From: Robin Murphy <robin.murphy@arm.com>
To: Mitchel Humpherys <mitchelh@codeaurora.org>,
iommu@lists.linux-foundation.org,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, Will Deacon <will.deacon@arm.com>,
Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Jordan Crouse <jcrouse@codeaurora.org>,
Jeremy Gebben <jgebben@codeaurora.org>,
Patrick Daly <pdaly@codeaurora.org>,
Pratik Patel <pratikp@codeaurora.org>,
Dan Williams <dan.j.williams@intel.com>,
Jassi Brar <jassi.brar@samsung.com>
Subject: Re: [PATCH v2 6/6] dmaengine: pl330: Make sure microcode is privileged-executable
Date: Mon, 11 Jul 2016 16:23:53 +0100 [thread overview]
Message-ID: <5783BA09.1020303@arm.com> (raw)
In-Reply-To: <20160709020919.6760-7-mitchelh@codeaurora.org>
On 09/07/16 03:09, Mitchel Humpherys wrote:
> The PL330 can perform privileged instruction fetches. This can result
Nit: "can" is a bit of an understatement. Instruction fetches on both
the manager and channel threads have the "privileged" and "instruction"
AxPROT bits hard-coded whether you like it or not. It's only the data
accesses by the channel threads which are in any way configurable.
Robin.
> in SMMU permission faults on SMMUs that implement the ARMv8 VMSA, which
> specifies that mappings that are writeable at one execution level shall
> not be executable at any higher-privileged level. Fix this by using the
> DMA_ATTR_PRIVILEGED_EXECUTABLE attribute, which will ensure that the
> microcode IOMMU mapping is not writeable.
>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Jassi Brar <jassi.brar@samsung.com>
> Signed-off-by: Mitchel Humpherys <mitchelh@codeaurora.org>
> ---
> drivers/dma/pl330.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c
> index 372b4359da97..25bc49d47c45 100644
> --- a/drivers/dma/pl330.c
> +++ b/drivers/dma/pl330.c
> @@ -1854,14 +1854,17 @@ static int dmac_alloc_resources(struct pl330_dmac *pl330)
> {
> int chans = pl330->pcfg.num_chan;
> int ret;
> + DEFINE_DMA_ATTRS(attrs);
>
> + dma_set_attr(DMA_ATTR_PRIVILEGED_EXECUTABLE, &attrs);
> /*
> * Alloc MicroCode buffer for 'chans' Channel threads.
> * A channel's buffer offset is (Channel_Id * MCODE_BUFF_PERCHAN)
> */
> - pl330->mcode_cpu = dma_alloc_coherent(pl330->ddma.dev,
> + pl330->mcode_cpu = dma_alloc_attrs(pl330->ddma.dev,
> chans * pl330->mcbufsz,
> - &pl330->mcode_bus, GFP_KERNEL);
> + &pl330->mcode_bus, GFP_KERNEL,
> + &attrs);
> if (!pl330->mcode_cpu) {
> dev_err(pl330->ddma.dev, "%s:%d Can't allocate memory!\n",
> __func__, __LINE__);
>
WARNING: multiple messages have this Message-ID (diff)
From: robin.murphy@arm.com (Robin Murphy)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 6/6] dmaengine: pl330: Make sure microcode is privileged-executable
Date: Mon, 11 Jul 2016 16:23:53 +0100 [thread overview]
Message-ID: <5783BA09.1020303@arm.com> (raw)
In-Reply-To: <20160709020919.6760-7-mitchelh@codeaurora.org>
On 09/07/16 03:09, Mitchel Humpherys wrote:
> The PL330 can perform privileged instruction fetches. This can result
Nit: "can" is a bit of an understatement. Instruction fetches on both
the manager and channel threads have the "privileged" and "instruction"
AxPROT bits hard-coded whether you like it or not. It's only the data
accesses by the channel threads which are in any way configurable.
Robin.
> in SMMU permission faults on SMMUs that implement the ARMv8 VMSA, which
> specifies that mappings that are writeable at one execution level shall
> not be executable at any higher-privileged level. Fix this by using the
> DMA_ATTR_PRIVILEGED_EXECUTABLE attribute, which will ensure that the
> microcode IOMMU mapping is not writeable.
>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Jassi Brar <jassi.brar@samsung.com>
> Signed-off-by: Mitchel Humpherys <mitchelh@codeaurora.org>
> ---
> drivers/dma/pl330.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c
> index 372b4359da97..25bc49d47c45 100644
> --- a/drivers/dma/pl330.c
> +++ b/drivers/dma/pl330.c
> @@ -1854,14 +1854,17 @@ static int dmac_alloc_resources(struct pl330_dmac *pl330)
> {
> int chans = pl330->pcfg.num_chan;
> int ret;
> + DEFINE_DMA_ATTRS(attrs);
>
> + dma_set_attr(DMA_ATTR_PRIVILEGED_EXECUTABLE, &attrs);
> /*
> * Alloc MicroCode buffer for 'chans' Channel threads.
> * A channel's buffer offset is (Channel_Id * MCODE_BUFF_PERCHAN)
> */
> - pl330->mcode_cpu = dma_alloc_coherent(pl330->ddma.dev,
> + pl330->mcode_cpu = dma_alloc_attrs(pl330->ddma.dev,
> chans * pl330->mcbufsz,
> - &pl330->mcode_bus, GFP_KERNEL);
> + &pl330->mcode_bus, GFP_KERNEL,
> + &attrs);
> if (!pl330->mcode_cpu) {
> dev_err(pl330->ddma.dev, "%s:%d Can't allocate memory!\n",
> __func__, __LINE__);
>
next prev parent reply other threads:[~2016-07-11 15:23 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-09 2:09 [PATCH v2 0/6] Add support for privileged mappings Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
[not found] ` <20160709020919.6760-1-mitchelh-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2016-07-09 2:09 ` [PATCH v2 1/6] iommu: add IOMMU_PRIV attribute Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-11 14:08 ` Robin Murphy
2016-07-11 14:08 ` Robin Murphy
2016-07-09 2:09 ` [PATCH v2 2/6] iommu/io-pgtable-arm: add support for the IOMMU_PRIV flag Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
[not found] ` <20160709020919.6760-3-mitchelh-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2016-07-11 14:14 ` Robin Murphy
2016-07-11 14:14 ` Robin Murphy
2016-07-11 14:14 ` Robin Murphy
2016-07-09 2:09 ` [PATCH v2 3/6] Revert "iommu/arm-smmu: Treat all device transactions as unprivileged" Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
[not found] ` <20160709020919.6760-4-mitchelh-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2016-07-11 14:20 ` Robin Murphy
2016-07-11 14:20 ` Robin Murphy
2016-07-11 14:20 ` Robin Murphy
2016-07-09 2:09 ` [PATCH v2 4/6] common: DMA-mapping: add DMA_ATTR_PRIVILEGED_EXECUTABLE attribute Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-11 14:46 ` Robin Murphy
2016-07-11 14:46 ` Robin Murphy
2016-07-09 2:09 ` [PATCH v2 5/6] arm64/dma-mapping: Implement DMA_ATTR_PRIVILEGED_EXECUTABLE Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
[not found] ` <20160709020919.6760-6-mitchelh-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2016-07-11 15:06 ` Robin Murphy
2016-07-11 15:06 ` Robin Murphy
2016-07-11 15:06 ` Robin Murphy
2016-07-09 2:09 ` [PATCH v2 6/6] dmaengine: pl330: Make sure microcode is privileged-executable Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-09 2:09 ` Mitchel Humpherys
2016-07-11 15:23 ` Robin Murphy [this message]
2016-07-11 15:23 ` Robin Murphy
2016-07-11 14:02 ` [PATCH v2 0/6] Add support for privileged mappings Robin Murphy
2016-07-11 14:02 ` Robin Murphy
2016-07-11 14:02 ` Robin Murphy
[not found] ` <5783A6F0.7040903-5wv7dgnIgG8@public.gmane.org>
2016-07-11 15:00 ` Jordan Crouse
2016-07-11 15:00 ` Jordan Crouse
2016-07-11 15:00 ` Jordan Crouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5783BA09.1020303@arm.com \
--to=robin.murphy@arm.com \
--cc=dan.j.williams@intel.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jassi.brar@samsung.com \
--cc=jcrouse@codeaurora.org \
--cc=jgebben@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=mitchelh@codeaurora.org \
--cc=pdaly@codeaurora.org \
--cc=pratikp@codeaurora.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.