lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 28 May 2024 08:48:51 +0200
From: Krzysztof Kozlowski <krzk@...nel.org>
To: Thierry Reding <thierry.reding@...il.com>,
 Sameer Pujar <spujar@...dia.com>, vkoul@...nel.org, robh@...nel.org,
 krzk+dt@...nel.org, conor+dt@...nel.org, jonathanh@...dia.com,
 dmaengine@...r.kernel.org, devicetree@...r.kernel.org
Cc: linux-tegra@...r.kernel.org, linux-kernel@...r.kernel.org,
 ldewangan@...dia.com, mkumard@...dia.com
Subject: Re: [RESEND PATCH 1/2] dt-bindings: dma: Add reg-names to
 nvidia,tegra210-adma

On 24/05/2024 09:36, Thierry Reding wrote:
> On Wed May 22, 2024 at 1:29 PM CEST, Krzysztof Kozlowski wrote:
>> On 22/05/2024 09:43, Sameer Pujar wrote:
>>>
>>>
>>> On 22-05-2024 12:17, Krzysztof Kozlowski wrote:
>>>> On 22/05/2024 07:35, Sameer Pujar wrote:
>>>>> On 21-05-2024 17:23, Krzysztof Kozlowski wrote:
>>>>>> On 21/05/2024 13:08, Sameer Pujar wrote:
>>>>>>> From: Mohan Kumar <mkumard@...dia.com>
>>>>>>>
>>>>>>> For Non-Hypervisor mode, Tegra ADMA driver requires the register
>>>>>>> resource range to include both global and channel page in the reg
>>>>>>> entry. For Hypervisor more, Tegra ADMA driver requires only the
>>>>>>> channel page and global page range is not allowed for access.
>>>>>>>
>>>>>>> Add reg-names DT binding for Hypervisor mode to help driver to
>>>>>>> differentiate the config between Hypervisor and Non-Hypervisor
>>>>>>> mode of execution.
>>>>>>>
>>>>>>> Signed-off-by: Mohan Kumar <mkumard@...dia.com>
>>>>>>> Signed-off-by: Sameer Pujar <spujar@...dia.com>
>>>>>>> ---
>>>>>>>    .../devicetree/bindings/dma/nvidia,tegra210-adma.yaml  | 10 ++++++++++
>>>>>>>    1 file changed, 10 insertions(+)
>>>>>>>
>>>>>>> diff --git a/Documentation/devicetree/bindings/dma/nvidia,tegra210-adma.yaml b/Documentation/devicetree/bindings/dma/nvidia,tegra210-adma.yaml
>>>>>>> index 877147e95ecc..ede47f4a3eec 100644
>>>>>>> --- a/Documentation/devicetree/bindings/dma/nvidia,tegra210-adma.yaml
>>>>>>> +++ b/Documentation/devicetree/bindings/dma/nvidia,tegra210-adma.yaml
>>>>>>> @@ -29,8 +29,18 @@ properties:
>>>>>>>              - const: nvidia,tegra186-adma
>>>>>>>
>>>>>>>      reg:
>>>>>>> +    description: |
>>>>>>> +      For hypervisor mode, the address range should include a
>>>>>>> +      ADMA channel page address range, for non-hypervisor mode
>>>>>>> +      it starts with ADMA base address covering Global and Channel
>>>>>>> +      page address range.
>>>>>>>        maxItems: 1
>>>>>>>
>>>>>>> +  reg-names:
>>>>>>> +    description: only required for Hypervisor mode.
>>>>>> This does not work like that. I provide vm entry for non-hypervisor mode
>>>>>> and what? You claim it is virtualized?
>>>>>>
>>>>>> Drop property.
>>>>> With 'vm' entry added for hypervisor mode, the 'reg' address range needs
>>>>> to be updated to use channel specific region only. This is used to
>>>>> inform driver to skip global regions which is taken care by hypervisor.
>>>>> This is expected to be used in the scenario where Linux acts as a
>>>>> virtual machine (VM). May be the hypervisor mode gives a different
>>>>> impression here? Sorry, I did not understand what dropping the property
>>>>> exactly means here.
>>>> It was imperative. Drop it. Remove it. I provided explanation why.
>>>
>>> The driver doesn't know if it is operated in a native config or in the 
>>> hypervisor config based on the 'reg' address range alone. So 'vm' entry 
>>> with restricted 'reg' range is used to differentiate here for the 
>>> hypervisor config. Just adding 'vm' entry won't be enough, the 'reg' 
>>> region must be updated as well to have expected behavior. Not sure how 
>>> this dependency can be enforced in the schema.
>>
>> That's not a unusual problem, so please come with a solution for your
>> entire subarch. We've been discussing similar topic in terms of SCMI
>> controlled resources (see talk on Linaro Connect a week ago:
>> https://www.kitefor.events/events/linaro-connect-24/submissions/161 I
>> don't know where is recording or slides, see also discussions on mailing
>> lists about it), which is not that far away from the problem here. Other
>> platforms and maybe nvidia had as well changes in IO space for
>> virtualized configuration.
>>
>> Come with unified approach FOR ALL your devices, not only this one
>> (that's kind of basic thing we keep repeating... don't solve only one
>> your problem), do not abuse the regular property, because as I said:
>> reg-names will be provided as well in non-vm case and then your entire
>> logic is wrong. The purpose of reg-names is not to tell whether you have
>> or have not virtualized environment.
> 
> This isn't strictly about telling whether this is a virtualized
> environment or not. Unfortunately the bindings don't make that very
> clear, so let me try to give a bit more background.
> 
> On Tegra devices the register regions associated with a device are
> usually split up into 64 KiB chunks.

So describing it as one IO region was incorrect from the start and you
want to fix it by adding one more incorrect description: making first
item meaning two different things. Sorry, that's not a correct way to
fix things.

Items are defined, thus first item is always expected to be what the
binding already said. Adding reg-names changes nothing, because (as
repeated many times) xxx-names is just a helper. Items are already defined.

> 
> One of these chunks, usually the first one, is a global region that
> contains registers that configure the device as a whole. This is usually
> privileged and accessible only to the hypervisor.
> 
> Subsequent regions are meant to be assigned to individual VMs. Often the
> regions take the form of "channels", so they are instances of the same
> register block and control that separate slice of the hardware.
> 
> What makes this a bit confusing is that for the sake of simplicity (and,
> I guess, lack of foresight) the original bindings were written in a way
> to encompass all registers without making that distinction. This worked
> fine because we've only ever run Linux as host OS where it has access to
> all those registers.
> 
> However, when we move to virtualized environments that no longer works.
> 
> Given the above, we can't read any registers in order to probe whether
> we run as a guest or not. Trying to access any of the global registers
> from a VM simply won't work and may crash the system. None of the
> "channel" registers contain information indicating host vs. guest
> either.

I don't understand how it differs from what I said - you want to
indicate that you run in virtualized environment and not all resources
are accessible.

The device still has the first (global) address, just it is not
available due to hypervisor.

> 
> In order to make this work we need to more fine-grainedly specify the
> register layout. I think the binding changes here aren't sufficient to
> do that, though.
> 
> Currently we have this for the ADMA controller:
> 
> 	dma-controller@...0000 {
> 		reg = <0x0 0x02930000 0x0 0x20000>;
> 	};
> 
> This contains the global registers (0x2930000-0x293ffff) and the first
> page/channel registers (0x2940000-0x294ffff) in one "reg" entry. Instead
> I think what we need is this:
> 
> 	dma-controller@...0000 {
> 		reg = <0x0 0x02930000 0x0 0x10000>,
> 		      <0x0 0x02940000 0x0 0x10000>,
> 		      <0x0 0x02950000 0x0 0x10000>,
> 		      <0x0 0x02960000 0x0 0x10000>,
> 		      <0x0 0x02970000 0x0 0x10000>;
> 		reg-names = "global", "page0", "page1", "page2",
> 		            "page3";
> 	};
> 
> That describes the device fully, but each of these entries is optional.
> If "global" is present it means we are a hypervisor (or host OS). If an
> additional "page" entry is present, we can also use those resources to
> stream audio data.
> 
> If "global" is not present, we know we are not a hypervisor and those
> registers cannot be accessed. This would be the typical case for a guest
> OS which has access only to the listed "page" entries.
> 
> For backwards-compatibility with the existing bindings we should be able
> to fallback to the singular register region and partition it up in the
> driver as necessary.
> 
> This is an approach that we've already implemented for certain devices
> such as host1x and Ethernet where a similar split exists. I suspect that
> we'll need to do this kind of split in a number of other bindings as
> well.
> 

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ