| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <174524751981.2425537.9075012529757899431.robh@kernel.org> Date: Mon, 21 Apr 2025 10:07:28 -0500 From: "Rob Herring (Arm)" <robh@...nel.org> To: huaqian.li@...mens.com Cc: helgaas@...nel.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, vigneshr@...com, devicetree@...r.kernel.org, kw@...ux.com, iommu@...ts.linux.dev, nm@...com, bhelgaas@...gle.com, baocheng.su@...mens.com, jan.kiszka@...mens.com, conor+dt@...nel.org, lpieralisi@...nel.org, diogo.ivo@...mens.com, kristo@...nel.org, m.szyprowski@...sung.com, robin.murphy@....com, ssantosh@...nel.org, s-vadapalli@...com, krzk+dt@...nel.org, linux-pci@...r.kernel.org Subject: Re: [PATCH v7 0/8] soc: ti: Add and use PVU on K3-AM65 for DMA isolation On Fri, 18 Apr 2025 15:30:18 +0800, huaqian.li@...mens.com wrote: > From: Li Hua Qian <huaqian.li@...mens.com> > > Changes in v7: > - add schema expressing dependency as suggested on pci-host bindings > - resolve review comments on pci-keystone driver > - add a new patch to make IO_TLB_SEGSIZE configurable > - improve patches based on checkpath.pl > > Changes in v6: > - make restricted DMA memory-region available to all pci-keystone > devices, moving property to unconditional section (patch 2) > > Changes in v5: > - resolve review comments on pci-host bindings > - reduce DMA memory regions to 1 - swiotlb does not support more > - move activation into overlay (controlled via firmware) > - use ks_init_vmap helper instead of loop in > rework ks_init_restricted_dma > - add more comments to pci-keystone > - use 2 chained TLBs of PVU to support maximum of swiotlb (320 MB) > > Changes in v4: > - reorder patch queue, moving all DTS changes to the back > - limit activation to IOT2050 Advanced variants > - move DMA pool to allow firmware-based expansion it up to 512M > > Changes in v3: > - fix ti,am654-pvu.yaml according to review comments > - address review comments on ti,am65-pci-host.yaml > - differentiate between different compatibles in ti,am65-pci-host.yaml > - move pvu nodes to k3-am65-main.dtsi > - reorder patch series, pulling bindings and generic DT bits to the front > > Changes in v2: > - fix dt_bindings_check issues (patch 1) > - address first review comments (patch 2) > - extend ti,am65-pci-host bindings for PVU (new patch 3) > > Only few of the K3 SoCs have an IOMMU and, thus, can isolate the system > against DMA-based attacks of external PCI devices. The AM65 is without > an IOMMU, but it comes with something close to it: the Peripheral > Virtualization Unit (PVU). > > The PVU was originally designed to establish static compartments via a > hypervisor, isolate those DMA-wise against each other and the host and > even allow remapping of guest-physical addresses. But it only provides > a static translation region, not page-granular mappings. Thus, it cannot > be handled transparently like an IOMMU. > > Now, to use the PVU for the purpose of isolated PCI devices from the > Linux host, this series takes a different approach. It defines a > restricted-dma-pool for the PCI host, using swiotlb to map all DMA > buffers from a static memory carve-out. And to enforce that the devices > actually follow this, a special PVU soc driver is introduced. The driver > permits access to the GIC ITS and otherwise waits for other drivers that > detect devices with constrained DMA to register pools with the PVU. > > For the AM65, the first (and possibly only) driver where this is > introduced is the pci-keystone host controller. Finally, this series > provides a DT overlay for the IOT2050 Advanced devices (all have > MiniPCIe or M.2 extension slots) to make use of this protection scheme. > Application of this overlay will be handled by firmware. > > Due to the cross-cutting nature of these changes, multiple subsystems > are affected. However, I wanted to present the whole thing in one series > to allow everyone to review with the complete picture in hands. If > preferred, I can also split the series up, of course. > > Jan > > > Jan Kiszka (7): > dt-bindings: soc: ti: Add AM65 peripheral virtualization unit > dt-bindings: PCI: ti,am65: Extend for use with PVU > soc: ti: Add IOMMU-like PVU driver > PCI: keystone: Add support for PVU-based DMA isolation on AM654 > arm64: dts: ti: k3-am65-main: Add PVU nodes > arm64: dts: ti: k3-am65-main: Add VMAP registers to PCI root complexes > arm64: dts: ti: iot2050: Add overlay for DMA isolation for devices > behind PCI RC > > Li Hua Qian (1): > swiotlb: Make IO_TLB_SEGSIZE configurable > > .../bindings/pci/ti,am65-pci-host.yaml | 34 +- > .../bindings/soc/ti/ti,am654-pvu.yaml | 51 ++ > arch/arm64/boot/dts/ti/Makefile | 5 + > arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 38 +- > ...am6548-iot2050-advanced-dma-isolation.dtso | 33 ++ > drivers/pci/controller/dwc/pci-keystone.c | 106 ++++ > drivers/soc/ti/Kconfig | 4 + > drivers/soc/ti/Makefile | 1 + > drivers/soc/ti/ti-pvu.c | 500 ++++++++++++++++++ > include/linux/swiotlb.h | 2 +- > include/linux/ti-pvu.h | 28 + > kernel/dma/Kconfig | 7 + > 12 files changed, 801 insertions(+), 8 deletions(-) > create mode 100644 Documentation/devicetree/bindings/soc/ti/ti,am654-pvu.yaml > create mode 100644 arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-dma-isolation.dtso > create mode 100644 drivers/soc/ti/ti-pvu.c > create mode 100644 include/linux/ti-pvu.h > > -- > 2.34.1 > > > My bot found new DTB warnings on the .dts files added or changed in this series. Some warnings may be from an existing SoC .dtsi. Or perhaps the warnings are fixed by another series. Ultimately, it is up to the platform maintainer whether these warnings are acceptable or not. No need to reply unless the platform maintainer has comments. If you already ran DT checks and didn't see these error(s), then make sure dt-schema is up to date: pip3 install dtschema --upgrade This patch series was applied (using b4) to base: Base: attempting to guess base-commit... Base: tags/next-20250417 (exact match) If this is not the correct base, please add 'base-commit' tag (or use b4 which does this automatically) New warnings running 'make CHECK_DTBS=y for arch/arm64/boot/dts/ti/' for 20250418073026.2418728-1-huaqian.li@...mens.com: arch/arm64/boot/dts/ti/k3-am6528-iot2050-basic-pg2.dtb: pcie@...0000 (ti,am654-pcie-rc): 'memory-region' is a required property from schema $id: http://devicetree.org/schemas/pci/ti,am65-pci-host.yaml# arch/arm64/boot/dts/ti/k3-am6528-iot2050-basic.dtb: pcie@...0000 (ti,am654-pcie-rc): 'memory-region' is a required property from schema $id: http://devicetree.org/schemas/pci/ti,am65-pci-host.yaml# arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-m2.dtb: pcie@...0000 (ti,am654-pcie-rc): 'memory-region' is a required property from schema $id: http://devicetree.org/schemas/pci/ti,am65-pci-host.yaml# arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced.dtb: pcie@...0000 (ti,am654-pcie-rc): 'memory-region' is a required property from schema $id: http://devicetree.org/schemas/pci/ti,am65-pci-host.yaml# arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-pg2.dtb: pcie@...0000 (ti,am654-pcie-rc): 'memory-region' is a required property from schema $id: http://devicetree.org/schemas/pci/ti,am65-pci-host.yaml# arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-sm.dtb: pcie@...0000 (ti,am654-pcie-rc): 'memory-region' is a required property from schema $id: http://devicetree.org/schemas/pci/ti,am65-pci-host.yaml#
Powered by blists - more mailing lists