Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp11299845ybi; Thu, 25 Jul 2019 13:43:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqyi9JJwf08Hx8B51uJO7X0mjsyF6vA7MthrgBnWJfZ6RpCBFp87HyOViRt8m+al1Yi20iKB X-Received: by 2002:aa7:915a:: with SMTP id 26mr18473728pfi.247.1564087396745; Thu, 25 Jul 2019 13:43:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564087396; cv=none; d=google.com; s=arc-20160816; b=szJY9qEIFHnFSccbkL5WL4EDB8NZ74sBaWCWnRBrBChxE9gxkRdwWrOQVOTwS1fd0P FE1h+4TJ4C0b5DX52cwkSmUqVpHVHINL7Pmf+0p85YFqENVQrxXoqPLnPd2OdpUb1705 o3O9KDzl8uG5mCDKlcprbW2+q5m02ycRc5Hu3CEwYB1KLQv8hUIzhSkG+rfig2mZfCxw eV5q/W4f4F0g3dqCnAvPOKHFp6eqiXEEnQzuc7fAPzMxEpcuw4TSO/xST+IOLBjSAflc rMNOkCSKecuTrzhrTqVpKSOC2SWySLv6XvmpvY32qI263jbzTIO99ipRmg18zvvLuBha DO/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:cc:to:subject:from:date :dkim-signature; bh=wd/8RY8QtDpKhjy989F9knR8y6y/xiYlDP4O6NQdYHE=; b=wpxprI3Iait5dyAEffzFKpW+FwmJMc/WQ/Ty8ouWdYOzYjgEfw3U2gTThsuRND5o2U EOW7GGudXxOc84+MFUz38no8H1I/OJZhUkPrbLKgeA0/lOf8Q0hUWhwnFaDoElK736SF qO60xdZTtvbmEvu68ldLEvC6HYwyJHDGFHg17KiZD3eSlyA72+96CzkDe/jAgO6Yt5/x rsIZAfQsLijbSoM3DT8oGEOe+RUfTXwvBgMshbeDtoIpo8oGADwKlP+LJ23LZWkTOfPZ d8NdWPL2xkRFq1IcL/BW8QS/BwNpEKGkF7pp7f0CKoJeTHEYusfHZ5n2up6bu9Yg5fsf sWbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@crapouillou.net header.s=mail header.b="uAZM9BM/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=crapouillou.net Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z9si9364164pgk.46.2019.07.25.13.43.01; Thu, 25 Jul 2019 13:43:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@crapouillou.net header.s=mail header.b="uAZM9BM/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=crapouillou.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726655AbfGYUm2 (ORCPT + 99 others); Thu, 25 Jul 2019 16:42:28 -0400 Received: from outils.crapouillou.net ([89.234.176.41]:34074 "EHLO crapouillou.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726195AbfGYUm1 (ORCPT ); Thu, 25 Jul 2019 16:42:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=crapouillou.net; s=mail; t=1564087345; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wd/8RY8QtDpKhjy989F9knR8y6y/xiYlDP4O6NQdYHE=; b=uAZM9BM/qI0q0R0385qtFObwkPKHfE1FfrOEybVSU6F4cSubWFYk4SzfU+gQ3oXlhNKr95 GvmdIoBuDI3yn+PA1xHVNwsi/O307s4J6uyrgsXjWp8Rhy4uGzPsB2TeheIxAeR4Y5KaIv GfwfboMFslZNsooUKr5k23NnF0HUVRo= Date: Thu, 25 Jul 2019 16:42:11 -0400 From: Paul Cercueil Subject: Re: [PATCH] MIPS: Add support for partial kernel mode on Xburst CPUs To: Paul Burton Cc: Ralf Baechle , James Hogan , linux-mips@vger.kernel.org, linux-kernel@vger.kernel.org, od@zcrc.me Message-Id: <1564087331.1848.1@crapouillou.net> In-Reply-To: <20190725165930.yvlvmavcgqocl3nn@pburton-laptop> References: <20190724234654.16555-1-paul@crapouillou.net> <20190725165930.yvlvmavcgqocl3nn@pburton-laptop> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le jeu. 25 juil. 2019 =E0 12:59, Paul Burton a=20 =E9crit : > Hi Paul, >=20 > On Wed, Jul 24, 2019 at 07:46:54PM -0400, Paul Cercueil wrote: >> Support partial kernel mode of Xburst CPUs found in Ingenic SoCs. >> Partial kernel mode means the userspace applications have access to >> the TCSM0 banks of the VPU, >=20 > So far so (reasonably) good :) >=20 >> and can execute cache instructions. >=20 > Aaaah! Scary! >=20 > Does this allow *all* cache instructions? If so that's a big security=20 > & > stability hole - if userland can invalidate kernel data or data from > other programs then it can create all sorts of chaos. It looked a bit fishy to me as well, but I couldn't point a finger to the exact problem. I don't exactly know what it allows and what it doesn't. > Also do you know which Ingenic SoCs this is available on? I see it > documented in the JZ4780 Programming Manual, but Config7 bit 6 is=20 > shown > as reserved in my copy of the XBurst1 CPU Core Programming Manual. I have no idea. I assume all SoCs with a VPU. I know the JZ4770 has it. > I notice the JZ4780 documentation says it allows access "including=20 > TCSM, > CACHE instructions" which is scary too since it doesn't say that's=20 > *all* > it allows access to. Though just cache instructions by themselves are > enough to be game over for any notion of security as mentioned above. >=20 > What is it you want to do with this? I'm wondering if we could achieve > your goal is in a safer way. The plan was to be able to communicate with the firmware running on the VPU without going through expensive context switches all the time. I guess we could mmap() the TCSM memories, but we'd need to bypass the data cache (is there a flag for that?). > Thanks, > Paul =