From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Grall Subject: Re: [RFC 0/4] TEE mediator framework + OP-TEE mediator Date: Fri, 27 Oct 2017 21:06:45 +0100 Message-ID: References: <1507748484-16871-1-git-send-email-volodymyr_babchuk@epam.com> <078a8941-5a6b-f7bb-b5c8-f2cf84210cf2@linaro.org> <20171017155901.GA24929@EPUAKYIW2556.kyiv.epam.com> <942b70a8-dffa-e3ec-19d4-40ff9a328cf6@arm.com> <20171020173705.GC11787@EPUAKYIW2556.kyiv.epam.com> <20171023201141.GA20412@EPUAKYIW2556.kyiv.epam.com> <20171024163343.GA23118@EPUAKYIW2556.kyiv.epam.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1208322535874739676==" Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Stefano Stabellini Cc: Julien Grall , nd@arm.com, Volodymyr Babchuk , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org --===============1208322535874739676== Content-Type: multipart/alternative; boundary="001a1144b63814d2da055c8cd4b2" --001a1144b63814d2da055c8cd4b2 Content-Type: text/plain; charset="UTF-8" On 27 Oct 2017 20:59, "Stefano Stabellini" wrote: On Fri, 27 Oct 2017, Julien Grall wrote: > Hi, > > Just answering to dom0 been 1:1 domain. > > On 24/10/17 22:33, Stefano Stabellini wrote: > > On Tue, 24 Oct 2017, Volodymyr Babchuk wrote: > > > > For this series, I think we need a way to specify which domains can talk > > > > to TEE, so that we can only allow it for a specific subset of DomUs. I > > > > would probably use XSM for that. > > > I am afraid, this is not possible. As other domains aren't 1:1 mapped, > > > I need to have special translation code in mediator. Actually, I'm > > > writing it rigth now to test my changes in OP-TEE. But event this is > > > not enought for decent OP-TEE support. > > > What can be done right now: 100% Dom0-only support with vanilla > > > OP-TEE (i.e. no virtualization support in OP-TEE is needed). This is > > > even simplier task, so I can throw out some code from this patch > > > series. On other hand, in the future this will lead to sutiation when > > > two mediators for the same TEE shall be supported: one, simple, in > > > XEN, another, fully-functional in stubdom. > > > > I think it is fine to support OP-TEE only in Dom0 to begin with. > > > > Ideally, it would be in Dom0 for convenience and speed and the OP-TEE > > capability would be specified as an XSM label. Ideally, it would not be > > only in Dom0 because it is tied to the 1:1 map, but I understand now > > that it is a requirement. I still think that the XSM label would be good > > to have even if today it cannot be changed as only Dom0 is 1:1. > > I thought a bit more about Dom0 been a 1:1 domain. It is only true for Device > Memory and the initial RAM allocated for Dom0. > > Dom0 may balloon out some pages because it has to map region belonging to > other domain. Those regions will not be 1:1 mapped and translation will be > needed if used. > > The problem is very similar to DMA in dom0. I can't see any reason to not use > those regions with OP-TEE. Am I wrong here? I think you are right. For DMA, Dom0 is expected to use the swiotlb-xen driver to solve the problem, because it is a genuine use case to have foreign grants involved in a DMA operation. For OP-TEE, I don't think we need to support this case? Xen could fail the request if it involves a page that is not 1:1 mapped? You would need to introspect the message in order to know that. So supporting non 1:1 mapped page would not be more difficult. This assuming that you know when you OP-TEE is done with the page. Cheers, --001a1144b63814d2da055c8cd4b2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On 27 Oct 2017 20:59, "Stefano Stabellini" <sstabellini@kernel.org> wrote:
O= n Fri, 27 Oct 2017, Julien Grall wrote:
> Hi,
>
> Just answering to dom0 been 1:1 domain.
>
> On 24/10/17 22:33, Stefano Stabellini wrote:
> > On Tue, 24 Oct 2017, Volodymyr Babchuk wrote:
> > > > For this series, I think we need a way to specify which= domains can talk
> > > > to TEE, so that we can only allow it for a specific sub= set of DomUs. I
> > > > would probably use XSM for that.
> > > I am afraid, this is not possible. As other domains aren'= ;t 1:1 mapped,
> > > I need to have special translation code in mediator. Actuall= y, I'm
> > > writing it rigth now to test my changes in OP-TEE. But event= this is
> > > not enought for decent OP-TEE support.
> > > What can be done right now: 100% Dom0-only support with vani= lla
> > > OP-TEE (i.e. no virtualization support in OP-TEE is needed).= This is
> > > even simplier task, so I can throw out some code from this p= atch
> > > series. On other hand, in the future this will lead to sutia= tion when
> > > two mediators for the same TEE shall be supported: one, simp= le, in
> > > XEN, another, fully-functional in stubdom.
> >
> > I think it is fine to support OP-TEE only in Dom0 to begin with.<= br> > >
> > Ideally, it would be in Dom0 for convenience and speed and the OP= -TEE
> > capability would be specified as an XSM label. Ideally, it would = not be
> > only in Dom0 because it is tied to the 1:1 map, but I understand = now
> > that it is a requirement. I still think that the XSM label would = be good
> > to have even if today it cannot be changed as only Dom0 is 1:1. >
> I thought a bit more about Dom0 been a 1:1 domain. It is only true for= Device
> Memory and the initial RAM allocated for Dom0.
>
> Dom0 may balloon out some pages because it has to map region belonging= to
> other domain. Those regions will not be 1:1 mapped and translation wil= l be
> needed if used.
>
> The problem is very similar to DMA in dom0. I can't see any reason= to not use
> those regions with OP-TEE. Am I wrong here?

I think you are right. For DMA, Dom0 is expected to use the swiotlb-x= en
driver to solve the problem, because it is a genuine use case to have
foreign grants involved in a DMA operation.

For OP-TEE, I don't think we need to support this case? Xen could fail<= br> the request if it involves a page that is not 1:1 mapped?

= You would need to introspect the message in order to know that. So supporti= ng non 1:1 mapped page would not be more difficult.

Thi= s assuming that you know when you OP-TEE is done with the page.

Cheers,
--001a1144b63814d2da055c8cd4b2-- --===============1208322535874739676== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v cmcveGVuLWRldmVsCg== --===============1208322535874739676==--