Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2784989rwd; Mon, 29 May 2023 00:19:47 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6ZNdb/SAfy5lIyFM+dqTeotlxcm3Fvk6WyZ4Vo/RO+X1NEElakglyjjy5TJuQIPdVhledD X-Received: by 2002:a17:90a:eb07:b0:256:807d:c396 with SMTP id j7-20020a17090aeb0700b00256807dc396mr2145835pjz.45.1685344787450; Mon, 29 May 2023 00:19:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685344787; cv=none; d=google.com; s=arc-20160816; b=vuvUzwJgADghJbzKSe66qVCOHWTdS+fx/5GAKZp+7ATUzGAWhxs0KAwpQwowaQxcrR 3b5rnxsoM4HJdZ7hLqCXdgxfk3IVELs/LA+cJs83RK60kC3jj/Ka02zEFwQEjjPWOF5J YEyNvAH2hpDUFNQ6ZeGafRj8xMrnq7D4tZVvBQcx3cXfEhE+haCu5TJor5lmR/+x1Xr5 sBJqw9G0tRoIFfZ4PBR+gqbzbqByWFoIotWFRCoOLGQMutNCiNeLgPm0zplqVmQgG9AJ /yph006tDPLfhRs4JFrR/0/8tsRC58Oa2dIwzr9Dq4YzauYC9xBqofUHH6osxAnYkxOj NEsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=/VIPgBItugg4n8+/DVI4i5wWvIxKuIY8gx2aSmo5OI8=; b=A92LzCh9B+hQUXoESfOn334uEQ9urqa5qNhrCBqB0J2IMMyOgQB2PTOYhx16zkO6i/ lWl0ox2fCvE/XebOTj2TxMaGiyIsTKZaAcP14aaSEtX7okD5ZEujo3Dd/5EdFUPXkpZM myeZCNpcxzdqNOi5kRAjw6ZGjqmaM+rP4sV2PnBux+6A7SwJID06+Nwkn89SBPQez5L6 BeK+XqwCbc7MOM/1MSq54eiHZ2he85pPhJPAHOqAph/X5QsDDh7Z856NA/9bKJ0LXqhj /08rcSCUT2Ax3xoTlA8MMDIkFNN4REPBZynOYJb9EbmSv8zGLFI0ztTf025Oi0hOuTXc FRtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NhuDMIV4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gm3-20020a17090b100300b0025667542f45si2682200pjb.99.2023.05.29.00.19.32; Mon, 29 May 2023 00:19:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NhuDMIV4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230390AbjE2HLc (ORCPT + 99 others); Mon, 29 May 2023 03:11:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43596 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229692AbjE2HLa (ORCPT ); Mon, 29 May 2023 03:11:30 -0400 Received: from mail-ua1-x92b.google.com (mail-ua1-x92b.google.com [IPv6:2607:f8b0:4864:20::92b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1F6CA3 for ; Mon, 29 May 2023 00:11:28 -0700 (PDT) Received: by mail-ua1-x92b.google.com with SMTP id a1e0cc1a2514c-786efb5ffa8so514155241.2 for ; Mon, 29 May 2023 00:11:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685344288; x=1687936288; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=/VIPgBItugg4n8+/DVI4i5wWvIxKuIY8gx2aSmo5OI8=; b=NhuDMIV4CzkB5TZoj+zpREJy0Jjp228iNsIC5t71Pobq9pYknAqGcLpT+RkjzCVHCS GG5e71NgiZ3M4hIzVL9eobgCFFQDG5q0w9CezCCo8oalRtvECpyfw5jo7yvlNbwZGcgL piox/dUCtcrqXrWdZ3PVFkwP/hBe/lJUbwdN592qQ60GAwakB1SVbn70VEx1/E5rC9sM iRACk1NqvErcnlHZA8E7ycF6W2mr9U+0WWARqhdmOXTGQ96+8f8ehQXqxkUFHNF0kOIY HCYnq5GR4T8xrAtNEWmgVQKfL72EkUQXaR2/D/H1YnanCyfz5tNLuaK09WESOglluZh7 Uy2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685344288; x=1687936288; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/VIPgBItugg4n8+/DVI4i5wWvIxKuIY8gx2aSmo5OI8=; b=Q06CAyayPwCGD73TAt6ActkIbJJzjIs9wPytNIpSJJbqVjDQ9J7grTL01vJxfSxA6x HwvDqyirsI2vx0H/sQ6XVUXKpdHjagIWGBpo15VMXyOQQQLUhCpAQQiKaxL1lhCEXK7J E37s44g4deOmNuAahpFc+tlDON9cD5XH2UP50FanpQs2uGKMO7cUW4+OtPCuMs19CJKL 5jTA5E4RoYLkg9rnB40F1Skgf5YRRMEp1jN1BS0GmNtrfAVcFGEznVHJWC0Ru7vuO1TC N9fllX09QqSx80IuDj+4KgRpivtfT56/9z9XFBJymDsxLzIQ7mT2fJXR6hqw9W/Pb9XK SYYA== X-Gm-Message-State: AC+VfDzYakisYfo5TO2DlHc1QhO7h0XL9rp32IcYuzgqDJBTaucr0uzu pJvwLmmBhbuhPvLLAdhIK8I0tUezPteSDvPIF8o5zw== X-Received: by 2002:a67:eb88:0:b0:439:e3f:9d6 with SMTP id e8-20020a67eb88000000b004390e3f09d6mr2481461vso.17.1685344288029; Mon, 29 May 2023 00:11:28 -0700 (PDT) MIME-Version: 1.0 References: <20230517143311.585080-1-sumit.garg@linaro.org> In-Reply-To: From: Sumit Garg Date: Mon, 29 May 2023 12:41:17 +0530 Message-ID: Subject: Re: [PATCH v9 3/4] tee: optee: support tracking system threads To: Etienne CARRIERE , Jens Wiklander Cc: "linux-kernel@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "op-tee@lists.trustedfirmware.org" , "sudeep.holla@arm.com" , "cristian.marussi@arm.com" , "vincent.guittot@linaro.org" , Etienne CARRIERE - foss Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 26 May 2023 at 01:05, Etienne CARRIERE wr= ote: > > > > De: Jens Wiklander > > Envoy=C3=A9 : jeudi 25 mai 2023 17:20 > > > > Hi, > > > > On Thu, May 25, 2023 at 1:48=E2=80=AFPM Etienne CARRIERE > > wrote:> > > > > > > > > > > > De : Sumit Garg > > > > Envoy=C3=A9 : mercredi 24 mai 2023 09:31 > > > > > On Tue, 23 May 2023 at 12:41, Etienne Carriere > > > > wrote: > > > > > Hello Sumit, > > > > > > > > > > > > > > > On Wed, 17 May 2023 at 16:33, Sumit Garg = wrote: > > > > > > > > > > > > From: Etienne Carriere > > > > > > > > > > > > Adds support in the OP-TEE driver to keep track of reserved sys= tem > > > > > > threads. The optee_cq_*() functions are updated to handle this = if > > > > > > enabled. The SMC ABI part of the driver enables this tracking, = but the > > > > > > FF-A ABI part does not. > > > > > > > > > > > > The logic allows atleast 1 OP-TEE thread can be reserved to TEE= system > > > > > > sessions. For sake of simplicity, initialization of call queue > > > > > > management is factorized into new helper function optee_cq_init= (). > > > > > > > > > > > > Co-developed-by: Jens Wiklander > > > > > > Signed-off-by: Jens Wiklander > > > > > > Signed-off-by: Etienne Carriere > > > > > > Co-developed-by: Sumit Garg > > > > > > Signed-off-by: Sumit Garg > > > > > > --- > > > > > > > > > > > > Disclaimer: Compile tested only > > > > > > > > > > > > Hi Etienne, > > > > > > > > > > > > Overall the idea we agreed upon was okay but the implementation= looked > > > > > > complex to me. So I thought it would be harder to explain that = via > > > > > > review and I decided myself to give a try at simplification. I = would > > > > > > like you to test it if this still addresses the SCMI deadlock p= roblem or > > > > > > not. Also, feel free to include this in your patchset if all go= es fine > > > > > > wrt testing. > > > > > > > > > > With these changes, there is no more a specific waiting list for = TEE > > > > > system threads hence when a waiting queue can complete, we'll pic= k any > > > > > TEE thread, not a TEE system thread first.. > > > > > > > > I had thought about this but I can't see any value in having a > > > > separate wait queue for system threads. Here we only need to provid= e > > > > an extra privileged thread for system sessions (kernel clients) suc= h > > > > that user-space doesn't contend for that thread. This prevents kern= el > > > > client's starvation or deadlock like in the SCMI case. > > > > > > > > > Also, as stated in a below answer, these change unconditionally > > > > > reserve a TEE thread for TEE system calls even if no TEE client > > > > > reserved such. > > > > > > > > I don't think we should make thread reservations based on the prese= nce > > > > of TEE clients. You never know how much user-space or kernel TEE > > > > clients you are dealing with. And reserving a single privileged thr= ead > > > > unconditionally for system sessions shouldn't be much of a burden f= or > > > > memory constrained devices too. > > > > > > > > Also, this way we would enable every kernel TEE client to leverage > > > > system sessions as it's very likely they wouldn't like to compete w= ith > > > > user-space for thread availability. Two other kernel TEE clients th= at > > > > are on top of my head are HWRNG and Trusted Keys which can benefit > > > > from this feature. > > > > > > Trusted Keys is an interesting use case. When OP-TEE accesses Trusted= Keys, > > > it may need to access the eMMC/RPMB using the Linux OS tee-supplicant > > > whichj may repuire an eMMC clock or voltage regulator to be enabled. > > > If that clock or regulator is under an SCMI control, then we need 2 > > > reserved TEE thread: one for invoking the Trusted Key TA and > > > another for the SCMI request to reach the TEE will the Trusted Key > > > TA invocation still consumes a thread. Trusked keys TA doesn't need access to secure storage (eMMC/RPMB). It only requires a RNG and access to a key derived from HUK. > > > > > Why would the Trusted Keys session need a system thread? To me, it > > seems that the session could use the normal client priority. The system thread priority as per my patch is nothing but an extra thread available in the thread pool for kernel clients as compared to user-space clients. Trusted keys use-case was really motivated by: "every kernel TEE client would like to avoid competing with user-space for thread availability". However, HWRNG has a real case that user-space shouldn't starve kernel RNG thread for OP-TEE thread availability. System thread can be useful for trusted keys in case the disk encryption key is backed by a trusted key. -Sumit