On Tue, May 17, 2022 at 11:54 AM Peter Maydell <[email protected]> wrote:
>
> On Tue, 17 May 2022 at 16:34, Rob Herring <[email protected]> wrote:
> >
> > On Tue, May 17, 2022 at 11:14:10AM +0100, Andre Przywara wrote:
> > > When we boot a machine using a devicetree, the generic DT code goes
> > > through all nodes with a 'device_type = "memory"' property, and collects
> > > all memory banks mentioned there. However it does not check for the
> > > status property, so any nodes which are explicitly "disabled" will still
> > > be added as a memblock.
> > > This ends up badly for QEMU, when booting with secure firmware on
> > > arm/arm64 machines, because QEMU adds a node describing secure-only
> > > memory:
> > > ===================
> > > secram@e000000 {
> >
> > BTW, 'memory' is the correct node name.
>
> We already have a 'memory' node, which is for the NS
> memory. This one's for the secure-only RAM block,
> which is why I gave it a name that hopefully helps in
> spotting that when a human is reading the DT.
You can do: secram: memory@e000000 {
Where 'secram' is only a source level label until overlays come into
the picture.
> I'm not really sure to what extent node names in device trees are
> "this is just an identifying textual label" and to what extent
> they are "this is really ABI and you need to follow the standard",
> though -- nothing in practice seems to care what they are,
> suggesting the "textual label" theory, but some bits of tooling
> complain if you do things like forget the address value or use the
> same address for two different nodes, suggesting the "really ABI"
> theory.
Node names are supposed to follow the class of device and there's a
list of established names in the spec.
Sometimes it's ABI and sometimes not. Much of it is just good hygiene.
memory nodes are also special because 'device_type' is used to
identify them, but device_type is generally deprecated for FDT as its
meaning in OpenFirmware doesn't apply (it defines what callable
methods exist). We could use the nodename (without unit address)
instead, but that would fail in some cases as other names have been
used.
Rob
On Tue, 17 May 2022 at 18:48, Rob Herring <[email protected]> wrote:
>
> On Tue, May 17, 2022 at 11:54 AM Peter Maydell <[email protected]> wrote:
> >
> > On Tue, 17 May 2022 at 16:34, Rob Herring <[email protected]> wrote:
> > >
> > > On Tue, May 17, 2022 at 11:14:10AM +0100, Andre Przywara wrote:
> > > > When we boot a machine using a devicetree, the generic DT code goes
> > > > through all nodes with a 'device_type = "memory"' property, and collects
> > > > all memory banks mentioned there. However it does not check for the
> > > > status property, so any nodes which are explicitly "disabled" will still
> > > > be added as a memblock.
> > > > This ends up badly for QEMU, when booting with secure firmware on
> > > > arm/arm64 machines, because QEMU adds a node describing secure-only
> > > > memory:
> > > > ===================
> > > > secram@e000000 {
> > >
> > > BTW, 'memory' is the correct node name.
> >
> > We already have a 'memory' node, which is for the NS
> > memory. This one's for the secure-only RAM block,
> > which is why I gave it a name that hopefully helps in
> > spotting that when a human is reading the DT.
>
> You can do: secram: memory@e000000 {
>
> Where 'secram' is only a source level label until overlays come into
> the picture.
We generate the DTB with libfdt, so source-only information
isn't something we can put in, I think. (The quoted DT fragment
in this patch's commit message is the result of decompiling
the runtime generated DT binary blob with dtc.)
> > I'm not really sure to what extent node names in device trees are
> > "this is just an identifying textual label" and to what extent
> > they are "this is really ABI and you need to follow the standard",
> > though -- nothing in practice seems to care what they are,
> > suggesting the "textual label" theory, but some bits of tooling
> > complain if you do things like forget the address value or use the
> > same address for two different nodes, suggesting the "really ABI"
> > theory.
>
> Node names are supposed to follow the class of device and there's a
> list of established names in the spec.
>
> Sometimes it's ABI and sometimes not. Much of it is just good hygiene.
> memory nodes are also special because 'device_type' is used to
> identify them, but device_type is generally deprecated for FDT as its
> meaning in OpenFirmware doesn't apply (it defines what callable
> methods exist). We could use the nodename (without unit address)
> instead, but that would fail in some cases as other names have been
> used.
This seems kind of odd to me as a design, compared to
"have the node have a property that says what it is
and let the name of the node just be, well, its name"
(especially since 'device_type' and 'compatible' look an
awful lot like "this is the property that tells you what this
node actually is".)
Are we just stuck with what we have for historical reasons ?
-- PMM
On Tue, May 17, 2022 at 08:19:47PM +0100, Peter Maydell wrote:
> On Tue, 17 May 2022 at 18:48, Rob Herring <[email protected]> wrote:
> >
> > On Tue, May 17, 2022 at 11:54 AM Peter Maydell <[email protected]> wrote:
> > >
> > > On Tue, 17 May 2022 at 16:34, Rob Herring <[email protected]> wrote:
> > > >
> > > > On Tue, May 17, 2022 at 11:14:10AM +0100, Andre Przywara wrote:
> > > > > When we boot a machine using a devicetree, the generic DT code goes
> > > > > through all nodes with a 'device_type = "memory"' property, and collects
> > > > > all memory banks mentioned there. However it does not check for the
> > > > > status property, so any nodes which are explicitly "disabled" will still
> > > > > be added as a memblock.
> > > > > This ends up badly for QEMU, when booting with secure firmware on
> > > > > arm/arm64 machines, because QEMU adds a node describing secure-only
> > > > > memory:
> > > > > ===================
> > > > > secram@e000000 {
> > > >
> > > > BTW, 'memory' is the correct node name.
> > >
> > > We already have a 'memory' node, which is for the NS
> > > memory. This one's for the secure-only RAM block,
> > > which is why I gave it a name that hopefully helps in
> > > spotting that when a human is reading the DT.
> >
> > You can do: secram: memory@e000000 {
> >
> > Where 'secram' is only a source level label until overlays come into
> > the picture.
>
> We generate the DTB with libfdt, so source-only information
> isn't something we can put in, I think. (The quoted DT fragment
> in this patch's commit message is the result of decompiling
> the runtime generated DT binary blob with dtc.)
Given the runtime aspect with overlays, it's conceivable that libfdt
could support setting labels some day and then dts output maintaining
them.
We could also consider a standard node name such as 'secure-memory'.
It's a whole can of worms though on how secure vs. non-secure memory
(and other things) are represented.
> > > I'm not really sure to what extent node names in device trees are
> > > "this is just an identifying textual label" and to what extent
> > > they are "this is really ABI and you need to follow the standard",
> > > though -- nothing in practice seems to care what they are,
> > > suggesting the "textual label" theory, but some bits of tooling
> > > complain if you do things like forget the address value or use the
> > > same address for two different nodes, suggesting the "really ABI"
> > > theory.
> >
> > Node names are supposed to follow the class of device and there's a
> > list of established names in the spec.
> >
> > Sometimes it's ABI and sometimes not. Much of it is just good hygiene.
> > memory nodes are also special because 'device_type' is used to
> > identify them, but device_type is generally deprecated for FDT as its
> > meaning in OpenFirmware doesn't apply (it defines what callable
> > methods exist). We could use the nodename (without unit address)
> > instead, but that would fail in some cases as other names have been
> > used.
>
> This seems kind of odd to me as a design, compared to
Design? I wish. Evolution.
> "have the node have a property that says what it is
> and let the name of the node just be, well, its name"
> (especially since 'device_type' and 'compatible' look an
> awful lot like "this is the property that tells you what this
> node actually is".)
> Are we just stuck with what we have for historical reasons ?
Yes. If we were designing this, we'd probably have 'compatible =
"memory"'. We're likely just stuck with things how they are. Mostly node
names haven't been an ABI and we're just trying to be consistent in
naming and use of unit-addresses.
Rob
On Wed, 18 May 2022 at 17:54, Rob Herring <[email protected]> wrote:
>
> On Tue, May 17, 2022 at 08:19:47PM +0100, Peter Maydell wrote:
> > We generate the DTB with libfdt, so source-only information
> > isn't something we can put in, I think. (The quoted DT fragment
> > in this patch's commit message is the result of decompiling
> > the runtime generated DT binary blob with dtc.)
>
> Given the runtime aspect with overlays, it's conceivable that libfdt
> could support setting labels some day and then dts output maintaining
> them.
>
> We could also consider a standard node name such as 'secure-memory'.
> It's a whole can of worms though on how secure vs. non-secure memory
> (and other things) are represented.
Mmm. We put in the very basic parts years ago in
Documentation/devicetree/bindings/arm/secure.txt
which is (and has remained) generally sufficient for the QEMU->Trusted
Firmware-> maybe uboot->Linux stack, which is pretty much the only use
case I think. (My intention when we wrote that up was that memory
that's S-only would be indicated the same way as S-only devices,
with the secure-status and status properties.)
> > Are we just stuck with what we have for historical reasons ?
>
> Yes. If we were designing this, we'd probably have 'compatible =
> "memory"'. We're likely just stuck with things how they are. Mostly node
> names haven't been an ABI and we're just trying to be consistent in
> naming and use of unit-addresses.
So, do you think it's worthwhile/a good idea for me to rename
the DT node that QEMU is currently calling "secmem" to be
"memory" ? My default is "leave it as it is", for economy of
effort reasons :-) -- but it's an easy enough change to make.
Though EDK2's dtb reading code just looks for the first
"memory" node and assumes it's the big one, so changing the node
name would make us reliant on the order of the two nodes in the
DTB unless we fixed EDK2 (which we should probably do anyway, tbh).
thanks
-- PMM
On Wed, 18 May 2022 at 19:54, Peter Maydell <[email protected]> wrote:
>
> On Wed, 18 May 2022 at 17:54, Rob Herring <[email protected]> wrote:
> >
> > On Tue, May 17, 2022 at 08:19:47PM +0100, Peter Maydell wrote:
> > > We generate the DTB with libfdt, so source-only information
> > > isn't something we can put in, I think. (The quoted DT fragment
> > > in this patch's commit message is the result of decompiling
> > > the runtime generated DT binary blob with dtc.)
> >
> > Given the runtime aspect with overlays, it's conceivable that libfdt
> > could support setting labels some day and then dts output maintaining
> > them.
> >
> > We could also consider a standard node name such as 'secure-memory'.
> > It's a whole can of worms though on how secure vs. non-secure memory
> > (and other things) are represented.
>
> Mmm. We put in the very basic parts years ago in
> Documentation/devicetree/bindings/arm/secure.txt
> which is (and has remained) generally sufficient for the QEMU->Trusted
> Firmware-> maybe uboot->Linux stack, which is pretty much the only use
> case I think. (My intention when we wrote that up was that memory
> that's S-only would be indicated the same way as S-only devices,
> with the secure-status and status properties.)
>
> > > Are we just stuck with what we have for historical reasons ?
> >
> > Yes. If we were designing this, we'd probably have 'compatible =
> > "memory"'. We're likely just stuck with things how they are. Mostly node
> > names haven't been an ABI and we're just trying to be consistent in
> > naming and use of unit-addresses.
>
> So, do you think it's worthwhile/a good idea for me to rename
> the DT node that QEMU is currently calling "secmem" to be
> "memory" ? My default is "leave it as it is", for economy of
> effort reasons :-) -- but it's an easy enough change to make.
> Though EDK2's dtb reading code just looks for the first
> "memory" node and assumes it's the big one, so changing the node
> name would make us reliant on the order of the two nodes in the
> DTB unless we fixed EDK2 (which we should probably do anyway, tbh).
>
Agreed. The referenced code is only one of two implementations (one
for the firmware version that executes in place from NOR flash, and
one for the version that executes from DRAM), which don't follow the
same strategy (the other one enumerates all device_type="memory" nodes
in the tree, and picks the one with the lowest starting address, but
also ignores status properties or node names). The PrePi version
linked here should simply choose the node that covers its own image in
memory. The XIP version uses a stack in DRAM, so it could do something
similar.