libmbedtls: use mempool_calloc() for temporary memory #7177
Conversation
jenswi-linaro
force-pushed
the
mbedtls-fix
branch
from
99829d2 to
4686268
Compare
|
This should fix the recent random errors with |
|
Good catch!
Would you mind also pushing a temporary commit to enable fTPM in the CI? I mean similar to this one: 718c357 but with I am also running my release tests. I will post a Tested-by once they're good. Thanks! |
|
It looks like fTPM uses a lot of heap: I'm trying to figure out where the memory went. |
|
fTPM has quite many objects kept opened. See microsoft/ms-tpm-20-ref@1b288eb. IHIH. |
|
It looks like fTPM has a few objects open in secure storage. There are many small allocations that may have caused fragmentation of the heap. |
|
Thanks, Etienne, there are those 20kB I also noted. |
|
@etienne-lms, can you create a PR against https://github.com/OP-TEE/optee_ftpm with those patches? |
|
Ok, i'll do. |
|
Replacing another malloc() with mempool_alloc(). |
|
For "core: pta: secstore: use mempool_alloc()":
|
There was a problem hiding this comment.
Reviewed-by: Etienne Carriere <[email protected]> for commits
"libmbedtls: use mempool_calloc() for temporary memory" (s/need/needs/ in commit message)
and "core: pta: secstore: use mempool_alloc()".
core/arch/arm/plat-vexpress/conf.mk
Outdated
| @@ -54,6 +54,7 @@ endif | |||
|
|
|||
| CFG_WITH_STATS ?= y | |||
| CFG_ENABLE_EMBEDDED_TESTS ?= y | |||
| CFG_CORE_BGET_BESTFIT ?= y | |||
There was a problem hiding this comment.
Enable BestFit or increase the heap size?
There was a problem hiding this comment.
I'll try to increase the heap also.
|
That commit introduced a possible deadlock discovered with I'm waiting for the CI checks to pass. Assuming they do what should be the next step? |
|
I agree 1kB in the heap is affordable. It would multiply by 8 the TEE/REE world switches when installing a TA but I think it's ok since installing a TA is not performance critical. |
|
The "CI / make check (QEMUv8) 1 / 2 (pull_request)" error is with |
Sounds reasonable. |
There was a problem hiding this comment.
For "ci: QEMUv8: disable fTPM with ftrace":
Reviewed-by: Jerome Forissier <[email protected]>
There was a problem hiding this comment.
For "core: pta: secstore: decrease TA buffer":
Acked-by: Jerome Forissier <[email protected]>
mbedtls_mpi_exp_mod_optionally_safe() needs a large chunk of temporary memory for the mbedtls_mpi_core_exp_mod() function. The amount of memory is too much to reliably allocate from the heap. So use mempool_calloc() instead of mbedtls_calloc(), similar to using mbedtls_mpi_init_mempool() instead of mbedtls_mpi_init(). Signed-off-by: Jens Wiklander <[email protected]> Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
jenswi-linaro
force-pushed
the
mbedtls-fix
branch
from
49572a7 to
ec7292c
Compare
|
Tags applied and fingers crossed. :-) |
|
The core heap usage is increased by around 20kB with fTPM enabled so it makes sense if this has to be compensated. |
|
For "plat-vexpress: increase QEMU heap size":
Perhaps mention this in the commit message? |
There was a problem hiding this comment.
Reviewed-by: Etienne Carriere <[email protected]> for commit
"core: pta: secstore: decrease TA buffer".
Acked-by: Etienne Carriere <[email protected]> for commit
"ci: QEMUv8: disable fTPM with ftrace".
Regarding "plat-vexpress: increase QEMU heap size": better explicit why it's increased as @jforissier suggests in case you want to step back becasue ftpm P-R#4 (or like) gets merged and this extra heap will no longer be needed.
|
I could not reproduce the CI failure locally (timeout in regression_1006 when pager is enabled). I restarted the job. We might have some race condition or yet another memory shortage perhaps? |
|
regression_1006 might be executed while fTPM is still performing self-tests, which will put some pressure on the pager. Can we increase the timeout value when the pager is enabled? |
install_ta() uses a buffer allocated from the heap while hashing a TA while installing it. The buffer size is 8kB which is a bit large to reliably allocate from the heap, so decrease it to 1kB. Signed-off-by: Jens Wiklander <[email protected]> Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Disable fTPM because it takes too long to probe with ftrace enabled in OP-TEE. Signed-off-by: Jens Wiklander <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Acked-by: Etienne Carriere <[email protected]>
The core heap usage is increased by around 20kB with fTPM enabled so it makes sense if this has to be compensated. Increase heap size for the QEMU variants: - QEMU v7 from 64kB to 96kB - QEMU v8 from 128kB to 192kB Signed-off-by: Jens Wiklander <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
jenswi-linaro
force-pushed
the
mbedtls-fix
branch
from
5239638 to
72b307d
Compare
|
Comments addressed and tags applied. I've dropped "[DO NOT MERGE] ci: QEMUv8: set MEASURED_BOOT_FTPM=y". |
|
This is OK for merging. @jenswi-linaro could you please enable fTPM again in build.git? Thanks! |
By default, enable MEASURED_BOOT_FTPM. The previous issues when MEASURED_BOOT_FTPM was enabled has been resolved in [1]. Link: [1] OP-TEE/optee_os#7177 Signed-off-by: Jens Wiklander <[email protected]> Acked-by: Jerome Forissier <[email protected]>
|
Sure, OP-TEE/build#797 |
By default, enable MEASURED_BOOT_FTPM. The previous issues when MEASURED_BOOT_FTPM was enabled has been resolved in [1]. Link: [1] OP-TEE/optee_os#7177 Signed-off-by: Jens Wiklander <[email protected]> Acked-by: Jerome Forissier <[email protected]>
mbedtls_mpi_exp_mod_optionally_safe() need a large chunk of temporary memory for the mbedtls_mpi_core_exp_mod() function. The amount of memory is too much to to reliably allocate from the heap. So use mempool_calloc() instead of mbedtls_calloc(), similar to using mbedtls_mpi_init_mempool() instead of mbedtls_mpi_init().