diff mbox series

[XEN,v9,02/24] xen/arm: add TEE teardown to arch_domain_teardown()

Message ID 20230705093433.2514898-3-jens.wiklander@linaro.org (mailing list archive)
State Superseded
Headers show
Series Xen FF-A mediator | expand

Commit Message

Jens Wiklander July 5, 2023, 9:34 a.m. UTC 
Adds a progress state for tee_domain_teardown() to be called from
arch_domain_teardown(). tee_domain_teardown() calls the new callback
domain_teardown() in struct tee_mediator_ops.

An empty domain_teardown() callback is added to the OP-TEE mediator.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Co-developed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

---
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Julien Grall <julien@xen.org>
CC: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
CC: Bertrand Marquis <bertrand.marquis@arm.com>
CC: Jens Wiklander <jens.wiklander@linaro.org>
---
 xen/arch/arm/domain.c              | 36 ++++++++++++++++++++++++++++++
 xen/arch/arm/include/asm/tee/tee.h |  7 ++++++
 xen/arch/arm/tee/optee.c           |  6 +++++
 xen/arch/arm/tee/tee.c             |  8 +++++++
 4 files changed, 57 insertions(+)

Comments

Bertrand Marquis July 12, 2023, 7:57 a.m. UTC | #1 
Hi Jens,

> On 5 Jul 2023, at 11:34, Jens Wiklander <jens.wiklander@linaro.org> wrote:
> 
> Adds a progress state for tee_domain_teardown() to be called from
> arch_domain_teardown(). tee_domain_teardown() calls the new callback
> domain_teardown() in struct tee_mediator_ops.
> 
> An empty domain_teardown() callback is added to the OP-TEE mediator.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Co-developed-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>

Cheers
Bertrand

> 
> ---
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: Julien Grall <julien@xen.org>
> CC: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
> CC: Bertrand Marquis <bertrand.marquis@arm.com>
> CC: Jens Wiklander <jens.wiklander@linaro.org>
> ---
> xen/arch/arm/domain.c              | 36 ++++++++++++++++++++++++++++++
> xen/arch/arm/include/asm/tee/tee.h |  7 ++++++
> xen/arch/arm/tee/optee.c           |  6 +++++
> xen/arch/arm/tee/tee.c             |  8 +++++++
> 4 files changed, 57 insertions(+)
> 
> diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> index 15d9709a97d2..18171decdc66 100644
> --- a/xen/arch/arm/domain.c
> +++ b/xen/arch/arm/domain.c
> @@ -795,6 +795,42 @@ fail:
> 
> int arch_domain_teardown(struct domain *d)
> {
> +    int ret = 0;
> +
> +    BUG_ON(!d->is_dying);
> +
> +    /* See domain_teardown() for an explanation of all of this magic. */
> +    switch ( d->teardown.arch_val )
> +    {
> +#define PROGRESS(x)                             \
> +        d->teardown.arch_val = PROG_ ## x;      \
> +        fallthrough;                            \
> +    case PROG_ ## x
> +
> +        enum {
> +            PROG_none,
> +            PROG_tee,
> +            PROG_done,
> +        };
> +
> +    case PROG_none:
> +        BUILD_BUG_ON(PROG_none != 0);
> +
> +    PROGRESS(tee):
> +        ret = tee_domain_teardown(d);
> +        if ( ret )
> +            return ret;
> +        break;
> +
> +    PROGRESS(done):
> +        break;
> +
> +#undef PROGRESS
> +
> +    default:
> +        BUG();
> +    }
> +
>     return 0;
> }
> 
> diff --git a/xen/arch/arm/include/asm/tee/tee.h b/xen/arch/arm/include/asm/tee/tee.h
> index f483986385c8..da324467e130 100644
> --- a/xen/arch/arm/include/asm/tee/tee.h
> +++ b/xen/arch/arm/include/asm/tee/tee.h
> @@ -34,6 +34,7 @@ struct tee_mediator_ops {
>      * guest and create own structures for the new domain.
>      */
>     int (*domain_init)(struct domain *d);
> +    int (*domain_teardown)(struct domain *d);
> 
>     /*
>      * Called during domain destruction to relinquish resources used
> @@ -62,6 +63,7 @@ struct tee_mediator_desc {
> 
> bool tee_handle_call(struct cpu_user_regs *regs);
> int tee_domain_init(struct domain *d, uint16_t tee_type);
> +int tee_domain_teardown(struct domain *d);
> int tee_relinquish_resources(struct domain *d);
> uint16_t tee_get_type(void);
> 
> @@ -93,6 +95,11 @@ static inline int tee_relinquish_resources(struct domain *d)
>     return 0;
> }
> 
> +static inline int tee_domain_teardown(struct domain *d)
> +{
> +    return 0;
> +}
> +
> static inline uint16_t tee_get_type(void)
> {
>     return XEN_DOMCTL_CONFIG_TEE_NONE;
> diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
> index 301d205a36c5..c91bd7d5ac25 100644
> --- a/xen/arch/arm/tee/optee.c
> +++ b/xen/arch/arm/tee/optee.c
> @@ -268,6 +268,11 @@ static int optee_domain_init(struct domain *d)
>     return 0;
> }
> 
> +static int optee_domain_teardown(struct domain *d)
> +{
> +    return 0;
> +}
> +
> static uint64_t regpair_to_uint64(register_t reg0, register_t reg1)
> {
>     return ((uint64_t)reg0 << 32) | (uint32_t)reg1;
> @@ -1732,6 +1737,7 @@ static const struct tee_mediator_ops optee_ops =
> {
>     .probe = optee_probe,
>     .domain_init = optee_domain_init,
> +    .domain_teardown = optee_domain_teardown,
>     .relinquish_resources = optee_relinquish_resources,
>     .handle_call = optee_handle_call,
> };
> diff --git a/xen/arch/arm/tee/tee.c b/xen/arch/arm/tee/tee.c
> index 3964a8a5cddf..ddd17506a9ff 100644
> --- a/xen/arch/arm/tee/tee.c
> +++ b/xen/arch/arm/tee/tee.c
> @@ -52,6 +52,14 @@ int tee_domain_init(struct domain *d, uint16_t tee_type)
>     return cur_mediator->ops->domain_init(d);
> }
> 
> +int tee_domain_teardown(struct domain *d)
> +{
> +    if ( !cur_mediator )
> +        return 0;
> +
> +    return cur_mediator->ops->domain_teardown(d);
> +}
> +
> int tee_relinquish_resources(struct domain *d)
> {
>     if ( !cur_mediator )
> -- 
> 2.34.1
>
Andrew Cooper July 12, 2023, 8:31 a.m. UTC | #2 
On 05/07/2023 10:34 am, Jens Wiklander wrote:
> diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> index 15d9709a97d2..18171decdc66 100644
> --- a/xen/arch/arm/domain.c
> +++ b/xen/arch/arm/domain.c
> @@ -795,6 +795,42 @@ fail:
>  
>  int arch_domain_teardown(struct domain *d)
>  {
> +    int ret = 0;
> +
> +    BUG_ON(!d->is_dying);
> +
> +    /* See domain_teardown() for an explanation of all of this magic. */
> +    switch ( d->teardown.arch_val )
> +    {
> +#define PROGRESS(x)                             \
> +        d->teardown.arch_val = PROG_ ## x;      \
> +        fallthrough;                            \
> +    case PROG_ ## x
> +
> +        enum {
> +            PROG_none,
> +            PROG_tee,
> +            PROG_done,
> +        };
> +
> +    case PROG_none:
> +        BUILD_BUG_ON(PROG_none != 0);
> +
> +    PROGRESS(tee):
> +        ret = tee_domain_teardown(d);
> +        if ( ret )
> +            return ret;
> +        break;

This unconditional break isn't correct.

The logic functions right now (because upon hitting return 0, you don't
re-enter this function), but will cease working when you add a new
PROG_*, or when the calling code gets more complicated.

> +
> +    PROGRESS(done):
> +        break;

This needs to be the only break in the switch statement, for it to
behave in the intended manner.

~Andrew
Julien Grall July 12, 2023, 9:52 a.m. UTC | #3 
Hi Jens,

On 05/07/2023 10:34, Jens Wiklander wrote:
> Adds a progress state for tee_domain_teardown() to be called from
> arch_domain_teardown(). tee_domain_teardown() calls the new callback
> domain_teardown() in struct tee_mediator_ops.
> 
> An empty domain_teardown() callback is added to the OP-TEE mediator.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Co-developed-by: Andrew Cooper <andrew.cooper3@citrix.com>

I am a bit confused with the tags ordering. The first signed-off-by 
indicates that Andrew is the author but he co-developped with himself? 
Did you indent to put your signed-off-by first?

> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> 
> ---
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: Julien Grall <julien@xen.org>
> CC: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
> CC: Bertrand Marquis <bertrand.marquis@arm.com>
> CC: Jens Wiklander <jens.wiklander@linaro.org>
> ---
>   xen/arch/arm/domain.c              | 36 ++++++++++++++++++++++++++++++
>   xen/arch/arm/include/asm/tee/tee.h |  7 ++++++
>   xen/arch/arm/tee/optee.c           |  6 +++++
>   xen/arch/arm/tee/tee.c             |  8 +++++++
>   4 files changed, 57 insertions(+)
> 
> diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> index 15d9709a97d2..18171decdc66 100644
> --- a/xen/arch/arm/domain.c
> +++ b/xen/arch/arm/domain.c
> @@ -795,6 +795,42 @@ fail:
>   
>   int arch_domain_teardown(struct domain *d)
>   {
> +    int ret = 0;
> +
> +    BUG_ON(!d->is_dying);
> +
> +    /* See domain_teardown() for an explanation of all of this magic. */
> +    switch ( d->teardown.arch_val )
> +    {
> +#define PROGRESS(x)                             \
> +        d->teardown.arch_val = PROG_ ## x;      \
> +        fallthrough;                            \
> +    case PROG_ ## x
> +
> +        enum {
> +            PROG_none,
> +            PROG_tee,
> +            PROG_done,
> +        };
> +
> +    case PROG_none:
> +        BUILD_BUG_ON(PROG_none != 0);
> +
> +    PROGRESS(tee):
> +        ret = tee_domain_teardown(d);
> +        if ( ret )
> +            return ret;
> +        break;
> +
> +    PROGRESS(done):
> +        break;
> +
> +#undef PROGRESS
> +
> +    default:
> +        BUG();
> +    }
> +
>       return 0;
>   }
>   
> diff --git a/xen/arch/arm/include/asm/tee/tee.h b/xen/arch/arm/include/asm/tee/tee.h
> index f483986385c8..da324467e130 100644
> --- a/xen/arch/arm/include/asm/tee/tee.h
> +++ b/xen/arch/arm/include/asm/tee/tee.h
> @@ -34,6 +34,7 @@ struct tee_mediator_ops {
>        * guest and create own structures for the new domain.
>        */
>       int (*domain_init)(struct domain *d);
> +    int (*domain_teardown)(struct domain *d);
>   
>       /*
>        * Called during domain destruction to relinquish resources used
> @@ -62,6 +63,7 @@ struct tee_mediator_desc {
>   
>   bool tee_handle_call(struct cpu_user_regs *regs);
>   int tee_domain_init(struct domain *d, uint16_t tee_type);
> +int tee_domain_teardown(struct domain *d);
>   int tee_relinquish_resources(struct domain *d);
>   uint16_t tee_get_type(void);
>   
> @@ -93,6 +95,11 @@ static inline int tee_relinquish_resources(struct domain *d)
>       return 0;
>   }
>   
> +static inline int tee_domain_teardown(struct domain *d)
> +{
> +    return 0;
> +}
> +
>   static inline uint16_t tee_get_type(void)
>   {
>       return XEN_DOMCTL_CONFIG_TEE_NONE;
> diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
> index 301d205a36c5..c91bd7d5ac25 100644
> --- a/xen/arch/arm/tee/optee.c
> +++ b/xen/arch/arm/tee/optee.c
> @@ -268,6 +268,11 @@ static int optee_domain_init(struct domain *d)
>       return 0;
>   }
>   
> +static int optee_domain_teardown(struct domain *d)
> +{
> +    return 0;

I think for OP-TEE, we also need to moved the smc call to destroy the VM 
here. I am OK if this is not handled here, but it would be worth 
mentioning in the commit message.

> +}
> +
>   static uint64_t regpair_to_uint64(register_t reg0, register_t reg1)
>   {
>       return ((uint64_t)reg0 << 32) | (uint32_t)reg1;
> @@ -1732,6 +1737,7 @@ static const struct tee_mediator_ops optee_ops =
>   {
>       .probe = optee_probe,
>       .domain_init = optee_domain_init,
> +    .domain_teardown = optee_domain_teardown,
>       .relinquish_resources = optee_relinquish_resources,
>       .handle_call = optee_handle_call,
>   };
> diff --git a/xen/arch/arm/tee/tee.c b/xen/arch/arm/tee/tee.c
> index 3964a8a5cddf..ddd17506a9ff 100644
> --- a/xen/arch/arm/tee/tee.c
> +++ b/xen/arch/arm/tee/tee.c
> @@ -52,6 +52,14 @@ int tee_domain_init(struct domain *d, uint16_t tee_type)
>       return cur_mediator->ops->domain_init(d);
>   }
>   
> +int tee_domain_teardown(struct domain *d)
> +{
> +    if ( !cur_mediator )
> +        return 0;
> +
> +    return cur_mediator->ops->domain_teardown(d);

NIT: I would consider to check if the callback is NULL. This would avoid 
providing dummy helper.

> +}
> +
>   int tee_relinquish_resources(struct domain *d)
>   {
>       if ( !cur_mediator )

Cheers,
Jens Wiklander July 13, 2023, 6:14 a.m. UTC | #4 
Hi,

On Wed, Jul 12, 2023 at 10:31 AM Andrew Cooper
<andrew.cooper3@citrix.com> wrote:
>
> On 05/07/2023 10:34 am, Jens Wiklander wrote:
> > diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> > index 15d9709a97d2..18171decdc66 100644
> > --- a/xen/arch/arm/domain.c
> > +++ b/xen/arch/arm/domain.c
> > @@ -795,6 +795,42 @@ fail:
> >
> >  int arch_domain_teardown(struct domain *d)
> >  {
> > +    int ret = 0;
> > +
> > +    BUG_ON(!d->is_dying);
> > +
> > +    /* See domain_teardown() for an explanation of all of this magic. */
> > +    switch ( d->teardown.arch_val )
> > +    {
> > +#define PROGRESS(x)                             \
> > +        d->teardown.arch_val = PROG_ ## x;      \
> > +        fallthrough;                            \
> > +    case PROG_ ## x
> > +
> > +        enum {
> > +            PROG_none,
> > +            PROG_tee,
> > +            PROG_done,
> > +        };
> > +
> > +    case PROG_none:
> > +        BUILD_BUG_ON(PROG_none != 0);
> > +
> > +    PROGRESS(tee):
> > +        ret = tee_domain_teardown(d);
> > +        if ( ret )
> > +            return ret;
> > +        break;
>
> This unconditional break isn't correct.
>
> The logic functions right now (because upon hitting return 0, you don't
> re-enter this function), but will cease working when you add a new
> PROG_*, or when the calling code gets more complicated.
>
> > +
> > +    PROGRESS(done):
> > +        break;
>
> This needs to be the only break in the switch statement, for it to
> behave in the intended manner.

Got it, thanks for the explanation. I'll fix it in the next version.

Thanks,
Jens

>
> ~Andrew
Jens Wiklander July 13, 2023, 7:02 a.m. UTC | #5 
Hi Julien,

On Wed, Jul 12, 2023 at 11:53 AM Julien Grall <julien@xen.org> wrote:
>
> Hi Jens,
>
> On 05/07/2023 10:34, Jens Wiklander wrote:
> > Adds a progress state for tee_domain_teardown() to be called from
> > arch_domain_teardown(). tee_domain_teardown() calls the new callback
> > domain_teardown() in struct tee_mediator_ops.
> >
> > An empty domain_teardown() callback is added to the OP-TEE mediator.
> >
> > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> > Co-developed-by: Andrew Cooper <andrew.cooper3@citrix.com>
>
> I am a bit confused with the tags ordering. The first signed-off-by
> indicates that Andrew is the author but he co-developped with himself?
> Did you indent to put your signed-off-by first?

Sorry, my mistake, I swapped the two lines. I'll fix it in the next version.

>
> > Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
> >
> > ---
> > CC: Stefano Stabellini <sstabellini@kernel.org>
> > CC: Julien Grall <julien@xen.org>
> > CC: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
> > CC: Bertrand Marquis <bertrand.marquis@arm.com>
> > CC: Jens Wiklander <jens.wiklander@linaro.org>
> > ---
> >   xen/arch/arm/domain.c              | 36 ++++++++++++++++++++++++++++++
> >   xen/arch/arm/include/asm/tee/tee.h |  7 ++++++
> >   xen/arch/arm/tee/optee.c           |  6 +++++
> >   xen/arch/arm/tee/tee.c             |  8 +++++++
> >   4 files changed, 57 insertions(+)
> >
> > diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
> > index 15d9709a97d2..18171decdc66 100644
> > --- a/xen/arch/arm/domain.c
> > +++ b/xen/arch/arm/domain.c
> > @@ -795,6 +795,42 @@ fail:
> >
> >   int arch_domain_teardown(struct domain *d)
> >   {
> > +    int ret = 0;
> > +
> > +    BUG_ON(!d->is_dying);
> > +
> > +    /* See domain_teardown() for an explanation of all of this magic. */
> > +    switch ( d->teardown.arch_val )
> > +    {
> > +#define PROGRESS(x)                             \
> > +        d->teardown.arch_val = PROG_ ## x;      \
> > +        fallthrough;                            \
> > +    case PROG_ ## x
> > +
> > +        enum {
> > +            PROG_none,
> > +            PROG_tee,
> > +            PROG_done,
> > +        };
> > +
> > +    case PROG_none:
> > +        BUILD_BUG_ON(PROG_none != 0);
> > +
> > +    PROGRESS(tee):
> > +        ret = tee_domain_teardown(d);
> > +        if ( ret )
> > +            return ret;
> > +        break;
> > +
> > +    PROGRESS(done):
> > +        break;
> > +
> > +#undef PROGRESS
> > +
> > +    default:
> > +        BUG();
> > +    }
> > +
> >       return 0;
> >   }
> >
> > diff --git a/xen/arch/arm/include/asm/tee/tee.h b/xen/arch/arm/include/asm/tee/tee.h
> > index f483986385c8..da324467e130 100644
> > --- a/xen/arch/arm/include/asm/tee/tee.h
> > +++ b/xen/arch/arm/include/asm/tee/tee.h
> > @@ -34,6 +34,7 @@ struct tee_mediator_ops {
> >        * guest and create own structures for the new domain.
> >        */
> >       int (*domain_init)(struct domain *d);
> > +    int (*domain_teardown)(struct domain *d);
> >
> >       /*
> >        * Called during domain destruction to relinquish resources used
> > @@ -62,6 +63,7 @@ struct tee_mediator_desc {
> >
> >   bool tee_handle_call(struct cpu_user_regs *regs);
> >   int tee_domain_init(struct domain *d, uint16_t tee_type);
> > +int tee_domain_teardown(struct domain *d);
> >   int tee_relinquish_resources(struct domain *d);
> >   uint16_t tee_get_type(void);
> >
> > @@ -93,6 +95,11 @@ static inline int tee_relinquish_resources(struct domain *d)
> >       return 0;
> >   }
> >
> > +static inline int tee_domain_teardown(struct domain *d)
> > +{
> > +    return 0;
> > +}
> > +
> >   static inline uint16_t tee_get_type(void)
> >   {
> >       return XEN_DOMCTL_CONFIG_TEE_NONE;
> > diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
> > index 301d205a36c5..c91bd7d5ac25 100644
> > --- a/xen/arch/arm/tee/optee.c
> > +++ b/xen/arch/arm/tee/optee.c
> > @@ -268,6 +268,11 @@ static int optee_domain_init(struct domain *d)
> >       return 0;
> >   }
> >
> > +static int optee_domain_teardown(struct domain *d)
> > +{
> > +    return 0;
>
> I think for OP-TEE, we also need to moved the smc call to destroy the VM
> here. I am OK if this is not handled here, but it would be worth
> mentioning in the commit message.

Fair enough, I'll mention that in the commit message.

>
> > +}
> > +
> >   static uint64_t regpair_to_uint64(register_t reg0, register_t reg1)
> >   {
> >       return ((uint64_t)reg0 << 32) | (uint32_t)reg1;
> > @@ -1732,6 +1737,7 @@ static const struct tee_mediator_ops optee_ops =
> >   {
> >       .probe = optee_probe,
> >       .domain_init = optee_domain_init,
> > +    .domain_teardown = optee_domain_teardown,
> >       .relinquish_resources = optee_relinquish_resources,
> >       .handle_call = optee_handle_call,
> >   };
> > diff --git a/xen/arch/arm/tee/tee.c b/xen/arch/arm/tee/tee.c
> > index 3964a8a5cddf..ddd17506a9ff 100644
> > --- a/xen/arch/arm/tee/tee.c
> > +++ b/xen/arch/arm/tee/tee.c
> > @@ -52,6 +52,14 @@ int tee_domain_init(struct domain *d, uint16_t tee_type)
> >       return cur_mediator->ops->domain_init(d);
> >   }
> >
> > +int tee_domain_teardown(struct domain *d)
> > +{
> > +    if ( !cur_mediator )
> > +        return 0;
> > +
> > +    return cur_mediator->ops->domain_teardown(d);
>
> NIT: I would consider to check if the callback is NULL. This would avoid
> providing dummy helper.

Yes, that's an advantage, but we'd treat this callback differently
from others. I'd prefer to keep this as it is if you don't mind.

Thanks,
Jens

>
> > +}
> > +
> >   int tee_relinquish_resources(struct domain *d)
> >   {
> >       if ( !cur_mediator )
>
> Cheers,
>
> --
> Julien Grall
Julien Grall July 13, 2023, 9:34 a.m. UTC | #6 
Hi,

On 13/07/2023 08:02, Jens Wiklander wrote:
>>> +}
>>> +
>>>    static uint64_t regpair_to_uint64(register_t reg0, register_t reg1)
>>>    {
>>>        return ((uint64_t)reg0 << 32) | (uint32_t)reg1;
>>> @@ -1732,6 +1737,7 @@ static const struct tee_mediator_ops optee_ops =
>>>    {
>>>        .probe = optee_probe,
>>>        .domain_init = optee_domain_init,
>>> +    .domain_teardown = optee_domain_teardown,
>>>        .relinquish_resources = optee_relinquish_resources,
>>>        .handle_call = optee_handle_call,
>>>    };
>>> diff --git a/xen/arch/arm/tee/tee.c b/xen/arch/arm/tee/tee.c
>>> index 3964a8a5cddf..ddd17506a9ff 100644
>>> --- a/xen/arch/arm/tee/tee.c
>>> +++ b/xen/arch/arm/tee/tee.c
>>> @@ -52,6 +52,14 @@ int tee_domain_init(struct domain *d, uint16_t tee_type)
>>>        return cur_mediator->ops->domain_init(d);
>>>    }
>>>
>>> +int tee_domain_teardown(struct domain *d)
>>> +{
>>> +    if ( !cur_mediator )
>>> +        return 0;
>>> +
>>> +    return cur_mediator->ops->domain_teardown(d);
>>
>> NIT: I would consider to check if the callback is NULL. This would avoid
>> providing dummy helper.
> 
> Yes, that's an advantage, but we'd treat this callback differently
> from others. 

I haven't checked the rest of the callbacks. But I would argue that any 
callback that are expected to be optional, should have an if 
(...->ops->fn). This reducing the amount of dummy helper (4 lines) each 
times.

> I'd prefer to keep this as it is if you don't mind.
I am Ok with that. Once FFA is merged, I will try to remember to go 
through the callback and there the empty ones.

Cheers,
diff mbox series

Patch

diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 15d9709a97d2..18171decdc66 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -795,6 +795,42 @@  fail:
 
 int arch_domain_teardown(struct domain *d)
 {
+    int ret = 0;
+
+    BUG_ON(!d->is_dying);
+
+    /* See domain_teardown() for an explanation of all of this magic. */
+    switch ( d->teardown.arch_val )
+    {
+#define PROGRESS(x)                             \
+        d->teardown.arch_val = PROG_ ## x;      \
+        fallthrough;                            \
+    case PROG_ ## x
+
+        enum {
+            PROG_none,
+            PROG_tee,
+            PROG_done,
+        };
+
+    case PROG_none:
+        BUILD_BUG_ON(PROG_none != 0);
+
+    PROGRESS(tee):
+        ret = tee_domain_teardown(d);
+        if ( ret )
+            return ret;
+        break;
+
+    PROGRESS(done):
+        break;
+
+#undef PROGRESS
+
+    default:
+        BUG();
+    }
+
     return 0;
 }
 
diff --git a/xen/arch/arm/include/asm/tee/tee.h b/xen/arch/arm/include/asm/tee/tee.h
index f483986385c8..da324467e130 100644
--- a/xen/arch/arm/include/asm/tee/tee.h
+++ b/xen/arch/arm/include/asm/tee/tee.h
@@ -34,6 +34,7 @@  struct tee_mediator_ops {
      * guest and create own structures for the new domain.
      */
     int (*domain_init)(struct domain *d);
+    int (*domain_teardown)(struct domain *d);
 
     /*
      * Called during domain destruction to relinquish resources used
@@ -62,6 +63,7 @@  struct tee_mediator_desc {
 
 bool tee_handle_call(struct cpu_user_regs *regs);
 int tee_domain_init(struct domain *d, uint16_t tee_type);
+int tee_domain_teardown(struct domain *d);
 int tee_relinquish_resources(struct domain *d);
 uint16_t tee_get_type(void);
 
@@ -93,6 +95,11 @@  static inline int tee_relinquish_resources(struct domain *d)
     return 0;
 }
 
+static inline int tee_domain_teardown(struct domain *d)
+{
+    return 0;
+}
+
 static inline uint16_t tee_get_type(void)
 {
     return XEN_DOMCTL_CONFIG_TEE_NONE;
diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
index 301d205a36c5..c91bd7d5ac25 100644
--- a/xen/arch/arm/tee/optee.c
+++ b/xen/arch/arm/tee/optee.c
@@ -268,6 +268,11 @@  static int optee_domain_init(struct domain *d)
     return 0;
 }
 
+static int optee_domain_teardown(struct domain *d)
+{
+    return 0;
+}
+
 static uint64_t regpair_to_uint64(register_t reg0, register_t reg1)
 {
     return ((uint64_t)reg0 << 32) | (uint32_t)reg1;
@@ -1732,6 +1737,7 @@  static const struct tee_mediator_ops optee_ops =
 {
     .probe = optee_probe,
     .domain_init = optee_domain_init,
+    .domain_teardown = optee_domain_teardown,
     .relinquish_resources = optee_relinquish_resources,
     .handle_call = optee_handle_call,
 };
diff --git a/xen/arch/arm/tee/tee.c b/xen/arch/arm/tee/tee.c
index 3964a8a5cddf..ddd17506a9ff 100644
--- a/xen/arch/arm/tee/tee.c
+++ b/xen/arch/arm/tee/tee.c
@@ -52,6 +52,14 @@  int tee_domain_init(struct domain *d, uint16_t tee_type)
     return cur_mediator->ops->domain_init(d);
 }
 
+int tee_domain_teardown(struct domain *d)
+{
+    if ( !cur_mediator )
+        return 0;
+
+    return cur_mediator->ops->domain_teardown(d);
+}
+
 int tee_relinquish_resources(struct domain *d)
 {
     if ( !cur_mediator )