From: James Morse <james.morse@arm.com>
To: Rui Zhao <ruizhao@microsoft.com>
Cc: Sasha Levin <sashal@kernel.org>, "bp@alien8.de" <bp@alien8.de>,
"mchehab@kernel.org" <mchehab@kernel.org>,
"linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Linux Kernel <linux-kernel@microsoft.com>,
"will.deacon@arm.com" <will.deacon@arm.com>,
"okaya@kernel.org" <okaya@kernel.org>
Subject: EDAC, dmc520:: add DMC520 EDAC driver
Date: Tue, 5 Feb 2019 17:31:26 +0000 [thread overview]
Message-ID: <efc7fba8-dbff-844c-2995-28cbd5f015c0@arm.com> (raw)
Hi Rui,
On 23/01/2019 22:08, Rui Zhao wrote:
> On Wednesday, January 23, 2019 10:36 AM, James Morse wrote:
>>> If firmware enables it, they're suppose to handle the interrupt.
>> Ah, so you still have resident firmware!
>> How come your firmware trusts linux not to turn off the memory controller?!
>> These things are usually protected by trust zone so the OS can't pull the memory from under firmware's feet.
> We have firmware to config the memory controller and want to have an EDAC driver to report ECC status.
> Could you please elaborate a bit on the security concern on this approach? Like some malicious app/driver can access
> memory controller registers can cause issue?
I'm remembering this:
https://lore.kernel.org/linux-arm-kernel/9b9c4cd5-4428-c08d-d4a3-7352c6c80583@arm.com/
Robin Murphy wrote:
| [ For anyone interested, it puts the DRAM controller into sleep mode.
| The kernel can't even panic if all the memory suddenly disappears :D ]
This would be a problem if you need your Secure-world software needs to keep
working, and depends on the memory behind this controller.
It might be that your secure-world software only uses some other memory, in
which case this wouldn't matter.
It may be linux _is_ your secure-world software, in which case it wouldn't
matter either.
> What's the recommend approach if Linux won't be able to access memory controller
> registers? Have firmware do the ECC
> status monitoring and some sort of driver to query ECC status from firmware?
If Linux runs in the normal-world, can't you use trust-zone to prevent Linux
from accessing the memory controller?
If you did this, you'd need to handle the UE interrupts in firmware, and
wouldn't be able to use this driver in linux. Your platform hasn't gone this
way, so I guess one of the above cases applies.
Thanks,
James
WARNING: multiple messages have this Message-ID (diff)
From: James Morse <james.morse@arm.com>
To: Rui Zhao <ruizhao@microsoft.com>
Cc: Sasha Levin <sashal@kernel.org>, "bp@alien8.de" <bp@alien8.de>,
"mchehab@kernel.org" <mchehab@kernel.org>,
"linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Linux Kernel <linux-kernel@microsoft.com>,
"will.deacon@arm.com" <will.deacon@arm.com>,
"okaya@kernel.org" <okaya@kernel.org>
Subject: Re: [PATCH] EDAC, dmc520:: add DMC520 EDAC driver
Date: Tue, 5 Feb 2019 17:31:26 +0000 [thread overview]
Message-ID: <efc7fba8-dbff-844c-2995-28cbd5f015c0@arm.com> (raw)
In-Reply-To: <MW2PR2101MB09708B7F11BDEE6755CC9F03B3990@MW2PR2101MB0970.namprd21.prod.outlook.com>
Hi Rui,
On 23/01/2019 22:08, Rui Zhao wrote:
> On Wednesday, January 23, 2019 10:36 AM, James Morse wrote:
>>> If firmware enables it, they're suppose to handle the interrupt.
>> Ah, so you still have resident firmware!
>> How come your firmware trusts linux not to turn off the memory controller?!
>> These things are usually protected by trust zone so the OS can't pull the memory from under firmware's feet.
> We have firmware to config the memory controller and want to have an EDAC driver to report ECC status.
> Could you please elaborate a bit on the security concern on this approach? Like some malicious app/driver can access
> memory controller registers can cause issue?
I'm remembering this:
https://lore.kernel.org/linux-arm-kernel/9b9c4cd5-4428-c08d-d4a3-7352c6c80583@arm.com/
Robin Murphy wrote:
| [ For anyone interested, it puts the DRAM controller into sleep mode.
| The kernel can't even panic if all the memory suddenly disappears :D ]
This would be a problem if you need your Secure-world software needs to keep
working, and depends on the memory behind this controller.
It might be that your secure-world software only uses some other memory, in
which case this wouldn't matter.
It may be linux _is_ your secure-world software, in which case it wouldn't
matter either.
> What's the recommend approach if Linux won't be able to access memory controller
> registers? Have firmware do the ECC
> status monitoring and some sort of driver to query ECC status from firmware?
If Linux runs in the normal-world, can't you use trust-zone to prevent Linux
from accessing the memory controller?
If you did this, you'd need to handle the UE interrupts in firmware, and
wouldn't be able to use this driver in linux. Your platform hasn't gone this
way, so I guess one of the above cases applies.
Thanks,
James
next reply other threads:[~2019-02-05 17:31 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-05 17:31 James Morse [this message]
2019-02-05 17:31 ` [PATCH] EDAC, dmc520:: add DMC520 EDAC driver James Morse
-- strict thread matches above, loose matches on Subject: below --
2019-03-06 5:20 Rui Zhao
2019-03-06 5:20 ` [PATCH] " Rui Zhao
2019-02-05 17:31 James Morse
2019-02-05 17:31 ` [PATCH] " James Morse
2019-01-23 22:08 Rui Zhao
2019-01-23 22:08 ` [PATCH] " Rui Zhao
2019-01-23 19:09 Sasha Levin
2019-01-23 19:09 ` [PATCH] " Sasha Levin
2019-01-23 19:03 Borislav Petkov
2019-01-23 19:03 ` [PATCH] " Borislav Petkov
2019-01-23 18:50 Sasha Levin
2019-01-23 18:50 ` [PATCH] " Sasha Levin
2019-01-23 18:46 Borislav Petkov
2019-01-23 18:46 ` [PATCH] " Borislav Petkov
2019-01-23 18:36 James Morse
2019-01-23 18:36 ` [PATCH] " James Morse
2019-01-21 17:09 James Morse
2019-01-21 17:09 ` [PATCH] " James Morse
2019-01-21 12:35 Borislav Petkov
2019-01-21 12:35 ` [PATCH] " Borislav Petkov
2019-01-18 16:23 Sasha Levin
2019-01-18 16:23 ` [PATCH] " Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=efc7fba8-dbff-844c-2995-28cbd5f015c0@arm.com \
--to=james.morse@arm.com \
--cc=bp@alien8.de \
--cc=linux-edac@vger.kernel.org \
--cc=linux-kernel@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=okaya@kernel.org \
--cc=ruizhao@microsoft.com \
--cc=sashal@kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.