lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMj1kXED3S+0cq+VT7naBrmWrUwT=HZAaZOBRMv8Ui1Pey1QNQ@mail.gmail.com>
Date:   Sat, 7 Oct 2023 00:59:57 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Simon Glass <sjg@...omium.org>
Cc:     devicetree@...r.kernel.org, Mark Rutland <mark.rutland@....com>,
        Rob Herring <robh@...nel.org>,
        Lean Sheng Tan <sheng.tan@...ements.com>,
        lkml <linux-kernel@...r.kernel.org>,
        Dhaval Sharma <dhaval@...osinc.com>,
        Maximilian Brune <maximilian.brune@...ements.com>,
        Yunhui Cui <cuiyunhui@...edance.com>,
        Guo Dong <guo.dong@...el.com>, Tom Rini <trini@...sulko.com>,
        ron minnich <rminnich@...il.com>, Gua Guo <gua.guo@...el.com>,
        Chiu Chasel <chasel.chiu@...el.com>,
        linux-acpi@...r.kernel.org,
        U-Boot Mailing List <u-boot@...ts.denx.de>
Subject: Re: [PATCH v7 2/2] schemas: Add some common reserved-memory usages

On Fri, 6 Oct 2023 at 20:17, Simon Glass <sjg@...omium.org> wrote:
>
> Hi Ard,
>
> On Fri, 6 Oct 2023 at 11:33, Ard Biesheuvel <ardb@...nel.org> wrote:
> >
> > On Mon, 2 Oct 2023 at 19:54, Simon Glass <sjg@...omium.org> wrote:
> > >
> > > Hi Rob,
> > >
> > > On Tue, 26 Sept 2023 at 13:42, Simon Glass <sjg@...omium.org> wrote:
> > > >
> > > > It is common to split firmware into 'Platform Init', which does the
> > > > initial hardware setup and a "Payload" which selects the OS to be booted.
> > > > Thus an handover interface is required between these two pieces.
> > > >
> > > > Where UEFI boot-time services are not available, but UEFI firmware is
> > > > present on either side of this interface, information about memory usage
> > > > and attributes must be presented to the "Payload" in some form.
> > > >
> > > > This aims to provide an small schema addition for the memory mapping
> > > > needed to keep these two pieces working together well.
> > > >
> > > > Signed-off-by: Simon Glass <sjg@...omium.org>
> > > > ---
> > > >
> > > > Changes in v7:
> > > > - Rename acpi-reclaim to acpi
> > > > - Drop individual mention of when memory can be reclaimed
> > > > - Rewrite the item descriptions
> > > > - Add back the UEFI text (with trepidation)
> > >
> > > I am again checking on this series. Can it be applied, please?
> > >
> >
> > Apologies for the delay in response. I have been away.
>
> OK, I hope you had a nice trip.
>

Thanks, it was wonderful!

> >
> > >
> > > >
> > > > Changes in v6:
> > > > - Drop mention of UEFI
> > > > - Use compatible strings instead of node names
> > > >
> > > > Changes in v5:
> > > > - Drop the memory-map node (should have done that in v4)
> > > > - Tidy up schema a bit
> > > >
> > > > Changes in v4:
> > > > - Make use of the reserved-memory node instead of creating a new one
> > > >
> > > > Changes in v3:
> > > > - Reword commit message again
> > > > - cc a lot more people, from the FFI patch
> > > > - Split out the attributes into the /memory nodes
> > > >
> > > > Changes in v2:
> > > > - Reword commit message
> > > >
> > > >  .../reserved-memory/common-reserved.yaml      | 71 +++++++++++++++++++
> > > >  1 file changed, 71 insertions(+)
> > > >  create mode 100644 dtschema/schemas/reserved-memory/common-reserved.yaml
> > > >
> > > > diff --git a/dtschema/schemas/reserved-memory/common-reserved.yaml b/dtschema/schemas/reserved-memory/common-reserved.yaml
> > > > new file mode 100644
> > > > index 0000000..f7fbdfd
> > > > --- /dev/null
> > > > +++ b/dtschema/schemas/reserved-memory/common-reserved.yaml
> > > > @@ -0,0 +1,71 @@
> > > > +# SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause
> > > > +%YAML 1.2
> > > > +---
> > > > +$id: http://devicetree.org/schemas/reserved-memory/common-reserved.yaml#
> > > > +$schema: http://devicetree.org/meta-schemas/core.yaml#
> > > > +
> > > > +title: Common memory reservations
> > > > +
> > > > +description: |
> > > > +  Specifies that the reserved memory region can be used for the purpose
> > > > +  indicated by its compatible string.
> > > > +
> > > > +  Clients may reuse this reserved memory if they understand what it is for,
> > > > +  subject to the notes below.
> > > > +
> > > > +maintainers:
> > > > +  - Simon Glass <sjg@...omium.org>
> > > > +
> > > > +allOf:
> > > > +  - $ref: reserved-memory.yaml
> > > > +
> > > > +properties:
> > > > +  compatible:
> > > > +    description: |
> > > > +      This describes some common memory reservations, with the compatible
> > > > +      string indicating what it is used for:
> > > > +
> > > > +         acpi: Advanced Configuration and Power Interface (ACPI) tables
> > > > +         acpi-nvs: ACPI Non-Volatile-Sleeping Memory (NVS). This is reserved by
> > > > +           the firmware for its use and is required to be saved and restored
> > > > +           across an NVS sleep
> > > > +         boot-code: Contains code used for booting which is not needed by the OS
> > > > +         boot-code: Contains data used for booting which is not needed by the OS
> > > > +         runtime-code: Contains code used for interacting with the system when
> > > > +           running the OS
> > > > +         runtime-data: Contains data used for interacting with the system when
> > > > +           running the OS
> > > > +
> > > > +    enum:
> > > > +      - acpi
> > > > +      - acpi-nvs
> > > > +      - boot-code
> > > > +      - boot-data
> > > > +      - runtime-code
> > > > +      - runtime-data
> > > > +
> >
> > As I mentioned a few times already, I don't think these compatibles
> > should be introduced here.
> >
> > A reserved region has a specific purpose, and the compatible should be
> > more descriptive than the enum above. If the consumer does not
> > understand this purpose, it should simply treat the memory as reserved
> > and not touch it. Alternatively, these regions can be referenced from
> > other DT nodes using phandles if needed.
>
> We still need some description of what these regions are used for, so
> that the payload can use the correct regions. I do not have any other
> solution to this problem. We are in v7 at present. At least explain
> where you want the compatible strings to be introduced.
>

My point is really that by themselves, these regions are not usable by
either a payload or an OS that consumes this information. Unless there
is some other information being provided (via DT I imagine) that
describes how these things are supposed to be used, they are nothing
more than memory reservations that should be honored, and providing
this arbitrary set of labels is unnecessary.

> What sort of extra detail are you looking for? Please be specific and
> preferably add some suggestions so I can close this out ASAP.
>

A payload or OS can do nothing with a memory reservation called
'runtime-code' it it doesn't know what is inside. So there is another
DT node somewhere that describes this, and that can simply point to
this region (via a phandle) if it needs to describe the
correspondence. This is more idiomatic for DT afaik (but I am not the
expert).  But more importantly, it avoids overloading some vague
labels with behavior (e.g., executable permissions for code regions)
that should only be displayed for regions with a particular use,
rather than for a ill defined class of reservations the purpose of
which is not clear.

What I am trying to avoid is the OS ending up being forced to consume
this information in parallel to the EFI memory map, and having to
reconcile them. I'd be much happier if this gets contributed to a spec
that only covers firmware-to-firmware, and is prevented from leaking
into the OS facing interface.



> >
> >
> > > > +  reg:
> > > > +    description: region of memory that is reserved for the purpose indicated
> > > > +      by the compatible string.
> > > > +
> > > > +required:
> > > > +  - reg
> > > > +
> > > > +unevaluatedProperties: false
> > > > +
> > > > +examples:
> > > > +  - |
> > > > +    reserved-memory {
> > > > +        #address-cells = <1>;
> > > > +        #size-cells = <1>;
> > > > +
> > > > +        reserved@...40000 {
> > > > +            compatible = "boot-code";
> > > > +            reg = <0x12340000 0x00800000>;
> > > > +        };
> > > > +
> > > > +        reserved@...10000 {
> > > > +            compatible = "boot-data";
> > > > +            reg = <0x43210000 0x00800000>;
> > > > +        };
> > > > +    };
> > > > --
> > > > 2.42.0.515.g380fc7ccd1-goog
>
> Regards,
> Simon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ