On 12/06/2017 05:40 PM, Volodymyr Babchuk wrote:
Hi all,
Hi Volodymyr,
I am not an OP-TEE expert, thought I have one comment below on how Xen works.
If guest suddenly dies, we can't cleanup resources (consider mutex that will be never unlocked). Instead we can just drop whole guest context and forged about it. But we will need special cleanup code for kernel state, though. This is a reason to keep kernel data footprint as small as possible.
I don't think the mutex example is correct. When there are a sudden guest crash (e.g when the guest badly behave), Xen will notify all the guest vCPUs by raising a softirq. This will raise a SGI target the pCPU where the vCPU is running.
So the vCPU will finish what he is doing (such as handling an hypercall or SMC) and will get unscheduled before returning to EL1/EL0.
Do you expect the mutex to stay locked accross SMC call?
Cheers,