lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 18 May 2022 11:54:21 -0500
From:   Rob Herring <robh@...nel.org>
To:     Peter Maydell <peter.maydell@...aro.org>
Cc:     Andre Przywara <andre.przywara@....com>,
        Frank Rowand <frowand.list@...il.com>,
        devicetree@...r.kernel.org,
        linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Ross Burton <ross.burton@....com>,
        Ard Biesheuvel <ardb@...nel.org>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        Russell King <linux@...linux.org.uk>
Subject: Re: [PATCH] of/fdt: Ignore disabled memory nodes

On Tue, May 17, 2022 at 08:19:47PM +0100, Peter Maydell wrote:
> On Tue, 17 May 2022 at 18:48, Rob Herring <robh@...nel.org> wrote:
> >
> > On Tue, May 17, 2022 at 11:54 AM Peter Maydell <peter.maydell@...aro.org> wrote:
> > >
> > > On Tue, 17 May 2022 at 16:34, Rob Herring <robh@...nel.org> wrote:
> > > >
> > > > On Tue, May 17, 2022 at 11:14:10AM +0100, Andre Przywara wrote:
> > > > > When we boot a machine using a devicetree, the generic DT code goes
> > > > > through all nodes with a 'device_type = "memory"' property, and collects
> > > > > all memory banks mentioned there. However it does not check for the
> > > > > status property, so any nodes which are explicitly "disabled" will still
> > > > > be added as a memblock.
> > > > > This ends up badly for QEMU, when booting with secure firmware on
> > > > > arm/arm64 machines, because QEMU adds a node describing secure-only
> > > > > memory:
> > > > > ===================
> > > > >       secram@...0000 {
> > > >
> > > > BTW, 'memory' is the correct node name.
> > >
> > > We already have a 'memory' node, which is for the NS
> > > memory. This one's for the secure-only RAM block,
> > > which is why I gave it a name that hopefully helps in
> > > spotting that when a human is reading the DT.
> >
> > You can do: secram: memory@...0000 {
> >
> > Where 'secram' is only a source level label until overlays come into
> > the picture.
> 
> We generate the DTB with libfdt, so source-only information
> isn't something we can put in, I think. (The quoted DT fragment
> in this patch's commit message is the result of decompiling
> the runtime generated DT binary blob with dtc.)

Given the runtime aspect with overlays, it's conceivable that libfdt 
could support setting labels some day and then dts output maintaining 
them.

We could also consider a standard node name such as 'secure-memory'. 
It's a whole can of worms though on how secure vs. non-secure memory 
(and other things) are represented.

> > > I'm not really sure to what extent node names in device trees are
> > > "this is just an identifying textual label" and to what extent
> > > they are "this is really ABI and you need to follow the standard",
> > > though -- nothing in practice seems to care what they are,
> > > suggesting the "textual label" theory, but some bits of tooling
> > > complain if you do things like forget the address value or use the
> > > same address for two different nodes, suggesting the "really ABI"
> > > theory.
> >
> > Node names are supposed to follow the class of device and there's a
> > list of established names in the spec.
> >
> > Sometimes it's ABI and sometimes not. Much of it is just good hygiene.
> > memory nodes are also special because 'device_type' is used to
> > identify them, but device_type is generally deprecated for FDT as its
> > meaning in OpenFirmware doesn't apply (it defines what callable
> > methods exist). We could use the nodename (without unit address)
> > instead, but that would fail in some cases as other names have been
> > used.
> 
> This seems kind of odd to me as a design, compared to

Design? I wish. Evolution.

> "have the node have a property that says what it is
> and let the name of the node just be, well, its name"
> (especially since 'device_type' and 'compatible' look an
> awful lot like "this is the property that tells you what this
> node actually is".)
> Are we just stuck with what we have for historical reasons ?

Yes. If we were designing this, we'd probably have 'compatible = 
"memory"'. We're likely just stuck with things how they are. Mostly node 
names haven't been an ABI and we're just trying to be consistent in 
naming and use of unit-addresses.

Rob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ