lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aD8adnQWcII5XO2J@lpieralisi>
Date: Tue, 3 Jun 2025 17:53:26 +0200
From: Lorenzo Pieralisi <lpieralisi@...nel.org>
To: Rob Herring <robh@...nel.org>
Cc: Peter Maydell <peter.maydell@...aro.org>,
	Krzysztof Kozlowski <krzk+dt@...nel.org>,
	Marc Zyngier <maz@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
	Conor Dooley <conor+dt@...nel.org>,
	Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will@...nel.org>, andre.przywara@....com,
	Arnd Bergmann <arnd@...db.de>,
	Sascha Bischoff <sascha.bischoff@....com>,
	Timothy Hayes <timothy.hayes@....com>,
	"Liam R. Howlett" <Liam.Howlett@...cle.com>,
	Mark Rutland <mark.rutland@....com>,
	Jiri Slaby <jirislaby@...nel.org>,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	devicetree@...r.kernel.org, suzuki.poulose@....com
Subject: Re: [PATCH v4 01/26] dt-bindings: interrupt-controller: Add Arm GICv5

On Tue, Jun 03, 2025 at 10:15:25AM -0500, Rob Herring wrote:
> On Tue, Jun 3, 2025 at 2:48 AM Lorenzo Pieralisi <lpieralisi@...nel.org> wrote:
> >
> > On Thu, May 29, 2025 at 02:17:26PM +0100, Peter Maydell wrote:
> > > On Thu, 29 May 2025 at 13:44, Lorenzo Pieralisi <lpieralisi@...nel.org> wrote:
> > > >
> > > > [+Andre, Peter]
> > > >
> > > > On Tue, May 13, 2025 at 07:47:54PM +0200, Lorenzo Pieralisi wrote:
> > > > > +      reg:
> > > > > +        minItems: 1
> > > > > +        items:
> > > > > +          - description: IRS control frame
> > > >
> > > > I came across it while testing EL3 firmware, raising the topic for
> > > > discussion.
> > > >
> > > > The IRS (and the ITS) has a config frame (need to patch the typo
> > > > s/control/config, already done) per interrupt domain supported, that is,
> > > > it can have up to 4 config frames:
> > > >
> > > > - EL3
> > > > - Secure
> > > > - Realm
> > > > - Non-Secure
> > > >
> > > > The one described in this binding is the non-secure one.
> > > >
> > > > IIUC, everything described in the DT represents the non-secure address
> > > > space.
> > >
> > > The dt bindings do allow for describing Secure-world devices:
> > > Documentation/devicetree/bindings/arm/secure.txt has the
> > > details. We use this in QEMU so we can provide a DTB to
> > > guest EL3 firmware that tells it where the hardware is
> > > (and which EL3 can then pass on to an NS kernel). It would
> > > be helpful for the GICv5 binding to be defined in a way that
> > > we can do this for a GICv5 system too.
> >
> > It would be good to understand what DT {should/should not} describe and
> > whether this DT usage to configure firmware is under the DT maintainers
> > radar or it is an attempt at reusing it to avoid implementing a
> > configuration scheme.
> >
> > Rob, Krzysztof,
> >
> > Any thoughts on the matter please ?
> 
> I'm all for firmware using DT, but using a single DT for all
> components with an ABI between all components is an impractical dream.
> You can take that a step further even with a single DT for all
> processors in a system (aka System DT). Ultimately, the DT is a view
> of the system for a client (OS). Different views may need different
> DTs.

Specifically, for IRS/ITS frames then - what the current schema does is
correct, namely, it does _not_ spell out whether the IRS/ITS config
frame is NS/S/Realm/Root interrupt domain, that's information that the
client implicitly assumes.

Are we OK with this approach ? This would leave open the possibility
of having a DT per security-state.

If in the DT schema I define eg reg -> "IRS NS config frame" by
construction the binding can't be used for anything else.

Please let me know if we are in agreement on this matter.

Lorenzo

> u-boot and Linux sharing a DT makes sense as they have the same world
> view. Secure and NS not so much.
> 
> > [...]
> >
> > > The tempting thing to do is to have regs[] list the frames
> > > in some given order, but the spec makes them not simple
> > > supersets, allowing all of:
> > >  * NS
> > >  * S
> > >  * NS, S, EL3
> > >  * NS, Realm, EL3
> > >  * NS, Realm, S, EL3
> >
> > Maybe reg-names can help ? Even though first we need to understand
> > what resources should be described in DT.
> >
> > Current bindings are reviewed and I am not keen on dragging this
> > discussion on forever - the information the kernel requires is there,
> > I'd like to bring this to a close.
> >
> > Thanks,
> > Lorenzo
> >
> > >
> > > secure.txt says:
> > > # The general principle of the naming scheme for Secure world bindings
> > > # is that any property that needs a different value in the Secure world
> > > # can be supported by prefixing the property name with "secure-". So for
> > > # instance "secure-foo" would override "foo".
> 
> Today I would say a 'secure-' prefix is a mistake. To my knowledge,
> it's never been used anyways. But I don't have much visibility into
> what secure world firmware is doing.
> 
> > >
> > > So maybe we could have
> > >  reg : the NS frame(s)
> > >  secure-reg : the S frame(s)
> > >  realm-reg : the Realm frame(s)
> > >  root-reg : the EL3 frame(s)
> 
> Here's why. It really doesn't scale.
> 
> Rob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ