From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: Julien Grall <julien.grall@arm.com>
Cc: "tee-dev@lists.linaro.org" <tee-dev@lists.linaro.org>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Stefano Stabellini <sstabellini@kernel.org>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: Re: [Xen-devel] [PATCH 2/5] xen/arm: optee: check for preemption while freeing shared buffers
Date: Wed, 11 Sep 2019 18:53:14 +0000 [thread overview]
Message-ID: <87impyfyw6.fsf@epam.com> (raw)
In-Reply-To: <d72ca72d-81b7-f74d-86fd-24cc54bb4102@arm.com>
Julien Grall writes:
> Hi Volodymyr,
>
> On 8/23/19 7:48 PM, Volodymyr Babchuk wrote:
>> Now we have limit for one shared buffer size, so we can be sure that
>> one call to free_optee_shm_buf() will not free all
>> MAX_TOTAL_SMH_BUF_PG pages at once. Thus, we now can check for
>> hypercall_preempt_check() in the loop inside
>> optee_relinquish_resources() and this will ensure that we are not
>> missing preemption.
>
> I am not sure to understand the correlation between the two
> sentences. Even if previously the guest could pin up to
> MAX_TOTAL_SHM_BUF_PG in one call, a well-behaved guest would result to
> do multiple calls and therefore preemption would have been useful.
Looks like now I don't understand you.
I'm talking about shared buffers. We have limited shared buffer to some
reasonable size. There is bad- or well-behaving guests in this context,
because guest can't share one big buffer in multiple calls. In other
worlds, if guest *needs* to share 512MB buffer with OP-TEE, it will be
forced to do this in one call. But we are forbidding big buffers right
now.
optee_relinquish_resources() is called during domain destruction. At
this time we can have a number of still living shared buffers, each of
one is no bigger than 512 pages. Thanks to this, we can call
hypercall_preempt_check() only in optee_relinquish_resources(), but not
in free_optee_shm_buf().
If we will allow guest to register bigger buffer, than we will be forced
to check for preemption in free_optee_shm_buf() as well.
This is what I meant in the commit message.
> So I think the commit message needs some rewording.
Probably yes...
>>
>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
>> ---
>> xen/arch/arm/tee/optee.c | 10 +++++-----
>> 1 file changed, 5 insertions(+), 5 deletions(-)
>>
>> diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
>> index f4fa8a7758..a84ffa3089 100644
>> --- a/xen/arch/arm/tee/optee.c
>> +++ b/xen/arch/arm/tee/optee.c
>> @@ -634,14 +634,14 @@ static int optee_relinquish_resources(struct domain *d)
>> if ( hypercall_preempt_check() )
>> return -ERESTART;
>> - /*
>> - * TODO: Guest can pin up to MAX_TOTAL_SMH_BUF_PG pages and all of
>> - * them will be put in this loop. It is worth considering to
>> - * check for preemption inside the loop.
>> - */
>> list_for_each_entry_safe( optee_shm_buf, optee_shm_buf_tmp,
>> &ctx->optee_shm_buf_list, list )
>> + {
>> + if ( hypercall_preempt_check() )
>
> So on the first iteration, you will check twice preemption (one before
> the loop and just entering). hypercall_preempt_check(). The function
> is not entirely free on Arm because of the implementation of
> vgic_vcpu_pending_irq(). So preventing pointless call would be nice.
>
> In this case, the hypercall_preempt_check() before the loop could be
> dropped.
Yes, you are right.
>
>> + return -ERESTART;
>> +
>> free_optee_shm_buf(ctx, optee_shm_buf->cookie);
>> + }
>> if ( hypercall_preempt_check() )
>> return -ERESTART;
>>
>
> Cheers,
--
Volodymyr Babchuk at EPAM
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-09-11 18:53 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-23 18:48 [Xen-devel] [PATCH 0/5] arch/arm: optee: fix TODOs and remove "experimental" status Volodymyr Babchuk
2019-08-23 18:48 ` [Xen-devel] [PATCH 1/5] xen/arm: optee: impose limit on shared buffer size Volodymyr Babchuk
2019-09-09 22:11 ` Julien Grall
2019-09-11 18:48 ` Volodymyr Babchuk
2019-09-12 19:32 ` Julien Grall
2019-09-12 19:45 ` Volodymyr Babchuk
2019-09-12 19:51 ` Julien Grall
2019-09-16 15:26 ` Volodymyr Babchuk
2019-09-17 10:49 ` Julien Grall
2019-09-17 12:28 ` Volodymyr Babchuk
2019-09-17 18:46 ` Julien Grall
2019-08-23 18:48 ` [Xen-devel] [PATCH 2/5] xen/arm: optee: check for preemption while freeing shared buffers Volodymyr Babchuk
2019-09-09 22:19 ` Julien Grall
2019-09-11 18:53 ` Volodymyr Babchuk [this message]
2019-09-12 19:39 ` Julien Grall
2019-09-12 19:47 ` Volodymyr Babchuk
2019-08-23 18:48 ` [Xen-devel] [PATCH 3/5] xen/arm: optee: limit number of " Volodymyr Babchuk
2019-08-23 18:48 ` [Xen-devel] [PATCH 4/5] xen/arm: optee: handle share buffer translation error Volodymyr Babchuk
2019-09-10 11:17 ` Julien Grall
2019-09-11 18:32 ` Volodymyr Babchuk
2019-09-12 18:55 ` Julien Grall
2019-08-23 18:48 ` [Xen-devel] [PATCH 5/5] xen/arm: optee: remove experimental status Volodymyr Babchuk
2019-08-23 19:05 ` Julien Grall
2019-08-23 19:20 ` Volodymyr Babchuk
2019-09-09 21:31 ` Julien Grall
2019-09-11 18:41 ` Volodymyr Babchuk
2019-09-12 19:00 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87impyfyw6.fsf@epam.com \
--to=volodymyr_babchuk@epam.com \
--cc=julien.grall@arm.com \
--cc=sstabellini@kernel.org \
--cc=tee-dev@lists.linaro.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).