noncontig() or to limit size of one shared buffer size.

It is quite hard to preempt translate_noncontig(), because it is deep
nested. So we chose second option. We will allow 512 pages per one
shared buffer. This does not interfere with GP standard, as it
requires that size limit for shared buffer should be at lest 512kB.
Also, with this limitation OP-TEE still passes own "xtest" test suite,
so this is okay for now.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---
 xen/arch/arm/tee/optee.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
index ec5402e89b..f4fa8a7758 100644
--- a/xen/arch/arm/tee/optee.c
+++ b/xen/arch/arm/tee/optee.c
@@ -72,6 +72,17 @@
  */
 #define MAX_TOTAL_SMH_BUF_PG    16384
 
+/*
+ * Arbitrary value that limits maximum shared buffer size. It is
+ * merely coincidence that it equals to both default OP-TEE SHM buffer
+ * size limit and to (1 << CONFIG_DOMU_MAX_ORDER). Please note that
+ * this define limits number of pages. But user buffer can be not
+ * aligned to a page boundary. So it is possible that user would not
+ * be able to share exactly MAX_SHM_BUFFER_PG * PAGE_SIZE bytes with
+ * OP-TEE.
+ */
+#define MAX_SHM_BUFFER_PG       512
+
 #define OPTEE_KNOWN_NSEC_CAPS OPTEE_SMC_NSEC_CAP_UNIPROCESSOR
 #define OPTEE_KNOWN_SEC_CAPS (OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM | \
                               OPTEE_SMC_SEC_CAP_UNREGISTERED_SHM | \
@@ -697,15 +708,17 @@ static int translate_noncontig(struct optee_domain *ctx,
     size = ROUNDUP(param->u.tmem.size + offset, OPTEE_MSG_NONCONTIG_PAGE_SIZE);
 
     pg_count = DIV_ROUND_UP(size, OPTEE_MSG_NONCONTIG_PAGE_SIZE);
+    if ( pg_count > MAX_SHM_BUFFER_PG )
+        return -ENOMEM;
+
     order = get_order_from_bytes(get_pages_list_size(pg_count));
 
     /*
-     * In the worst case we will want to allocate 33 pages, which is
-     * MAX_TOTAL_SMH_BUF_PG/511 rounded up. This gives order 6 or at
-     * most 64 pages allocated. This buffer will be freed right after
-     * the end of the call and there can be no more than
+     * In the worst case we will want to allocate 2 pages, which is
+     * MAX_SHM_BUFFER_PG/511 rounded up. This buffer will be freed
+     * right after the end of the call and there can be no more than
      * max_optee_threads calls simultaneously. So in the worst case
-     * guest can trick us to allocate 64 * max_optee_threads pages in
+     * guest can trick us to allocate 2 * max_optee_threads pages in
      * total.
      */
     xen_pgs = alloc_domheap_pages(current->domain, order, 0);
@@ -747,13 +760,6 @@ static int translate_noncontig(struct optee_domain *ctx,
             xen_data = __map_domain_page(xen_pgs);
         }
 
-        /*
-         * TODO: That function can pin up to 64MB of guest memory by
-         * calling lookup_and_pin_guest_ram_addr() 16384 times
-         * (assuming that PAGE_SIZE equals to 4096).
-         * This should be addressed before declaring OP-TEE security
-         * supported.
-         */
         BUILD_BUG_ON(PAGE_SIZE != 4096);
         page = get_domain_ram_page(gaddr_to_gfn(guest_data->pages_list[idx]));
         if ( !page )

From patchwork Fri Aug 23 18:48:47 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
X-Patchwork-Id: 11112227
Return-Path: <SRS0=xWPo=WT=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5BB1914DE
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:53 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 35C1821874
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:53 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=epam.com header.i=@epam.com header.b="PYDvDl6o"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 35C1821874
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=quarantine dis=none) header.from=epam.com
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1i1EcG-0001iI-V4; Fri, 23 Aug 2019 18:48:52 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=gZL1=WT=epam.com=volodymyr_babchuk@srs-us1.protection.inumbo.net>)
 id 1i1EcF-0001i3-8p
 for xen-devel@lists.xenproject.org; Fri, 23 Aug 2019 18:48:51 +0000
X-Inumbo-ID: a56b2060-c5d6-11e9-adef-12813bfff9fa
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (unknown
 [40.107.14.44]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id a56b2060-c5d6-11e9-adef-12813bfff9fa;
 Fri, 23 Aug 2019 18:48:50 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=jiISmk9ckQpR6GwDgxIl1J8k3RIBES/lZ8rGQqpDT936QMHcwnMN0yTrPyHyZnA7kSXIWTfeJD+CmLbdQOT/r2ebbpLmRzIbUaSpm+Zuybhir2oUPnhkCvN/ANOiKHQWPvvX1LAOc2Qaw83JWSy3gOXx6HlPmv28fuTHb5VpAo+4noCOFmLS5nHF7O56BITdeCRUc299Yu+wIAr5IL4E7Y9U7QcmvRjXilNmePrV48pnCPTnZdCN/d4VVuRclBStCyLeeEmtRLTiy4LHPANb7vJqVx5bOkmys8RBiRnsIqDvq8Wit1wKLTMJJAgMSggd+OJTk6s39iOR2HPPBJpNWQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=h9slQsESnMOdoeXOxnMo+h2DWjSwXDwU5+fCRetsgFU=;
 b=BRWrW66MwH842tr5sIyMhDFckjrFqtz2rsGKnoHbEM+oqblTbEKDMyWYYg/NFnoiPEE5SrPGSS+RjGxylQry1Hpjbkuc+9QEvgNlen2COSrpDbemp5yNf3divs02yF8t06Ue4kpewnRWCJ6qDwsBay09eRZodwE8vA8/htmYeEfsRIISqlPUnzDW1PrGdNZahhup2Y0MhpgSZ/8cnSf2SWVPd15o7+husBsJ4kq/CDz0ExD4VVI7tjFfuFL2iDyfqwtg5Kloo4Rn/l4RFcnvCsJlJP7Grq5UiWZkGP55JynZYkQc853ZsOCdaQKc9unyw3Z6ImHGb26tCbbnMoacGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com;
 dkim=pass header.d=epam.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=h9slQsESnMOdoeXOxnMo+h2DWjSwXDwU5+fCRetsgFU=;
 b=PYDvDl6oYhM6ewlKhCT/aZYxX5wxgG1nOOK+tfaC4RTP/6E0iTI4EZIN4SGEmh/hgewWYLWKa2sHabo3xF4ekmuEn71TZoU11X49zBvJK6h3kQu1Tlt94Ky7Pe1G0tKEZ7V16PolHXycV0kvQ/YYZWwSnoBxLdl2qqvs6MOTylRMlDRrtOe+sEJ+14ucis9X2NQxDw3SMoY2p5a5LdJVSEOMyLg1e6xiwZNc7yWDapnIbLVAdMc8IOYtNEIlin0krcf9lYKEnYnJEbWCsBZ/unK0kRdP4Ljrx4sh74nHjGL8//lcrBKyFCVSGtCiTAdkbJWc8KED0EUXNpzIsiYUkg==
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.177.40.10) by
 AM0PR03MB4690.eurprd03.prod.outlook.com (20.177.41.22) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2178.18; Fri, 23 Aug 2019 18:48:48 +0000
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a]) by AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a%5]) with mapi id 15.20.2199.015; Fri, 23 Aug 2019
 18:48:48 +0000
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Thread-Topic: [PATCH 2/5] xen/arm: optee: check for preemption while freeing
 shared buffers
Thread-Index: AQHVWeNlIytwW28PUEKII1lAK5bjtQ==
Date: Fri, 23 Aug 2019 18:48:47 +0000
Message-ID: <20190823184826.14525-3-volodymyr_babchuk@epam.com>
References: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
In-Reply-To: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Volodymyr_Babchuk@epam.com;
x-originating-ip: [85.223.209.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6f2ed6bf-b848-459b-4dd0-08d727fa8891
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020);
 SRVR:AM0PR03MB4690;
x-ms-traffictypediagnostic: AM0PR03MB4690:|AM0PR03MB4690:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: 
 <AM0PR03MB46906D84F10C53463FB5D1D5E6A40@AM0PR03MB4690.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0138CD935C
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(346002)(136003)(376002)(39860400002)(366004)(396003)(189003)(199004)(6436002)(305945005)(25786009)(76176011)(81166006)(71190400001)(478600001)(7736002)(81156014)(5660300002)(8676002)(71200400001)(4326008)(186003)(6506007)(99286004)(2351001)(6486002)(1076003)(2501003)(26005)(2906002)(6916009)(66446008)(55236004)(66946007)(91956017)(14454004)(76116006)(66476007)(66556008)(36756003)(64756008)(6116002)(6512007)(446003)(11346002)(3846002)(476003)(2616005)(316002)(54906003)(86362001)(80792005)(102836004)(5640700003)(8936002)(66066001)(14444005)(486006)(256004)(53936002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB4690;
 H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: epam.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 1bMtjGHCJ3Kmw55s8ZSqZeXbGXHZdcm2e2g/0GF92hBtF9tsRHTWsY8BeiudbSGQuKKVNyiNyGPCnjO4udvJMAWoZvqofrJz+l/74Mt7ezJBgacIQBWkL0cfv8h0vn60gHnatlDDAzmqr20q4tf2Tztd4UORu2zy3Zxq4XfywRTgXAF9T3eIEGETnksoa7DVUt9ET+5eIntcuTjQ7FvOtB5Nazv0wsgoI+pVTbgQMQGRmFI7SRXqlQH6/jO6Y1C18UkQkbL14CFkU/3bbaIkUduod07xJHzuHQqHh1cHz/QZv+7hhBoJeVbQWpeGeK9SjV0xEoTBXOEx2QiMdxkWKjTMFnFaJZqS5V+4mggz1Cg8JEU1+fGPaPbQNa7htTB/EbXrmKn2maGdIutBY6Smgn/Hh3Q5l6JImP5fsGOWKbQ=
MIME-Version: 1.0
X-OriginatorOrg: epam.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6f2ed6bf-b848-459b-4dd0-08d727fa8891
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2019 18:48:48.0537 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 1bTAAWNXqfFEsIsvsJdAqZsYPlc2oVxYQnSsc8LRP9Wwl8PzGpayYRiNDaY2zPP1FJUKVhIJhB0zXDEI1LNdjnVzu3CR1mOOAgEd6gun7BA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB4690
Subject: [Xen-devel] [PATCH 2/5] xen/arm: optee: check for preemption while
 freeing shared buffers
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: "tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
 Julien Grall <julien.grall@arm.com>,
 Stefano Stabellini <sstabellini@kernel.org>,
 Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Now we have limit for one shared buffer size, so we can be sure that
one call to free_optee_shm_buf() will not free all
MAX_TOTAL_SMH_BUF_PG pages at once. Thus, we now can check for
hypercall_preempt_check() in the loop inside
optee_relinquish_resources() and this will ensure that we are not
missing preemption.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---
 xen/arch/arm/tee/optee.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
index f4fa8a7758..a84ffa3089 100644
--- a/xen/arch/arm/tee/optee.c
+++ b/xen/arch/arm/tee/optee.c
@@ -634,14 +634,14 @@ static int optee_relinquish_resources(struct domain *d)
     if ( hypercall_preempt_check() )
         return -ERESTART;
 
-    /*
-     * TODO: Guest can pin up to MAX_TOTAL_SMH_BUF_PG pages and all of
-     * them will be put in this loop. It is worth considering to
-     * check for preemption inside the loop.
-     */
     list_for_each_entry_safe( optee_shm_buf, optee_shm_buf_tmp,
                               &ctx->optee_shm_buf_list, list )
+    {
+        if ( hypercall_preempt_check() )
+            return -ERESTART;
+
         free_optee_shm_buf(ctx, optee_shm_buf->cookie);
+    }
 
     if ( hypercall_preempt_check() )
         return -ERESTART;

From patchwork Fri Aug 23 18:48:49 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
X-Patchwork-Id: 11112221
Return-Path: <SRS0=xWPo=WT=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9004D184E
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:25 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 6A34521874
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:25 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=epam.com header.i=@epam.com header.b="S1l7SoBS"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6A34521874
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=quarantine dis=none) header.from=epam.com
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1i1EcL-0001ic-7z; Fri, 23 Aug 2019 18:48:57 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=gZL1=WT=epam.com=volodymyr_babchuk@srs-us1.protection.inumbo.net>)
 id 1i1EcK-0001iW-Bq
 for xen-devel@lists.xenproject.org; Fri, 23 Aug 2019 18:48:56 +0000
X-Inumbo-ID: a56b2061-c5d6-11e9-adef-12813bfff9fa
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (unknown
 [40.107.14.44]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id a56b2061-c5d6-11e9-adef-12813bfff9fa;
 Fri, 23 Aug 2019 18:48:50 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=DnbCvGBozHSs5M6E5a9CP2YGRqWyqMVTC42XNMohs7HJ7tJBMQd0PugSrJB+Agd6L2vaDxuxEtfqEHpUF4XCn2P1d9qQsAkMNLN96AazxPu1Llaz5L89KTYNCylk/bNTTVpUP9+uBMMAzjLxNo9VhspeXceikq+XH5XCKzK9UzgcRbZGeLQSlCWzevqYBly9xq9Gg43Eg1+iGsVqBlSXVVmZ92+qC7g2MwW72Nv1tLyMpIakJhvRq1s30JWnXjYG1tRKYw0VkNPEoNS255jze5AZl+kCxWrZUXUtM2eX+obUal1HUX01eOywL81+ETszmrJZUB3fQgfkK1FFaIGN2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=IlJ90XUs8jVx5CifVbLC/0YeGQuKvGEl+NnI+DNdQL8=;
 b=mvniO9dy+U/viT3yQDD/ZyowFjNzPammKmDjI6zJMMS1WRRatAs3jdFLN/pnS1sUexjXmxqtAzfX+H94OntGL+qQa29X/JJc28Qc6IQXcjhmWbVPVoZO1NJb8Qlp/o4EIlK7wakt16D7LMjweJVnMkxNguR+7i+UNXDmUGRMDG/UYWQ2vcF0TlVAwh7U4wtpLI25GzlV20ksBTlPpksNPYf6vbv5JC4VGbyPPKaSQ8rFQI357OOhFEKVovjG1lADrz/eTiiiHPOW/ouRlFHyiYej517f0/jQv0WHm5tr744NEw4Mqy7L4ssS0hXo5hCrN46wrpQD4uwtBePE7qFIOw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com;
 dkim=pass header.d=epam.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=IlJ90XUs8jVx5CifVbLC/0YeGQuKvGEl+NnI+DNdQL8=;
 b=S1l7SoBSaGvNcdoI1cfDWFBbk8cHx9MIaz1ZIIZIY4QutXTfMjCuQKTLrBqSYzLEI7z4fPea48fvg0u+TUNJL5EQLEhrdAGxt3YY11Ea0x1U17im8Rpaz5zzrO1zpnpYGnPCR7Zjk4vz1DrME4R9QEXNcflszRIgRsdkUenn7nulX66jtmC6XcndHqqvmU05gKxhP5lwpTqgi7FU1Ft/bmR7ID0eiDm5ppWmR6gHOVEqNvFA512CgkDofQLkkBuKYPxFGLEsjnmNgL9osS2JGDz+0Z4EVRndKujlmkdOWLOhFEcw4Z36E6R1dcviWj1WeAiwMGpSJJFsxAmmdmUDEQ==
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.177.40.10) by
 AM0PR03MB4690.eurprd03.prod.outlook.com (20.177.41.22) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2178.18; Fri, 23 Aug 2019 18:48:49 +0000
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a]) by AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a%5]) with mapi id 15.20.2199.015; Fri, 23 Aug 2019
 18:48:49 +0000
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Thread-Topic: [PATCH 3/5] xen/arm: optee: limit number of shared buffers
Thread-Index: AQHVWeNm60BkuvqDyUmm6mdhz0g5CQ==
Date: Fri, 23 Aug 2019 18:48:49 +0000
Message-ID: <20190823184826.14525-4-volodymyr_babchuk@epam.com>
References: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
In-Reply-To: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Volodymyr_Babchuk@epam.com;
x-originating-ip: [85.223.209.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b18b73af-a232-4443-793e-08d727fa8961
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020);
 SRVR:AM0PR03MB4690;
x-ms-traffictypediagnostic: AM0PR03MB4690:|AM0PR03MB4690:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: 
 <AM0PR03MB46909EEB6C911D05A8A6D899E6A40@AM0PR03MB4690.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4941;
x-forefront-prvs: 0138CD935C
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(346002)(136003)(376002)(39860400002)(366004)(396003)(189003)(199004)(6436002)(305945005)(25786009)(76176011)(81166006)(71190400001)(478600001)(7736002)(81156014)(5660300002)(8676002)(71200400001)(4326008)(186003)(6506007)(99286004)(2351001)(6486002)(1076003)(2501003)(26005)(2906002)(6916009)(66446008)(55236004)(66946007)(91956017)(14454004)(76116006)(66476007)(66556008)(36756003)(64756008)(6116002)(6512007)(446003)(11346002)(3846002)(476003)(2616005)(316002)(54906003)(86362001)(80792005)(102836004)(5640700003)(8936002)(66066001)(14444005)(486006)(256004)(53936002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB4690;
 H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: epam.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 0rWoOZNscxMr0JhkFwQWedbXhnAPVi2TNFfQE5N3/8pXc4Zd3au6PwuDV8p6sxW6mRhFwGSpv+zCOpk8r9CZrVURQ0l6Q03REb5Y60ZmrqrxLlnj2BpQIXWeiDQmCS/9LvfzqgRJWRQ1iYdeJd2osWJorndH5IKCNchK7z0rtO9tGgQxkNFRoWsxaVmCIcv4Tkv4y6VJDjtk4J6QTBsC7sUJMBbYDAiC6H/HgAytEpPagC84ta1FTI9pewqFrjLzosM94JqMuyginWeDJgLyImtZNjVnAOuryJ/5FJtutt7lXj9anRrxsj1w1otWjM9QipxefTiucdrguXVrQHYg9kA5B5dDQuAgES8IfYjZPUohmE3DGRx8UnrziFaqXQeGJKX5CQA0mPsX8vl0iDnM+4iBVQ23XK6Fd1U8Bdxvlpo=
MIME-Version: 1.0
X-OriginatorOrg: epam.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b18b73af-a232-4443-793e-08d727fa8961
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2019 18:48:49.5149 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 7+w9gHe4dYIOpDE/gLTOrPiIB80e0TeIHZTZxUMfTkRpx0VbDB5J9duZnwuJMiMtULPWfgaWsE3KEkuXgYuU7Wq/QCx1xl1Z2lrVfSJlm/E=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB4690
Subject: [Xen-devel] [PATCH 3/5] xen/arm: optee: limit number of shared
 buffers
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: "tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
 Julien Grall <julien.grall@arm.com>,
 Stefano Stabellini <sstabellini@kernel.org>,
 Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

We want to limit number of shared buffers that guest can register in
OP-TEE. Every such buffer consumes XEN resources and we don't want
guest to exhaust XEN. So we choose arbitrary limit for shared buffers.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---
 xen/arch/arm/tee/optee.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
index a84ffa3089..3ce6e7fa55 100644
--- a/xen/arch/arm/tee/optee.c
+++ b/xen/arch/arm/tee/optee.c
@@ -83,6 +83,14 @@
  */
 #define MAX_SHM_BUFFER_PG       512
 
+/*
+ * Limits the number of shared buffers that guest can have at once.
+ * This is to prevent case, when guests tricks XEN into exhausting
+ * own memory by allocating zillions of one-byte buffers. Value is
+ * chosen arbitrary.
+ */
+#define MAX_SHM_BUFFER_COUNT   16
+
 #define OPTEE_KNOWN_NSEC_CAPS OPTEE_SMC_NSEC_CAP_UNIPROCESSOR
 #define OPTEE_KNOWN_SEC_CAPS (OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM | \
                               OPTEE_SMC_SEC_CAP_UNREGISTERED_SHM | \
@@ -144,6 +152,7 @@ struct optee_domain {
     struct list_head optee_shm_buf_list;
     atomic_t call_count;
     atomic_t optee_shm_buf_pages;
+    atomic_t optee_shm_buf_count;
     spinlock_t lock;
 };
 
@@ -231,6 +240,7 @@ static int optee_domain_init(struct domain *d)
     INIT_LIST_HEAD(&ctx->optee_shm_buf_list);
     atomic_set(&ctx->call_count, 0);
     atomic_set(&ctx->optee_shm_buf_pages, 0);
+    atomic_set(&ctx->optee_shm_buf_count, 0);
     spin_lock_init(&ctx->lock);
 
     d->arch.tee = ctx;
@@ -479,23 +489,26 @@ static struct optee_shm_buf *allocate_optee_shm_buf(struct optee_domain *ctx,
     struct optee_shm_buf *optee_shm_buf, *optee_shm_buf_tmp;
     int old, new;
     int err_code;
+    int count;
+
+    count = atomic_add_unless(&ctx->optee_shm_buf_count, 1,
+                              MAX_SHM_BUFFER_COUNT);
+    if ( count == MAX_SHM_BUFFER_COUNT )
+        return ERR_PTR(-ENOMEM);
 
     do
     {
         old = atomic_read(&ctx->optee_shm_buf_pages);
         new = old + pages_cnt;
         if ( new >= MAX_TOTAL_SMH_BUF_PG )
-            return ERR_PTR(-ENOMEM);
+        {
+            err_code = -ENOMEM;
+            goto err_dec_cnt;
+        }
     }
     while ( unlikely(old != atomic_cmpxchg(&ctx->optee_shm_buf_pages,
                                            old, new)) );
 
-    /*
-     * TODO: Guest can try to register many small buffers, thus, forcing
-     * XEN to allocate context for every buffer. Probably we need to
-     * limit not only total number of pages pinned but also number
-     * of buffer objects.
-     */
     optee_shm_buf = xzalloc_bytes(sizeof(struct optee_shm_buf) +
                                   pages_cnt * sizeof(struct page *));
     if ( !optee_shm_buf )
@@ -531,6 +544,8 @@ static struct optee_shm_buf *allocate_optee_shm_buf(struct optee_domain *ctx,
 err:
     xfree(optee_shm_buf);
     atomic_sub(pages_cnt, &ctx->optee_shm_buf_pages);
+err_dec_cnt:
+    atomic_dec(&ctx->optee_shm_buf_count);
 
     return ERR_PTR(err_code);
 }
@@ -573,6 +588,7 @@ static void free_optee_shm_buf(struct optee_domain *ctx, uint64_t cookie)
     free_pg_list(optee_shm_buf);
 
     atomic_sub(optee_shm_buf->page_cnt, &ctx->optee_shm_buf_pages);
+    atomic_dec(&ctx->optee_shm_buf_count);
 
     xfree(optee_shm_buf);
 }

From patchwork Fri Aug 23 18:48:50 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
X-Patchwork-Id: 11112229
Return-Path: <SRS0=xWPo=WT=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 18F711709
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:54 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id DCDB721874
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:53 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=epam.com header.i=@epam.com header.b="ZHTk2KO7"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DCDB721874
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=quarantine dis=none) header.from=epam.com
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1i1EcQ-0001kH-M4; Fri, 23 Aug 2019 18:49:02 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=gZL1=WT=epam.com=volodymyr_babchuk@srs-us1.protection.inumbo.net>)
 id 1i1EcP-0001jN-9O
 for xen-devel@lists.xenproject.org; Fri, 23 Aug 2019 18:49:01 +0000
X-Inumbo-ID: a56b2062-c5d6-11e9-adef-12813bfff9fa
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (unknown
 [40.107.14.44]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id a56b2062-c5d6-11e9-adef-12813bfff9fa;
 Fri, 23 Aug 2019 18:48:51 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=lRy3785bRM2bWA5cVdX0qbEDU5mnYJ2YFMFt3wXpHiIqyw11qpBnZHj8JIqfqVEL3eP/7BAyQTzs3quzTtvVsbac3lIwKhagdvxv4aNFuDjyGz5NzBHxNHjH60H/q+x71Pq2xt02onkIMcBWN+Z1BwCYinUW+sZGzHvzhtxh7Xb0LSUwVVLjCSObS/UZ1FDc0HtCOFUeSmeNeZiE8CeUnEX8jkcUZiWWISUkTW+OC0KztEG6WIaxD9Be7jNpncUhJ/XTxPjNgk87VTbQKwVo1VwmCh54MAq0mYZdDrABDSqWAu5Jjh+NRDdtJzez75YXHhbHP38RVeVPTHOHRKAnuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=J3vzKqChQlQMrBBa5Lj78mD3Xi0BfXeQy6cOitat1zA=;
 b=B0edAL9Q7dY2yUGSaWpUz6TvDdoWCB6Ir9A5OOOYNuFf0bzfy3N+1bJ40HZRFZK3X7ElFJrvmk1vIp8ilu4hUzwkGXkt0Kmi39vzJ62U8X+SAsqXxVw/vYM7t2HW/6oJlJtt7helAvCrsFxy2uUN/Pey2Or2zDt+EOOJnJNit8de6uPJBcWrRRe6ZFgybEjBYVSMYN84MdCEE7JrXQ+AQHJNdyVmc+wfZRv+aHAqwYlMCssAwxzkmEKA6YxvCRdCece1sjeVXX8oxmHJMX1K1gW9vo8Q4OyFMLFkyKmDRhveeaIWOrsGGBeW/L4cMCxqhaoZPQZioT2C/S4SsFBGTQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com;
 dkim=pass header.d=epam.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=J3vzKqChQlQMrBBa5Lj78mD3Xi0BfXeQy6cOitat1zA=;
 b=ZHTk2KO7pxQ87rKXm6qrKXDpFuCNUCmlOqr7PM8QVq2cHMuM+mY0ZDOfdsh8YFo3rTJ1HDKf/iSbBstijGaU5Y/GDnch2I2wZlvCI7fS6Sf6Hw4Di49qIhid8WljW2hkzVzKBg1F4n3XKJlzXLXeclp/DXNoVOL4oiED6PvmgGhbKYye8NGXpwMD1dnQsMstDAi/BeVUmukqlYoqIbfpfxMvoDK8MMUjDyJqINymjEa9AU9kBMZbjwuOiwY+J5lkpwp/kAhJOCwgpQbSe87IKPeNPplY+xYn2GfAn8TKEZ1fU8aO7/AqU0wO7e6nenzywgIZ6Wx4FzBzFFKe/Nzx+Q==
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.177.40.10) by
 AM0PR03MB4690.eurprd03.prod.outlook.com (20.177.41.22) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2178.18; Fri, 23 Aug 2019 18:48:50 +0000
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a]) by AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a%5]) with mapi id 15.20.2199.015; Fri, 23 Aug 2019
 18:48:50 +0000
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Thread-Topic: [PATCH 4/5] xen/arm: optee: handle share buffer translation
 error
Thread-Index: AQHVWeNnnvmrLONixEqfoDDhmmN88g==
Date: Fri, 23 Aug 2019 18:48:50 +0000
Message-ID: <20190823184826.14525-5-volodymyr_babchuk@epam.com>
References: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
In-Reply-To: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Volodymyr_Babchuk@epam.com;
x-originating-ip: [85.223.209.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a8a5d122-502e-4422-d6ea-08d727fa8a09
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020);
 SRVR:AM0PR03MB4690;
x-ms-traffictypediagnostic: AM0PR03MB4690:|AM0PR03MB4690:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: 
 <AM0PR03MB4690CBA8A3DB1DDA5ECE4E6BE6A40@AM0PR03MB4690.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 0138CD935C
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(346002)(136003)(376002)(39860400002)(366004)(396003)(51234002)(189003)(199004)(6436002)(305945005)(25786009)(76176011)(81166006)(71190400001)(478600001)(7736002)(81156014)(5660300002)(8676002)(71200400001)(4326008)(186003)(6506007)(99286004)(2351001)(6486002)(1076003)(2501003)(26005)(2906002)(6916009)(66446008)(55236004)(66946007)(91956017)(14454004)(76116006)(66476007)(66556008)(36756003)(64756008)(6116002)(6512007)(446003)(11346002)(3846002)(476003)(2616005)(316002)(54906003)(86362001)(80792005)(102836004)(5640700003)(8936002)(66066001)(14444005)(486006)(256004)(53936002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB4690;
 H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: epam.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 v8vTlLgDbU//E7+sVlRuwITeOezCVya1fhZVM3P6jT7YDTVeVzOk6cWKuE12ebrrvWEP+4SExke6+LusTPnhCMZxARVmI9aI9ojsCtJXwIR0SUG74UoaaIaZXS21UOtqpkEwZg7AYPGyc/mBwH+uEwlpJfhSJcTAicb5vXP8q6ORmzYD1dj4koq23i50iOhb6S0n9lC40lxaVSFO+6/fkV0Szqa6k9XSWiuAYOahGjko4vpJ/v3YPlYIxYkwYwSA/3MDTywgkZ8ZnrWldcwwqctBwz0km1oNhY/GqYTNQDkwhw/PlOnO4f9xnyTZu4IS2KD+vbwhaei5nCy4cBVZF4F7IrQVnu4l/7LodBJ1c5mlD7c4vkLot6W5TTghNXqFJ90U0GKNx6ewXjwQyRtp3xPqdkSQ+Fs7h2kRHbjD2Zg=
MIME-Version: 1.0
X-OriginatorOrg: epam.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 a8a5d122-502e-4422-d6ea-08d727fa8a09
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2019 18:48:50.5793 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 6umkZ6YVKoBMGgF+5PHm80yTq2IfSXLqWefHgnHnem3+w4NMvn6tzZbIGBZZuzxhB+bRu4jou87B4O0Qtaqmo54nev4zP/S3g3r3dTM9zT4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB4690
Subject: [Xen-devel] [PATCH 4/5] xen/arm: optee: handle share buffer
 translation error
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: "tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
 Julien Grall <julien.grall@arm.com>,
 Stefano Stabellini <sstabellini@kernel.org>,
 Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

There is a case possible, when OP-TEE asks guest to allocate shared
buffer, but Xen for some reason can't translate buffer's addresses. In
this situation we should do two things:

1. Tell guest to free allocated buffer, so there will be no memory
leak for guest.

2. Tell OP-TEE that buffer allocation failed.

To ask guest to free allocated buffer we should perform the same
thing, as OP-TEE does - issue RPC request. This is done by filling
request buffer (luckily we can reuse the same buffer, that OP-TEE used
to issue original request) and then return to guest with special
return code.

Then we need to handle next call from guest in a special way: as RPC
was issued by Xen, not by OP-TEE, it should be handled by Xen.
Basically, this is the mechanism to preempt OP-TEE mediator.

The same mechanism can be used in the future to preempt mediator
during translation large (>512 pages) shared buffers.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---
 xen/arch/arm/tee/optee.c | 167 +++++++++++++++++++++++++++++++--------
 1 file changed, 136 insertions(+), 31 deletions(-)

diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
index 3ce6e7fa55..4eebc60b62 100644
--- a/xen/arch/arm/tee/optee.c
+++ b/xen/arch/arm/tee/optee.c
@@ -96,6 +96,11 @@
                               OPTEE_SMC_SEC_CAP_UNREGISTERED_SHM | \
                               OPTEE_SMC_SEC_CAP_DYNAMIC_SHM)
 
+enum optee_call_state {
+    OPTEEM_CALL_NORMAL = 0,
+    OPTEEM_CALL_XEN_RPC,
+};
+
 static unsigned int __read_mostly max_optee_threads;
 
 /*
@@ -112,6 +117,9 @@ struct optee_std_call {
     paddr_t guest_arg_ipa;
     int optee_thread_id;
     int rpc_op;
+    /* Saved buffer type for the last buffer allocate request */
+    unsigned int rpc_buffer_type;
+    enum optee_call_state state;
     uint64_t rpc_data_cookie;
     bool in_flight;
     register_t rpc_params[2];
@@ -299,6 +307,7 @@ static struct optee_std_call *allocate_std_call(struct optee_domain *ctx)
 
     call->optee_thread_id = -1;
     call->in_flight = true;
+    call->state = OPTEEM_CALL_NORMAL;
 
     spin_lock(&ctx->lock);
     list_add_tail(&call->list, &ctx->call_list);
@@ -1075,6 +1084,10 @@ static int handle_rpc_return(struct optee_domain *ctx,
             ret = -ERESTART;
         }
 
+        /* Save the buffer type in case we will want to free it */
+        if ( shm_rpc->xen_arg->cmd == OPTEE_RPC_CMD_SHM_ALLOC )
+            call->rpc_buffer_type = shm_rpc->xen_arg->params[0].u.value.a;
+
         unmap_domain_page(shm_rpc->xen_arg);
     }
 
@@ -1239,18 +1252,102 @@ err:
     return;
 }
 
+/*
+ * Prepare RPC request to free shared buffer in the same way, as
+ * OP-TEE does this.
+ *
+ * Return values:
+ *  true  - successfully prepared RPC request
+ *  false - there was an error
+ */
+static bool issue_rpc_cmd_free(struct optee_domain *ctx,
+                               struct cpu_user_regs *regs,
+                               struct optee_std_call *call,
+                               struct shm_rpc *shm_rpc,
+                               uint64_t cookie)
+{
+    register_t r1, r2;
+
+    /* In case if guest will forget to update it with meaningful value */
+    shm_rpc->xen_arg->ret = TEEC_ERROR_GENERIC;
+    shm_rpc->xen_arg->cmd = OPTEE_RPC_CMD_SHM_FREE;
+    shm_rpc->xen_arg->num_params = 1;
+    shm_rpc->xen_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT;
+    shm_rpc->xen_arg->params[0].u.value.a = call->rpc_buffer_type;
+    shm_rpc->xen_arg->params[0].u.value.b = cookie;
+
+    if ( access_guest_memory_by_ipa(current->domain,
+                                    gfn_to_gaddr(shm_rpc->gfn),
+                                    shm_rpc->xen_arg,
+                                    OPTEE_MSG_GET_ARG_SIZE(1),
+                                    true) )
+    {
+        /*
+         * Well, this is quite bad. We have error in error path.
+         * This can happen only if guest behaves badly, so all
+         * we can do is to return error to OP-TEE and leave
+         * guest's memory leaked.
+         */
+        shm_rpc->xen_arg->ret = TEEC_ERROR_GENERIC;
+        shm_rpc->xen_arg->num_params = 0;
+
+        return false;
+    }
+
+    uint64_to_regpair(&r1, &r2, shm_rpc->cookie);
+
+    call->state = OPTEEM_CALL_XEN_RPC;
+    call->rpc_op = OPTEE_SMC_RPC_FUNC_CMD;
+    call->rpc_params[0] = r1;
+    call->rpc_params[1] = r2;
+    call->optee_thread_id = get_user_reg(regs, 3);
+
+    set_user_reg(regs, 0, OPTEE_SMC_RETURN_RPC_CMD);
+    set_user_reg(regs, 1, r1);
+    set_user_reg(regs, 2, r2);
+
+    return true;
+}
+
+/* Handles return from Xen-issued RPC */
+static void handle_xen_rpc_return(struct optee_domain *ctx,
+                                  struct cpu_user_regs *regs,
+                                  struct optee_std_call *call,
+                                  struct shm_rpc *shm_rpc)
+{
+    call->state = OPTEEM_CALL_NORMAL;
+
+    /*
+     * Right now we have only one reason to be there - we asked guest
+     * to free shared buffer and it did it. Now we can tell OP-TEE that
+     * buffer allocation failed.
+     */
+
+    /*
+     * We are not checking return value from a guest because we assume
+     * that OPTEE_RPC_CMD_SHM_FREE newer fails.
+     */
+
+    shm_rpc->xen_arg->ret = TEEC_ERROR_GENERIC;
+    shm_rpc->xen_arg->num_params = 0;
+}
+
 /*
  * This function is called when guest is finished processing RPC
  * request from OP-TEE and wished to resume the interrupted standard
  * call.
+ *
+ * Return values:
+ *  false - there was an error, do not call OP-TEE
+ *  true  - success, proceed as normal
  */
-static void handle_rpc_cmd_alloc(struct optee_domain *ctx,
+static bool handle_rpc_cmd_alloc(struct optee_domain *ctx,
                                  struct cpu_user_regs *regs,
                                  struct optee_std_call *call,
                                  struct shm_rpc *shm_rpc)
 {
     if ( shm_rpc->xen_arg->ret || shm_rpc->xen_arg->num_params != 1 )
-        return;
+        return true;
 
     if ( shm_rpc->xen_arg->params[0].attr != (OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT |
                                               OPTEE_MSG_ATTR_NONCONTIG) )
@@ -1258,7 +1355,7 @@ static void handle_rpc_cmd_alloc(struct optee_domain *ctx,
         gdprintk(XENLOG_WARNING,
                  "Invalid attrs for shared mem buffer: %"PRIx64"\n",
                  shm_rpc->xen_arg->params[0].attr);
-        return;
+        return true;
     }
 
     /* Free pg list for buffer */
@@ -1274,21 +1371,14 @@ static void handle_rpc_cmd_alloc(struct optee_domain *ctx,
     {
         call->rpc_data_cookie = 0;
         /*
-         * Okay, so there was problem with guest's buffer and we need
-         * to tell about this to OP-TEE.
-         */
-        shm_rpc->xen_arg->ret = TEEC_ERROR_GENERIC;
-        shm_rpc->xen_arg->num_params = 0;
-        /*
-         * TODO: With current implementation, OP-TEE will not issue
-         * RPC to free this buffer. Guest and OP-TEE will be out of
-         * sync: guest believes that it provided buffer to OP-TEE,
-         * while OP-TEE thinks of opposite. Ideally, we need to
-         * emulate RPC with OPTEE_MSG_RPC_CMD_SHM_FREE command.
+         * We are unable to translate guest's buffer, so we need tell guest
+         * to free it, before returning error to OP-TEE.
          */
-        gprintk(XENLOG_WARNING,
-                "translate_noncontig() failed, OP-TEE/guest state is out of sync.\n");
+        return !issue_rpc_cmd_free(ctx, regs, call, shm_rpc,
+                                   shm_rpc->xen_arg->params[0].u.tmem.shm_ref);
     }
+
+    return true;
 }
 
 static void handle_rpc_cmd(struct optee_domain *ctx, struct cpu_user_regs *regs,
@@ -1338,22 +1428,37 @@ static void handle_rpc_cmd(struct optee_domain *ctx, struct cpu_user_regs *regs,
         goto out;
     }
 
-    switch (shm_rpc->xen_arg->cmd)
+    if ( call->state == OPTEEM_CALL_NORMAL )
     {
-    case OPTEE_RPC_CMD_GET_TIME:
-    case OPTEE_RPC_CMD_WAIT_QUEUE:
-    case OPTEE_RPC_CMD_SUSPEND:
-        break;
-    case OPTEE_RPC_CMD_SHM_ALLOC:
-        handle_rpc_cmd_alloc(ctx, regs, call, shm_rpc);
-        break;
-    case OPTEE_RPC_CMD_SHM_FREE:
-        free_optee_shm_buf(ctx, shm_rpc->xen_arg->params[0].u.value.b);
-        if ( call->rpc_data_cookie == shm_rpc->xen_arg->params[0].u.value.b )
-            call->rpc_data_cookie = 0;
-        break;
-    default:
-        break;
+        switch (shm_rpc->xen_arg->cmd)
+        {
+        case OPTEE_RPC_CMD_GET_TIME:
+        case OPTEE_RPC_CMD_WAIT_QUEUE:
+        case OPTEE_RPC_CMD_SUSPEND:
+            break;
+        case OPTEE_RPC_CMD_SHM_ALLOC:
+            if ( !handle_rpc_cmd_alloc(ctx, regs, call, shm_rpc) )
+            {
+                /* We failed to translate buffer, report back to guest */
+                unmap_domain_page(shm_rpc->xen_arg);
+                put_std_call(ctx, call);
+
+                return;
+            }
+            break;
+        case OPTEE_RPC_CMD_SHM_FREE:
+            free_optee_shm_buf(ctx, shm_rpc->xen_arg->params[0].u.value.b);
+            if ( call->rpc_data_cookie ==
+                 shm_rpc->xen_arg->params[0].u.value.b )
+                call->rpc_data_cookie = 0;
+            break;
+        default:
+            break;
+        }
+    }
+    else
+    {
+        handle_xen_rpc_return(ctx, regs, call, shm_rpc);
     }
 
 out:

From patchwork Fri Aug 23 18:48:51 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
X-Patchwork-Id: 11112223
Return-Path: <SRS0=xWPo=WT=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9CDA51864
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:25 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 771F921897
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Fri, 23 Aug 2019 18:50:25 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=epam.com header.i=@epam.com header.b="TeR4bJXE"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 771F921897
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=quarantine dis=none) header.from=epam.com
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1i1EcV-0001lx-VD; Fri, 23 Aug 2019 18:49:07 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=gZL1=WT=epam.com=volodymyr_babchuk@srs-us1.protection.inumbo.net>)
 id 1i1EcU-0001lf-A3
 for xen-devel@lists.xenproject.org; Fri, 23 Aug 2019 18:49:06 +0000
X-Inumbo-ID: a741ae0e-c5d6-11e9-adef-12813bfff9fa
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (unknown
 [40.107.14.44]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id a741ae0e-c5d6-11e9-adef-12813bfff9fa;
 Fri, 23 Aug 2019 18:48:53 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ad5fKwy9DG2nwsbGrXpelTmd9x5ALVRKqIB309j716g6n0FsjC4rDqIzH34Vh7WJRLrQ3xf63jrHX2TsT7RIteqEj+Psj4s+0664sgwZ76N8+dNaRoa48idJ0xpwnQfSgCgpF/9qsPUnXQAMgFUquNgrPuOVf1VJKKqrkQ3FwYsSWfoqsGeOz6sx65hg/b9BpviklkaDPypew5ilEViKa0xmU7+UdBFrSf5Zbo8hDIcaJKb0DzkA97DzH9QDsM4UqOpdNrIewzjE+l93n6GFXI3cXTdvWvnvcKONlQnT94tpGWtw+Knr0FLf1pcslNXLqjkuNx7g148ZVkZ/lMJNCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=MKNlUydcpEIc21n2004Y8GBYZPuUKMCqVcPOcbw9S2U=;
 b=T/Rkr9huJUvBJuxLTFnA6daCtD4iq4cHg7YsrncCcqGn6IJu3zu+8zdK2ydt9D4EIS+VaXExsP8n5vk6IS7dMsPa5KivR0UioP8Oj1iAD2LlyezJWYEkHhTtSInNrOKRoWc3ey/SZcvgkmT3bb0JRa4N1RdUp+rOBjlBTw4mNL5wHWRlYxbI/bTVIL+5Z9DoxyGPpXQBQnPin2DHSiOOutB7vy+MCyUGzRvduCgv9H0iBbtATLJV+9uD17pnO6uiaGfYY+crViMssZAT2V2tMUWvbZZHVQy4QnHhApWhUFWaQb8kYCbapgoemLuquKvBHM6Gba13/mAEbWM2iPVmGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com;
 dkim=pass header.d=epam.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=MKNlUydcpEIc21n2004Y8GBYZPuUKMCqVcPOcbw9S2U=;
 b=TeR4bJXEX8b9Dy8IGAMwfNFlxCqjA0hcFMa1Of1fl0SPOEIqa61rzo2ORT5LmjQyi0V6/o8NKK1TdxOdy1lJxy3ZJgXid4+2McGUpqAkMdY5sVjN0i2tL5AotT5L+cRZGPsP8Q3JJYO2doHfTDd8ARInylrKl5ms/vYKr245MuFCXhfhxlEcfsH6H3iqEaun8Jk6Atche1qvtQXRJ7Os3d1CcHMg6WrWmf1FyvMA4IvAjjW45i588uySytWLH/9/U9Qh1Ipu6sRTvr6cdkx8arrGMrSCgdXmRQeEOrbcpx1yT/mypTIkBYNoHhhxPDHJGJuuK8dlmJIUyscFiB3HTQ==
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com (20.177.40.10) by
 AM0PR03MB4690.eurprd03.prod.outlook.com (20.177.41.22) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2178.18; Fri, 23 Aug 2019 18:48:51 +0000
Received: from AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a]) by AM0PR03MB4148.eurprd03.prod.outlook.com
 ([fe80::71e3:834d:5708:5a0a%5]) with mapi id 15.20.2199.015; Fri, 23 Aug 2019
 18:48:51 +0000
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Thread-Topic: [PATCH 5/5] xen/arm: optee: remove experimental status
Thread-Index: AQHVWeNoGYDEXCwUxUmqcOQgXXsTCA==
Date: Fri, 23 Aug 2019 18:48:51 +0000
Message-ID: <20190823184826.14525-6-volodymyr_babchuk@epam.com>
References: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
In-Reply-To: <20190823184826.14525-1-volodymyr_babchuk@epam.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Volodymyr_Babchuk@epam.com;
x-originating-ip: [85.223.209.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8f6acd41-71b4-41b4-c8f1-08d727fa8aa4
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020);
 SRVR:AM0PR03MB4690;
x-ms-traffictypediagnostic: AM0PR03MB4690:|AM0PR03MB4690:
x-ms-exchange-transport-forked: True
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: 
 <AM0PR03MB46901545CA4D6E04F6D6F461E6A40@AM0PR03MB4690.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2331;
x-forefront-prvs: 0138CD935C
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(346002)(136003)(376002)(39860400002)(366004)(396003)(189003)(199004)(6436002)(305945005)(25786009)(76176011)(81166006)(71190400001)(478600001)(7736002)(81156014)(966005)(5660300002)(8676002)(71200400001)(4326008)(186003)(6506007)(99286004)(2351001)(6486002)(1076003)(2501003)(26005)(2906002)(6916009)(66446008)(55236004)(66946007)(91956017)(14454004)(76116006)(66476007)(66556008)(36756003)(64756008)(6116002)(6512007)(446003)(11346002)(107886003)(3846002)(476003)(6306002)(2616005)(316002)(54906003)(86362001)(80792005)(102836004)(5640700003)(8936002)(66066001)(14444005)(486006)(256004)(53936002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR03MB4690;
 H:AM0PR03MB4148.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: epam.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 QTjXemp9Q3t2vUWYnD57tUU9tEgfJnFvCUkIEgOUpNXvBmIKjTMb2/XWKMMeKgakR8X84SMaNhYL+k6awm9/ozBNsqE82vxWoClgdHWzd6ecsU2/THIoxBxBRkaPahUMIjEzrfDdhz4cWHa/yLyxxO6RKcnZwk202R+fcFcB9UpzgmUK0yXPqzARcEV/4s2tI2Qfc8JORMF23HIDdXCitoADTPlhr+GtsLyLwquG6X8zvv3jTDYM58/4ElPv15lXhT5cPHStS9tDKilASmCcYyoP/4mvbnhS28U/6KIg3D2nRUpcLQhJKFb3MxOK+NNRQfXwFQmJA/yDqVd9erfH912U2/qDsoRtzxWf4ZclKsfk2pXoXcOc4E5toOHxYX/iGJajn8nP0z3iwDvLBBnas+SMnMXY3Rzh9I7Ma8VL3hM=
MIME-Version: 1.0
X-OriginatorOrg: epam.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 8f6acd41-71b4-41b4-c8f1-08d727fa8aa4
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2019 18:48:51.6697 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 U7KOIc+E10xH5/9iS1skpVY5PpfiqG+tBYQ87JXh959BpPAUJFaDQYvO8nVk92tkRiI7kzNKrQt7YvOY95DIk+LUAUIubqPIgNTzy22Pu68=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB4690
Subject: [Xen-devel] [PATCH 5/5] xen/arm: optee: remove experimental status
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: "tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
 Julien Grall <julien.grall@arm.com>,
 Stefano Stabellini <sstabellini@kernel.org>,
 Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

As all TODOs and potential security issues are resolved now,
remove experimental status from OP-TEE mediator.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---

Note for maintainer: obviously this patch should be committed
only if all other patches in this series are committed as well
---
 xen/arch/arm/Kconfig     | 2 +-
 xen/arch/arm/tee/Kconfig | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index c2db2a6953..9b35783f68 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -107,7 +107,7 @@ config HARDEN_BRANCH_PREDICTOR
 	  If unsure, say Y.
 
 config TEE
-	bool "Enable TEE mediators support" if EXPERT = "y"
+	bool "Enable TEE mediators support"
 	default n
 	help
 	  This option enables generic TEE mediators support. It allows guests
diff --git a/xen/arch/arm/tee/Kconfig b/xen/arch/arm/tee/Kconfig
index b4b6aa2610..0b463ba368 100644
--- a/xen/arch/arm/tee/Kconfig
+++ b/xen/arch/arm/tee/Kconfig
@@ -3,7 +3,7 @@ config OPTEE
 	default n
 	depends on TEE
 	help
-	  Enable experimental OP-TEE mediator. It allows guests to access
+	  Enable OP-TEE mediator. It allows guests to access
 	  OP-TEE running on your platform. This requires virtualization-enabled
 	  OP-TEE present. You can learn more about virtualization for OP-TEE
 	  at https://optee.readthedocs.io/architecture/virtualization.html