Hi, Olivier,
For the question in part 3, I think I didn't express clearly.
>Does Hafnium support the configuration of the location of running memory such as text, data, stacks, and heap? If yes, how?
During Hafnium initialization, I can see the following memory spaces about text, rodata, data and stacks.
INFO: Initializing Hafnium (SPMC)
INFO: text: 0xff200000 - 0xff225000
INFO: rodata: 0xff225000 - 0xff22e000
INFO: data: 0xff22e000 - 0xffbcc000
INFO: stacks: 0xffbd0000 - 0xffcd0000
Are the sizes and start_address of these memory spaces configurable? If yes, how?
In addition, I see the configuration of memory node in spmc_optee_sp_manifest.dts, and I modify it as follows:
memory@0xFF200000 {
device_type = "memory";
reg = <0x0 0xff200000 0x00a00000>,
<0x8 0x80000000 0x10000000>;/* Trusted DRAM */
};
Is the modification reasonable?
Does this node represent all the memory managed by Hafnium?
Should the region specified by the memory node include the optee memory spaces?
Regards,
Yuye.
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年2月27日(星期一) 22:13
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:Jens Wiklander <jens.wiklander(a)linaro.org>; hafnium <hafnium(a)lists.trustedfirmware.org>
主 题:Re: [Hafnium] Re: Re: Re: xtest 1034
Hi Yuye,
See comments inline [OD]
Regards,
Olivier.
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 27 February 2023 12:52
To: Olivier Deprez <Olivier.Deprez(a)arm.com>
Cc: Jens Wiklander <jens.wiklander(a)linaro.org>; hafnium <hafnium(a)lists.trustedfirmware.org>
Subject: [Hafnium] Re: Re: Re: xtest 1034
Hi, Olivier,
Sorry for ignoring the tips in your email.
I guess the question in part 1 is no longer the trouble.
[OD]No worries.
Regards,
Yuye.
------------------------------------------------------------------
发件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
发送时间:2023年2月27日(星期一) 19:18
收件人:Olivier Deprez <olivier.deprez(a)arm.com>
抄 送:Jens Wiklander <jens.wiklander(a)linaro.org>; hafnium <hafnium(a)lists.trustedfirmware.org>
主 题:[Hafnium] Re: Re: xtest 1034
Hi, Olivier,
1.
We solved the problem by update our Hafnium codebase on rebase of commit ca03054ba6a351534b93e6d64c12e671578eb340.
The origin Hafnium codebase is on rebase of commit dd883207ee9b31c19169adf97c918d561dcb9a5c.
OPTEE codebase stays with version 3.20.0.
Which commit can solve this problem is still under investigation.
I guess the reason may relate to that Hafnium has updated the implementation of FF-A mechanism in new commit.
If you have already known the reason, please tell me.
2.
In addition, although some cases run successfully, there are still many error messages generated during their running process,
such as the following cases:
* regression_1034 Test loading a large TA
E/TC:011 0 mobj_ffa_get_by_cookie:384 Populating mobj from rx buffer, cookie 0x1
E/TC:011 0 mobj_ffa_get_by_cookie:384 Populating mobj from rx buffer, cookie 0x3
E/TC:??? 0 mobj_ffa_get_by_cookie:423 Failed to get cookie 0x3 internal_offs 0
E/LD: init_elf:486 sys_open_ta_bin(25497083-a58a-4fc5-8a72-1ad7b69b8562)
E/TC:??? 0 ldelf_init_with_ldelf:131 ldelf failed with res: 0xffff000c
TEEC_ERROR_OUT_OF_MEMORY - ignored
regression_1034 OK
[OD] I noticed this some time ago but I believe this might be related to some integration problem (e.g. lacking memory available to linux?)
Moreover the test result being ignored suggests that this failure may happen but is eventually harmless from the xtest suite perspective.
Jens & Jerome might know better.
Note that I'm seeing this test passing with sw stack integrations targeting two different models (qemu and TC).
* regression_1022 Test dlopen()/dlsym()/dlclose() API
E/TC:011 0 mobj_ffa_get_by_cookie:384 Populating mobj from rx buffer, cookie 0x1
E/TC:011 0 mobj_ffa_get_by_cookie:384 Populating mobj from rx buffer, cookie 0x3
E/TC:011 0 mobj_ffa_get_by_cookie:384 Populating mobj from rx buffer, cookie 0x3
E/TC:011 0 mobj_ffa_get_by_cookie:384 Populating mobj from rx buffer, cookie 0x1
E/TC:011 0 mobj_ffa_get_by_cookie:384 Populating mobj from rx buffer, cookie 0x3
E/TC:??? 0
E/TC:??? 0 TA panicked with code 0x0
E/LD: Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
E/LD: arch: aarch64
E/LD: region 0: va 0x40006000 pa 0xf0404000 size 0x002000 flags rw-s (ldelf)
E/LD: region 1: va 0x40008000 pa 0xf0406000 size 0x011000 flags r-xs (ldelf)
E/LD: region 2: va 0x40019000 pa 0xf0417000 size 0x001000 flags rw-s (ldelf)
E/LD: region 3: va 0x4001a000 pa 0xf0418000 size 0x004000 flags rw-s (ldelf)
E/LD: region 4: va 0x4001e000 pa 0xf041c000 size 0x001000 flags r--s
E/LD: region 5: va 0x4001f000 pa 0xf052e000 size 0x003000 flags rw-s (stack)
E/LD: region 6: va 0x40038000 pa 0x00000000 size 0x00f000 flags r-xs [2]
E/LD: region 7: va 0x40047000 pa 0x0000e000 size 0x002000 flags rw-s [2]
E/LD: region 8: va 0x40054000 pa 0x00000000 size 0x00f000 flags r-xs [1]
E/LD: region 9: va 0x40063000 pa 0x0000e000 size 0x002000 flags rw-s [1]
E/LD: region 10: va 0x4008b000 pa 0x00001000 size 0x02a000 flags r-xs [0]
E/LD: region 11: va 0x400b5000 pa 0x0002b000 size 0x0e7000 flags rw-s [0]
E/LD: [0] 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b @ 0x4008b000
E/LD: [1] ffd2bded-ab7d-4988-95ee-e4962fff7154 @ 0x40054000
E/LD: [2] b3091a65-9751-4784-abf7-0298a7cc35ba @ 0x40038000
E/LD: Call stack:
E/LD: 0x4009e5a8
E/LD: 0x400a09b8
E/LD: 0x4009ed0c
regression_1022 OK
The E/TC message generated by mobj_ffa_get_by_cookie appears in almost all cases.
Is this related to FFA_MEM_FRAG_RX/TX, or something else?
And what is related to the E/LD message?
I am currently studying the FFA specification to try to explain these problems.
[OD]I have the same logs with qemu and TC platforms. I did not consider the TA panic as an issue provided the regression_1022 test result reports as 'OK'.
Actually, that may be an expected behaviour from the test? Again Jens, Jerome, feel free to comment.
And some related questions raised in the other email(subject: Hafnium Dynamic Shared Memory).
[OD]I will come back to this other email thread, but I don't believe above 'issues' are related.
You can tell me if it's convenient for you.
3.
Could memory managed by Hafnium be configured in any other way except by spmc manifest?
Does Hafnium support the configuration of the location of running memory such as text, data, stacks, and heap? If yes, how?
[OD] I'm not sure I understand the question, perhaps can you tell in more details what you want to achieve?
Thanks you for your help.
Regards,
Yuye.
------------------------------------------------------------------
发件人:Olivier Deprez via Hafnium <hafnium(a)lists.trustedfirmware.org>
发送时间:2023年2月27日(星期一) 17:19
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>
主 题:[Hafnium] Re: xtest 1034
Hi Yuye,
Can you make sure to use hafnium tip of master (if that's not the case)?
We confirmed this specific test passes on models from this commit onwards:
https://git.trustedfirmware.org/hafnium/hafnium.git/commit/?id=fdd29277caf2… <https://git.trustedfirmware.org/hafnium/hafnium.git/commit/?id=fdd29277caf2… >
We may provide further guidance if the issue persists after rebasing.
Thanks, Olivier.
________________________________
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 26 February 2023 06:49
To: hafnium <hafnium(a)lists.trustedfirmware.org>; Olivier Deprez <Olivier.Deprez(a)arm.com>; Jens Wiklander <jens.wiklander(a)linaro.org>
Subject: xtest 1034
Hi, experts,
For dynamic shared memory usage, I am not very clear.
So we need to consult you about the related question.
I failed to run xtest 1034 when I used Hafnium as SPMC and OPTEE as SP.
Here are the debug logs:
#./xtest 1034&
[2] 10130
Test ID: 1034
Run test suite with level=0
TEE test application started over default TEE instance
######################################################
#
# regression
#
######################################################
regression_1034 Test loading a large TA
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000000 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
D/TC:055 0 mobj_ffa_get_by_cookie:381 cookie 0 resurrecting
D/TC:??? 0 tee_ta_init_pseudo_ta_session:296 Lookup pseudo TA 25497083-a58a-4fc5-8a72-1ad7b69b8562
D/TC:??? 0 ldelf_load_ldelf:96 ldelf load address 0x40008000
D/LD: ldelf:134 Loading TS 25497083-a58a-4fc5-8a72-1ad7b69b8562
F/TC:??? 0 trace_syscall:151 syscall Add constant time memcmp_ct function #3<https://github.com/OP-TEE/optee_os/pull/3> <https://github.com/OP-TEE/optee_os/pull/3> > (syscall_get_property)
F/TC:??? 0 trace_syscall:151 syscall GitHub usage documentation #5<https://github.com/OP-TEE/optee_os/pull/5> <https://github.com/OP-TEE/optee_os/pull/5> > (syscall_open_ta_session)
#D/TC:??? 0 ldelf_syscall_open_bin:143 Lookup user TA ELF 25497083-a58a-4fc5-8a72-1ad7b69b8562 (early TA)
D/TC:??? 0 ldelf_syscall_open_bin:146 res=0xffff0008
D/TC:??? 0 ldelf_syscall_open_bin:143 Lookup user TA ELF 25497083-a58a-4fc5-8a72-1ad7b69b8562 (Secure Storage TA)
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(60): 0x84000073 0x50 0x50 0x0 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x84000073
VERBOSE: Marked sending complete.
Current share states:
SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7
SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7
WARNING: Atf_Debug(60): 0x84000061 0x0 0x1 0x0 0x0 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
E/TC:055 0 mobj_ffa_get_by_cookie:384 Populating mobj from rx buffer, cookie 0x1
VERBOSE: Hafnium_Debug ffa_handler func:0x84000074
Current share states:
SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7
SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7
Current share states:
SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7
SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7
VERBOSE: Hafnium_Debug ffa_handler func:0x84000065
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
D/TC:??? 0 ldelf_syscall_open_bin:146 res=0xffff0008
D/TC:??? 0 ldelf_syscall_open_bin:143 Lookup user TA ELF 25497083-a58a-4fc5-8a72-1ad7b69b8562 (REE)
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(55): 0x8400006f 0x8001 0x0 0x80000001 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400006f
VERBOSE: Hafnium_Debug ffa_handler func:0x84000070
WARNING: Atf_Debug(55): 0x84000070 0x80010000 0x0 0x0 0x1 0x0 0x0 0x0
WARNING: Atf_Debug(58): 0x84000073 0x1190 0x1000 0x0 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x84000073
Current share states:
SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7
SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7
SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): partially sent with 1 fragments, 0 retrieved, sender's original mode: 0x7
WARNING: Atf_Debug(58): 0x8400007a 0x2 0x0 0x1000 0x0 0x0 0x0 0x0
WARNING: Atf_Debug(58): 0x8400007b 0x2 0x0 0x190 0x0 0x0 0x0 0x0
VERBOSE: Hafnium_Debug ffa_handler func:0x8400007b
VERBOSE: Hafnium_Debug fragment_length:0x190
VERBOSE: Hafnium_Debug fragment_copy:00000000ff30e000, from_msg:00000008bdd48000
ERROR: Data abort: pc=0xff21a688, esr=0x96000006, ec=0x25, far=0x9c
Panic: EL2 exception
the error occured when Hafnium run the code:
api_ffa_mem_frag_tx
memcpy_s(fragment_copy, MM_PPOOL_ENTRY_SIZE, from_msg, fragment_length);
It seems that I did not add the page table at 0x00000000ff30e000 or 0x00000008bdd48000,
but I am not quite clear about what fragment_copy and from_msg mean.
Can someone help me see what the problem is?
Regards,
Yuye.
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org
To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
Hi Olivier,
Fix from https://github.com/OP-TEE/optee_os/issues/5803#issuecomment-1436084763 <https://github.com/OP-TEE/optee_os/issues/5803#issuecomment-1436084763 > has been confirmed in the comments.
Regards,
Yuye.
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年2月28日(星期二) 01:57
收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:高海源(码源) <haiyuan.ghy(a)alibaba-inc.com>; 王一蒙(北见) <wym389994(a)alibaba-inc.com>
主 题:Re: [Hafnium] hafnium page table configuration
Hi Yuye,
See comments inline [OD].
Regards,
Olivier.
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 22 February 2023 04:17
To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: 高海源(码源) <haiyuan.ghy(a)alibaba-inc.com>; 王一蒙(北见) <wym389994(a)alibaba-inc.com>
Subject: 回复:[Hafnium] hafnium page table configuration
Hi, Olivier,
Sorry for the delay in replying to this query.
As I've seen in the documentation, in the case of hafnium implemented as S-EL2,
NWd uses shared memory to communicate with SWd and there are two steps to register the page table.
Please correct me if there are any errors in my description.
Firstly, Linux sends FFA_MEM_SHARE to SPMC (Hafnium), which completes memory mapping for S-EL1's stage-2 transition.
Secondly, Linux sends FFA_MSG_SEND_DIRECT_REQ to OPTEE, and OPTEE then retrieves the IPA space from SPMC according to the cookie received
and then completes the memory mapping for S-EL1's stage-1 transition.
[OD] That's quite correct, with the subtle difference that the region is mapped in SP's S2 page tables upon the receiver SP emitting the memory retrieve request.
The SP maps the region in the S1 page tables after receiving the memory retrieve response from the SPMC.
Our solution to the problem is: After the first step be completed, we add the invalidation of TLB,
which seems to greatly reduce the probability of problem occurrence when testing the optee_examples.
The root cause still needs to be further located.
[OD] There is a probable miss with invalidating the S2 TLB entries for NS IPA space.
Interestingly, this issue is not observed with models, but likely to happen on real silicon.
Can you try the suggested temp. fix from https://github.com/OP-TEE/optee_os/issues/5803#issuecomment-1436084763 <https://github.com/OP-TEE/optee_os/issues/5803#issuecomment-1436084763 > ?
(while reverting your own TLB invalidation fix. ?)
I'm working on a cleaner fix, and prioritize if this issue is confirmed at your end.
It should be noted that our OPTEE version is based on 3.19-rc,
and Hafnium version is based on the commit:
https://git.trustedfirmware.org/hafnium/hafnium.git/commit/?id=dd883207ee9b… <https://git.trustedfirmware.org/hafnium/hafnium.git/commit/?id=dd883207ee9b… >
Anyway, thanks for the support.
Regards,
Yuye.
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年2月11日(星期六) 00:56
收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
主 题:Re: [Hafnium] hafnium page table configuration
Hi Yuye,
Quick feedback, we have a test case testing SP to SP mem sharing with a large physical address (for a NS memory region), so I expect this is covered:
https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/tftf/tests/runtime… <https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/tftf/tests/runtime… >
https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/cactus_… <https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/cactus_… >
https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/plat/ar… <https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/plat/ar… >
There may certainly be other reasons, but before investigating further, is this still an issue at your end?
Regards,
Olivier.
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 06 February 2023 07:41
To: hafnium <hafnium(a)lists.trustedfirmware.org>
Subject: [Hafnium] hafnium page table configuration
Hi,
At present, I suspect that this may be a hafnium problem,
secure_storage CA/TA may use over 34G address space before communication.
May I ask, does hafnium currently support the configuration of the page table of 0x8 80000000-xxxxxxxxx address range?
If yes, how to configure it?
The error log is as follows:
Current share states: SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 WARNING: Stage-2 page fault: pc=0x40032106, vmid=0x8001, vcpu=13, vaddr=0x40046ce0, ipaddr=0x8a9b28ce0, mode=0x81 0x63 NOTICE: Injecting Data Abort exception into VM 0x8001. D/TC:013 0 abort_handler:550 [abort] abort in User mode (TA will panic) E/TC:??? 0 E/TC:??? 0 User mode data-abort at address 0x40046ce0 (translation fault) E/TC:??? 0 esr 0x94020007 ttbr0 0x20000f03061a0 ttbr1 0x00000000 cidr 0x0 E/TC:??? 0 cpu #13 cpsr 0x00000130 E/TC:??? 0 x0 000000004003e348 x1 000000004003e349 E/TC:??? 0 x2 0000000040046ce0 x3 000000004003e348 E/TC:??? 0 x4 0000000040036088 x5 0000000000000000 E/TC:??? 0 x6 0000000000000000 x7 0000000040042e28 E/TC:??? 0 x8 0000000000000000 x9 0000000000000000 E/TC:??? 0 x10 0000000000000000 x11 0000000000000000 E/TC:??? 0 x12 0000000000000000 x13 0000000040042e28 E/TC:??? 0 x14 00000000400213cf x15 0000000000000000 E/TC:??? 0 x16 0000000000000000 x17 0000000000000000 E/TC:??? 0 x18 0000000000000000 x19 0000000000000000 E/TC:??? 0 x20 0000000000000000 x21 0000000000000000 E/TC:??? 0 x22 0000000000000000 x23 0000000000000000 E/TC:??? 0 x24 0000000000000000 x25 0000000000000000 E/TC:??? 0 x26 0000000000000000 x27 0000000000000000 E/TC:??? 0 x28 0000000000000000 x29 0000000000000000 E/TC:??? 0 x30 0000000000000000 elr 0000000040032106 E/TC:??? 0 sp_el0 0000000040042f80 E/LD: Status of TA f4e750bb-1437-4fbf-8785-8d3580c34994 E/LD: arch: arm E/LD: region 0: va 0x40006000 pa 0xf0404000 size 0x002000 flags rw-s (ldelf) E/LD: region 1: va 0x40008000 pa 0xf0406000 size 0x011000 flags r-xs (ldelf) E/LD: region 2: va 0x40019000 pa 0xf0417000 size 0x001000 flags rw-s (ldelf) E/LD: region 3: va 0x4001a000 pa 0xf0418000 size 0x004000 flags rw-s (ldelf) E/LD: region 4: va 0x4001e000 pa 0xf041c000 size 0x001000 flags r--s E/LD: region 5: va 0x4001f000 pa 0x00001000 size 0x017000 flags r-xs [0] E/LD: region 6: va 0x40036000 pa 0x00018000 size 0x00c000 flags rw-s [0] E/LD: region 7: va 0x40042000 pa 0xf0440000 size 0x001000 flags rw-s (stack) E/LD: region 8: va 0x40043000 pa 0x8b9101620 size 0x003000 flags rw-- (param) E/LD: region 9: va 0x40046000 pa 0x8a9b28ce0 size 0x001000 flags rw-- (param) E/LD: [0] f4e750bb-1437-4fbf-8785-8d3580c34994 @ 0x4001f000 E/LD: Call stack
Regards,
Yuye
------------------------------------------------------------------
发件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
发送时间:2023年2月4日(星期六) 11:40
收件人:op-tee <op-tee(a)lists.trustedfirmware.org>
抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>; 高海源(码源) <haiyuan.ghy(a)alibaba-inc.com>; 王一蒙(北见) <wym389994(a)alibaba-inc.com>
主 题:OPTEE TA Crash
Hi,
Does anyone have a good solution to this problem?
https://github.com/OP-TEE/optee_os/issues/5803 <https://github.com/OP-TEE/optee_os/issues/5803 > <https://github.com/OP-TEE/optee_os/issues/5803 <https://github.com/OP-TEE/optee_os/issues/5803 > >
regards,
yuye
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org
To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
Hi Yuye,
I sense those questions are related to downstream changes of yours, and I may not be able to provide accurate answers without seeing the code.
Please clarify if the questions are related to the upstream version of Hafnium.
See additional comments below [OD].
Regards,
Olivier.
________________________________
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 06 March 2023 14:15
To: Olivier Deprez <Olivier.Deprez(a)arm.com>
Cc: Jens Wiklander <jens.wiklander(a)linaro.org>
Subject: Re: Multi-OPTEE run with Hafnium
Hi, Olivier,
On this question, I should add something based on the results of my tests.
When I enter Hafnium through framwork message, the value of the global variable remains the same.
[OD] please explain what is a framework message.
When I re-enter the Hafnium image_entry via spmd_init, the global variable is restored to its original value.
[OD] I'm not sure about the flow here, it depends about where the variable is declared and whether you have local changes to the hafnium boot flows.
Do you know why?
Regards,
Yuye.
------------------------------------------------------------------
发件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
发送时间:2023年3月6日(星期一) 17:00
收件人:Olivier Deprez <olivier.deprez(a)arm.com>
抄 送:Jens Wiklander <jens.wiklander(a)linaro.org>
主 题:Multi-OPTEE run with Hafnium
Hi, Olivier,
I want to ask a question about variable modification.
Before this, let me explain the background about the question.
Now, I have run into host OS with Hafnium as spmc and OPTEE as SP.
Then the optee driver will send a framwork message to Hafnium to inform it that whether the current state of the host OS is booting or running,
[OD] What is a 'framework message' in this context? Is this a custom direct request from driver to optee?
so that Hafnium could know which vm node(SP) it should load and init at current state.
[OD] Can you please explain why this is required?
This current state is represented by a global variable.
[OD] do you mean a variable in Hafnium's BSS space?
Will the global variable change when message flow exit Hafnium and enter it again?
[OD] This depends in which section the variable is declared (see above).
Regards,
Yuye.
Hi,
Current Hafnium build and test configs cover both cases of non-VHE (HCR_EL2.E2H=0) and VHE (HCR_EL2.E2H=1).
From an Arm architecture perspective the latter is a superset of the former.
We get to know that non-VHE becomes a legacy, and other projects in general tend to always enable Armv8.1 VHE extension early at boot.
Our focus being S-EL2 (Armv8.4+) it looks reasonable to assume Armv8.1's VHE is present on chipsets loading and booting Hafnium.
That said we're exploring the possibility to abandon 'non-vhe' builds, and focus build and test on vhe-enabled builds.
The intent to simplify build configurations, and improve build and test time.
Joao made experiments in 2 steps, first on removing the said build configurations, and then runtime checks.
This gives good results at least in terms of build time , and simplification in build/test scripts.
https://review.trustedfirmware.org/c/hafnium/hafnium/+/18925/https://review.trustedfirmware.org/c/hafnium/project/reference/+/18926/
This message is to poll the community for feedback, as to whether this is foreseen as an issue (or not!) for on going deployments, before we engage further in this refactoring.
Thanks & Regards,
Olivier.
Hi Yuye,
See comments inline [OD].
Regards,
Olivier.
________________________________
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 22 February 2023 04:17
To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: 高海源(码源) <haiyuan.ghy(a)alibaba-inc.com>; 王一蒙(北见) <wym389994(a)alibaba-inc.com>
Subject: 回复:[Hafnium] hafnium page table configuration
Hi, Olivier,
Sorry for the delay in replying to this query.
As I've seen in the documentation, in the case of hafnium implemented as S-EL2,
NWd uses shared memory to communicate with SWd and there are two steps to register the page table.
Please correct me if there are any errors in my description.
Firstly, Linux sends FFA_MEM_SHARE to SPMC (Hafnium), which completes memory mapping for S-EL1's stage-2 transition.
Secondly, Linux sends FFA_MSG_SEND_DIRECT_REQ to OPTEE, and OPTEE then retrieves the IPA space from SPMC according to the cookie received
and then completes the memory mapping for S-EL1's stage-1 transition.
[OD] That's quite correct, with the subtle difference that the region is mapped in SP's S2 page tables upon the receiver SP emitting the memory retrieve request.
The SP maps the region in the S1 page tables after receiving the memory retrieve response from the SPMC.
Our solution to the problem is: After the first step be completed, we add the invalidation of TLB,
which seems to greatly reduce the probability of problem occurrence when testing the optee_examples.
The root cause still needs to be further located.
[OD] There is a probable miss with invalidating the S2 TLB entries for NS IPA space.
Interestingly, this issue is not observed with models, but likely to happen on real silicon.
Can you try the suggested temp. fix from https://github.com/OP-TEE/optee_os/issues/5803#issuecomment-1436084763 ?
(while reverting your own TLB invalidation fix. ?)
I'm working on a cleaner fix, and prioritize if this issue is confirmed at your end.
It should be noted that our OPTEE version is based on 3.19-rc,
and Hafnium version is based on the commit:
https://git.trustedfirmware.org/hafnium/hafnium.git/commit/?id=dd883207ee9b…
Anyway, thanks for the support.
Regards,
Yuye.
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年2月11日(星期六) 00:56
收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
主 题:Re: [Hafnium] hafnium page table configuration
Hi Yuye,
Quick feedback, we have a test case testing SP to SP mem sharing with a large physical address (for a NS memory region), so I expect this is covered:
https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/tftf/tests/runtime…https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/cactus_…https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/plat/ar…
There may certainly be other reasons, but before investigating further, is this still an issue at your end?
Regards,
Olivier.
________________________________
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 06 February 2023 07:41
To: hafnium <hafnium(a)lists.trustedfirmware.org>
Subject: [Hafnium] hafnium page table configuration
Hi,
At present, I suspect that this may be a hafnium problem,
secure_storage CA/TA may use over 34G address space before communication.
May I ask, does hafnium currently support the configuration of the page table of 0x8 80000000-xxxxxxxxx address range?
If yes, how to configure it?
The error log is as follows:
Current share states: SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 WARNING: Stage-2 page fault: pc=0x40032106, vmid=0x8001, vcpu=13, vaddr=0x40046ce0, ipaddr=0x8a9b28ce0, mode=0x81 0x63 NOTICE: Injecting Data Abort exception into VM 0x8001. D/TC:013 0 abort_handler:550 [abort] abort in User mode (TA will panic) E/TC:??? 0 E/TC:??? 0 User mode data-abort at address 0x40046ce0 (translation fault) E/TC:??? 0 esr 0x94020007 ttbr0 0x20000f03061a0 ttbr1 0x00000000 cidr 0x0 E/TC:??? 0 cpu #13 cpsr 0x00000130 E/TC:??? 0 x0 000000004003e348 x1 000000004003e349 E/TC:??? 0 x2 0000000040046ce0 x3 000000004003e348 E/TC:??? 0 x4 0000000040036088 x5 0000000000000000 E/TC:??? 0 x6 0000000000000000 x7 0000000040042e28 E/TC:??? 0 x8 0000000000000000 x9 0000000000000000 E/TC:??? 0 x10 0000000000000000 x11 0000000000000000 E/TC:??? 0 x12 0000000000000000 x13 0000000040042e28 E/TC:??? 0 x14 00000000400213cf x15 0000000000000000 E/TC:??? 0 x16 0000000000000000 x17 0000000000000000 E/TC:??? 0 x18 0000000000000000 x19 0000000000000000 E/TC:??? 0 x20 0000000000000000 x21 0000000000000000 E/TC:??? 0 x22 0000000000000000 x23 0000000000000000 E/TC:??? 0 x24 0000000000000000 x25 0000000000000000 E/TC:??? 0 x26 0000000000000000 x27 0000000000000000 E/TC:??? 0 x28 0000000000000000 x29 0000000000000000 E/TC:??? 0 x30 0000000000000000 elr 0000000040032106 E/TC:??? 0 sp_el0 0000000040042f80 E/LD: Status of TA f4e750bb-1437-4fbf-8785-8d3580c34994 E/LD: arch: arm E/LD: region 0: va 0x40006000 pa 0xf0404000 size 0x002000 flags rw-s (ldelf) E/LD: region 1: va 0x40008000 pa 0xf0406000 size 0x011000 flags r-xs (ldelf) E/LD: region 2: va 0x40019000 pa 0xf0417000 size 0x001000 flags rw-s (ldelf) E/LD: region 3: va 0x4001a000 pa 0xf0418000 size 0x004000 flags rw-s (ldelf) E/LD: region 4: va 0x4001e000 pa 0xf041c000 size 0x001000 flags r--s E/LD: region 5: va 0x4001f000 pa 0x00001000 size 0x017000 flags r-xs [0] E/LD: region 6: va 0x40036000 pa 0x00018000 size 0x00c000 flags rw-s [0] E/LD: region 7: va 0x40042000 pa 0xf0440000 size 0x001000 flags rw-s (stack) E/LD: region 8: va 0x40043000 pa 0x8b9101620 size 0x003000 flags rw-- (param) E/LD: region 9: va 0x40046000 pa 0x8a9b28ce0 size 0x001000 flags rw-- (param) E/LD: [0] f4e750bb-1437-4fbf-8785-8d3580c34994 @ 0x4001f000 E/LD: Call stack
Regards,
Yuye
------------------------------------------------------------------
发件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
发送时间:2023年2月4日(星期六) 11:40
收件人:op-tee <op-tee(a)lists.trustedfirmware.org>
抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>; 高海源(码源) <haiyuan.ghy(a)alibaba-inc.com>; 王一蒙(北见) <wym389994(a)alibaba-inc.com>
主 题:OPTEE TA Crash
Hi,
Does anyone have a good solution to this problem?
https://github.com/OP-TEE/optee_os/issues/5803 <https://github.com/OP-TEE/optee_os/issues/5803 >
regards,
yuye
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org
To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
Hi, experts
Here are the comments I saw in the Hafnium code.
/*
* Hafnium doesn't support fragmentation of memory retrieve requests
* (because it doesn't support caller-specified mappings, so a request
* will never be larger than a single page), so this must be part of a
* memory send (i.e. donate, lend or share) request.
*
* We can tell from the handle whether the memory transaction is for the
* TEE or not.
*/
I have a few questions about this description.
1. In the case of Hafnium as SPMC, optee should register memory fragments allocated by linux.
What does Hafnium do with these memory fragments since doesn't support fragmentation of memory retrieve requests?
2. How does Hafnium map the page tables of stage-2 in dynamic shared memory for CA/TA,
and are these page tables stored in the heap, or where?
3. What does HF_MAILBOX for dynamic shared memory mean? How does it relate to RX/TX buffer?
Where can I see the related introduction in detail?
Regards,
Yuye
