| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241030205703.GA1219329@bhelgaas> Date: Wed, 30 Oct 2024 15:57:03 -0500 From: Bjorn Helgaas <helgaas@...nel.org> To: Jan Kiszka <jan.kiszka@...mens.com> Cc: Nishanth Menon <nm@...com>, Santosh Shilimkar <ssantosh@...nel.org>, Vignesh Raghavendra <vigneshr@...com>, Tero Kristo <kristo@...nel.org>, Rob Herring <robh@...nel.org>, Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley <conor+dt@...nel.org>, devicetree@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-pci@...r.kernel.org, Siddharth Vadapalli <s-vadapalli@...com>, Bao Cheng Su <baocheng.su@...mens.com>, Hua Qian Li <huaqian.li@...mens.com>, Diogo Ivo <diogo.ivo@...mens.com>, Bjorn Helgaas <bhelgaas@...gle.com>, Krzysztof Wilczyński <kw@...ux.com>, Lorenzo Pieralisi <lpieralisi@...nel.org> Subject: Re: [PATCH v6 0/7] soc: ti: Add and use PVU on K3-AM65 for DMA isolation On Mon, Sep 09, 2024 at 07:03:53PM +0200, Jan Kiszka wrote: > Changes in v6: > - make restricted DMA memory-region available to all pci-keystone > devices, moving property to unconditional section (patch 2) > > Changes in v5: > - resolve review comments on pci-host bindings > - reduce DMA memory regions to 1 - swiotlb does not support more > - move activation into overlay (controlled via firmware) > - use ks_init_vmap helper instead of loop in > rework ks_init_restricted_dma > - add more comments to pci-keystone > - use 2 chained TLBs of PVU to support maximum of swiotlb (320 MB) > > Changes in v4: > - reorder patch queue, moving all DTS changes to the back > - limit activation to IOT2050 Advanced variants > - move DMA pool to allow firmware-based expansion it up to 512M > > Changes in v3: > - fix ti,am654-pvu.yaml according to review comments > - address review comments on ti,am65-pci-host.yaml > - differentiate between different compatibles in ti,am65-pci-host.yaml > - move pvu nodes to k3-am65-main.dtsi > - reorder patch series, pulling bindings and generic DT bits to the front > > Changes in v2: > - fix dt_bindings_check issues (patch 1) > - address first review comments (patch 2) > - extend ti,am65-pci-host bindings for PVU (new patch 3) > > Only few of the K3 SoCs have an IOMMU and, thus, can isolate the system > against DMA-based attacks of external PCI devices. The AM65 is without > an IOMMU, but it comes with something close to it: the Peripheral > Virtualization Unit (PVU). > > The PVU was originally designed to establish static compartments via a > hypervisor, isolate those DMA-wise against each other and the host and > even allow remapping of guest-physical addresses. But it only provides > a static translation region, not page-granular mappings. Thus, it cannot > be handled transparently like an IOMMU. > > Now, to use the PVU for the purpose of isolated PCI devices from the > Linux host, this series takes a different approach. It defines a > restricted-dma-pool for the PCI host, using swiotlb to map all DMA > buffers from a static memory carve-out. And to enforce that the devices > actually follow this, a special PVU soc driver is introduced. The driver > permits access to the GIC ITS and otherwise waits for other drivers that > detect devices with constrained DMA to register pools with the PVU. > > For the AM65, the first (and possibly only) driver where this is > introduced is the pci-keystone host controller. Finally, this series > provides a DT overlay for the IOT2050 Advanced devices (all have > MiniPCIe or M.2 extension slots) to make use of this protection scheme. > Application of this overlay will be handled by firmware. > > Due to the cross-cutting nature of these changes, multiple subsystems > are affected. However, I wanted to present the whole thing in one series > to allow everyone to review with the complete picture in hands. If > preferred, I can also split the series up, of course. I'm not sure where this ended up. The pci-keystone.c patch looks OK to me, and I don't see any comments from the PCI folks who normally take care of host controller drivers. I guess it depends on the soc PVU driver, so I'll ack the keystone part and whoever takes the soc part can include it. > CC: Bjorn Helgaas <bhelgaas@...gle.com> > CC: "Krzysztof Wilczyński" <kw@...ux.com> > CC: linux-pci@...r.kernel.org > CC: Lorenzo Pieralisi <lpieralisi@...nel.org> > > Jan Kiszka (7): > dt-bindings: soc: ti: Add AM65 peripheral virtualization unit > dt-bindings: PCI: ti,am65: Extend for use with PVU > soc: ti: Add IOMMU-like PVU driver > PCI: keystone: Add support for PVU-based DMA isolation on AM654 > arm64: dts: ti: k3-am65-main: Add PVU nodes > arm64: dts: ti: k3-am65-main: Add VMAP registers to PCI root complexes > arm64: dts: ti: iot2050: Add overlay for DMA isolation for devices > behind PCI RC > > .../bindings/pci/ti,am65-pci-host.yaml | 28 +- > .../bindings/soc/ti/ti,am654-pvu.yaml | 51 ++ > arch/arm64/boot/dts/ti/Makefile | 5 + > arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 38 +- > ...am6548-iot2050-advanced-dma-isolation.dtso | 33 ++ > drivers/pci/controller/dwc/pci-keystone.c | 108 ++++ > drivers/soc/ti/Kconfig | 4 + > drivers/soc/ti/Makefile | 1 + > drivers/soc/ti/ti-pvu.c | 500 ++++++++++++++++++ > include/linux/ti-pvu.h | 16 + > 10 files changed, 777 insertions(+), 7 deletions(-) > create mode 100644 Documentation/devicetree/bindings/soc/ti/ti,am654-pvu.yaml > create mode 100644 arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-dma-isolation.dtso > create mode 100644 drivers/soc/ti/ti-pvu.c > create mode 100644 include/linux/ti-pvu.h > > -- > 2.43.0 >
Powered by blists - more mailing lists