From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: Jens Wiklander <jens.wiklander@linaro.org>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Stefano Stabellini <sstabellini@kernel.org>,
Julien Grall <julien@xen.org>
Subject: Re: [PATCH] optee: immediately free RPC buffers that are released by OP-TEE
Date: Wed, 4 May 2022 19:59:22 +0000 [thread overview]
Message-ID: <8735hpm5ly.fsf@epam.com> (raw)
In-Reply-To: <287f81d7cec66b5ef1f8f3f61679b9593e2b81d4.1651643156.git.jens.wiklander@linaro.org>
Hello Jens,
Jens Wiklander <jens.wiklander@linaro.org> writes:
> This commit fixes a case overlooked in [1].
>
> There are two kinds of shared memory buffers used by OP-TEE:
> 1. Normal payload buffer
> 2. Internal command structure buffers
>
> The internal command structure buffers are represented with a shadow
> copy internally in Xen since this buffer can contain physical addresses
> that may need to be translated between real physical address and guest
> physical address without leaking information to the guest.
>
> [1] fixes the problem when releasing the normal payload buffers. The
> internal command structure buffers must be released in the same way.
> Failure to follow this order opens a window where the guest has freed
> the shared memory but Xen is still tracking the buffer.
>
> During this window the guest may happen to recycle this particular
> shared memory in some other thread and try to use it. Xen will block
> this which will lead to spurious failures to register a new shared
> memory block.
>
> Fix this by freeing the internal command structure buffers first before
> informing the guest that the buffer can be freed.
>
> [1] 5b13eb1d978e ("optee: immediately free buffers that are released by OP-TEE")
>
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Thank you for the fix:
Reviewed-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
--
Volodymyr Babchuk at EPAM
next prev parent reply other threads:[~2022-05-04 20:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-04 5:49 [PATCH] optee: immediately free RPC buffers that are released by OP-TEE Jens Wiklander
2022-05-04 19:59 ` Volodymyr Babchuk [this message]
2022-05-04 21:40 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8735hpm5ly.fsf@epam.com \
--to=volodymyr_babchuk@epam.com \
--cc=jens.wiklander@linaro.org \
--cc=julien@xen.org \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.