Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp763324pxu;
        Wed, 2 Dec 2020 02:47:06 -0800 (PST)
X-Google-Smtp-Source: ABdhPJytzASmNWvjkRCxgKskm2ErjI7imj944fV7A+GurVUIpG5k6iiDHz54EcucwHau3sGujw18
X-Received: by 2002:a17:906:b307:: with SMTP id n7mr1705651ejz.102.1606906026544;
        Wed, 02 Dec 2020 02:47:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606906026; cv=none;
        d=google.com; s=arc-20160816;
        b=QPqxo0DbHKEBu+n2VV05Enp48xLfmW81ZIN/dWlfkEoVse/gI1s+njRg0GwSB0xyfU
         ua7FsYC5fsQnT93B4b69h3sRhvA+EwcAtopRrHW72KKkF55XECqZtI7hIKvZ4Uec/J1w
         Cel7WpHmCMJMu0fv/vD0mNXlKpp6eXGPaZu81Fgj5gL4y+Cc+ZfwC8GHPg/LisKaZNmZ
         0DsReYnRVdARhmVHekBl+5aIe2zC8wiwIKMLEBsu9ocyTXFfP+ejVCpKgXtv/BTbsJ5v
         s1UmBeb+4hMA57NWALN7me3U7sK3inLgEydL42+uMz6jjvGps9eiKn8PDChcvwtA3rGR
         nMBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=9QLz5An3VwdrOS0On7n3zMhkM8iyrpXF4RrWtNNC2nQ=;
        b=FavIsD1LMdcTM3v0zb/mw/ZP64cwwdx7KabwqOl6Lusxmnaruev91b00bhR+xhkp2Q
         oFNhIamuTEKo7y/H4WMnLYQ1EQiwSaCEHCU4rVXqPZq3WsfWThZP8pe7ZEtMzjcdgpMg
         71WOgYjsFHI9WaFrcDDR7IaV0Xgvu2JSrHjiu2Jpd1PZURLrMe2FYx1fV2KUSuz9lkuz
         GOAY8lUHHkK5xiXT4ZS+BcMQESTdFnXWre3JJpXNgcxCMSN3UTVfX6FoEoXJsVLukW5g
         UYL7PJEOxQERsj2OU1+wndwgFfOacojwe4q5ba96AeO6WrkRbA3d7tkDuASf0aOPBZ+C
         HCSA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=YeNFvvcr;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a12si620291ejg.220.2020.12.02.02.46.43;
        Wed, 02 Dec 2020 02:47:06 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=YeNFvvcr;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388619AbgLBKoq (ORCPT <rfc822;epontan@gmail.com> + 99 others);
        Wed, 2 Dec 2020 05:44:46 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36074 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729500AbgLBKoq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 2 Dec 2020 05:44:46 -0500
Received: from mail-ot1-x342.google.com (mail-ot1-x342.google.com [IPv6:2607:f8b0:4864:20::342])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E07CFC0613D6
        for <linux-kernel@vger.kernel.org>; Wed,  2 Dec 2020 02:43:59 -0800 (PST)
Received: by mail-ot1-x342.google.com with SMTP id j21so1190369otp.8
        for <linux-kernel@vger.kernel.org>; Wed, 02 Dec 2020 02:43:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=9QLz5An3VwdrOS0On7n3zMhkM8iyrpXF4RrWtNNC2nQ=;
        b=YeNFvvcrLu+QyOFwERkqOiZyxAu2OSzJFeqVq2zqgsVJI47I/YyPZ3MGa48MADUGMw
         pU+0JUmXzMov/8DZCYY74Fuiu2JslaSSghEEYDihOK9IibYSVPbOPheHtRbMZawrlINy
         xaAB1LF3O3VGiRg5K09+3+E5OpeWlZ7kuTME7gcteIJ3SWPxb9RFui2xA3sg1+IZLmLw
         kta68kLjb+GNiJYBufU6WR7RVCXeveim0cNGaX5RZ5c4az4p8HDsxyDU9c0nejvRXKa2
         7hCq+/qA/63czc+7JxkICCvE3DRiNroliAh+GCR+I1A0qL48PNMs4AOy3rgzqiRBah1A
         yf1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=9QLz5An3VwdrOS0On7n3zMhkM8iyrpXF4RrWtNNC2nQ=;
        b=n+abe6L2K5gQyErOYAW+VVk31gi8Ks7tRnD3RXwHZ9dWi8Zp1/urzHWZp+zNPUbJxM
         ybUrsRU17nAXAvWf7GS8QYMwpww5NmjZHQ6efnuRVSUc+r7Nr4I7PuhtIjck+IyNZICO
         B+YBFMZNeNtCt9CPFY3LBTUR+MLQVKrXM4MqkSyPCqCF+iIANSItKc9StmnIKVVc6nsa
         p9nh/U2CAZxersuZDD/vaI1UDUAWZMUK6LjuFfZu+Z+d2eeZQjKjqVVDj2i5sFxbhjDn
         oR0SGY/BaLBeVD7K/4S+q6FlX2X2id1wjdtL/wIsxm1F2Zy/FZxcMzfGYMfXz8cJz+Kt
         nOxQ==
X-Gm-Message-State: AOAM532sJBuj0xJznLCqTZswaIH/JeTlLNMyU3wnZZAWFyakAipLpyJA
        Js/PLu97mDslYw61aul5IW4sSDe/+KWZg+JRQ7bL8pGqwPFsY5IZ
X-Received: by 2002:a9d:6f0a:: with SMTP id n10mr1376770otq.268.1606905839217;
 Wed, 02 Dec 2020 02:43:59 -0800 (PST)
MIME-Version: 1.0
References: <20201202071057.4877-1-andrey.zhizhikin@leica-geosystems.com>
 <CAHUa44HuNPmWufnxzqGLrwJqLxTkjCivYGaHvukEkk6nOd1r3g@mail.gmail.com> <AM6PR06MB4691764C8ABBF608837557D7A6F30@AM6PR06MB4691.eurprd06.prod.outlook.com>
In-Reply-To: <AM6PR06MB4691764C8ABBF608837557D7A6F30@AM6PR06MB4691.eurprd06.prod.outlook.com>
From:   Jens Wiklander <jens.wiklander@linaro.org>
Date:   Wed, 2 Dec 2020 11:43:48 +0100
Message-ID: <CAHUa44GLP0JZPnX9Z1b6rNkzMttBWRvOo7QLuySmAmqCQFvpdg@mail.gmail.com>
Subject: Re: [PATCH] optee: extend normal memory check to also write-through
To:     ZHIZHIKIN Andrey <andrey.zhizhikin@leica-geosystems.com>
Cc:     "op-tee@lists.trustedfirmware.org" <op-tee@lists.trustedfirmware.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Dec 2, 2020 at 10:41 AM ZHIZHIKIN Andrey
<andrey.zhizhikin@leica-geosystems.com> wrote:
>
> Hello Jens,
>
> > -----Original Message-----
> > From: Jens Wiklander <jens.wiklander@linaro.org>
> > Sent: Wednesday, December 2, 2020 9:07 AM
> > To: ZHIZHIKIN Andrey <andrey.zhizhikin@leica-geosystems.com>
> > Cc: op-tee@lists.trustedfirmware.org; Linux Kernel Mailing List <linux-
> > kernel@vger.kernel.org>; stable@vger.kernel.org
> > Subject: Re: [PATCH] optee: extend normal memory check to also write-th=
rough
> >
> > This email is not from Hexagon=E2=80=99s Office 365 instance. Please be=
 careful while
> > clicking links, opening attachments, or replying to this email.
> >
> >
> > Hi Andrey,
> >
> > On Wed, Dec 2, 2020 at 8:11 AM Andrey Zhizhikin <andrey.zhizhikin@leica=
-
> > geosystems.com> wrote:
> > >
> > > ARMv7 Architecture Reference Manual [1] section A3.5.5 details Normal
> > > memory type, together with cacheability attributes that could be
> > > applied to memory regions defined as "Normal memory".
> > >
> > > Section B2.1.2 of the Architecture Reference Manual [1] also provides
> > > details regarding the Memory attributes that could be assigned to
> > > particular memory regions, which includes the descrption of
> > > cacheability attributes and cache allocation hints.
> > >
> > > Memory type and cacheability attributes forms 2 separate definitions,
> > > where cacheability attributes defines a mechanism of coherency contro=
l
> > > rather than the type of memory itself.
> > >
> > > In other words: Normal memory type can be configured with several
> > > combination of cacheability attributes, namely:
> > > - Write-Through (WT)
> > > - Write-Back (WB) followed by cache allocation hint:
> > >   - Write-Allocate
> > >   - No Write-Allocate (also known as Read-Allocate)
> > >
> > > Those types are mapped in the kernel to corresponding macros:
> > > - Write-Through: L_PTE_MT_WRITETHROUGH
> > > - Write-Back Write-Allocate: L_PTE_MT_WRITEALLOC
> > > - Write-Back Read-Allocate: L_PTE_MT_WRITEBACK
> > >
> > > Current implementation of the op-tee driver takes in account only 2
> > > last memory region types, while performing a check if the memory bloc=
k
> > > is allocated as "Normal memory", leaving Write-Through allocations to
> > > be not considered.
> > >
> > > Extend verification mechanism to include also Normal memory regios,
> > > which are designated with Write-Through cacheability attributes.
> >
> > Are you trying to fix a real error with this or are you just trying to =
cover all cases? I
> > suspect the latter since you'd likely have coherency problems with OP-T=
EE in
> > Secure world if you used Write-Through instead.
>
> Yes, this aims to provide consistency in detection which memory blocks ca=
n be identified
> as Normal memory in ARMv7 architecture.

I think you're missing the purpose of this internal function. It's
there to check that the memory is mapped in a way compatible with what
OP-TEE is using in Secure world.

>
> WT coherency control and (especially) observability behavior is described=
 in section A3.5.5 of the
> ARMv7 RefMan, where it is stated that write operations performed on WT me=
mory locations
> are guaranteed to be visible to all observers inside and outside of cache=
 level.
>
> As the Write-Through (WT) provides a better coherency control, it does ma=
ke sense to include it
> into the verification performed by is_normal_memory() in order to provide=
 a possibility for
> future implementations to mitigate issues and select appropriate cache al=
location attributes
> for memory blocks used.
>
> > Correct me if I'm wrong, but "Write-Back Write-Allocate" and "Write-Bac=
k Read-Allocate"
> > are both compatible with each other as the "Allocate" part is just a hi=
nt.
>
> Correct, "Allocate" just designates the cache allocation hint. "Write-Bac=
k Read-Allocate" should
> actually be read as "Write-Back no Write-Allocate", with " Write-Allocate=
" being a hint. But since
> this is controlled by a TEX[0] - this hint is handled separately by L_PTE=
_MT_WRITEBACK and
> L_PTE_MT_WRITEALLOC macros.

B3.11.3 in the spec requires cache maintenance when changing from
Write-Back to Write-Through and vice versa, and we can't do that in
this design.

Cheers,
Jens

>
> >
> > Cheers,
> > Jens
> >
> > >
> > > Link: [1]:
> > > https://eur02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fd=
eve
> > >
> > loper.arm.com%2Fdocumentation%2Fddi0406%2Fcd&amp;data=3D04%7C01%7C%7
> > Ca40
> > >
> > ffd35912f4fe3d97308d896993b87%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%
> > 7
> > >
> > C1%7C637424932169074654%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> > MDAiLC
> > >
> > JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=3Dc0jK2gT
> > m
> > > qrAyo0%2Ffr07t%2Fg5NbPdm4dh7Rl7alNWlaQc%3D&amp;reserved=3D0
> > > Fixes: 853735e40424 ("optee: add writeback to valid memory type")
> > > Cc: stable@vger.kernel.org
> > > Signed-off-by: Andrey Zhizhikin
> > > <andrey.zhizhikin@leica-geosystems.com>
> > > ---
> > >  drivers/tee/optee/call.c | 3 ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c inde=
x
> > > c981757ba0d4..8da27d02a2d6 100644
> > > --- a/drivers/tee/optee/call.c
> > > +++ b/drivers/tee/optee/call.c
> > > @@ -535,7 +535,8 @@ static bool is_normal_memory(pgprot_t p)  {  #if
> > > defined(CONFIG_ARM)
> > >         return (((pgprot_val(p) & L_PTE_MT_MASK) =3D=3D L_PTE_MT_WRIT=
EALLOC)
> > ||
> > > -               ((pgprot_val(p) & L_PTE_MT_MASK) =3D=3D L_PTE_MT_WRIT=
EBACK));
> > > +               ((pgprot_val(p) & L_PTE_MT_MASK) =3D=3D L_PTE_MT_WRIT=
EBACK) ||
> > > +               ((pgprot_val(p) & L_PTE_MT_MASK) =3D=3D
> > > + L_PTE_MT_WRITETHROUGH));
> > >  #elif defined(CONFIG_ARM64)
> > >         return (pgprot_val(p) & PTE_ATTRINDX_MASK) =3D=3D
> > > PTE_ATTRINDX(MT_NORMAL);  #else
> > > --
> > > 2.17.1
> > >
>
> Regards,
> Andrey