From: Robin Murphy <robin.murphy@arm.com>
To: Doug Anderson <dianders@chromium.org>, Will Deacon <will@kernel.org>
Cc: iommu@lists.linux-foundation.org, Joerg Roedel <joro@8bytes.org>,
Linux ARM <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH] iommu/arm-smmu: Report USF more clearly
Date: Mon, 16 Sep 2019 22:42:27 +0100 [thread overview]
Message-ID: <3e52e4e2-fb09-fa39-23be-b225194bd2c5@arm.com> (raw)
In-Reply-To: <CAD=FV=Wx7zSqGSABfnG9B0yAcZvimub+hMcPRfUoFxr-FJeFew@mail.gmail.com>
On 2019-09-16 7:19 pm, Doug Anderson wrote:
[...]
>>> 1. "By firmware" might be a bit misleading. In most cases I'm aware
>>> of the problem is in the device tree that was bundled together with
>>> the kernel. If there are actually cases where firmware has baked in a
>>> device tree and it got this wrong then we might want to spend time
>>> figuring out what to do about it.
>>
>> I thought that was usually the way UEFI systems worked, where the kernel
>> is updated independently of the device-tree? Either way, that should be
>> what we're aiming for, even if many platforms require the two to be tied
>> together.
>
> It's my opinion that until there is a place in the kernel to "fixup"
> broken device trees that were baked in firmware that it's a bad idea
> to ship device trees separate from the kernel except if the device
> trees are exceedingly simple. We'll run into too many problems
> otherwise, either because the kernel the device tree was written for
> had downstream patches or someone just made a mistake in them and
> nobody noticed. I know device trees are supposed to be ABI, but
> people make mistakes and we need a way to fix them up.
>
> ...but that's getting pretty far afield from Robin's patch.
Let's not get too hung up on devicetree - you can go out and buy certain
ACPI-only platforms today that also fall foul of this, for which AFAIK
the necessary firmware update is in the SoC vendor's hands.
>>> 2. Presumably booting with "arm-smmu.disable_bypass=0" is in most
>>> cases the least desirable option available. I always consider kernel
>>> command line parameters as something of a last resort for
>>> configuration and would only be something that and end user might do
>>> if they were given a kernel compiled by someone else (like if someone
>>> where taking a prebuilt Linux distro and trying to install it onto a
>>> generic PC). Are you seeing cases where this is happening? If people
>>> are compiling their own kernel I'd argue that telling them to set
>>> "CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT" to "no" is much better
>>> than trying to jam a command line option on. Command line options
>>> don't scale well.
>>
>> Hmm. Recompiling seems like even more of a last resort to me!
>
> Depends on what you're doing. If you're not in the habit of compiling
> a kernel and you're just trying to make one work then the command line
> is great. If you're trying to manage configuration for a whole bunch
> of different hardware products then the command line is a terrible
> place to store config.
>
> ...but I guess the summary is that we wouldn't want someone to
> actually ship a kernel with this option on anyway. ;-)
FWIW the meta here is really "oops, you've just installed a new kernel
and now your machine is unusable - you need to take it up with whoever
supports your platform, but in the meantime this is the minimal thing
you can do to get things back working as before."
Personally I'm less concerned about folks maintaining "hardware
products", as I'd like to assume they would hit this in QA and have a
relatively short loop back to kernel people who know what's up (or at
least know enough to join the dots to punt it to my inbox). My main
concern is end users of SBSA-ish platforms who are free to pick and
choose distros - and/or kernel packages within their distro - and thus
may bugger up their machine inadvertently if the distro package happens
to have picked this option up from defconfig (from a quick look at least
my preferred one has).
>>> 3. Any chance you could make it more obvious that this change is
>>> undesirable and a last resort? AKA:
>>>
>>> "Stream ID x blocked for security reasons; allow anyway by booting
>>> with arm-smmu.disable_bypass=0"
>>
>> How about:
>>
>> "Blocked transaction from unknown Stream ID x; boot with
>> \"arm-smmu.disable_bypass=0\" to allow these transactions, although this
>> may have security implications."
>
> Fine with me if it's not too long for an error message.
Sounds good, I'll respin with a slight abbreviation of that (and minus
the embarrassingly stupid thinko) tomorrow.
Cheers,
Robin.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-09-16 21:43 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-13 11:48 [PATCH] iommu/arm-smmu: Report USF more clearly Robin Murphy
2019-09-13 14:34 ` Robin Murphy
2019-09-13 14:35 ` Qian Cai
2019-09-13 14:43 ` Robin Murphy
2019-09-13 22:44 ` Doug Anderson
2019-09-16 18:00 ` Will Deacon
2019-09-16 18:19 ` Doug Anderson
2019-09-16 21:42 ` Robin Murphy [this message]
2019-09-13 22:59 ` Russell King - ARM Linux admin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e52e4e2-fb09-fa39-23be-b225194bd2c5@arm.com \
--to=robin.murphy@arm.com \
--cc=dianders@chromium.org \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).