Re: [PATCH v4] dt-bindings: dvfs: Add support for generic performance domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 15, 2021 at 4:17 AM Ulf Hansson <ulf.hansson@xxxxxxxxxx> wrote:
>
> On Thu, 14 Oct 2021 at 16:56, Sudeep Holla <sudeep.holla@xxxxxxx> wrote:
> >
> > On Thu, Oct 14, 2021 at 12:56:46PM +0200, Ulf Hansson wrote:
> > > On Mon, 17 May 2021 at 18:14, Sudeep Holla <sudeep.holla@xxxxxxx> wrote:
> > > >
> > > > The CLKSCREW attack [0] exposed security vulnerabilities in energy management
> > > > implementations where untrusted software had direct access to clock and
> > > > voltage hardware controls. In this attack, the malicious software was able to
> > > > place the platform into unsafe overclocked or undervolted configurations. Such
> > > > configurations then enabled the injection of predictable faults to reveal
> > > > secrets.
> > > >
> > > > Many Arm-based systems used to or still use voltage regulator and clock
> > > > frameworks in the kernel. These frameworks allow callers to independently
> > > > manipulate frequency and voltage settings. Such implementations can render
> > > > systems susceptible to this form of attack.
> > > >
> > > > Attacks such as CLKSCREW are now being mitigated by not having direct and
> > > > independent control of clock and voltage in the kernel and moving that
> > > > control to a trusted entity, such as the SCP firmware or secure world
> > > > firmware/software which are to perform sanity checking on the requested
> > > > performance levels, thereby preventing any attempted malicious programming.
> > > >
> > > > With the advent of such an abstraction, there is a need to replace the
> > > > generic clock and regulator bindings used by such devices with a generic
> > > > performance domains bindings.
> > > >
> > > > [0] https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang
> > > >
> > > > Link: https://lore.kernel.org/r/20201116181356.804590-1-sudeep.holla@xxxxxxx
> > > > Cc: Rob Herring <robh+dt@xxxxxxxxxx>
> > > > Acked-by: Viresh Kumar <viresh.kumar@xxxxxxxxxx>
> > > > Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx>
> > >
> > > Hi Sudeep/Viresh/Rob,
> > >
> > > I noticed this binding recently got accepted, so I guess I have missed
> > > the opportunity to provide you with a few comments.
> > >
> >
> > Sorry for not cc-ing you, wasn't aware of the below mentioned intersection,
> > so assumed you are not one of the interested parties.
> >
> > > In any case, I would like to ask a few questions. In particular, am I
> > > trying to understand why the power-domains bindings [1] can't be used
> > > for this?
> > >
> >
> > One reason I can think of is on some platforms, the power domains are
> > completely controlled by the firmware and not exposed to the OSPM.
> > This is mostly applicable for CPU devices(Platform co-ordinated PSCI)
>
> See below.
>
> >
> > > The power-domains are capable of dealing with "performance" through
> > > the "operating-points-v2" DT property, which maps to the generic OPP
> > > bindings [2]. I wonder why that isn't sufficient here? Can you please
> > > elaborate?
> > >
> >
> > Even if the power domains are exposed to the OSPM, the OPPs can be
> > firmware enumerated rather than DT. Not sure if it is possible to
> > represent such systems in the above mentioned bindings. IIUC, the genpd
> > uses clock and regulator apis to drive the performance, but these
> > platforms have f/w interface to drive the OPPs(abstracted).
>
> Genpd doesn't operate on clock rates or voltage levels. Instead
> "performance" is just an integer value for genpd. What a performance
> index means, is genpd provider specific.
>
> In other words, it becomes the responsibility for the genpd provider
> to map a performance state index to an OPP, for example. So far,
> providers have used the generic OPP DT bindings to do this, but for
> sure, we don't have to limit ourselves to this. So, if OPP tables can
> be enumerated by FW, rather than specified in DT, that should
> certainly be possible to support.
>
> BTW, these are genpd provider callbacks, that needs to be implemented
> to let it control performance. Perhaps that helps to understand
> things.
>
> int (*set_performance_state)(struct generic_pm_domain *genpd, unsigned
> int state);
> unsigned int (*opp_to_performance_state)(struct generic_pm_domain
> *genpd, struct dev_pm_opp *opp);
>
> >
> > I am happy to know if there are ways to support such systems with the
> > options you have mentioned above.
>
> As far as I understand, the "performance domains" DT bindings that
> $subject patch introduces, allows us to group devices into domains, to
> let them be "performance controlled" together. Right?
>
> Unless I am missing something, it looks like power domains DT bindings
> already offer this for us. Yes, certainly, the DT doc [1] needs an
> updated description to better explain this, but other than that we
> should be fine, don't you think?

'power domains' in DT is supposed to mean physical power islands in
the h/w where as genpd can be whatever you want. Are power and
performance domains always 1:1?

Rob



[Index of Archives]     [Device Tree Compilter]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux PCI Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Yosemite Backpacking]


  Powered by Linux