Re: [PATCH v2 6/8] dt-bindings: reserved-memory: Add secure CMA reserved memory range

From: Jeffrey Kardatzke
Date: Wed Nov 15 2023 - 18:35:27 EST

Next message: kernel test robot: "Re: [PATCH] nvme-core: remove head->effects to fix use-after-free"
Previous message: Edgecombe, Rick P: "Re: Several tst-robust* tests time out with recent Linux kernel"
In reply to: Robin Murphy: "Re: [PATCH v2 6/8] dt-bindings: reserved-memory: Add secure CMA reserved memory range"
Next in thread: Rob Herring: "Re: [PATCH v2 6/8] dt-bindings: reserved-memory: Add secure CMA reserved memory range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

May I suggest the following for the device tree binding? (I'm not very
familiar w/ device trees, so apologies for any oversights, but trying
to process the feedback here and help move Mediatek along). This
should align with my other suggestions for having an MTK specific
portion to their secure heap implementation; which also means there
should be an MTK specific device tree binding.

# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
%YAML 1.2
---
$id: http://devicetree.org/schemas/reserved-memory/mediatek,dynamic-secure-region.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#

title: Mediatek Dynamic Reserved Region

description:
A memory region that can dynamically transition as a whole between
secure and non-secure states. This memory will be protected by OP-TEE
when allocations are active and unprotected otherwise.

maintainers:
- Yong Wu <yong.wu@xxxxxxxxxxxx>

allOf:
- $ref: reserved-memory.yaml

properties:
compatible:
const: mediatek,dynamic-secure-region

required:
- compatible
- reg
- reusable

unevaluatedProperties: false

examples:
- |

reserved-memory {
#address-cells = <1>;
#size-cells = <1>;
ranges;

reserved-memory@80000000 {
compatible = "mediatek,dynamic-secure-region";
reusable;
reg = <0x80000000 0x18000000>;
};
};

On Tue, Nov 14, 2023 at 5:18 AM Robin Murphy <robin.murphy@xxxxxxx> wrote:
>
> On 13/11/2023 6:37 am, Yong Wu (吴勇) wrote:
> [...]
> >>> +properties:
> >>> + compatible:
> >>> + const: secure_cma_region
> >>
> >> Still wrong compatible. Look at other bindings - there is nowhere
> >> underscore. Look at other reserved memory bindings especially.
> >>
> >> Also, CMA is a Linux thingy, so either not suitable for bindings at
> >> all,
> >> or you need Linux specific compatible. I don't quite get why do you
> >> evennot
> >> put CMA there - adding Linux specific stuff will get obvious
> >> pushback...
> >
> > Thanks. I will change to: secure-region. Is this ok?
>
> No, the previous discussion went off in entirely the wrong direction. To
> reiterate, the point of the binding is not to describe the expected
> usage of the thing nor the general concept of the thing, but to describe
> the actual thing itself. There are any number of different ways software
> may interact with a "secure region", so that is meaningless as a
> compatible. It needs to describe *this* secure memory interface offered
> by *this* TEE, so that software knows that to use it requires making
> those particular SiP calls with that particular UUID etc.
>
> Thanks,
> Robin.

Next message: kernel test robot: "Re: [PATCH] nvme-core: remove head->effects to fix use-after-free"
Previous message: Edgecombe, Rick P: "Re: Several tst-robust* tests time out with recent Linux kernel"
In reply to: Robin Murphy: "Re: [PATCH v2 6/8] dt-bindings: reserved-memory: Add secure CMA reserved memory range"
Next in thread: Rob Herring: "Re: [PATCH v2 6/8] dt-bindings: reserved-memory: Add secure CMA reserved memory range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]