lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54EDA1DA.6040508@arm.com>
Date:	Wed, 25 Feb 2015 10:20:10 +0000
From:	"Suzuki K. Poulose" <Suzuki.Poulose@....com>
To:	Nicolas Pitre <nicolas.pitre@...aro.org>
CC:	"linux-arm-kernel@...ts.infradead.org" 
	<linux-arm-kernel@...ts.infradead.org>,
	Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
	Kukjin Kim <kgene@...nel.org>,
	Abhilash Kesavan <a.kesavan@...sung.com>,
	Arnd Bergmann <arnd@...db.de>,
	"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Liviu Dudau <Liviu.Dudau@....com>,
	Lorenzo Pieralisi <Lorenzo.Pieralisi@....com>,
	Olof Johansson <olof@...om.net>,
	Pawel Moll <Pawel.Moll@....com>,
	Punit Agrawal <Punit.Agrawal@....com>,
	Sudeep Holla <Sudeep.Holla@....com>,
	Will Deacon <Will.Deacon@....com>,
	Catalin Marinas <Catalin.Marinas@....com>
Subject: Re: [PATCH 2/4] arm-cci: Get rid of secure transactions for PMU driver

On 24/02/15 21:53, Nicolas Pitre wrote:
> On Tue, 24 Feb 2015, Suzuki K. Poulose wrote:
>
>> From: "Suzuki K. Poulose" <suzuki.poulose@....com>
>>
>> Avoid secure transactions while probing the CCI PMU. The
>> existing code makes use of the Peripheral ID2 (PID2) register
>> to determine the revision of the CCI400, which requires a
>> secure transaction. This puts a limitation on the usage of the
>> driver on systems running non-secure Linux(e.g, ARM64).
>>
>> Updated the device-tree binding for cci pmu node to add the explicit
>> revision number for the compatible field.
>>
>> The supported strings are :
>>        arm,cci-400-pmu,r0
>>        arm,cci-400-pmu,r1
>>        arm,cci-400-pmu - DEPRECATED. See NOTE below
>>
>> NOTE: If the revision is not mentioned, we need to probe the cci revision,
>> which could be fatal on a platform running non-secure. We need a reliable way
>> to know if we can poke the CCI registers at runtime on ARM32. We depend on
>> 'mcpm_is_available()' when it is available. mcpm_is_available() returns true
>> only when there is a registered driver for mcpm. Otherwise, we assume that we
>> don't have secure access, and skips probing the revision number(ARM64 case).
>>
>> The MCPM should figure out if it is safe to access the CCI. Unfortunately
>> there isn't a reliable way to indicate the same via dtb. This patch doesn't
>> address/change the current situation. It only deals with the CCI-PMU, leaving
>> the assumptions about the secure access as it has been, prior to this patch.
>
> This is an extensive commit log about secure access issues which is nice
> and appreciated.  However the patch does quite some more code reorg not
> mentioned here.  Could you please move this code reorg to a separate
> patch and then have a patch on top introducing these probing changes?
> This should make the implication of what is said above clearer.

Sure, I will do that in the next revision. What I missed in the commit
follows (which will be added in the next version):

"This patch abstracts the representation of the CCI400 chipset
  PMU specific definitions, so that we can avoid probing the
  revision for any details. The new device-tree bindings helps to
  get the revision, without poking the CCI, and initialises the pmu with
  specific model details."

Thanks
Suzuki

>
>> Cc: devicetree@...r.kernel.org
>> Cc: Punit Agrawal <punit.agrawal@....com>
>> Signed-off-by: Suzuki K. Poulose <suzuki.poulose@....com>
>> ---
>>   Documentation/devicetree/bindings/arm/cci.txt |    7 +-
>>   arch/arm/include/asm/arm-cci.h                |   42 ++++++++
>>   arch/arm64/include/asm/arm-cci.h              |   27 +++++
>>   drivers/bus/arm-cci.c                         |  138 ++++++++++++++++---------
>>   include/linux/arm-cci.h                       |    2 +
>>   5 files changed, 166 insertions(+), 50 deletions(-)
>>   create mode 100644 arch/arm/include/asm/arm-cci.h
>>   create mode 100644 arch/arm64/include/asm/arm-cci.h
>>
>> diff --git a/Documentation/devicetree/bindings/arm/cci.txt b/Documentation/devicetree/bindings/arm/cci.txt
>> index f28d82b..0e4b6a7 100644
>> --- a/Documentation/devicetree/bindings/arm/cci.txt
>> +++ b/Documentation/devicetree/bindings/arm/cci.txt
>> @@ -94,8 +94,11 @@ specific to ARM.
>>                - compatible
>>                        Usage: required
>>                        Value type: <string>
>> -                     Definition: must be "arm,cci-400-pmu"
>> -
>> +                     Definition: Supported strings are :
>> +                              "arm,cci-400-pmu,r0"
>> +                              "arm,cci-400-pmu,r1"
>> +                              "arm,cci-400-pmu"  - DEPRECATED, permitted only where OS has
>> +                                                   secure acces to CCI registers
>>                - reg:
>>                        Usage: required
>>                        Value type: Integer cells. A register entry, expressed
>> diff --git a/arch/arm/include/asm/arm-cci.h b/arch/arm/include/asm/arm-cci.h
>> new file mode 100644
>> index 0000000..b828d7a
>> --- /dev/null
>> +++ b/arch/arm/include/asm/arm-cci.h
>> @@ -0,0 +1,42 @@
>> +/*
>> + * arch/arm/include/asm/arm-cci.h
>> + *
>> + * Copyright (C) 2015 ARM Ltd.
>> + *
>> + * This program is free software; you can redistribute it and/or modify
>> + * it under the terms of the GNU General Public License version 2 as
>> + * published by the Free Software Foundation.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> + * GNU General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU General Public License
>> + * along with this program.  If not, see <http://www.gnu.org/licenses/>.
>> + */
>> +
>> +#ifndef __ASM_ARM_CCI_H
>> +#define __ASM_ARM_CCI_H
>> +
>> +#ifdef CONFIG_MCPM
>> +#include <asm/mcpm.h>
>> +
>> +/*
>> + * We don't have a reliable way of detecting, whether
>> + * we have access to secure-only registers, unless
>> + * mcpm is registered.
>> + */
>> +static inline int platform_has_secure_cci_access(void)
>> +{
>> +     return mcpm_is_available();
>> +}
>> +
>> +#else
>> +static inline int platform_has_secure_cci_access(void)
>> +{
>> +     return 0;
>> +}
>> +#endif
>> +
>> +#endif
>> diff --git a/arch/arm64/include/asm/arm-cci.h b/arch/arm64/include/asm/arm-cci.h
>> new file mode 100644
>> index 0000000..37bbe37
>> --- /dev/null
>> +++ b/arch/arm64/include/asm/arm-cci.h
>> @@ -0,0 +1,27 @@
>> +/*
>> + * arch/arm64/include/asm/arm-cci.h
>> + *
>> + * Copyright (C) 2015 ARM Ltd.
>> + *
>> + * This program is free software; you can redistribute it and/or modify
>> + * it under the terms of the GNU General Public License version 2 as
>> + * published by the Free Software Foundation.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> + * GNU General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU General Public License
>> + * along with this program.  If not, see <http://www.gnu.org/licenses/>.
>> + */
>> +
>> +#ifndef __ASM_ARM_CCI_H
>> +#define __ASM_ARM_CCI_H
>> +
>> +static inline int platform_has_secure_cci_access(void)
>> +{
>> +     return 0;
>> +}
>> +
>> +#endif
>> diff --git a/drivers/bus/arm-cci.c b/drivers/bus/arm-cci.c
>> index f27cf56..fe9fa46 100644
>> --- a/drivers/bus/arm-cci.c
>> +++ b/drivers/bus/arm-cci.c
>> @@ -79,19 +79,38 @@ static const struct of_device_id arm_cci_matches[] = {
>>
>>   #define CCI_PMU_MAX_HW_EVENTS 5   /* CCI PMU has 4 counters + 1 cycle counter */
>>
>> +/* Types of interfaces that can generate events */
>> +enum {
>> +     CCI_IF_SLAVE,
>> +     CCI_IF_MASTER,
>> +     CCI_IF_MAX,
>> +};
>> +
>> +struct event_range {
>> +     u32 min;
>> +     u32 max;
>> +};
>> +
>>   struct cci_pmu_hw_events {
>>        struct perf_event *events[CCI_PMU_MAX_HW_EVENTS];
>>        unsigned long used_mask[BITS_TO_LONGS(CCI_PMU_MAX_HW_EVENTS)];
>>        raw_spinlock_t pmu_lock;
>>   };
>>
>> +struct cci_pmu_model {
>> +     char *name;
>> +     struct event_range event_ranges[CCI_IF_MAX];
>> +};
>> +
>> +static struct cci_pmu_model cci_pmu_models[];
>> +
>>   struct cci_pmu {
>>        void __iomem *base;
>>        struct pmu pmu;
>>        int nr_irqs;
>>        int irqs[CCI_PMU_MAX_HW_EVENTS];
>>        unsigned long active_irqs;
>> -     struct pmu_port_event_ranges *port_ranges;
>> +     const struct cci_pmu_model *model;
>>        struct cci_pmu_hw_events hw_events;
>>        struct platform_device *plat_device;
>>        int num_events;
>> @@ -152,47 +171,16 @@ enum cci400_perf_events {
>>   #define CCI_REV_R1_MASTER_PORT_MIN_EV        0x00
>>   #define CCI_REV_R1_MASTER_PORT_MAX_EV        0x11
>>
>> -struct pmu_port_event_ranges {
>> -     u8 slave_min;
>> -     u8 slave_max;
>> -     u8 master_min;
>> -     u8 master_max;
>> -};
>> -
>> -static struct pmu_port_event_ranges port_event_range[] = {
>> -     [CCI_REV_R0] = {
>> -             .slave_min = CCI_REV_R0_SLAVE_PORT_MIN_EV,
>> -             .slave_max = CCI_REV_R0_SLAVE_PORT_MAX_EV,
>> -             .master_min = CCI_REV_R0_MASTER_PORT_MIN_EV,
>> -             .master_max = CCI_REV_R0_MASTER_PORT_MAX_EV,
>> -     },
>> -     [CCI_REV_R1] = {
>> -             .slave_min = CCI_REV_R1_SLAVE_PORT_MIN_EV,
>> -             .slave_max = CCI_REV_R1_SLAVE_PORT_MAX_EV,
>> -             .master_min = CCI_REV_R1_MASTER_PORT_MIN_EV,
>> -             .master_max = CCI_REV_R1_MASTER_PORT_MAX_EV,
>> -     },
>> -};
>> -
>> -/*
>> - * Export different PMU names for the different revisions so userspace knows
>> - * because the event ids are different
>> - */
>> -static char *const pmu_names[] = {
>> -     [CCI_REV_R0] = "CCI_400",
>> -     [CCI_REV_R1] = "CCI_400_r1",
>> -};
>> -
>>   static int pmu_is_valid_slave_event(u8 ev_code)
>>   {
>> -     return pmu->port_ranges->slave_min <= ev_code &&
>> -             ev_code <= pmu->port_ranges->slave_max;
>> +     return pmu->model->event_ranges[CCI_IF_SLAVE].min <= ev_code &&
>> +             ev_code <= pmu->model->event_ranges[CCI_IF_SLAVE].max;
>>   }
>>
>>   static int pmu_is_valid_master_event(u8 ev_code)
>>   {
>> -     return pmu->port_ranges->master_min <= ev_code &&
>> -             ev_code <= pmu->port_ranges->master_max;
>> +     return pmu->model->event_ranges[CCI_IF_MASTER].min <= ev_code &&
>> +             ev_code <= pmu->model->event_ranges[CCI_IF_MASTER].max;
>>   }
>>
>>   static int pmu_validate_hw_event(u8 hw_event)
>> @@ -234,11 +222,11 @@ static int probe_cci_revision(void)
>>                return CCI_REV_R1;
>>   }
>>
>> -static struct pmu_port_event_ranges *port_range_by_rev(void)
>> +static const struct cci_pmu_model *probe_cci_model(struct platform_device *pdev)
>>   {
>> -     int rev = probe_cci_revision();
>> -
>> -     return &port_event_range[rev];
>> +     if (platform_has_secure_cci_access())
>> +             return &cci_pmu_models[probe_cci_revision()];
>> +     return NULL;
>>   }
>>
>>   static int pmu_is_valid_counter(struct cci_pmu *cci_pmu, int idx)
>> @@ -807,9 +795,9 @@ static const struct attribute_group *pmu_attr_groups[] = {
>>
>>   static int cci_pmu_init(struct cci_pmu *cci_pmu, struct platform_device *pdev)
>>   {
>> -     char *name = pmu_names[probe_cci_revision()];
>> +     char *name = cci_pmu->model->name;
>>        cci_pmu->pmu = (struct pmu) {
>> -             .name           = pmu_names[probe_cci_revision()],
>> +             .name           = cci_pmu->model->name,
>>                .task_ctx_nr    = perf_invalid_context,
>>                .pmu_enable     = cci_pmu_enable,
>>                .pmu_disable    = cci_pmu_disable,
>> @@ -862,13 +850,65 @@ static struct notifier_block cci_pmu_cpu_nb = {
>>        .priority       = CPU_PRI_PERF + 1,
>>   };
>>
>> +static struct cci_pmu_model cci_pmu_models[] = {
>> +     [CCI_REV_R0] = {
>> +             .name = "CCI_400",
>> +             .event_ranges = {
>> +                     [CCI_IF_SLAVE] = {
>> +                             CCI_REV_R0_SLAVE_PORT_MIN_EV,
>> +                             CCI_REV_R0_SLAVE_PORT_MAX_EV,
>> +                     },
>> +                     [CCI_IF_MASTER] = {
>> +                             CCI_REV_R0_MASTER_PORT_MIN_EV,
>> +                             CCI_REV_R0_MASTER_PORT_MAX_EV,
>> +                     },
>> +             },
>> +     },
>> +     [CCI_REV_R1] = {
>> +             .name = "CCI_400_r1",
>> +             .event_ranges = {
>> +                     [CCI_IF_SLAVE] = {
>> +                             CCI_REV_R1_SLAVE_PORT_MIN_EV,
>> +                             CCI_REV_R1_SLAVE_PORT_MAX_EV,
>> +                     },
>> +                     [CCI_IF_MASTER] = {
>> +                             CCI_REV_R1_MASTER_PORT_MIN_EV,
>> +                             CCI_REV_R1_MASTER_PORT_MAX_EV,
>> +                     },
>> +             },
>> +     },
>> +};
>> +
>>   static const struct of_device_id arm_cci_pmu_matches[] = {
>>        {
>>                .compatible = "arm,cci-400-pmu",
>> +             .data   = NULL,
>> +     },
>> +     {
>> +             .compatible = "arm,cci-400-pmu,r0",
>> +             .data   = &cci_pmu_models[CCI_REV_R0],
>> +     },
>> +     {
>> +             .compatible = "arm,cci-400-pmu,r1",
>> +             .data   = &cci_pmu_models[CCI_REV_R1],
>>        },
>>        {},
>>   };
>>
>> +static inline const struct cci_pmu_model *get_cci_model(struct platform_device *pdev)
>> +{
>> +     const struct of_device_id *match = of_match_node(arm_cci_pmu_matches,
>> +                                                     pdev->dev.of_node);
>> +     if (!match)
>> +             return NULL;
>> +     if (match->data)
>> +             return match->data;
>> +
>> +     dev_warn(&pdev->dev, "DEPERCATED compatible property,"
>> +                      "requires secure access to CCI registers");
>> +     return probe_cci_model(pdev);
>> +}
>> +
>>   static bool is_duplicate_irq(int irq, int *irqs, int nr_irqs)
>>   {
>>        int i;
>> @@ -884,11 +924,19 @@ static int cci_pmu_probe(struct platform_device *pdev)
>>   {
>>        struct resource *res;
>>        int i, ret, irq;
>> +     const struct cci_pmu_model *model;
>> +
>> +     model = get_cci_model(pdev);
>> +     if (!model) {
>> +             dev_warn(&pdev->dev, "CCI PMU version not supported\n");
>> +             return -EINVAL;
>> +     }
>>
>>        pmu = devm_kzalloc(&pdev->dev, sizeof(*pmu), GFP_KERNEL);
>>        if (!pmu)
>>                return -ENOMEM;
>>
>> +     pmu->model = model;
>>        res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
>>        pmu->base = devm_ioremap_resource(&pdev->dev, res);
>>        if (IS_ERR(pmu->base))
>> @@ -920,12 +968,6 @@ static int cci_pmu_probe(struct platform_device *pdev)
>>                return -EINVAL;
>>        }
>>
>> -     pmu->port_ranges = port_range_by_rev();
>> -     if (!pmu->port_ranges) {
>> -             dev_warn(&pdev->dev, "CCI PMU version not supported\n");
>> -             return -EINVAL;
>> -     }
>> -
>>        raw_spin_lock_init(&pmu->hw_events.pmu_lock);
>>        mutex_init(&pmu->reserve_mutex);
>>        atomic_set(&pmu->active_events, 0);
>> diff --git a/include/linux/arm-cci.h b/include/linux/arm-cci.h
>> index 79d6edf..aede5c7 100644
>> --- a/include/linux/arm-cci.h
>> +++ b/include/linux/arm-cci.h
>> @@ -24,6 +24,8 @@
>>   #include <linux/errno.h>
>>   #include <linux/types.h>
>>
>> +#include <asm/arm-cci.h>
>> +
>>   struct device_node;
>>
>>   #ifdef CONFIG_ARM_CCI
>> --
>> 1.7.9.5
>>
>>
>>
>


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ