Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5165597pxj; Wed, 9 Jun 2021 10:36:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGw/LCec6DVMwszAe0dCPSUMzUzzTkK6XiDMOD1/sBe4JDDrSj2fSKEpR0db+dCNYiZKcB X-Received: by 2002:a17:906:b141:: with SMTP id bt1mr946239ejb.498.1623260177582; Wed, 09 Jun 2021 10:36:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623260177; cv=none; d=google.com; s=arc-20160816; b=d0bHyIjeEUvdO7Yg8HDpBKxsuDXo9+/RH2Nzx/E4PVc/AzL45uKN63Br7ukSTTUwWB 0eRDtVd3KKtA1IlI+V1zR67ElN3BgBPlydDg+FRkCyNy3HlYB6f5XLhejaMPnkZn5tDq 69FeHGOJlGxxX2QsXr58srJu+9MArg+Nm1CGZY+2iepq7+0W2griJpV6ifi2Zk0Y08mm uiyL5gi5f/hrm+wWp6NzDkHmpwxvvSj1VsbXQS2VlxlzlmwFCXOHLCxgYumKU8k3sWEy UzLniHCyCA3k0FbnG5EFTUV80xj5YtjZZNaTVadzzoUsKjRdDT57umDAmcdWCmCsrNsZ 82sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-filter; bh=w7labUNWTlT59EBKP4u6dGl8LpkIsUC0JF1wYGfBCZk=; b=iVu3onLBuFGR6lPkACFEo9C2ZMb23B500HeYk3CngeEYkBHxq2XJ4A8Rd/rDYkb4RC 4n3G2JWh1AuTXW03pcPjnxGMmdAiL9b1feVvfYOKw8MpgG0Z+7T3VSJkzDPUv/nvyIwb WJEBcG4rHqs4mJ9iUiGITplqi7jSkhzr7FOQu0lE16EBhcrCmo6MqwBklP2SQ8Jxza6m Gh+yktow338HkftYfW9MtE+I7PhsEZk3LZmVBcLlN3aLn8BVTBB92e7dEe05W7kiouzu BHPgr89nCgETtwJQ9VuAznjC085L/d4IXlAHeF82KvEEZ7a1sHvOlKVaejg5UTr1ALBY Qf3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b="HsUcgY/N"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e16si333573ejm.5.2021.06.09.10.35.53; Wed, 09 Jun 2021 10:36:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b="HsUcgY/N"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236782AbhFINxF (ORCPT + 99 others); Wed, 9 Jun 2021 09:53:05 -0400 Received: from linux.microsoft.com ([13.77.154.182]:46012 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236777AbhFINxC (ORCPT ); Wed, 9 Jun 2021 09:53:02 -0400 Received: from sequoia (162-237-133-238.lightspeed.rcsntx.sbcglobal.net [162.237.133.238]) by linux.microsoft.com (Postfix) with ESMTPSA id 0191020B83C2; Wed, 9 Jun 2021 06:51:05 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0191020B83C2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1623246667; bh=w7labUNWTlT59EBKP4u6dGl8LpkIsUC0JF1wYGfBCZk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=HsUcgY/NyBPrVwnrzo8w54Ly8AVVTSS6xR5MNk3ZircH63nj/CVIRbb0GT5o7OZCw 78f6cxpEbvObQ8CWBAm5LCurty3kZyIEtwHXbdJQpaKDTO7v7nRQGb9bKA7Gr1r6+p nqwz9PaZXANMkj7V9mAqKUGdMWbYJZP30xgT9IQM= Date: Wed, 9 Jun 2021 08:51:04 -0500 From: Tyler Hicks To: Jens Wiklander , Sumit Garg Cc: Rijo-john.Thomas@amd.com, Allen Pais , Peter Huewe , Jarkko Sakkinen , Jason Gunthorpe , Vikas Gupta , Thirupathaiah Annapureddy , Pavel Tatashin , =?utf-8?B?UmFmYcWCIE1pxYJlY2tp?= , op-tee@lists.trustedfirmware.org, linux-integrity , bcm-kernel-feedback-list@broadcom.com, linux-mips@vger.kernel.org, Linux Kernel Mailing List Subject: Re: [PATCH v3 5/7] tee: Support shm registration without dma-buf backing Message-ID: <20210609135104.GD4910@sequoia> References: <20210609002326.210024-1-tyhicks@linux.microsoft.com> <20210609002326.210024-6-tyhicks@linux.microsoft.com> <20210609054621.GB4910@sequoia> <20210609121533.GA2267052@jade> <20210609134225.GC4910@sequoia> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210609134225.GC4910@sequoia> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021-06-09 08:42:28, Tyler Hicks wrote: > On 2021-06-09 14:15:33, Jens Wiklander wrote: > > Hi, > > > > On Wed, Jun 09, 2021 at 04:22:49PM +0530, Sumit Garg wrote: > > > + Rijo > > > > > > On Wed, 9 Jun 2021 at 11:16, Tyler Hicks wrote: > > > > > > > > On 2021-06-09 09:59:04, Sumit Garg wrote: > > > > > Hi Tyler, > > > > > > > > Hey Sumit - Thanks for the review. > > > > > > > > > > > > > > On Wed, 9 Jun 2021 at 05:55, Tyler Hicks wrote: > > > > > > > > > > > > Uncouple the registration of dynamic shared memory buffers from the > > > > > > TEE_SHM_DMA_BUF flag. Drivers may wish to allocate dynamic shared memory > > > > > > regions but do not need them to be backed by a dma-buf when the memory > > > > > > region is private to the driver. > > > > > > > > > > In this case drivers should use tee_shm_register() instead where the > > > > > memory allocated is actually private to the driver. However, you need > > > > > to remove TEE_SHM_DMA_BUF as a mandatory flag for tee_shm_register(). > > > > > Have a look at an example here [1]. So modifying tee_shm_alloc() for > > > > > this purpose doesn't look appropriate to me. > > > > > > > > > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/security/keys/trusted-keys/trusted_tee.c#n73 > > > > > > > > I noticed what you did in commit 2a6ba3f794e8 ("tee: enable support to > > > > register kernel memory") and considered moving ftpm and tee_bnxt_fw over > > > > to tee_shm_register(). I think that's likely the right long term > > > > approach but I decided against it since this series is a minimal set of > > > > bug fixes that will hopefully go to stable (I'm affected by these bugs > > > > in 5.4). Here are my reasons for feeling like moving to > > > > tee_shm_register() isn't minimal in terms of a stable-focused fix: > > > > > > > > - tee_shm_alloc() looks like it should work fine with AMD-TEE today. > > > > tee_shm_register() definitely does not since AMD-TEE doesn't provide a > > > > .shm_register or .shm_unregister hook. This may break existing users > > > > of AMD-TEE? > > > > > > AFAIK, ftpm and tee_bnxt_fw drivers only support OP-TEE at this point. > > > See ftpm_tee_match() and optee_ctx_match() APIs in corresponding > > > drivers. > > > > > > > - tee_shm_register() has not historically been used for kernel > > > > allocations and is not fixed wrt the bug that Jens fixed in commit > > > > f1bbacedb0af ("tee: don't assign shm id for private shms"). > > > > > > Yes, that's what I meant earlier to make the TEE_SHM_DMA_BUF flag optional. > > > > > > > - tee_shm_alloc() performs allocations using contiguous pages > > > > from alloc_pages() while tee_shm_register() performs non-contiguous > > > > allocations with kcalloc(). I suspect this would be fine but I don't > > > > know the secure world side of these things well enough to assess the > > > > risk involved with such a change on the kernel side. > > > > > > > > > > I don't think that would make any difference. > > > > > > > I should have mentioned this in the cover letter but my hope was that > > > > these minimal changes would be accepted and then additional work could > > > > be done to merge tee_shm_alloc() and tee_shm_register() in a way that > > > > would allow the caller to request contiguous or non-contiguous pages, > > > > fix up the additional issues mentioned above, and then adjust the > > > > call sites in ftpm and tee_bnxt_fw as appropriate. > > > > > > > > I think that's a bigger set of changes because there are several things > > > > that still confuse/concern me: > > > > > > > > - Why does tee_shm_alloc() use TEE_SHM_MAPPED while tee_shm_register() > > > > uses TEE_SHM_KERNEL_MAPPED or TEE_SHM_USER_MAPPED? Why do all three > > > > exist? > > > > > > AFAIK, its due the the inherent nature of tee_shm_alloc() and > > > tee_shm_register() where tee_shm_alloc() doesn't need to know whether > > > its a kernel or user-space memory since it is the one that allocates > > > whereas tee_shm_register() need to know that since it has to register > > > pre-allocated client memory. > > > > > > > - Why does tee_shm_register() unconditionally use non-contiguous > > > > allocations without ever taking into account whether or not > > > > OPTEE_SMC_SEC_CAP_DYNAMIC_SHM was set? It sounds like that's required > > > > from my reading of https://optee.readthedocs.io/en/latest/architecture/core.html#noncontiguous-shared-buffers. > > > > > > Yeah, but do we have platforms in OP-TEE that don't support dynamic > > > shared memory? I guess it has become the sane default which is a > > > mandatory requirement when it comes to OP-TEE driver in u-boot. > > > > > > > - Why is TEE_SHM_REGISTER implemented at the TEE driver level when it is > > > > specific to OP-TEE? How to better abstract that away? > > > > > > > > > > I would like you to go through Section "3.2.4. Shared Memory" in TEE > > > Client API Specification. There are two standard ways for shared > > > memory approach with TEE: > > > > > > 1. A Shared Memory block can either be existing Client Application > > > memory (kernel driver in our case) which is subsequently registered > > > with the TEE Client API (using tee_shm_register() in our case). > > > > > > 2. Or memory which is allocated on behalf of the Client Application > > > using the TEE > > > Client API (using tee_shm_alloc() in our case). > > > > > > > Let me know if you agree with the more minimal approach that I took for > > > > these bug fix series or still feel like tee_shm_register() should be > > > > fixed up so that it is usable. Thanks! > > > > > > From drivers perspective I think the change should be: > > > > > > tee_shm_alloc() > > > > > > to > > > > > > kcalloc() > > > tee_shm_register() > > > > I've just posted "[PATCH 0/7] tee: shared memory updates", > > https://lore.kernel.org/lkml/20210609102324.2222332-1-jens.wiklander@linaro.org/ > > > > Where tee_shm_alloc() is replaced by among other functions > > tee_shm_alloc_kernel_buf(). tee_shm_alloc_kernel_buf() takes care of the > > problem with TEE_SHM_DMA_BUF. > > Thanks! At first glance, that series would take care of the last three > patches in my kexec/kdump series. Correction: Your series would not completely take care of the last three patches in my kexec/kdump series because your series doesn't implement the .shutdown() hook for tee_bnxt_fw. Does it make sense to take my series first and then rebase your series on top of it? That would allow my fixes to flow back to stable, then your changes would greatly clean up the implementation in future releases. Tyler > > I'm a bit worried that it is a rewrite of the shm allocator. Do you plan > to send all of that to stable? (I mentioned earlier in this thread that > I'm affected by these bugs in linux-5.4.y.) > > Also, you and Sumit don't seem to have the same opinion on kernel > drivers making use of tee_shm_register() for allocations that are only > used internally. Can you comment on that? > > I'm not clear on the next steps for fixing these kexec/kdump bugs in > older releases. I appreciate any guidance here. > > Tyler > > > > > Cheers, > > Jens > >