Re: [edk2-devel] [Patch] StandaloneMmPkg: Fixed communicating from TF-A failed issue

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ming Huang" <huangming@linux.alibaba.com>
To: Ard Biesheuvel <ardb@kernel.org>,
	Omkar Kulkarni <Omkar.Kulkarni@arm.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Sami Mujawar <Sami.Mujawar@arm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Supreeth Venkatesh <Supreeth.Venkatesh@arm.com>,
	"guoheyi@linux.alibaba.com" <guoheyi@linux.alibaba.com>,
	nd <nd@arm.com>
Subject: Re: [edk2-devel] [Patch] StandaloneMmPkg: Fixed communicating from TF-A failed issue
Date: Fri, 18 Jun 2021 11:42:13 +0800	[thread overview]
Message-ID: <4c209aa5-b3f3-d643-2791-6a57ca16200b@linux.alibaba.com> (raw)
In-Reply-To: <CAMj1kXFzzz9RtM7mrXX=BLdu6+WjxWjYHh_Qe-NZ13npmGVuZw@mail.gmail.com>



On 6/16/21 10:10 PM, Ard Biesheuvel wrote:
> On Wed, 16 Jun 2021 at 07:30, Omkar Kulkarni <Omkar.Kulkarni@arm.com> wrote:
>>
>>
>> On 6/10/21 6:44 AM, Ming Huang via groups.io wrote:
>>> On 6/9/21 3:10 PM, Ard Biesheuvel wrote:
>>>> On Tue, 8 Jun 2021 at 16:21, Ming Huang <huangming@linux.alibaba.com>
>>> wrote:
>>>>>
>>>>> TF-A: TrustedFirmware-a
>>>>> SPM: Secure Partition Manager(MM)
>>>>>
>>>>> For AArch64, when SPM enable in TF-A, TF-A may communicate to MM
>>> with
>>>>> buffer address (PLAT_SPM_BUF_BASE). The address is different from
>>>>> PcdMmBufferBase which use in edk2.
>>>>
>>>> Then why do we have PcdMmBufferBase?
>>>
>>> ArmPkg use this Pcd for the base address of non-secure communication
>>> buffer.
>>>
>>>>
>>>> Is it possible to set PcdMmBufferBase to the correct value?
>>>
>>> The secure communication may interrupt the non-secure communication. if
>>> we use the same address (PcdMmBufferBase and PLAT_SPM_BUF_BASE), the
>>> date in communication buffer may be corrupted.
>>>
>>> Best Regards,
>>> Ming
>>
>> In case where an interrupt handler executing from EL3 makes a call into StandaloneMM, the handler in EL3 makes an spm call into StandaloneMM using PLAT_SPM_BUF_BASE buffer base address. This PLAT_SPM_BUF_BASE is a shared buffer between EL3 and S-EL0. This is where the following check fails and leads to spm call failure. So this change would help resolve this issue.
>>
> 
> But is it the right fix? Why would EDK2 even be aware of how EL3 and
> S-EL0 communicate with each other, and where the buffer is located?

The root cause for this problem is that the StandaloneMmPkg and TF-A
are not full cooperative.
PLAT_SPM_BUF_BASE is not dynamic buffer just like PcdMmBufferBase.

Please refer PcdMmBufferBase comments in edk2-platforms/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc: 
  #
  # Set the base address and size of the buffer used
  # for communication between the Normal world edk2
  # with StandaloneMm image at S-EL0 through MM_COMMUNICATE.
  # This buffer gets allocated in ATF and since we do not have
  # a mechanism currently to communicate the base address and
  # size of this buffer from ATF, hard-code it here
  #
  ## MM Communicate
  gArmTokenSpaceGuid.PcdMmBufferBase|0xFF600000
  gArmTokenSpaceGuid.PcdMmBufferSize|0x10000


Best Regards,
Ming

> 
> 
>>>
>>>>
>>>>> Checking address will let TF-A communicate failed to MM. So remove
>>>>> below checking code:
>>>>> if (NsCommBufferAddr < mNsCommBuffer.PhysicalStart) {
>>>>>   return EFI_ACCESS_DENIED;
>>>>> }
>>>>>
>>>>> Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
>>>>> ---
>>>>>  StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/EventHandle.c |
>>> 4
>>>>> ----
>>>>>  1 file changed, 4 deletions(-)
>>>>>
>>>>> diff --git
>>>>> a/StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/EventHandle.c
>>>>> b/StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/EventHandle.c
>>>>> index 63fbe26642..fe98d3181d 100644
>>>>> ---
>>> a/StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/EventHandle.c
>>>>> +++
>>> b/StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/EventHandle.c
>>>>> @@ -103,10 +103,6 @@ PiMmStandaloneArmTfCpuDriverEntry (
>>>>>      return EFI_INVALID_PARAMETER;
>>>>>    }
>>>>>
>>>>> -  if (NsCommBufferAddr < mNsCommBuffer.PhysicalStart) {
>>>>> -    return EFI_ACCESS_DENIED;
>>>>> -  }
>>>>> -
>>>>>    if ((NsCommBufferAddr + sizeof (EFI_MM_COMMUNICATE_HEADER)) >=
>>>>>        (mNsCommBuffer.PhysicalStart + mNsCommBuffer.PhysicalSize)) {
>>>>>      return EFI_INVALID_PARAMETER;
>>>>> --
>>>>> 2.17.1
>>>>>
>>>
>>>
>>> 
>>>
>>

     prev parent reply	other threads:[~2021-06-18  3:42 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-08 14:21 [Patch] StandaloneMmPkg: Fixed communicating from TF-A failed issue Ming Huang
2021-06-09  7:10 ` Ard Biesheuvel
2021-06-10  1:14   ` Ming Huang
2021-06-16  5:29     ` [edk2-devel] " Omkar Anand Kulkarni
2021-06-16 14:10       ` Ard Biesheuvel
2021-06-18  3:42         ` Ming Huang [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4c209aa5-b3f3-d643-2791-6a57ca16200b@linux.alibaba.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox