[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] xen/arm: Add imx8q{m,x} platform glue

To: John Ernberg <john.ernberg@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Peng Fan <peng.fan@xxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Thu, 1 Feb 2024 12:20:06 +0000
Cc: Jonas Blixt <jonas.blixt@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 01 Feb 2024 12:20:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>



On 31/01/2024 15:32, John Ernberg wrote:

Hi Julien,


Hi John,

On 1/31/24 13:22, Julien Grall wrote:

Hi,

On 31/01/2024 11:50, John Ernberg wrote:

When using Linux for dom0 there are a bunch of drivers that need to do
SMC
SIP calls into the PSCI provider to enable certain hardware bits like the
watchdog.


Do you know which protocol this is under the hood. Is this SCMI?


I think I confused myself here when I wrote the commit log.

The EL3 code in our case is ATF, and it does not appear to be SCMI, nor
PSCI. The register usage of these SMC SIP calls are as follows:
a0 - service
a1 - function
a2-a7 - args

In ATF the handler is declared as a runtime service.

Would the appropriate commmit message here be something along the lines
of below?
"""
When using Linux for dom0 there are a bunch of drivers that need to do   SMC
SIP calls into the firmware to enable certain hardware bits like the
watchdog.
"""


It reads better thanks.

[...]

But even if we restrict to dom0, have you checked that none of the SMCs
use buffers?

I haven't found any such instances in the Linux kernel where a buffer is
used. Adding a call filtering like suggested below additions of such
functions can be discovered and adapted for if they would show up later.


Rather than providing a blanket forward, to me it sounds more like you
want to provide an allowlist of the SMCs. This is more futureproof and
avoid the risk to expose unsafe SMCs to any domain.

For an example, you can have a look at the EEMI mediator for Xilinx.


Ack. Do you prefer to see only on SMCCC service level or also on
function level? (a1 register, per description earlier)

I am not sure. It will depend on whether it is correct to expose *all*the functions within a service level and they have the same format.

If you can't guarantee that, then you will most likely need to allowlistat the function level.

Also, do you have a spec in hand that would help to understand whichservice/function is implemented via those SMCs?


Cheers,

--
Julien Grall

Follow-Ups:
- Re: [PATCH 1/2] xen/arm: Add imx8q{m,x} platform glue
  - From: John Ernberg

Prev by Date: Re: [PATCH v6 01/15] xen/common: add cache coloring common code
Next by Date: Re: [BUG]i2c_hid_acpi broken with 4.17.2 on Framework Laptop 13 AMD
Previous by thread: Re: [PATCH 1/2] xen/arm: Add imx8q{m,x} platform glue
Next by thread: Re: [PATCH 1/2] xen/arm: Add imx8q{m,x} platform glue
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.