core: fix fragmented memory retrieve

[Jianqiang-Mei]

add spmc_frag_retrieve for fragmented memory retrieve

[jenswi-linaro]

Please fix the checkpatch complaints.

[jenswi-linaro]

my_endpoint_id

[Jianqiang-Mei]

Done

[jenswi-linaro]

I'd prefer assigning a1 and a2 with reg_pair_from_64(cookie, &args.a1, &args.a2)

[Jianqiang-Mei]

Done

[jenswi-linaro]

We should not use a temporary buffer. We should instead consume each fragment as it is received like in handle_mem_frag_tx(). For now, I believe we can assume that each fragment ends with a complete struct ffa_address_range like we do in add_mem_share_helper().

[Jianqiang-Mei]

Sorry, I'm not quite clear what you mean for your last sentence. Could you help me revise it？

[jenswi-linaro]

In add_mem_share_helper() we just assume that the buffer starts at a struct ffa_address_range. I guess it wouldn't hurt to check that flen is a multiple of sizeof(struct ffa_address_range), but the point is that we assume that the SPMC isn't trying to make it harder for us than necessary.

[Jianqiang-Mei]

Done

[etienne-lms]

coding style comments

[etienne-lms]

static struct ffa_mem_transaction *spmc_retrieve_req(uint64_t cookie,
						     uint32_t *total_length,
						     uint32_t *fragment_length)

[Jianqiang-Mei]

Done

[etienne-lms]

preserve empty line above

[Jianqiang-Mei]

Done

[etienne-lms]

add an empty line below (between local variable definitions and instructions)

[Jianqiang-Mei]

Done

[etienne-lms]

remove cast below and use PRId64

[Jianqiang-Mei]

Done

[etienne-lms]

add an empty line above

[Jianqiang-Mei]

Done

[etienne-lms]

indentation issue

[Jianqiang-Mei]

Done

[etienne-lms]

indentation:

			memcpy((void *)((uint64_t)retrieve_desc +
					(uint64_t)next_fragment_offset),
			       rx_buffer, SMALL_PAGE_SIZE);

[Jianqiang-Mei]

Done

[etienne-lms]

maybe prefer

static struct ffa_mem_transaction *spmc_frag_retrieve(
					uint64_t cookie,
					uint32_t next_fragment_offset,
					uint32_t *fragment_length)

[Jianqiang-Mei]

Done

[github-actions]

This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

[etienne-lms]

fix indentation

[Jianqiang-Mei]

Done

[etienne-lms]

fix indentation

[Jianqiang-Mei]

Done

[etienne-lms]

fix indentation

[Jianqiang-Mei]

How to fix？
BTW, where can I see your coding rules？
Thanks.

[etienne-lms]

indentation:

		MIN(READ_ONCE(descr->address_range_count),
		    (my_rxtx.size - offs) / sizeof(struct ffa_address_range) - 1);

[Jianqiang-Mei]

Please be more specific. Thanks

[etienne-lms]

remove trailing "\n"
offs is of type unsinged int hence s/%#"PRIx32/%u"/

[jenswi-linaro]

"Retrieve next fragment at offset %#PRIx32"

[Jianqiang-Mei]

Done

[etienne-lms]

I meant:

			DMSG("Retrieve next fragment at offset %#x", offs);

[etienne-lms]

The function expect uint32_t pointers for those 2 arguments.
Either change the variable types or the function definition.

[Jianqiang-Mei]

Done

[jenswi-linaro]

I'd prefer the name add_pages_at() now that this function is slightly different.

[Jianqiang-Mei]

Done

[jenswi-linaro]

I'm sorry, this doesn't work. I've created #6154 to provide suitable helpers to initialize .a2 and .a1 above instead. Until that PR is merged please revert to what you did originally.

[Jianqiang-Mei]

Done

[jenswi-linaro]

"Retrieve next fragment at offset %#PRIx32"

[jenswi-linaro]

This comment isn't accurate any longer.

[Jianqiang-Mei]

Deleted

[Jianqiang-Mei]

All the indentation problems seem to be related to the github setup. My code has 4 spaces per tab on VSCode, but after push, a tab on github has 8 spaces. Has anyone experienced this problem？

[jforissier]

All the indentation problems seem to be related to the github setup. My code has 4 spaces per tab on VSCode, but after push, a tab on github has 8 spaces. Has anyone experienced this problem？

We follow the same coding style as the Linux kernel, so 8 spaces per tab.

[Jianqiang-Mei]

All the indentation problems seem to be related to the github setup. My code has 4 spaces per tab on VSCode, but after push, a tab on github has 8 spaces. Has anyone experienced this problem？

We follow the same coding style as the Linux kernel, so 8 spaces per tab.

OK, now I understand the problem and I will solve it soon.

[etienne-lms]

In commit message: could you state this change relates to FF-A SPMC. somrhting like:

core: arm: spmc: fix fragmented memory retrieve

Adds implementation for memory retrieving for the remaining fragmented
transactions in SPMC.

[etienne-lms]

indenation issue here also (sorry, i guess i missed it)

[Jianqiang-Mei]

Done

[etienne-lms]

Indentation.
Suggestion: shorten next_fragment_offset to next_frq_offset:

static struct ffa_mem_transaction *spmc_frag_retrieve(uint64_t cookie,
						      uint32_t next_frag_offset,
						      uint32_t *fragment_length)
{
   ...
}

[Jianqiang-Mei]

Done

[etienne-lms]

			DMSG("Retrieve next fragment at offset %#x", offs);

[Jianqiang-Mei]

Done

[etienne-lms]

I meant:

			DMSG("Retrieve next fragment at offset %#x", offs);

[Jianqiang-Mei]

In commit message: could you state this change relates to FF-A SPMC. somrhting like:

core: arm: spmc: fix fragmented memory retrieve

Adds implementation for memory retrieving for the remaining fragmented
transactions in SPMC.

Done

[jenswi-linaro]

range_count would match the FF-A terminology better.

[Jianqiang-Mei]

Done

[jenswi-linaro]

We should check that frag_len is less than length and the size of the rx buffer.
I'm not sure we even need to look at descr->address_range_count.

offs += offsetof(struct ffa_mem_region, address_range_array);
range_count = (frag_len - offs) / sizeof(struct ffa_address_range);

[Jianqiang-Mei]

We should check that frag_len is less than length and the size of the rx buffer.

Done

I'm not sure we even need to look at descr->address_range_count.

offs += offsetof(struct ffa_mem_region, address_range_array);
range_count = (frag_len - offs) / sizeof(struct ffa_address_range);

If I understand correctly, descr->address_range_count represents the number of constituent memory region descriptors. And there is a formulation:
length - offs = sizeof (ffa_address_range) * descr->address_range_count
if descr->address_range_count does not satisfy this relation, it will eventually fail to pass the check as follows:

	if (idx != num_pages) {
		mobj_ffa_spmc_delete(mf);
		goto out;
	}

[jenswi-linaro]

Sure, we could check descr->address_range_count, but depending on what we're doing with the value it might not be that useful.

[Jianqiang-Mei]

Do I need to do anything else? In addition, will the fix be merged into the optee 3.22 version？

[jforissier]

Please add Jens' review tag (below). I think it makes sense to take this for 3.22.0.

[Jianqiang-Mei]

Done

[jenswi-linaro]

Need to check that frag_length isn't larger than the size of the rx buffer.

[Jianqiang-Mei]

Done

[jenswi-linaro]

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

[jenswi-linaro]

Looks good.

[etienne-lms]

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

[etienne-lms]

@jforissier, @jenswi-linaro, could you enable CI test for this P-R?

[jforissier]

@jforissier, @jenswi-linaro, could you enable CI test for this P-R?

Done.

[jenswi-linaro]

This should be good to merge now.

[Master-Chi]

struct ffa_mem_transaction or struct ffa_address_range ?

[jenswi-linaro]

Yes, I believe that's correct.

[Jianqiang-Mei]

Sorry for missing check in detail. ffa_mem_transaction doesn't like a good fit, or modify it to the （void *） type to be consistent with the function spmc_retrieve_req return type, what do you think?

[jenswi-linaro]

That's fine too.

[Jianqiang-Mei]

Done

[jenswi-linaro]

Looks good.

[Master-Chi]

in FF-A v1.1
w4 – Bit[31:16]: Endpoint ID
– Bit[15:0]: Reserved (MBZ).

maybe it should be sender_id(linux or hyp) << 16 ?

[Jianqiang-Mei]

A complete description of the parameter：
• ID of the Owner or Borrower endpoint.
– Bit[31:16]: Endpoint ID.
– Bit[15:0]: Reserved (MBZ).
• Reserved (MBZ) at any virtual FF-A instance.
In this scenario, the optee should be the Borrower, so modify the code as follows:
.a4 = my_endpoint_id << 16, /* sender_vm_id */
right?

[Jianqiang-Mei]

or Reserved (MBZ) at any virtual FF-A instance，and
.a4 = 0, /* sender_vm_id */
According to the implementation of Hafnium, this should be right. I'm not really sure.

[Master-Chi]

i think 0 is fine, reference:
https://github.com/ARM-software/arm-trusted-firmware/blob/e318411f02f8a9526c97a23d0cdada2f128446e3/services/std_svc/spm/el3_spmc/spmc_shared_mem.c#L1682

i am confused too about the description "Owner or Borrower", i think they are different roles.
i think sender_id used in optee maybe is not optee partiton id, reference:

optee_os/core/arch/arm/kernel/thread_spmc.c

Line 1776 in a871924

trans_descr->sender_id = thread_get_tsd()->rpc_target_info;

[Jianqiang-Mei]

Done

[Master-Chi]

Maybe FFA_RX_RELEASE should be submitted after each FFA_MEM_FRAG_RX or FFA_MEM_RETRIEVE_REQ_32, or rx buffer is full in spmc perspective

[Jianqiang-Mei]

rx buffer is full in spmc perspective, The specification does not seem to say anything about this.
What happens if I release rx_buffer after the complete retrieve?

[Jianqiang-Mei]

@jenswi-linaro Do you have any good suggestions？

[Master-Chi]

yes, the specification says nothing about it.
but i think the implementation of trusted firmware requires that.
ref:
https://github.com/ARM-software/arm-trusted-firmware/blob/e318411f02f8a9526c97a23d0cdada2f128446e3/services/std_svc/spm/el3_spmc/spmc_shared_mem.c#L1704

[Jianqiang-Mei]

ok, it does need to be released several times, and I will modify it as soon as possible.

[Jianqiang-Mei]

Done

[jenswi-linaro]

This assignment can be skipped. But a comment would be nice, saying something like:

/* w4 MBZ since we're a virtual instance */

[Jianqiang-Mei]

If a4 assignment skipped, how to pass check in el3 spmc, like
https://github.com/ARM-software/arm-trusted-firmware/blob/e318411f02f8a9526c97a23d0cdada2f128446e3/services/std_svc/spm/el3_spmc/spmc_shared_mem.c#L1682
and check in Hafnium

	/* Sender ID MBZ at virtual instance. */
	if (vm_id_is_current_world(to->id)) {
		if (sender_vm_id != 0) {
			dlog_verbose("%s: Invalid sender.\n", __func__);
			return ffa_error(FFA_INVALID_PARAMETERS);
		}
	}

[Jianqiang-Mei]

do you mean
.a4 = 0, /* w4 MBZ since we're a virtual instance */

[jenswi-linaro]

No, just the comment.

[Jianqiang-Mei]

Done

[jenswi-linaro]

By the way, how do you test this patch?

[Jianqiang-Mei]

By the way, how do you test this patch?

In the case of hello_world, you can add a const global variable to hello_world_ta.c, like:
const char test_char[10 * 1024 * 1024];
After build, TA's size will be increased by 10MB.
In this case, linux kernel will most likely allocate much discontinuous fragment memory,
and an rx_buffer will not be enough to include the address information of these shared memory,
and FFA_MEM_FRAG_RX is then used.

[Jianqiang-Mei]

By the way, how do you test this patch?

In the case of hello_world, you can add a const global variable to hello_world_ta.c, like: const char test_char[10 * 1024 * 1024]; After build, TA's size will be increased by 10MB. In this case, linux kernel will most likely allocate much discontinuous fragment memory, and an rx_buffer will not be enough to include the address information of these shared memory, and FFA_MEM_FRAG_RX is then used.

@jenswi-linaro If a4 assignment skipped, can you pass this test?
Is there anything else need I to do for this point, or leave it to you?

[jenswi-linaro]

I can't get that to work, I don't even reach spmc_frag_retrieve(). I'm testing this with:
OP-TEE/manifest#241
OP-TEE/build#663
make SPMC_AT_EL=2

Edit: On QEMU.

[Jianqiang-Mei]

I can't get that to work, I don't even reach spmc_frag_retrieve(). I'm testing this with: OP-TEE/manifest#241 OP-TEE/build#663 make SPMC_AT_EL=2

Edit: On QEMU.

It seems to be related to changes to thread_smccc(&ffa_rx_release_args).
I'll push a new version.

[Jianqiang-Mei]

@jenswi-linaro
Sorry for the lack of communication over the last two weeks.
I tested this fix myself and it works fine, please let me know if there are any other problems.

[jenswi-linaro]

I'm not able to reproduce it. Can you see if you can on QEMU? I'm using this setup:

repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml
repo sync
cd build
make toolchains
# Update optee_os to use your patch +
# increase MAX_XLAT_TABLES to avoid a panic
# Update optee_examples, hello world TA with const char test_char[10 * 1024 * 1024]
make SPMC_AT_EL=2 CFG_NUM_THREADS=6 all
make SPMC_AT_EL=2 run-only

[github-actions]

This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.