* Trustzone: DSB before/after SMC @ 2015-10-27 13:31 Mason 2015-10-27 13:43 ` Mark Rutland 0 siblings, 1 reply; 6+ messages in thread From: Mason @ 2015-10-27 13:31 UTC (permalink / raw) To: linux-arm-kernel Hello, I have a few questions about SMC. (I'm using Cortex-A9) Platforms that use SMC often/always execute DSB beforehand. 1a) Is DSB required before SMC? 1b) Is DSB required after SMC? 2a) Is DSB required before returning to non-secure OS? 2b) Is DSB required after returning to non-secure OS? 3) Is this documented in the ARM ARM? Bonus question: if DSB is required before SMC, why didn't ARM make SMC implicitly do a DSB? Regards. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Trustzone: DSB before/after SMC 2015-10-27 13:31 Trustzone: DSB before/after SMC Mason @ 2015-10-27 13:43 ` Mark Rutland 2015-10-27 14:05 ` Mason 0 siblings, 1 reply; 6+ messages in thread From: Mark Rutland @ 2015-10-27 13:43 UTC (permalink / raw) To: linux-arm-kernel On Tue, Oct 27, 2015 at 02:31:38PM +0100, Mason wrote: > Hello, > > I have a few questions about SMC. (I'm using Cortex-A9) > > Platforms that use SMC often/always execute DSB beforehand. Please give an example. We don't do this for PSCI, for instance. > 1a) Is DSB required before SMC? > 1b) Is DSB required after SMC? > 2a) Is DSB required before returning to non-secure OS? > 2b) Is DSB required after returning to non-secure OS? It depends on what you're trying to achieve, and the design of both the secure and non-secure OS code. A DSB is certainly not always required before nor after an SMC. > 3) Is this documented in the ARM ARM? The semantics of DSB and SMC are documented in the ARM ARM. How they are used is up to the programmer. > Bonus question: if DSB is required before SMC, why didn't ARM > make SMC implicitly do a DSB? As above, it is not always required. Thanks, Mark. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Trustzone: DSB before/after SMC 2015-10-27 13:43 ` Mark Rutland @ 2015-10-27 14:05 ` Mason 2015-10-27 14:37 ` Mark Rutland 0 siblings, 1 reply; 6+ messages in thread From: Mason @ 2015-10-27 14:05 UTC (permalink / raw) To: linux-arm-kernel On 27/10/2015 14:43, Mark Rutland wrote: > On Tue, Oct 27, 2015 at 02:31:38PM +0100, Mason wrote: > >> I have a few questions about SMC. (I'm using Cortex-A9) >> >> Platforms that use SMC often/always execute DSB beforehand. > > Please give an example. We don't do this for PSCI, for instance. arch/arm/mach-exynos/exynos-smc.S arch/arm/mach-highbank/smc.S arch/arm/mach-omap2/omap-smc.S A few that don't execute DSB before SMC: arch/arm/mach-bcm/bcm_kona_smc.c arch/arm/mach-keystone/smc.S >> 1a) Is DSB required before SMC? >> 1b) Is DSB required after SMC? >> 2a) Is DSB required before returning to non-secure OS? >> 2b) Is DSB required after returning to non-secure OS? > > It depends on what you're trying to achieve, and the design of both the > secure and non-secure OS code. In my case, I just want to write the L2_CONTROL register. > A DSB is certainly not always required before nor after an SMC. That makes sense. But a colleague mentioned that the secure OS may be using different MMU mappings. In that case, it might be required to wait for all in-flight accesses to resolve? Regards. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Trustzone: DSB before/after SMC 2015-10-27 14:05 ` Mason @ 2015-10-27 14:37 ` Mark Rutland 2015-10-27 14:54 ` Måns Rullgård 2015-10-27 15:01 ` Mason 0 siblings, 2 replies; 6+ messages in thread From: Mark Rutland @ 2015-10-27 14:37 UTC (permalink / raw) To: linux-arm-kernel On Tue, Oct 27, 2015 at 03:05:46PM +0100, Mason wrote: > On 27/10/2015 14:43, Mark Rutland wrote: > > > On Tue, Oct 27, 2015 at 02:31:38PM +0100, Mason wrote: > > > >> I have a few questions about SMC. (I'm using Cortex-A9) > >> > >> Platforms that use SMC often/always execute DSB beforehand. > > > > Please give an example. We don't do this for PSCI, for instance. > > arch/arm/mach-exynos/exynos-smc.S > arch/arm/mach-highbank/smc.S > arch/arm/mach-omap2/omap-smc.S >From a quick look, it's not obvious to me why those DSBs are present. It would be best to ask the original authors; it may simply be that this was never necessary and has simply been copied. In particular, the DSB; DMB; SMC sequence in omap_smc2 makes no sense to me, given that a DSB provides a superset of the guarantees of a DMB. If the DSB is necessary I don't see that the DMB would also be necessary. > A few that don't execute DSB before SMC: > arch/arm/mach-bcm/bcm_kona_smc.c > arch/arm/mach-keystone/smc.S > > >> 1a) Is DSB required before SMC? > >> 1b) Is DSB required after SMC? > >> 2a) Is DSB required before returning to non-secure OS? > >> 2b) Is DSB required after returning to non-secure OS? > > > > It depends on what you're trying to achieve, and the design of both the > > secure and non-secure OS code. > > In my case, I just want to write the L2_CONTROL register. Is that a register in the L2, or in the CPU? Which L2/CPU? There may be a constraint that the memory system needs to be quiescent or something to that effect. Without more information I cannot say what specifically you need to do. > > A DSB is certainly not always required before nor after an SMC. > > That makes sense. But a colleague mentioned that the secure OS may > be using different MMU mappings. In that case, it might be required > to wait for all in-flight accesses to resolve? Are you referring to differing VAs or differing attributes? For ARMv6 and above the former does not matter; the caches behaves as if they are PIPT. The latter may require the use of barriers and/or cache maintenance if the secure and non-secure OSs are communicating through shared memory. That's somewhat independent of the SMC itself. Thanks, Mark. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Trustzone: DSB before/after SMC 2015-10-27 14:37 ` Mark Rutland @ 2015-10-27 14:54 ` Måns Rullgård 2015-10-27 15:01 ` Mason 1 sibling, 0 replies; 6+ messages in thread From: Måns Rullgård @ 2015-10-27 14:54 UTC (permalink / raw) To: linux-arm-kernel Mark Rutland <mark.rutland@arm.com> writes: > On Tue, Oct 27, 2015 at 03:05:46PM +0100, Mason wrote: >> On 27/10/2015 14:43, Mark Rutland wrote: >> >> > On Tue, Oct 27, 2015 at 02:31:38PM +0100, Mason wrote: >> > >> >> I have a few questions about SMC. (I'm using Cortex-A9) >> >> >> >> Platforms that use SMC often/always execute DSB beforehand. >> > >> > Please give an example. We don't do this for PSCI, for instance. >> >> arch/arm/mach-exynos/exynos-smc.S >> arch/arm/mach-highbank/smc.S >> arch/arm/mach-omap2/omap-smc.S > > From a quick look, it's not obvious to me why those DSBs are present. It > would be best to ask the original authors; it may simply be that this > was never necessary and has simply been copied. It could be required due to secure firmware bugs or CPU errata. >> In my case, I just want to write the L2_CONTROL register. > > Is that a register in the L2, or in the CPU? Which L2/CPU? Cortex-A9, he said. I believe it's the usual PL310 L2 controller. > There may be a constraint that the memory system needs to be quiescent > or something to that effect. Without more information I cannot say what > specifically you need to do. > >> > A DSB is certainly not always required before nor after an SMC. >> >> That makes sense. But a colleague mentioned that the secure OS may >> be using different MMU mappings. In that case, it might be required >> to wait for all in-flight accesses to resolve? It's normally a design error for a more secure domain to require things of a less secure one. If the secure monitor code requires a DMB for proper operation, it had better do it itself, or else hostile non-secure code might be able to exploit it. -- M?ns Rullg?rd mans at mansr.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Trustzone: DSB before/after SMC 2015-10-27 14:37 ` Mark Rutland 2015-10-27 14:54 ` Måns Rullgård @ 2015-10-27 15:01 ` Mason 1 sibling, 0 replies; 6+ messages in thread From: Mason @ 2015-10-27 15:01 UTC (permalink / raw) To: linux-arm-kernel On 27/10/2015 15:37, Mark Rutland wrote: > On Tue, Oct 27, 2015 at 03:05:46PM +0100, Mason wrote: >> On 27/10/2015 14:43, Mark Rutland wrote: >> >>> On Tue, Oct 27, 2015 at 02:31:38PM +0100, Mason wrote: >>> >>>> I have a few questions about SMC. (I'm using Cortex-A9) >>>> >>>> Platforms that use SMC often/always execute DSB beforehand. >>> >>> Please give an example. We don't do this for PSCI, for instance. >> >> arch/arm/mach-exynos/exynos-smc.S >> arch/arm/mach-highbank/smc.S >> arch/arm/mach-omap2/omap-smc.S > > From a quick look, it's not obvious to me why those DSBs are present. It > would be best to ask the original authors; it may simply be that this > was never necessary and has simply been copied. > > In particular, the DSB; DMB; SMC sequence in omap_smc2 makes no sense to > me, given that a DSB provides a superset of the guarantees of a DMB. If > the DSB is necessary I don't see that the DMB would also be necessary. I agree the DSB; DMB; SMC sequence looks fishy. It also shows up there: http://genode.org/documentation/articles/trustzone >> A few that don't execute DSB before SMC: >> arch/arm/mach-bcm/bcm_kona_smc.c >> arch/arm/mach-keystone/smc.S >> >>>> 1a) Is DSB required before SMC? >>>> 1b) Is DSB required after SMC? >>>> 2a) Is DSB required before returning to non-secure OS? >>>> 2b) Is DSB required after returning to non-secure OS? >>> >>> It depends on what you're trying to achieve, and the design of both the >>> secure and non-secure OS code. >> >> In my case, I just want to write the L2_CONTROL register. > > Is that a register in the L2, or in the CPU? Which L2/CPU? Sorry for being so sloppy. L2C-310 reg1_control (offset 0x100) connected to Cortex-A9 MPCore. > There may be a constraint that the memory system needs to be quiescent > or something to that effect. Without more information I cannot say what > specifically you need to do. > >>> A DSB is certainly not always required before nor after an SMC. >> >> That makes sense. But a colleague mentioned that the secure OS may >> be using different MMU mappings. In that case, it might be required >> to wait for all in-flight accesses to resolve? > > Are you referring to differing VAs or differing attributes? > > For ARMv6 and above the former does not matter; the caches behaves as if > they are PIPT. > > The latter may require the use of barriers and/or cache maintenance if > the secure and non-secure OSs are communicating through shared memory. > That's somewhat independent of the SMC itself. AFAICT, the two OSes only communicate through registers. I think DSB is unnecessary. But I'm not confident enough to remove it. (It might not matter, since that function is called very rarely.) Regards. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-10-27 15:01 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-10-27 13:31 Trustzone: DSB before/after SMC Mason 2015-10-27 13:43 ` Mark Rutland 2015-10-27 14:05 ` Mason 2015-10-27 14:37 ` Mark Rutland 2015-10-27 14:54 ` Måns Rullgård 2015-10-27 15:01 ` Mason
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).