-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
core: dt: Make it possible to alter device mapping #5603
core: dt: Make it possible to alter device mapping #5603
Conversation
This is split from PR #5350 as we could not re-open that. Also decided to split the commits to own PRs. |
core/kernel/dt.c
Outdated
@@ -125,6 +125,39 @@ int dt_map_dev(const void *fdt, int offs, vaddr_t *base, size_t *size) | |||
return 0; | |||
} | |||
|
|||
int dt_map_secure_dev(const void *fdt, int offs, vaddr_t *base, size_t *size) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This duplicates most of the code in dt_map_dev()
. Would it be possible to refactor the two functions to use a common helper function or something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add a hint argument to dt_map_dev()
:
enum map_dev_directive { MAP_FROM_NODE_STATUS, MAP_SECURE, MAP_NON_SECURE };
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can try the proposed method.
core/kernel/dt.c
Outdated
return -1; | ||
sz = _fdt_reg_size(fdt, offs); | ||
if (sz == DT_INFO_INVALID_REG_SIZE) | ||
return -1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The err_code(-1) returned by different exception branches. Maybe inconvenient for debug.
But returning to -1 seems to be the norm in this file. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. This is legacy and could move to TEE_Result
return value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dt_map_dev()
maps with ns=0 when secure-status = "okay"
& status = "disabled"
. @vesajaaskelainen, you don't want to rely on this scheme? You need an API function that enforces the secure state?
core/kernel/dt.c
Outdated
return -1; | ||
sz = _fdt_reg_size(fdt, offs); | ||
if (sz == DT_INFO_INVALID_REG_SIZE) | ||
return -1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. This is legacy and could move to TEE_Result
return value.
The problem here is that the real device tree would be:
Eg. part of the registers are accessible for Linux kernel drivers and full set is available for OP-TEE driver. If you do this the MMU mapping will be non-secure resulting non-secure access in FPGA side and we cannot access the TZ protected registers. |
Alternative for this function would be I suppose:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
invent new device tree keyword
I don't think it is the preferred way...
re-work logic when both statuses are enabled so that actual mapping is secure. But don't know what that would break.
That would be sowhat more consistent IMO. There are impacted drivers, we should get an Acked-by from them.
core/kernel/dt.c
Outdated
@@ -125,6 +125,39 @@ int dt_map_dev(const void *fdt, int offs, vaddr_t *base, size_t *size) | |||
return 0; | |||
} | |||
|
|||
int dt_map_secure_dev(const void *fdt, int offs, vaddr_t *base, size_t *size) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add a hint argument to dt_map_dev()
:
enum map_dev_directive { MAP_FROM_NODE_STATUS, MAP_SECURE, MAP_NON_SECURE };
996ad84
to
a951b4a
Compare
core/include/kernel/dt.h
Outdated
* DT_MAP_NON_SECURE: Force mapping for device to be non-secure. | ||
*/ | ||
enum dt_map_dev_directive { | ||
DT_MAP_FROM_NODE_STATUS, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was thinking should this be DT_MAP_AUTO
or so.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that's a good name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wait a bit if there are other comments and then go with this (needs a change in quite a many places 😓)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW... DT_MAP_AUTO
sounds good to me too
Now I have updated the PR based on comments. Please check it out if it matches your ideas. |
Please change the prefix in the commit subject from kernel to core. |
OK |
a951b4a
to
3834a1b
Compare
Updated the PR based on comments. |
|
3834a1b
to
1a927de
Compare
Thanks for the review! Applied tag. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
In case where IP core device is TrustZone aware and is used by both REE and TEE dt_map_dev() would normally cause non-secure mapping for the device. When selected registers in IP core are only accessible by TrustZone device needs to be mapped with MEM_AREA_IO_SEC to cause actual AXI memory access be made with AWPROT[1] and ARPROT[1] bits configured properly. This adds new argument for dt_map_dev() to enable forcing mapping to be secure or non-secure. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
1a927de
to
dee2f84
Compare
Thanks for the review! Applied tags. |
About failed checks. These passed nicely on my github fork's actions. So some transient failure somewhere else? |
Possible. Or perhaps there is a race condition somewhere -- |
In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device.
When selected registers in IP core are only accessible by TrustZone device
needs to be mapped with MEM_AREA_IO_SEC to cause actual AXI memory access
be made with AWPROT[1] and ARPROT[1] bits configured properly.
This adds new argument for dt_map_dev() to enable forcing mapping to be
secure or non-secure.
Signed-off-by: Vesa Jääskeläinen vesa.jaaskelainen@vaisala.com