lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1594696012.26207.11.camel@mtkswgap22>
Date:   Tue, 14 Jul 2020 11:06:52 +0800
From:   Neal Liu <neal.liu@...iatek.com>
To:     Chun-Kuang Hu <chunkuang.hu@...nel.org>
CC:     Neal Liu <neal.liu@...iatek.com>, Rob Herring <robh+dt@...nel.org>,
        Matthias Brugger <matthias.bgg@...il.com>,
        <devicetree@...r.kernel.org>,
        wsd_upstream <wsd_upstream@...iatek.com>,
        lkml <linux-kernel@...r.kernel.org>,
        "moderated list:ARM/Mediatek SoC support" 
        <linux-mediatek@...ts.infradead.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH v2 2/2] soc: mediatek: add mtk-devapc driver

Hi Chun-Kuang,

On Mon, 2020-07-13 at 22:20 +0800, Chun-Kuang Hu wrote:
> Hi, Neal:
> 
> Neal Liu <neal.liu@...iatek.com> 於 2020年7月13日 週一 下午4:27寫道:
> >
> > Hi Chun-Kuang,
> >
> > Thanks for your review.
> >
> > On Fri, 2020-07-10 at 22:21 +0800, Chun-Kuang Hu wrote:
> > > Hi, Neal:
> > >
> > > Neal Liu <neal.liu@...iatek.com> 於 2020年7月10日 週五 上午11:23寫道:
> > > >
> > > > Hi Chun-Kuang,
> > > >
> > > > Thanks for your review.
> > > >
> > > > On Thu, 2020-07-09 at 21:01 +0800, Chun-Kuang Hu wrote:
> > > > > Hi, Neal:
> > > > >
> > > > > Neal Liu <neal.liu@...iatek.com> 於 2020年7月9日 週四 下午5:13寫道:
> > > > > >
> > > > > > MediaTek bus fabric provides TrustZone security support and data
> > > > > > protection to prevent slaves from being accessed by unexpected
> > > > > > masters.
> > > > > > The security violation is logged and sent to the processor for
> > > > > > further analysis or countermeasures.
> > > > > >
> > > > > > Any occurrence of security violation would raise an interrupt, and
> > > > > > it will be handled by mtk-devapc driver. The violation
> > > > > > information is printed in order to find the murderer.
> > > > > >
> > > > > > Signed-off-by: Neal Liu <neal.liu@...iatek.com>
> > > > >
> > > > > [snip]
> > > > >
> > > > > > +
> > > > > > +static u32 get_shift_group(struct mtk_devapc_context *devapc_ctx,
> > > > > > +                          int slave_type, int vio_idx)
> > > > >
> > > > > vio_idx  is useless, so remove it.
> > > > >
> > > >
> > > > yes, my mistake. I'll remove it on next patch.
> > > >
> > > > > > +{
> > > > > > +       u32 vio_shift_sta;
> > > > > > +       void __iomem *reg;
> > > > > > +       int bit;
> > > > > > +
> > > > > > +       reg = mtk_devapc_pd_get(devapc_ctx, slave_type, VIO_SHIFT_STA, 0);
> > > > > > +       vio_shift_sta = readl(reg);
> > > > > > +
> > > > > > +       for (bit = 0; bit < 32; bit++) {
> > > > > > +               if ((vio_shift_sta >> bit) & 0x1)
> > > > > > +                       break;
> > > > > > +       }
> > > > > > +
> > > > > > +       return bit;
> > > > > > +}
> > > > > > +
> > > > >
> > > > > [snip]
> > > > >
> > > > > > +
> > > > > > +/*
> > > > > > + * devapc_violation_irq - the devapc Interrupt Service Routine (ISR) will dump
> > > > > > + *                       violation information including which master violates
> > > > > > + *                       access slave.
> > > > > > + */
> > > > > > +static irqreturn_t devapc_violation_irq(int irq_number,
> > > > > > +                                       struct mtk_devapc_context *devapc_ctx)
> > > > > > +{
> > > > > > +       const struct mtk_device_info **device_info;
> > > > > > +       int slave_type_num;
> > > > > > +       int vio_idx = -1;
> > > > > > +       int slave_type;
> > > > > > +
> > > > > > +       slave_type_num = devapc_ctx->slave_type_num;
> > > > > > +       device_info = devapc_ctx->device_info;
> > > > > > +
> > > > > > +       for (slave_type = 0; slave_type < slave_type_num; slave_type++) {
> > > > >
> > > > > If slave_type_num is 1, I think the code should be simpler.
> > > >
> > > > slave_type_num is depends on DT data, it's not always 1.
> > >
> > > Please change commit title to "add mt6779 mtk-devapc driver". This
> > > patch is just for mt6779. If slave_type_num = 1 in mt6779, there is
> > > only one slave and we don't need a slave_type variable. Add
> > > slave_type_num in the patch of adding one SoC which has multiple
> > > slaves.
> >
> > If slave_type_num value is passed from DT data, could we still assume
> > its value? Does it make sense to have this strong assumption?
> 
> Maintainer has asked you to move this data from device tree to driver
> [1], I doubt you could get this data from device tree. Even though
> device tree has this property, this driver support only mt6779 now, so
> it's not necessary to have slave_type_num because slave type is only
> 1. I think we should not consider support multiple SoC in this patch.
> 
> [1] https://urldefense.com/v3/__https://patchwork.kernel.org/patch/11653911/__;!!CTRNKA9wMg0ARbw!2H8CQE__ALAhGUhNaL7yB1LXLskBkymEfb2FST0jrbJgmOMKa8-AeJXMAyUkHjAl$ 
> 

Okay, I'll follow maintainer's suggestion.

> >
> > I'm going to remove mtk_device_info struct array, and pass all SoC
> > specific data from DT.
> > Is it okay to keep slave_type_num as a variance?
> >
> > >
> > > >
> > > > >
> > > > > > +               if (!mtk_devapc_dump_vio_dbg(devapc_ctx, slave_type, &vio_idx))
> > > > > > +                       continue;
> > > > > > +
> > > > > > +               /* Ensure that violation info are written before
> > > > > > +                * further operations
> > > > > > +                */
> > > > > > +               smp_mb();
> > > > > > +
> > > > > > +               mask_module_irq(devapc_ctx, slave_type, vio_idx, true);
> > > > >
> > > > > Why do you mask irq?
> > > >
> > > > It has to mask slave's irq before clear violation status.
> > > > It's one of hardware design.
> > >
> > > If don't do this before clear_vio_status, what would happen? The clear
> > > would fail?
> >
> > If we don't mask slave's irq before clear vio status, It might trigger
> > another interrupt before current ISR finished. The nested interrupt will
> > have unexpected behavior and hardware state machine goes wrong.
> 
> This hardware is so special. For general hardware, only clear status
> would let hardware stop interrupt. Please add a comment about this
> special hardware behavior.

I'll double confirm and add comment if it's necessary.

> 
> >
> > >
> > > >
> > > > >
> > > > > > +
> > > > > > +               clear_vio_status(devapc_ctx, slave_type, vio_idx);
> > > > > > +
> > > > > > +               mask_module_irq(devapc_ctx, slave_type, vio_idx, false);
> > > > > > +       }
> > > > > > +
> > > > > > +       return IRQ_HANDLED;
> > > > > > +}
> > > > > > +
> > > > > > +/*
> > > > > > + * start_devapc - initialize devapc status and start receiving interrupt
> > > > > > + *               while devapc violation is triggered.
> > > > > > + */
> > > > >
> > > > > [snip]
> > > > >
> > > > > > +
> > > > > > +struct mtk_device_info {
> > > > > > +       int sys_index;
> > > > >
> > > > > Useless, so remove it.
> > > >
> > > > We need to print it as our debug information.
> > > > But I did not apply it on this patch, I'll add it on next patch.
> > >
> > > I think vio address is enough to find out the murder, so remove it in
> > > this patch. If it provide another information, add it in another patch
> > > and describe clear about what is this and how to use this information.
> > >
> >
> > Okay, it make sense. I'll remove it in next patches.
> >
> > > >
> > > > >
> > > > > > +       int ctrl_index;
> > > > >
> > > > > Ditto.
> > > > >
> > > > > Regards,
> > > > > Chun-Kuang.
> > > > >
> > > > > > +       int vio_index;
> > > > > > +};
> > > > > > +
> > > >
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ