From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: Stefano Stabellini <sstabellini@kernel.org>
Cc: Oleksandr Tyshchenko <olekstysh@gmail.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Oleksandr Tyshchenko <Oleksandr_Tyshchenko@epam.com>,
Julien Grall <julien@xen.org>, Julien Grall <jgrall@amazon.com>
Subject: Re: [PATCH] xen/arm: optee: Allocate anonymous domheap pages
Date: Thu, 23 Sep 2021 20:57:45 +0000 [thread overview]
Message-ID: <87bl4jrovq.fsf@epam.com> (raw)
In-Reply-To: <alpine.DEB.2.21.2109231308200.17979@sstabellini-ThinkPad-T480s>
Hi Stefano,
Stefano Stabellini <sstabellini@kernel.org> writes:
> On Mon, 6 Sep 2021, Oleksandr Tyshchenko wrote:
>> From: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
>>
>> Allocate anonymous domheap pages as there is no strict need to
>> account them to a particular domain.
>>
>> Since XSA-383 "xen/arm: Restrict the amount of memory that dom0less
>> domU and dom0 can allocate" the dom0 cannot allocate memory outside
>> of the pre-allocated region. This means if we try to allocate
>> non-anonymous page to be accounted to dom0 we will get an
>> over-allocation issue when assigning that page to the domain.
>> The anonymous page, in turn, is not assigned to any domain.
>>
>> CC: Julien Grall <jgrall@amazon.com>
>> Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
>> Acked-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
>
> Only one question, which is more architectural: given that these pages
> are "unlimited", could the guest exploit the interface somehow to force
> Xen to allocate an very high number of anonymous pages?
>
> E.g. could a domain call OPTEE_SMC_RPC_FUNC_ALLOC in a loop to force Xen
> to exaust all memory pages?
Generally, OP-TEE mediator tracks all resources allocated and imposes
limits on them.
OPTEE_SMC_RPC_FUNC_ALLOC case is a bit different, because it is issued
not by domain, but by OP-TEE itself. As OP-TEE is more trusted piece of
system we allow it to request as many buffers as it wants. Also, we know
that OP-TEE asks only for one such buffer per every standard call. And
number of simultaneous calls is limited by number of OP-TEE threads,
which is quite low: typically only two.
--
Volodymyr Babchuk at EPAM
next prev parent reply other threads:[~2021-09-23 20:58 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-06 13:42 [PATCH] xen/arm: optee: Allocate anonymous domheap pages Oleksandr Tyshchenko
2021-09-23 14:36 ` Oleksandr
2021-09-23 14:51 ` Bertrand Marquis
2021-09-23 20:08 ` Stefano Stabellini
2021-09-23 20:57 ` Volodymyr Babchuk [this message]
2021-10-06 13:23 ` [PING] " Oleksandr
2021-10-06 23:53 ` Stefano Stabellini
2021-10-07 17:57 ` Volodymyr Babchuk
2021-10-07 21:14 ` Stefano Stabellini
2021-10-07 23:00 ` Volodymyr Babchuk
2021-10-07 23:40 ` Stefano Stabellini
2021-10-08 7:30 ` Julien Grall
2021-10-08 21:49 ` Stefano Stabellini
2021-10-14 15:14 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bl4jrovq.fsf@epam.com \
--to=volodymyr_babchuk@epam.com \
--cc=Oleksandr_Tyshchenko@epam.com \
--cc=jgrall@amazon.com \
--cc=julien@xen.org \
--cc=olekstysh@gmail.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.