From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752027AbdI2KvQ (ORCPT ); Fri, 29 Sep 2017 06:51:16 -0400 Received: from mail-ve1eur01on0057.outbound.protection.outlook.com ([104.47.1.57]:4832 "EHLO EUR01-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751830AbdI2KvO (ORCPT ); Fri, 29 Sep 2017 06:51:14 -0400 Subject: Re: [PATCH v1 00/14] tee: optee: add dynamic shared memory support To: Mark Rutland Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, tee-dev@lists.linaro.org, Jens Wiklander , Volodymyr Babchuk References: <1506621851-6929-1-git-send-email-volodymyr_babchuk@epam.com> <20170929103149.GB5781@leverpostej> From: Volodymyr Babchuk Message-ID: <02a5066a-b35a-1300-7c92-217f62efe3a2@epam.com> Date: Fri, 29 Sep 2017 13:51:05 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <20170929103149.GB5781@leverpostej> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [85.223.209.59] X-ClientProxiedBy: HE1PR0401CA0061.eurprd04.prod.outlook.com (2603:10a6:3:19::29) To DB6PR0301MB2133.eurprd03.prod.outlook.com (2603:10a6:4:46::15) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 56155695-4a12-4b4b-4ab1-08d50727ff7c X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(2017030254152)(2017052603199)(201703131423075)(201703031133081)(201702281549075);SRVR:DB6PR0301MB2133; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0301MB2133;3:BG9xuipnBTyHmsp/dMxEJpSkEGbnuJu5GCVJLakYmVH2DiJu+qrj4sTi2cjiEaKcNg/B7fo602StE8wo1wtliOFIPmQ9BJrQPc6UwuJl6gMBKTpTAXd0U+oN5NtJrBUs/P519OWk2sKBnHxvbA/DCGL7d7pv/SXShoSlxrDRElKW+DYYp6dazrYOFGi/fqpI+AIhtJDaGcKqaDNTOnoEf0/M8Qno+vm1Pl+NcZq9ANm8jJsqK1OWCf6DhT7d/MVe;25:w1Y3DagwsJSG+3qqjoeWo3LMrma7iaZmSI3LvC7DNo+QMxqGHwikX87wCFaDMuY7vLKbYnvTp56wFmEKf4JVLw2TFaGUN2Ca9QB5Wr0oxeHj0xz+m2P9NEE6ToQPd7deGBpB57tx2xfI+KBmgg0QAOlsH2A0fnOUhbX8k5YQLgPDChD2SLKwMaJz2m/ebwA/Vdf+n3iAI2xt/AXav4oLYtTM0BcOQFrDPcIDN/zpVR1XaRbvAHkX88sejg41jKjWWHnxX9jpzw+YvFP6FKKvuA0Kq1uoK/t8yp0wQHaqwFjK+UYDdW+/4kzx9NBV9GISAe6ABZkAGpKLRDiOYpjreA==;31:A7DjwtnTbUh6QvX+qGd1aEy+sqW24KgBTzhUNu6yWxqb12OwWt0Aihm0cjwjrvBobagdxsq6H8B2jOQwFVsDxmmZPu6LyRhag0A702ds/Sfzr9RNfjLRKl/f7eMN6fy6dYN6Bix5Hzmu6yoZNFFBuSCBWy1k3ffZVE5YC+JNUE4qiNwrLtqDcFAiLpXmh6Gwyfq+neV6xYXX0VX1bHyc9UzqKLJC/+ql46xvC+tzbD4= X-MS-TrafficTypeDiagnostic: DB6PR0301MB2133: X-Microsoft-Exchange-Diagnostics: 1;DB6PR0301MB2133;20:TkD1e6YEsC/DUKHmNWKa3D75t/IWNhoLHqwc4YG8LvKzOOGYq0mZ6k5Cp//ZQ07lqzMoEXU+PJc/yClio48L/2m9kVTdUVY1mxSCTshz+iJsuxj24ZPmNmknUJHtffQD8G6Niu9ZjHmyPgv4N9BZ/N5KKBYbVbIPbA+iY/3x1l924fS+qP9xcdfufqNraVaPKtQYz45rV7xFRCe7GImset6DWOb6afNdoGz+xlMyhE45seuucsjaWN396omtoj/iVGpMEAFNYdD7bIO+VlSY3uH/OmiAksE5fvJAZ4HwV5PUecgefXGvKcdkKZ0u1HPFxRQjhfQ6I7rK7m59Q5DjKp9Fdtx00uoLplHal9NlNA/jwjDFy/XwJx3dZZBskfBIhzZ0m0KUyhgvZr5PcbRtBw0KE41rt0IzFtp1LyWfwoeqDJFi0U7WOATxzduAVcXqWBa1VKbtRynPLcYCn2FjCD4rZOTMmqL53Fje9ebvMFgzDrHd4I9SCNrRA8g31hij;4:4vn5mC5ZLseQTDg2m6qt3j5IDvyb/ikUcubDUlKs1j1cjS66tKqfsn6TCIrHO8HMYacL3C9XEDmqTrEFtVdHLi2d6tp7L9crXpWf/qGW61I0v9EHbpJmQp9X1SFc8dVYaNHqvgcb3/dQzWU5IrhSUKhrTd8faVyDYlHYBpnWSv/SAXCdVssPn/+lRh4aUUhsHyQqRTRLbeugJLuNZQ25fPYJR8O+RooRAcgFamDdh+YHiibb6udzoFrbPpT5uYiRqlApAVVI8o8LQXVMrmq9Zncw1yacw8dCkeVBK6+V1ABW4CfdbvgWpEss2Loe/BJg0mEgWlwAzQhhtSeb0jUalg== X-Exchange-Antispam-Report-Test: UriScan:(278428928389397)(166708455590820); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123555025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DB6PR0301MB2133;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DB6PR0301MB2133; X-Forefront-PRVS: 0445A82F82 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(6049001)(376002)(346002)(189002)(24454002)(199003)(2906002)(53936002)(6246003)(50986999)(81156014)(81166006)(68736007)(8676002)(4326008)(25786009)(6116002)(64126003)(7736002)(58126008)(39060400002)(31686004)(5660300001)(53546010)(65826007)(76176999)(54356999)(3846002)(101416001)(97736004)(305945005)(23676002)(966005)(72206003)(106356001)(6486002)(54906003)(478600001)(31696002)(189998001)(33646002)(8936002)(77096006)(80792005)(6666003)(86362001)(6306002)(36756003)(65806001)(83506001)(2950100002)(47776003)(230700001)(6916009)(1720100001)(66066001)(105586002)(65956001)(16576012)(229853002)(316002)(50466002);DIR:OUT;SFP:1101;SCL:1;SRVR:DB6PR0301MB2133;H:[10.17.182.79];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@epam.com; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjZQUjAzMDFNQjIxMzM7MjM6RVhXTy9KNnI1d2hucE56dkFOR05XclZV?= =?utf-8?B?blYxaWYwdUszVldJVGtSckxKWlZEVjdsY09YbTRjbURoS2RPMHlTOHRDcVE1?= =?utf-8?B?NngwWmFqU2Z6eFBQVUxpN3NOK1g1aUNGOGlzQVEyWUVTZlpBTjdTZUNsd2RC?= =?utf-8?B?MmhzREczMm1YOW5sVzhXVUZTdUZNWkdrd0syN0lqK2V4UDRSVWVFdW90Q0RB?= =?utf-8?B?ZEVLTzdTZWJTMlBSN0FiRGZZMS9mbGJ5Z1Y4OGtrbzRITkZYS2tFcVFPbVJS?= =?utf-8?B?Nk5DWWZMN2c1djErREF0Q0I1WFY2aC91SEtOYkxqQkhxd0ZXU3o2cUk3ZnFP?= =?utf-8?B?ejduY1ZXS29xd01KemozRnNFTkJ2YjNqMXNnZkNxL1daTWVZbHFQQ2QxVUZv?= =?utf-8?B?OUhmc1R6RTNBanZGWHVHeHI4NEpRS3JXOVZYWThoUzRURGZyQkp2aDk3YVVS?= =?utf-8?B?clpINmR5WTN3M2ZsT2d0Szd2cGk3Y2lOVkhheE5pTWhBY3dwNXJqVVhJWG9o?= =?utf-8?B?ZXlXTlhYYStHMEdBdkNEajJKTERxcGUreUtvK0tMWFprWkhyZXVtVTVsYi9W?= =?utf-8?B?OWQ2OXFDcHlIR09UYk1OTVVudzhJd0pXanpCVVJIdmJmeUFPbkxEZ2N6VWlN?= =?utf-8?B?U3NacW8xT0V2eEFYQUhGUWExcTZkMTg2NTVHOWRFT2Q5dXdNaFAzaEtWUVV5?= =?utf-8?B?Nnc4VGh3YUV1RU9UdllwdkpaczFPcy9zSlUyK0tCVzByRTJyWUZnYjA1Ylls?= =?utf-8?B?MExPREJLcTBQaGlhd3RpcW0yQ3RCSDZhMnFldHFUeWdqTnFSUDVTV1VLRzlR?= =?utf-8?B?R25ibjY3WDVSWE1RZmg2VVdSdnZJaHliS0ZVcTdZTEh4aDIxUXdQelQzaWs0?= =?utf-8?B?MU9vY2w4SXVvVzYrQWFZcXI4RFc0V1cxdzY0MHF4NFdEL2dTYkFLQ3hoSDBI?= =?utf-8?B?OVhEdXptVG5jYjB1cEtIaGYrMUNHSTVoOTRKRFNocTlOemdtMUNwNXJCK2Ey?= =?utf-8?B?S3lZckxqVjNwVXFjS2FZdFZ2Z1ZHOFp5bHBSeFU0SE9oNjNVNnkwVE9sNFRT?= =?utf-8?B?d1ozVlJwUEtpb3hDRTBOS09KQ3dScjdVNGFscWs2Nzl1VURGUUs3ZHlNMDc0?= =?utf-8?B?VHhEaGhYdFcwRDJ1YnFwR1ZRNmpzNzhwVEJWOE1QcEJ3dmtWSmw3R0dFeDRX?= =?utf-8?B?ZnBtclVkK1FPUE5HVkgzK3kyeG8vdk9EbDF2MWVoVXR1OUJlUG8wR3I5akhY?= =?utf-8?B?OXphVEVwLzFlSHpveUhlWjNYdUFKZDJFdHMyRTFJWTZHS3BxWEJUWlVEQmpP?= =?utf-8?B?ZHJ6YW5kL0ZrSCt6M2RaVktBOVdnZHY1SW1tbGovdE5tbHBEeVgvejBOWkR2?= =?utf-8?B?aDA5OURBMjRmTm91cTRqZU80VXRPbUNtb2NQYkV6cXdaTnViQzE0V0NJTEl5?= =?utf-8?B?REEyNnBxbU9wTm1Wc0NIU1RkWWVDTWRiT2ZpcjZPV2V6Vk1ZNjhOeTlwWWlr?= =?utf-8?B?ZE81SWxIZVZPZWFZVG5KMm1MS0xzaHZvNFpFdVlHTkhPWER0clBZak5ON1B3?= =?utf-8?B?WXdCYXdhTEFvTk5jVENWYm5EdnllWWVpajNDOHdiL01Od0FudUk0bHA0RmFH?= =?utf-8?B?WFJIbEVFVlhCTG1zQk14UEVKUXBvbFBUdTlLVzNDaWFIWlhXK3RqbHpqd0J0?= =?utf-8?B?MlU0OWpMaldmR050ZnZkTkp3eHdwYzE0WklyRFFiRlVyc0RIZ2ZQSmo0M1Jr?= =?utf-8?B?U3Jqc21QZEE1V3hKMWppNit1dFpWekF5eThjUytIKzRJSis5WFdyOWJuczRh?= =?utf-8?B?eitkZ3N4ZGhjdzJlY1pwY2tXT09haUljQzhMcm0xTURHUG8yN1JVVVREZzc3?= =?utf-8?B?MmpNeVVRZDNUMXg5YVNyWlBlQ2FQTTUza0NZalJBK3licUk5eVJROVJuUnMw?= =?utf-8?Q?RdpqkqLx5p/7mWz4OjI1G/WiV1akeQOE=3D?= X-Microsoft-Exchange-Diagnostics: 1;DB6PR0301MB2133;6:pA2Qknrs5D8Age0ocMo51om/kfQ44/tyc0qAizIbtRSFBzFYmC367MczNTuhQ/5pmc8QBQLMf6aa9YljVoFlNKGsEmW/ATvDD3ivJkkv8CTsSeJ6/ScPIg1VoQSvIErlnTie1YiHqnfKqHJlNVxes8ZUgfHF6/PVV/5ky8UY+Ls7g1RiE8HkX7xizva0QjBEz2uhKxOWFpYVlI+gYhYpsJhwq0ZLzEyXaDCHkLWxI8sYoRaxkya/lvZOXhY/y53U2vi94+86xHJw9ccQ4glkKh/nFYr1+OmRp6ZyaT9kS74igV14wbysT7R50mzr8nAKZ5GhaBuplCGrWRy0Sa7FZA==;5:e5qTy3Iv9HAAdmvJSy4BerdPsSzch6gF8h68sdbPc5j5iuMusObAtZOLEHb1JNMbagGVsiewoHnZjwc/Q1Umh1wJa0ptN/+3RvNrnTG41hdi4QECMEFEzcB/EYNUoioDe8r+e0PH/L60TcZkaio1oivFoQhK9CHo3GbtkdLNsas=;24:fhygzy8Z26yvmkLfFap/VmCiSIEOT83AKUjxgRKewhTUBT3BIkaegz4ZltqCsuuUhk84RGR2vkRB1Qd/P+BgpFNvZP5YZjngeDNK9zPcVfQ=;7:SvPSMjHTwqgK/N+1sXdbst90vkuv98EGQ4b+wFknLa31CtjDL/ZxCleU5N7/nQIGkBJ9D9oPVz6vSMhLoy0X/tQYDQqYfX61FXe1Be02baf3KWZYnvsNY/L4fTlDtberCytsqEq+Y3NSOmHAQzspS8gIE8L5xmVRujhO5hzNWdYDgB7krZmUe19/wECwzXnUQSnYPoVZxm1jD1E/FKu5OpjC+JOmQVYXKbba8IOi7ro= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2017 10:51:10.5341 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0301MB2133 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Mark, On 29.09.17 13:31, Mark Rutland wrote: > Hi, > > On Thu, Sep 28, 2017 at 09:03:57PM +0300, Volodymyr Babchuk wrote: >> From: Volodymyr Babchuk >> >> This patch series enables dynamic shared memory support in the TEE >> subsystem as a whole and in OP-TEE in particular. >> >> Global Platform TEE specification [1] allows client applications >> to register part of own memory as a shared buffer between >> application and TEE. This allows fast zero-copy communication between >> TEE and REE. But current implementation of TEE in Linux does not support >> this feature. >> >> Also, current implementation of OP-TEE transport uses fixed size >> pre-shared buffer for all communications with OP-TEE OS. This is okay >> in the most use cases. But this prevents use of OP-TEE in virtualized >> environments, because: >> a) We can't share the same buffer between different virtual machines >> b) Physically contiguous memory as seen by VM can be non-contiguous >> in reality (and as seen by OP-TEE OS) due to second stage of >> MMU translation. >> c) Size of this pre-shared buffer is limited. > > I'm afraid that I don't follow the arguments for virtualized OP-TEE > usage. Yes, this is short summary. This is patches for Linux kernel, so I thought it is okay to mention only linux part. > In a virtualised environment, TEE access *must* be mediated via the > hypervisor, which can virtualise the interface, pin pages, etc. Absolutely right. I had many discussions with XEN community on this topic there: [2] Also I had discussions with OP-TEE guys there: [3] > Could you elaborate on how you expect TEE access to work in a > virtualised environment? Hypervisor will trap all SMCs. SMCs that belong to TEE OS and TEE apps will be handled by corresponding TEE mediator in a hypervsior. TEE mediator will: 1) check if this guest/domain have right to work with TEE at all. 2) Mangle pointers in command buffer (translate IPA to PA) 3) Add VMID to request 3) Forward mangled request to TEE 4) Mangle pointers in response buffer (if any) 5) Return response back to guest. Besides this, TEE mediator will inform TEE about guest creation and destruction, so TEE can track opened sessions, shared buffers and such. [2] http://xen.markmail.org/thread/6pwpa2j6sbqkxgge [3] https://github.com/OP-TEE/optee_os/issues/1019 From mboxrd@z Thu Jan 1 00:00:00 1970 From: volodymyr_babchuk@epam.com (Volodymyr Babchuk) Date: Fri, 29 Sep 2017 13:51:05 +0300 Subject: [PATCH v1 00/14] tee: optee: add dynamic shared memory support In-Reply-To: <20170929103149.GB5781@leverpostej> References: <1506621851-6929-1-git-send-email-volodymyr_babchuk@epam.com> <20170929103149.GB5781@leverpostej> Message-ID: <02a5066a-b35a-1300-7c92-217f62efe3a2@epam.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org Hello Mark, On 29.09.17 13:31, Mark Rutland wrote: > Hi, > > On Thu, Sep 28, 2017 at 09:03:57PM +0300, Volodymyr Babchuk wrote: >> From: Volodymyr Babchuk >> >> This patch series enables dynamic shared memory support in the TEE >> subsystem as a whole and in OP-TEE in particular. >> >> Global Platform TEE specification [1] allows client applications >> to register part of own memory as a shared buffer between >> application and TEE. This allows fast zero-copy communication between >> TEE and REE. But current implementation of TEE in Linux does not support >> this feature. >> >> Also, current implementation of OP-TEE transport uses fixed size >> pre-shared buffer for all communications with OP-TEE OS. This is okay >> in the most use cases. But this prevents use of OP-TEE in virtualized >> environments, because: >> a) We can't share the same buffer between different virtual machines >> b) Physically contiguous memory as seen by VM can be non-contiguous >> in reality (and as seen by OP-TEE OS) due to second stage of >> MMU translation. >> c) Size of this pre-shared buffer is limited. > > I'm afraid that I don't follow the arguments for virtualized OP-TEE > usage. Yes, this is short summary. This is patches for Linux kernel, so I thought it is okay to mention only linux part. > In a virtualised environment, TEE access *must* be mediated via the > hypervisor, which can virtualise the interface, pin pages, etc. Absolutely right. I had many discussions with XEN community on this topic there: [2] Also I had discussions with OP-TEE guys there: [3] > Could you elaborate on how you expect TEE access to work in a > virtualised environment? Hypervisor will trap all SMCs. SMCs that belong to TEE OS and TEE apps will be handled by corresponding TEE mediator in a hypervsior. TEE mediator will: 1) check if this guest/domain have right to work with TEE at all. 2) Mangle pointers in command buffer (translate IPA to PA) 3) Add VMID to request 3) Forward mangled request to TEE 4) Mangle pointers in response buffer (if any) 5) Return response back to guest. Besides this, TEE mediator will inform TEE about guest creation and destruction, so TEE can track opened sessions, shared buffers and such. [2] http://xen.markmail.org/thread/6pwpa2j6sbqkxgge [3] https://github.com/OP-TEE/optee_os/issues/1019