From: Stephen Boyd <sboyd@codeaurora.org>
To: Rob Herring <robherring2@gmail.com>
Cc: "linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
linux-arm-msm <linux-arm-msm@vger.kernel.org>,
"devicetree-discuss@lists.ozlabs.org"
<devicetree-discuss@lists.ozlabs.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Mark Rutland <Mark.Rutland@arm.com>
Subject: Re: [PATCHv2 1/4] Documentation: Add memory mapped ARM architected timer binding
Date: Thu, 25 Apr 2013 16:25:52 -0700 [thread overview]
Message-ID: <5179BB80.9060405@codeaurora.org> (raw)
In-Reply-To: <5179B6ED.9000301@gmail.com>
On 04/25/13 16:06, Rob Herring wrote:
> On 04/25/2013 05:48 PM, Stephen Boyd wrote:
>
>> We don't really care about CNTFRQ because it's duplicated into each
>> view. We do care about CNTNSAR. Luckily the spec "just works" there in
>> the sense that we can use CNTTIDR in conjunction with CNTACRn and
>> determine if we have access to a frame we're interested in if the
>> CNTTIDR bits say the frame is present and the CNTACRn register says we
>> can access it. If not then it must be locked down for secure users.
>>
>> Unfortunately hardware doesn't have a way to say that a particular frame
>> is reserved for the hypervisor or the guest kernel/userspace. We need
>> some help from software, so we have the status property express that a
>> particular frame is available. We have to assume the DT is going to be
>> different depending on if you're the hypervisor or the guest. That's a
>> valid assumption right? Otherwise I hope we can do some trapping of the
>> guest's mapping to the control base and then rewrite what they read so
>> that they only see the frame that we want to be available to them.
> Yeah, I believe the only way to prevent access within non-secure world
> is with the MMU. So I guess the example is just policy that the
> hypervisor would/may not create a stage2 mapping. You still have the
> same issue that the guest should not be passed the control base. You
> could make the reg property optional, but then what do you do with the
> node name?
I don't follow. Why shouldn't we tell the guest about the hardware
that's there? Shouldn't they be able to safely assume they can access
the control base just like a non-guest kernel running in PL1 would be
able to?
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
WARNING: multiple messages have this Message-ID (diff)
From: sboyd@codeaurora.org (Stephen Boyd)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCHv2 1/4] Documentation: Add memory mapped ARM architected timer binding
Date: Thu, 25 Apr 2013 16:25:52 -0700 [thread overview]
Message-ID: <5179BB80.9060405@codeaurora.org> (raw)
In-Reply-To: <5179B6ED.9000301@gmail.com>
On 04/25/13 16:06, Rob Herring wrote:
> On 04/25/2013 05:48 PM, Stephen Boyd wrote:
>
>> We don't really care about CNTFRQ because it's duplicated into each
>> view. We do care about CNTNSAR. Luckily the spec "just works" there in
>> the sense that we can use CNTTIDR in conjunction with CNTACRn and
>> determine if we have access to a frame we're interested in if the
>> CNTTIDR bits say the frame is present and the CNTACRn register says we
>> can access it. If not then it must be locked down for secure users.
>>
>> Unfortunately hardware doesn't have a way to say that a particular frame
>> is reserved for the hypervisor or the guest kernel/userspace. We need
>> some help from software, so we have the status property express that a
>> particular frame is available. We have to assume the DT is going to be
>> different depending on if you're the hypervisor or the guest. That's a
>> valid assumption right? Otherwise I hope we can do some trapping of the
>> guest's mapping to the control base and then rewrite what they read so
>> that they only see the frame that we want to be available to them.
> Yeah, I believe the only way to prevent access within non-secure world
> is with the MMU. So I guess the example is just policy that the
> hypervisor would/may not create a stage2 mapping. You still have the
> same issue that the guest should not be passed the control base. You
> could make the reg property optional, but then what do you do with the
> node name?
I don't follow. Why shouldn't we tell the guest about the hardware
that's there? Shouldn't they be able to safely assume they can access
the control base just like a non-guest kernel running in PL1 would be
able to?
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
next prev parent reply other threads:[~2013-04-25 23:25 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-13 0:27 [PATCHv2 0/4] Memory mapped architected timers Stephen Boyd
2013-04-13 0:27 ` Stephen Boyd
2013-04-13 0:27 ` [PATCHv2 1/4] Documentation: Add memory mapped ARM architected timer binding Stephen Boyd
2013-04-13 0:27 ` Stephen Boyd
2013-04-15 21:20 ` Rob Herring
2013-04-15 21:20 ` Rob Herring
[not found] ` <516C6F12.5020208-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-04-15 21:33 ` Stephen Boyd
2013-04-15 21:33 ` Stephen Boyd
2013-04-15 21:33 ` Stephen Boyd
2013-04-25 18:35 ` Stephen Boyd
2013-04-25 18:35 ` Stephen Boyd
2013-04-25 21:47 ` Rob Herring
2013-04-25 21:47 ` Rob Herring
2013-04-25 22:48 ` Stephen Boyd
2013-04-25 22:48 ` Stephen Boyd
2013-04-25 23:06 ` Rob Herring
2013-04-25 23:06 ` Rob Herring
2013-04-25 23:25 ` Stephen Boyd [this message]
2013-04-25 23:25 ` Stephen Boyd
2013-04-26 11:09 ` Mark Rutland
2013-04-26 11:09 ` Mark Rutland
2013-04-13 0:27 ` [PATCHv2 2/4] ARM: arch_timers: Pass clock event to set_mode callback Stephen Boyd
2013-04-13 0:27 ` Stephen Boyd
2013-04-13 0:27 ` [PATCHv2 3/4] clocksource: arch_timer: Push the read/write wrappers deeper Stephen Boyd
2013-04-13 0:27 ` Stephen Boyd
2013-04-13 0:27 ` [PATCHv2 4/4] clocksource: arch_timer: Add support for memory mapped timers Stephen Boyd
2013-04-13 0:27 ` Stephen Boyd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5179BB80.9060405@codeaurora.org \
--to=sboyd@codeaurora.org \
--cc=Mark.Rutland@arm.com \
--cc=devicetree-discuss@lists.ozlabs.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robherring2@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.