| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Mar 2021 08:32:38 -0500
From: Rob Herring <robh@...nel.org>
To: Sudeep Holla <sudeep.holla@....com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
devicetree@...r.kernel.org,
Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>,
Hector Yuan <hector.yuan@...iatek.com>,
Viresh Kumar <viresh.kumar@...aro.org>,
Bjorn Andersson <bjorn.andersson@...aro.org>
Subject: Re: [PATCH v2] dt-bindings: dvfs: Add support for generic performance domains
On Wed, Nov 18, 2020 at 3:20 PM Rob Herring <robh@...nel.org> wrote:
>
> On Mon, Nov 16, 2020 at 06:13:56PM +0000, Sudeep Holla wrote:
> > The CLKSCREW attack [0] exposed security vulnerabilities in energy management
> > implementations where untrusted software had direct access to clock and
> > voltage hardware controls. In this attack, the malicious software was able to
> > place the platform into unsafe overclocked or undervolted configurations. Such
> > configurations then enabled the injection of predictable faults to reveal
> > secrets.
> >
> > Many Arm-based systems used to or still use voltage regulator and clock
> > frameworks in the kernel. These frameworks allow callers to independently
> > manipulate frequency and voltage settings. Such implementations can render
> > systems susceptible to this form of attack.
> >
> > Attacks such as CLKSCREW are now being mitigated by not having direct and
> > independent control of clock and voltage in the kernel and moving that
> > control to a trusted entity, such as the SCP firmware or secure world
> > firmware/software which are to perform sanity checking on the requested
> > performance levels, thereby preventing any attempted malicious programming.
> >
> > With the advent of such an abstraction, there is a need to replace the
> > generic clock and regulator bindings used by such devices with a generic
> > performance domains bindings.
> >
> > [0] https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang
> >
> > Cc: Rob Herring <robh+dt@...nel.org>
> > Signed-off-by: Sudeep Holla <sudeep.holla@....com>
> > ---
> > .../bindings/dvfs/performance-domain.yaml | 76 +++++++++++++++++++
> > 1 file changed, 76 insertions(+)
> > create mode 100644 Documentation/devicetree/bindings/dvfs/performance-domain.yaml
> >
> > v1[1]->v2:
> > - Changed to Dual License
> > - Added select: true, enum for #performance-domain-cells and
> > $ref for performance-domain
> > - Changed the example to use real existing compatibles instead
> > of made-up ones
> >
> > [1] https://lore.kernel.org/lkml/20201105173539.1426301-1-sudeep.holla@arm.com
> >
> > diff --git a/Documentation/devicetree/bindings/dvfs/performance-domain.yaml b/Documentation/devicetree/bindings/dvfs/performance-domain.yaml
> > new file mode 100644
> > index 000000000000..29fb589a5192
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/dvfs/performance-domain.yaml
> > @@ -0,0 +1,76 @@
> > +# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
> > +%YAML 1.2
> > +---
> > +$id: http://devicetree.org/schemas/dvfs/performance-domain.yaml#
> > +$schema: http://devicetree.org/meta-schemas/core.yaml#
> > +
> > +title: Generic performance domains
> > +
> > +maintainers:
> > + - Sudeep Holla <sudeep.holla@....com>
> > +
> > +description: |+
> > + This binding is intended for performance management of groups of devices or
> > + CPUs that run in the same performance domain. Performance domains must not
> > + be confused with power domains. A performance domain is defined by a set
> > + of devices that always have to run at the same performance level. For a given
> > + performance domain, there is a single point of control that affects all the
> > + devices in the domain, making it impossible to set the performance level of
> > + an individual device in the domain independently from other devices in
> > + that domain. For example, a set of CPUs that share a voltage domain, and
> > + have a common frequency control, is said to be in the same performance
> > + domain.
> > +
> > + This device tree binding can be used to bind performance domain consumer
> > + devices with their performance domains provided by performance domain
> > + providers. A performance domain provider can be represented by any node in
> > + the device tree and can provide one or more performance domains. A consumer
> > + node can refer to the provider by a phandle and a set of phandle arguments
> > + (so called performance domain specifiers) of length specified by the
> > + \#performance-domain-cells property in the performance domain provider node.
> > +
> > +select: true
>
> So apply to every node and...
>
> > +
> > +properties:
> > + "#performance-domain-cells":
> > + description:
> > + Number of cells in a performance domain specifier. Typically 0 for nodes
> > + representing a single performance domain and 1 for nodes providing
> > + multiple performance domains (e.g. performance controllers), but can be
> > + any value as specified by device tree binding documentation of particular
> > + provider.
> > + enum: [ 0, 1 ]
> > +
> > + performance-domains:
> > + $ref: '/schemas/types.yaml#/definitions/phandle-array'
> > + description:
> > + A phandle and performance domain specifier as defined by bindings of the
> > + performance controller/provider specified by phandle.
> > +
> > +required:
> > + - "#performance-domain-cells"
>
> Every node must have this!
>
> It can only be required in actual users.
If I wasn't clear, you need to drop 'required' as 'select: true' means
apply the schema to every node.
Rob
Powered by blists - more mailing lists