ARM TrustZone Shared Memory Crossworld

[Stefan Brenner]

Hi,

currently we're working with the TrustZone VMM example from Genode based
on Genode 15.05 on i.MX53 QSB.

We have a shared buffer in normal world, which we want to use for
cross-world communication.

Currently the buffer is allocated using mmap MAP_SHARED | MAP_ANON.

We're having strange issues/problems/inconsistencies when accessing the
memory range in Genode (secure world) after normal world has written to it.

We read that uncached memory should be used for this, or the cache lines
have to be flushed/invalidated. However, apparently we can't get either
of these options working.

So our questions as follows:

1) We use mmap(NULL, <size>, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANON,
-1, 0) to allocate the buffer in normal world (Linux). Is there a better
way to allocate uncached memory?

2) We've tried __cpuc_flush_user_all(), __cpuc_flush_kern_all() in order
to invalidate all cache lines (later maybe only the affected cache lines
once this works in general). Is this correct, to do this in normal world
(i.e. Linux)?

3) At the moment we assume that Genode doesn't have to invalidate/flush
its cache lines because as it is the VMM it should be aware of the fact
that the cache might be stale.

Any help is appreciated. A short hint: Currently our idea is to send an
hypercall to the Genode VMM after Linux has written to the buffer, so
Genode will pretty quickly access the memory after it has been written
to from Linux.

Best regards, Stefan.

-- 
M.Sc. Stefan Brenner
Institute of Operating Systems and Computer Networks
Distributed Systems Group
TU Braunschweig

www: https://www.ibr.cs.tu-bs.de/users/brenner
mail: brenner at ...290...