Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Thursday 15 January 2015 10:22:47 Al Stone wrote: > > Can I restate the position as I hear it, then? I want to make sure > I'm understanding what's being said. > > What I'm reading seems to say: if an ARMv8 vendor wants Linux support > in the upstream kernel, regardless of whether or not it is a mobile or > server product, they must submit DT-based patches until such time as > ACPI on arm64 is deemed "mature." Do I have that correct? I was specifically referring to SoC specific device drivers here. It's a bit unclear what a 'vendor' is in this context, but I'd hope that as long as we have basic support for a SoC, other people can build DT blobs for these machines and have them run Linux out of the box. > That implies to me that if I want to build an ACPI-only product, there > is no way to predict when or if I can get Linux support. And, that if > I do want Linux support, and need ACPI for my end-users, I have to > maintain both sets of firmware for some unknown time into the future. > Is that what was meant? The firmware is normally not written by the people that do the SoC, and we have very little control over what someone puts in their firmware. Shipping an ACPI-only firmware would still work, but has the danger of breaking if we ever have to make incompatible changes to the way we interpret the ACPI tables and we have to support users that can't upgrade their firmware. Hopefully we can quickly get to the point where we don't have to make incompatible changes, but I don't think that is realistic from the day we first merge ACPI support. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Thursday 15 January 2015 10:22:47 Al Stone wrote: Can I restate the position as I hear it, then? I want to make sure I'm understanding what's being said. What I'm reading seems to say: if an ARMv8 vendor wants Linux support in the upstream kernel, regardless of whether or not it is a mobile or server product, they must submit DT-based patches until such time as ACPI on arm64 is deemed mature. Do I have that correct? I was specifically referring to SoC specific device drivers here. It's a bit unclear what a 'vendor' is in this context, but I'd hope that as long as we have basic support for a SoC, other people can build DT blobs for these machines and have them run Linux out of the box. That implies to me that if I want to build an ACPI-only product, there is no way to predict when or if I can get Linux support. And, that if I do want Linux support, and need ACPI for my end-users, I have to maintain both sets of firmware for some unknown time into the future. Is that what was meant? The firmware is normally not written by the people that do the SoC, and we have very little control over what someone puts in their firmware. Shipping an ACPI-only firmware would still work, but has the danger of breaking if we ever have to make incompatible changes to the way we interpret the ACPI tables and we have to support users that can't upgrade their firmware. Hopefully we can quickly get to the point where we don't have to make incompatible changes, but I don't think that is realistic from the day we first merge ACPI support. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Thu, Jan 15, 2015 at 05:52:31PM +0100, Arnd Bergmann wrote: > On Thursday 15 January 2015 10:51:58 Jon Masters wrote: > > It gets worse. There *will* be large numbers of ACPI only ARM servers > > landing over the coming year. Not only would DT code be untested, but > > insisting on keeping e.g. a DSDT and DT in sync is never going to work > > anyway. Already we have early stage servers that contain a DT used for > > bringup that is subsequently not being updated as often as the ACPI > > tables (those systems are now booting exclusively in labs with ACPI). > > Eventually, I am going to push for the DT data to be removed from these > > systems rather than have out of date unmaintained DT data in firmware. > We will of course be able to relax the rule once ACPI has stabilized on > ARM64. At the moment, we haven't even agreed on how to represent basic > devices, so things are in flux and there is no way for a BIOS writer > to ship an image that we will guarantee to support in the long run. > At some point after we are reasonably sure we are able to keep supporting > all existing systems that are working with that kernel, we can take > support for new systems without having DT by default, and also support > booting those without acpi=force, which is related to this question. Speaking with my subsystem maintainer hat on (admittedly not subsystems affected too much by ARM servers so take this with a pinch of salt) this just sounds like it's making more work for me - it means having to force people to write DT code and bindings which I'm then going to have to review and none of us really care about. Realistically I'm just going to take the code if a lack of a DT binding is the only option, I suspect others will be similar. signature.asc Description: Digital signature
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/15/2015 09:52 AM, Arnd Bergmann wrote: > On Thursday 15 January 2015 10:51:58 Jon Masters wrote: >> On 01/15/2015 09:10 AM, Grant Likely wrote: >>> On Tue, Jan 6, 2015 at 1:59 PM, Arnd Bergmann wrote: For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. >>> >>> That's a dumb rule. It will result in untested DT code paths being >>> thrown into drivers just too meet the rules rather than on whether or >>> not they will actually be used. It's fine to allow driver authors to >>> only implement the ACPI code path if that is what they are working >>> with. We can *always* add a DT path to the driver when it is needed. >> >> It gets worse. There *will* be large numbers of ACPI only ARM servers >> landing over the coming year. Not only would DT code be untested, but >> insisting on keeping e.g. a DSDT and DT in sync is never going to work >> anyway. Already we have early stage servers that contain a DT used for >> bringup that is subsequently not being updated as often as the ACPI >> tables (those systems are now booting exclusively in labs with ACPI). >> Eventually, I am going to push for the DT data to be removed from these >> systems rather than have out of date unmaintained DT data in firmware. > > We will of course be able to relax the rule once ACPI has stabilized on > ARM64. At the moment, we haven't even agreed on how to represent basic > devices, so things are in flux and there is no way for a BIOS writer > to ship an image that we will guarantee to support in the long run. > > At some point after we are reasonably sure we are able to keep supporting > all existing systems that are working with that kernel, we can take > support for new systems without having DT by default, and also support > booting those without acpi=force, which is related to this question. > > Arnd > Can I restate the position as I hear it, then? I want to make sure I'm understanding what's being said. What I'm reading seems to say: if an ARMv8 vendor wants Linux support in the upstream kernel, regardless of whether or not it is a mobile or server product, they must submit DT-based patches until such time as ACPI on arm64 is deemed "mature." Do I have that correct? That implies to me that if I want to build an ACPI-only product, there is no way to predict when or if I can get Linux support. And, that if I do want Linux support, and need ACPI for my end-users, I have to maintain both sets of firmware for some unknown time into the future. Is that what was meant? I'm not really trying to judge the position right this second, but I am trying to make sure I understand it. English is not really the most precise of languages and I would prefer not to misinterpret. -- ciao, al --- Al Stone Software Engineer Linaro Enterprise Group al.st...@linaro.org --- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Thursday 15 January 2015 10:51:58 Jon Masters wrote: > On 01/15/2015 09:10 AM, Grant Likely wrote: > > On Tue, Jan 6, 2015 at 1:59 PM, Arnd Bergmann wrote: > >> For drivers merged upstream, I would insist that every driver merged > >> for an ARM64 platform has a documented DT binding that is used in the > >> driver. > > > > That's a dumb rule. It will result in untested DT code paths being > > thrown into drivers just too meet the rules rather than on whether or > > not they will actually be used. It's fine to allow driver authors to > > only implement the ACPI code path if that is what they are working > > with. We can *always* add a DT path to the driver when it is needed. > > It gets worse. There *will* be large numbers of ACPI only ARM servers > landing over the coming year. Not only would DT code be untested, but > insisting on keeping e.g. a DSDT and DT in sync is never going to work > anyway. Already we have early stage servers that contain a DT used for > bringup that is subsequently not being updated as often as the ACPI > tables (those systems are now booting exclusively in labs with ACPI). > Eventually, I am going to push for the DT data to be removed from these > systems rather than have out of date unmaintained DT data in firmware. We will of course be able to relax the rule once ACPI has stabilized on ARM64. At the moment, we haven't even agreed on how to represent basic devices, so things are in flux and there is no way for a BIOS writer to ship an image that we will guarantee to support in the long run. At some point after we are reasonably sure we are able to keep supporting all existing systems that are working with that kernel, we can take support for new systems without having DT by default, and also support booting those without acpi=force, which is related to this question. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/15/2015 09:10 AM, Grant Likely wrote: > On Tue, Jan 6, 2015 at 1:59 PM, Arnd Bergmann wrote: >> On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: >>> On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: >> since passing no DT tables to OS but >> acpi=force is missing is a corner case, we can do a follow up patch to >> fix that, does it make sense? > > Not entirely. Why would no dtb and no acpi=force be a corner case? I > thought this should be the default when only ACPI tables are passed, no > need for an additional acpi=force argument. We don't really support the case of only ACPI tables for now. The expectation is that you always have working DT support, at least for the next few years as ACPI features are ramping up, and without acpi=force it should not try to use ACPI at all. >>> >>> So if both DT and ACPI are present, just use DT unless acpi=force is >>> passed. So far I think we agree but what I want to avoid is always >>> mandating acpi=force even when the DT tables are missing (in the long >>> run). >>> >>> Now, what's preventing a vendor firmware from providing only ACPI >>> tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) >>> that both DT and ACPI are supported, or at least that dts files are >>> merged in the kernel first? >> >> We have no way of enforcing what a board vendor ships, so if they want >> to have ACPI-only machines for MS Windows, they just won't work by >> default on Linux. Once ACPI support is mature enough, we can also >> have a whitelist or a different default for using it automatically >> when no DT is present. >> >> For drivers merged upstream, I would insist that every driver merged >> for an ARM64 platform has a documented DT binding that is used in the >> driver. > > That's a dumb rule. It will result in untested DT code paths being > thrown into drivers just too meet the rules rather than on whether or > not they will actually be used. It's fine to allow driver authors to > only implement the ACPI code path if that is what they are working > with. We can *always* add a DT path to the driver when it is needed. It gets worse. There *will* be large numbers of ACPI only ARM servers landing over the coming year. Not only would DT code be untested, but insisting on keeping e.g. a DSDT and DT in sync is never going to work anyway. Already we have early stage servers that contain a DT used for bringup that is subsequently not being updated as often as the ACPI tables (those systems are now booting exclusively in labs with ACPI). Eventually, I am going to push for the DT data to be removed from these systems rather than have out of date unmaintained DT data in firmware. Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tue, Jan 6, 2015 at 1:59 PM, Arnd Bergmann wrote: > On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: >> On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: >> > On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: >> > > > since passing no DT tables to OS but >> > > > acpi=force is missing is a corner case, we can do a follow up patch to >> > > > fix that, does it make sense? >> > > >> > > Not entirely. Why would no dtb and no acpi=force be a corner case? I >> > > thought this should be the default when only ACPI tables are passed, no >> > > need for an additional acpi=force argument. >> > >> > We don't really support the case of only ACPI tables for now. The >> > expectation >> > is that you always have working DT support, at least for the next few years >> > as ACPI features are ramping up, and without acpi=force it should not try >> > to use ACPI at all. >> >> So if both DT and ACPI are present, just use DT unless acpi=force is >> passed. So far I think we agree but what I want to avoid is always >> mandating acpi=force even when the DT tables are missing (in the long >> run). >> >> Now, what's preventing a vendor firmware from providing only ACPI >> tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) >> that both DT and ACPI are supported, or at least that dts files are >> merged in the kernel first? > > We have no way of enforcing what a board vendor ships, so if they want > to have ACPI-only machines for MS Windows, they just won't work by > default on Linux. Once ACPI support is mature enough, we can also > have a whitelist or a different default for using it automatically > when no DT is present. > > For drivers merged upstream, I would insist that every driver merged > for an ARM64 platform has a documented DT binding that is used in the > driver. That's a dumb rule. It will result in untested DT code paths being thrown into drivers just too meet the rules rather than on whether or not they will actually be used. It's fine to allow driver authors to only implement the ACPI code path if that is what they are working with. We can *always* add a DT path to the driver when it is needed. As you say, wecannot insist that vendors implement DT as well as ACPI. The most we can do is offer the recommendation that DT works now, but ACPI is immature for ARM. If they choose to do ACPI only, that is absolutely fine and they do so with the understanding that it will take time to stabilize to the point that we're comfortable guaranteeing support in mainline. However, that doesn't even remotely block getting each of their drivers merged as they become ready. g. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Thursday 15 January 2015 10:51:58 Jon Masters wrote: On 01/15/2015 09:10 AM, Grant Likely wrote: On Tue, Jan 6, 2015 at 1:59 PM, Arnd Bergmann a...@arndb.de wrote: For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. That's a dumb rule. It will result in untested DT code paths being thrown into drivers just too meet the rules rather than on whether or not they will actually be used. It's fine to allow driver authors to only implement the ACPI code path if that is what they are working with. We can *always* add a DT path to the driver when it is needed. It gets worse. There *will* be large numbers of ACPI only ARM servers landing over the coming year. Not only would DT code be untested, but insisting on keeping e.g. a DSDT and DT in sync is never going to work anyway. Already we have early stage servers that contain a DT used for bringup that is subsequently not being updated as often as the ACPI tables (those systems are now booting exclusively in labs with ACPI). Eventually, I am going to push for the DT data to be removed from these systems rather than have out of date unmaintained DT data in firmware. We will of course be able to relax the rule once ACPI has stabilized on ARM64. At the moment, we haven't even agreed on how to represent basic devices, so things are in flux and there is no way for a BIOS writer to ship an image that we will guarantee to support in the long run. At some point after we are reasonably sure we are able to keep supporting all existing systems that are working with that kernel, we can take support for new systems without having DT by default, and also support booting those without acpi=force, which is related to this question. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/15/2015 09:52 AM, Arnd Bergmann wrote: On Thursday 15 January 2015 10:51:58 Jon Masters wrote: On 01/15/2015 09:10 AM, Grant Likely wrote: On Tue, Jan 6, 2015 at 1:59 PM, Arnd Bergmann a...@arndb.de wrote: For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. That's a dumb rule. It will result in untested DT code paths being thrown into drivers just too meet the rules rather than on whether or not they will actually be used. It's fine to allow driver authors to only implement the ACPI code path if that is what they are working with. We can *always* add a DT path to the driver when it is needed. It gets worse. There *will* be large numbers of ACPI only ARM servers landing over the coming year. Not only would DT code be untested, but insisting on keeping e.g. a DSDT and DT in sync is never going to work anyway. Already we have early stage servers that contain a DT used for bringup that is subsequently not being updated as often as the ACPI tables (those systems are now booting exclusively in labs with ACPI). Eventually, I am going to push for the DT data to be removed from these systems rather than have out of date unmaintained DT data in firmware. We will of course be able to relax the rule once ACPI has stabilized on ARM64. At the moment, we haven't even agreed on how to represent basic devices, so things are in flux and there is no way for a BIOS writer to ship an image that we will guarantee to support in the long run. At some point after we are reasonably sure we are able to keep supporting all existing systems that are working with that kernel, we can take support for new systems without having DT by default, and also support booting those without acpi=force, which is related to this question. Arnd Can I restate the position as I hear it, then? I want to make sure I'm understanding what's being said. What I'm reading seems to say: if an ARMv8 vendor wants Linux support in the upstream kernel, regardless of whether or not it is a mobile or server product, they must submit DT-based patches until such time as ACPI on arm64 is deemed mature. Do I have that correct? That implies to me that if I want to build an ACPI-only product, there is no way to predict when or if I can get Linux support. And, that if I do want Linux support, and need ACPI for my end-users, I have to maintain both sets of firmware for some unknown time into the future. Is that what was meant? I'm not really trying to judge the position right this second, but I am trying to make sure I understand it. English is not really the most precise of languages and I would prefer not to misinterpret. -- ciao, al --- Al Stone Software Engineer Linaro Enterprise Group al.st...@linaro.org --- -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Thu, Jan 15, 2015 at 05:52:31PM +0100, Arnd Bergmann wrote: On Thursday 15 January 2015 10:51:58 Jon Masters wrote: It gets worse. There *will* be large numbers of ACPI only ARM servers landing over the coming year. Not only would DT code be untested, but insisting on keeping e.g. a DSDT and DT in sync is never going to work anyway. Already we have early stage servers that contain a DT used for bringup that is subsequently not being updated as often as the ACPI tables (those systems are now booting exclusively in labs with ACPI). Eventually, I am going to push for the DT data to be removed from these systems rather than have out of date unmaintained DT data in firmware. We will of course be able to relax the rule once ACPI has stabilized on ARM64. At the moment, we haven't even agreed on how to represent basic devices, so things are in flux and there is no way for a BIOS writer to ship an image that we will guarantee to support in the long run. At some point after we are reasonably sure we are able to keep supporting all existing systems that are working with that kernel, we can take support for new systems without having DT by default, and also support booting those without acpi=force, which is related to this question. Speaking with my subsystem maintainer hat on (admittedly not subsystems affected too much by ARM servers so take this with a pinch of salt) this just sounds like it's making more work for me - it means having to force people to write DT code and bindings which I'm then going to have to review and none of us really care about. Realistically I'm just going to take the code if a lack of a DT binding is the only option, I suspect others will be similar. signature.asc Description: Digital signature
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/15/2015 09:10 AM, Grant Likely wrote: On Tue, Jan 6, 2015 at 1:59 PM, Arnd Bergmann a...@arndb.de wrote: On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: since passing no DT tables to OS but acpi=force is missing is a corner case, we can do a follow up patch to fix that, does it make sense? Not entirely. Why would no dtb and no acpi=force be a corner case? I thought this should be the default when only ACPI tables are passed, no need for an additional acpi=force argument. We don't really support the case of only ACPI tables for now. The expectation is that you always have working DT support, at least for the next few years as ACPI features are ramping up, and without acpi=force it should not try to use ACPI at all. So if both DT and ACPI are present, just use DT unless acpi=force is passed. So far I think we agree but what I want to avoid is always mandating acpi=force even when the DT tables are missing (in the long run). Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? We have no way of enforcing what a board vendor ships, so if they want to have ACPI-only machines for MS Windows, they just won't work by default on Linux. Once ACPI support is mature enough, we can also have a whitelist or a different default for using it automatically when no DT is present. For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. That's a dumb rule. It will result in untested DT code paths being thrown into drivers just too meet the rules rather than on whether or not they will actually be used. It's fine to allow driver authors to only implement the ACPI code path if that is what they are working with. We can *always* add a DT path to the driver when it is needed. It gets worse. There *will* be large numbers of ACPI only ARM servers landing over the coming year. Not only would DT code be untested, but insisting on keeping e.g. a DSDT and DT in sync is never going to work anyway. Already we have early stage servers that contain a DT used for bringup that is subsequently not being updated as often as the ACPI tables (those systems are now booting exclusively in labs with ACPI). Eventually, I am going to push for the DT data to be removed from these systems rather than have out of date unmaintained DT data in firmware. Jon. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tue, Jan 6, 2015 at 1:59 PM, Arnd Bergmann a...@arndb.de wrote: On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: since passing no DT tables to OS but acpi=force is missing is a corner case, we can do a follow up patch to fix that, does it make sense? Not entirely. Why would no dtb and no acpi=force be a corner case? I thought this should be the default when only ACPI tables are passed, no need for an additional acpi=force argument. We don't really support the case of only ACPI tables for now. The expectation is that you always have working DT support, at least for the next few years as ACPI features are ramping up, and without acpi=force it should not try to use ACPI at all. So if both DT and ACPI are present, just use DT unless acpi=force is passed. So far I think we agree but what I want to avoid is always mandating acpi=force even when the DT tables are missing (in the long run). Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? We have no way of enforcing what a board vendor ships, so if they want to have ACPI-only machines for MS Windows, they just won't work by default on Linux. Once ACPI support is mature enough, we can also have a whitelist or a different default for using it automatically when no DT is present. For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. That's a dumb rule. It will result in untested DT code paths being thrown into drivers just too meet the rules rather than on whether or not they will actually be used. It's fine to allow driver authors to only implement the ACPI code path if that is what they are working with. We can *always* add a DT path to the driver when it is needed. As you say, wecannot insist that vendors implement DT as well as ACPI. The most we can do is offer the recommendation that DT works now, but ACPI is immature for ARM. If they choose to do ACPI only, that is absolutely fine and they do so with the understanding that it will take time to stabilize to the point that we're comfortable guaranteeing support in mainline. However, that doesn't even remotely block getting each of their drivers merged as they become ready. g. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Fri, Jan 09, 2015 at 10:55:51AM +, Arnd Bergmann wrote: > On Friday 09 January 2015 10:33:07 Catalin Marinas wrote: > > On Wed, Jan 07, 2015 at 07:48:48PM +, Arnd Bergmann wrote: > > > > In other cases that's actually a good thing. One such example is the > > > "Principles of ARM Memory Maps" document that tells hardware implementers > > > to do a rather complex mapping "To support 36-bit x86 PAE compatible > > > operating > > > systems, such as Linux." but makes life much harder in the process than > > > any of the random mappings we have seen in the wild. > > > > Unfortunately, with any significant amount of RAM (say 16GB), this > > document becomes pretty useless. It basically forces you to have a very > > sparse physical address map from 0 to over 40-bit. I wouldn't apply the > > ARM memory maps doc to server systems. > > Are you sure? I was under the impression that this document was targetted > specifically at servers. Ah, sorry for the confusion, I haven't read the latest (apparently from 2012) update which covers 44 and 48-bit memory maps. The only downside is that for more than 32GB of RAM (up to 512GB) it requires a 40-bit memory map. Given the sparseness, we can't use 3-levels of page table with 4KB pages which can only cover 39-bit. Anyway, not a major issue. -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Friday 09 January 2015 10:33:07 Catalin Marinas wrote: > On Wed, Jan 07, 2015 at 07:48:48PM +, Arnd Bergmann wrote: > > In other cases that's actually a good thing. One such example is the > > "Principles of ARM Memory Maps" document that tells hardware implementers > > to do a rather complex mapping "To support 36-bit x86 PAE compatible > > operating > > systems, such as Linux." but makes life much harder in the process than > > any of the random mappings we have seen in the wild. > > Unfortunately, with any significant amount of RAM (say 16GB), this > document becomes pretty useless. It basically forces you to have a very > sparse physical address map from 0 to over 40-bit. I wouldn't apply the > ARM memory maps doc to server systems. Are you sure? I was under the impression that this document was targetted specifically at servers. > > It's also not just the CPU core, other components also get easily > > replaced, like a GICv3 that is not a strict superset of GICv2. > > That's not a problem for Linux, we can describe them in DT or ACPI and > have drivers. GICv3 has an optional GICv2 compatible mode, though > vendors may decide not to implement it. I'm aware that we can deal with it after we have the drivers. My point was that we are unable to deal with this problem in general if we want to run existing kernels on new hardware that contains e.g. a GICv4/5/6 that requires a new driver which has to first be written and then backported into distro kernels. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 07:48:48PM +, Arnd Bergmann wrote: > On Wednesday 07 January 2015 12:44:56 Jon Masters wrote: > > I'm expecting to need new drivers for SoC IP blocks that are net new, > > but generational differences between iterations of the same SoC should > > be abstracted behind the firmware (and we are already seeing this with > > at least one platform). Platform wise, it's nice to already see e.g. > > mmconfig working to handle the specific ways a platform wires PCI. > > Yes, the parts that are mandated by SBSA, like the way that PCI needs > to be done are generally good. Unfortunately a lot of the hardware that > I've seen has a rather lax interpretation of the spec, so just because > something is mandated doesn't mean it's done that way ;-) > > In other cases that's actually a good thing. One such example is the > "Principles of ARM Memory Maps" document that tells hardware implementers > to do a rather complex mapping "To support 36-bit x86 PAE compatible operating > systems, such as Linux." but makes life much harder in the process than > any of the random mappings we have seen in the wild. Unfortunately, with any significant amount of RAM (say 16GB), this document becomes pretty useless. It basically forces you to have a very sparse physical address map from 0 to over 40-bit. I wouldn't apply the ARM memory maps doc to server systems. > * There is a general mindset about deprecating unwanted features > early. ARMv8 aarch32 bit mode removes support for older instructions > or makes them optional. Even the virtualization mode doesn't allow > to trap on architecture version specific differences, so you can't > completely emulate an older architecture level. > This is nice for implementers but not so much for users that rely > on old (mis-)features. This mindset is (slowly) changing. There are, of course, instructions like SWP that just can't always be implemented at the SoC level (not necessarily CPU level; requiring bus locks) but others like CP15 barriers, I don't see why they should go away, it's just a decoder problem. > It's also not just the CPU core, other components also get easily > replaced, like a GICv3 that is not a strict superset of GICv2. That's not a problem for Linux, we can describe them in DT or ACPI and have drivers. GICv3 has an optional GICv2 compatible mode, though vendors may decide not to implement it. -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Fri, Jan 09, 2015 at 10:55:51AM +, Arnd Bergmann wrote: On Friday 09 January 2015 10:33:07 Catalin Marinas wrote: On Wed, Jan 07, 2015 at 07:48:48PM +, Arnd Bergmann wrote: In other cases that's actually a good thing. One such example is the Principles of ARM Memory Maps document that tells hardware implementers to do a rather complex mapping To support 36-bit x86 PAE compatible operating systems, such as Linux. but makes life much harder in the process than any of the random mappings we have seen in the wild. Unfortunately, with any significant amount of RAM (say 16GB), this document becomes pretty useless. It basically forces you to have a very sparse physical address map from 0 to over 40-bit. I wouldn't apply the ARM memory maps doc to server systems. Are you sure? I was under the impression that this document was targetted specifically at servers. Ah, sorry for the confusion, I haven't read the latest (apparently from 2012) update which covers 44 and 48-bit memory maps. The only downside is that for more than 32GB of RAM (up to 512GB) it requires a 40-bit memory map. Given the sparseness, we can't use 3-levels of page table with 4KB pages which can only cover 39-bit. Anyway, not a major issue. -- Catalin -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Friday 09 January 2015 10:33:07 Catalin Marinas wrote: On Wed, Jan 07, 2015 at 07:48:48PM +, Arnd Bergmann wrote: In other cases that's actually a good thing. One such example is the Principles of ARM Memory Maps document that tells hardware implementers to do a rather complex mapping To support 36-bit x86 PAE compatible operating systems, such as Linux. but makes life much harder in the process than any of the random mappings we have seen in the wild. Unfortunately, with any significant amount of RAM (say 16GB), this document becomes pretty useless. It basically forces you to have a very sparse physical address map from 0 to over 40-bit. I wouldn't apply the ARM memory maps doc to server systems. Are you sure? I was under the impression that this document was targetted specifically at servers. It's also not just the CPU core, other components also get easily replaced, like a GICv3 that is not a strict superset of GICv2. That's not a problem for Linux, we can describe them in DT or ACPI and have drivers. GICv3 has an optional GICv2 compatible mode, though vendors may decide not to implement it. I'm aware that we can deal with it after we have the drivers. My point was that we are unable to deal with this problem in general if we want to run existing kernels on new hardware that contains e.g. a GICv4/5/6 that requires a new driver which has to first be written and then backported into distro kernels. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 07:48:48PM +, Arnd Bergmann wrote: On Wednesday 07 January 2015 12:44:56 Jon Masters wrote: I'm expecting to need new drivers for SoC IP blocks that are net new, but generational differences between iterations of the same SoC should be abstracted behind the firmware (and we are already seeing this with at least one platform). Platform wise, it's nice to already see e.g. mmconfig working to handle the specific ways a platform wires PCI. Yes, the parts that are mandated by SBSA, like the way that PCI needs to be done are generally good. Unfortunately a lot of the hardware that I've seen has a rather lax interpretation of the spec, so just because something is mandated doesn't mean it's done that way ;-) In other cases that's actually a good thing. One such example is the Principles of ARM Memory Maps document that tells hardware implementers to do a rather complex mapping To support 36-bit x86 PAE compatible operating systems, such as Linux. but makes life much harder in the process than any of the random mappings we have seen in the wild. Unfortunately, with any significant amount of RAM (say 16GB), this document becomes pretty useless. It basically forces you to have a very sparse physical address map from 0 to over 40-bit. I wouldn't apply the ARM memory maps doc to server systems. * There is a general mindset about deprecating unwanted features early. ARMv8 aarch32 bit mode removes support for older instructions or makes them optional. Even the virtualization mode doesn't allow to trap on architecture version specific differences, so you can't completely emulate an older architecture level. This is nice for implementers but not so much for users that rely on old (mis-)features. This mindset is (slowly) changing. There are, of course, instructions like SWP that just can't always be implemented at the SoC level (not necessarily CPU level; requiring bus locks) but others like CP15 barriers, I don't see why they should go away, it's just a decoder problem. It's also not just the CPU core, other components also get easily replaced, like a GICv3 that is not a strict superset of GICv2. That's not a problem for Linux, we can describe them in DT or ACPI and have drivers. GICv3 has an optional GICv2 compatible mode, though vendors may decide not to implement it. -- Catalin -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
Security is a much big scale issue. The industry has all kind of solutions to deal with firmware security. In ARM system, the Firmware has been designed with higher privilege/security than OS. I will suggest we trust firmware security and focus on Linux itself. -Original Message- From: linaro-acpi-boun...@lists.linaro.org [mailto:linaro-acpi-boun...@lists.linaro.org] On Behalf Of Arnd Bergmann Sent: Thursday, January 08, 2015 3:27 AM To: Jason Cooper Cc: Rob Herring; Daniel Lezcano; Robert Richter; linaro-a...@lists.linaro.org; Marc Zyngier; Jon Masters; Randy Dunlap; Liviu Dudau; Robert Moore; Will Deacon; linux-kernel@vger.kernel.org; linux-a...@vger.kernel.org; Mark Brown; Rafael J. Wysocki; Lv Zheng; Catalin Marinas; Bjorn Helgaas; linux-arm-ker...@lists.infradead.org; Olof Johansson Subject: Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64 On Wednesday 07 January 2015 17:59:04 Jason Cooper wrote: > On Wed, Jan 07, 2015 at 03:05:14PM -0500, Jon Masters wrote: > > On 01/07/2015 02:58 PM, Jon Masters wrote: > > > On 01/07/2015 01:41 PM, Jason Cooper wrote: > > > > >> One of the reasons I've really enjoyed working with ARM platforms > > >> and DT is the absence of this type of 'feature'. I honestly > > >> don't care whether the kernel gets the board configuration info > > >> from DT or ACPI or FOO, as long as we can avoid the security mistakes of > > >> the past: > > >> > > >> > > >> http://www.spiegel.de/international/world/catalog-reveals-nsa-has > > >> -back-doors-for-numerous-devices-a-940994.html > > > > > > ACPI is not the great satan. I'm aware certain others in the > > > community have written missinformed blog posts and G+ rants > > > equating ACPI with SMI and even with various other system > > > firmware. I can't force someone to become informed on a topic, > > > especially if it's politically useful to them to hate on ACPI and use the > > > security paranoia handwavy argument. > > > > To clarify, and this is not directed at you Jason, it is politically > > useful to some who have written rants those business models are > > built upon being paid to enable platforms. For those folks, > > standardized platforms which allow a common OS approach are seen as > > threatening. > > Ahh, thanks for clarifying. > > > In the previous rants (which were really instigated as a result of > > the > > above) ACPI was equated with SMM (System Management Mode), which is > > a bit like the Secure/Trusted world on AArch64 in which you might > > run another "Trusted" OS. These are the places where you want to > > watch out to malware of the kind cited in your link, not in ACPI tables. > > fwiw, I *am* concerned about those spaces. It seems we agree on their > vulnerability to attack (plus being meaty targets). > > To more concisely state my other reply to you, wrt to AML, I'm > primarily concerned about a malicious update to the ACPI tables. The > ACPI tables in the update would be otherwise normal, except for the > AML blob that contains some extra code. The malicious payload. Then, > a routine call into an AML (for pinctrl, say) executes the malicious code. > > The plausibility and preventability of that style of attack is what > I'm hoping to nail down with this discussion. If you want to run hidden code through the firmware, then doing an attack on Intel SMM or ARM TrustZone would be much harder to detect and as easy to get in, as long as you have the ability to flash arbitrary firmware. I think this has been shown to happen in the wild. That code could go and manipulate the running kernel image to do something else. Running code inside of the AML interpreter is fairly limited for the purpose of an attack [*], but there might be bugs in the interpreter that allow arbitrary code execution from malicious firmware. I think this case would be similar to constructing a malicious DT blob that exploits a bug in the DT parser for arbitrary code execution. The AML interpreter is a relatively large chunk of code, but it's self-contained. In comparison, the DT parser is much smaller, but has the additional (theoretical) problem of potential buffer overflows in any drivers that use it incorrectly (e.g. format string attacks on string properties). Another difference is that the AML code is intended to not be user-upgradable without a full firmware upgrade, while a DT blob is meant to be easily replaced if necessary without flashing the firmware, using the same permissions you need for updating the OS. I'm deliberately not trying to draw conclusions regarding whether AM
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wednesday 07 January 2015 17:59:04 Jason Cooper wrote: > On Wed, Jan 07, 2015 at 03:05:14PM -0500, Jon Masters wrote: > > On 01/07/2015 02:58 PM, Jon Masters wrote: > > > On 01/07/2015 01:41 PM, Jason Cooper wrote: > > > > >> One of the reasons I've really enjoyed working with ARM platforms and DT > > >> is the absence of this type of 'feature'. I honestly don't care whether > > >> the kernel gets the board configuration info from DT or ACPI or FOO, as > > >> long as we can avoid the security mistakes of the past: > > >> > > >> > > >> http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html > > > > > > ACPI is not the great satan. I'm aware certain others in the community > > > have written missinformed blog posts and G+ rants equating ACPI with SMI > > > and even with various other system firmware. I can't force someone to > > > become informed on a topic, especially if it's politically useful to > > > them to hate on ACPI and use the security paranoia handwavy argument. > > > > To clarify, and this is not directed at you Jason, it is politically > > useful to some who have written rants those business models are built > > upon being paid to enable platforms. For those folks, standardized > > platforms which allow a common OS approach are seen as threatening. > > Ahh, thanks for clarifying. > > > In the previous rants (which were really instigated as a result of the > > above) ACPI was equated with SMM (System Management Mode), which is a > > bit like the Secure/Trusted world on AArch64 in which you might run > > another "Trusted" OS. These are the places where you want to watch out > > to malware of the kind cited in your link, not in ACPI tables. > > fwiw, I *am* concerned about those spaces. It seems we agree on their > vulnerability to attack (plus being meaty targets). > > To more concisely state my other reply to you, wrt to AML, I'm primarily > concerned about a malicious update to the ACPI tables. The ACPI tables > in the update would be otherwise normal, except for the AML blob that > contains some extra code. The malicious payload. Then, a routine call > into an AML (for pinctrl, say) executes the malicious code. > > The plausibility and preventability of that style of attack is what I'm > hoping to nail down with this discussion. If you want to run hidden code through the firmware, then doing an attack on Intel SMM or ARM TrustZone would be much harder to detect and as easy to get in, as long as you have the ability to flash arbitrary firmware. I think this has been shown to happen in the wild. That code could go and manipulate the running kernel image to do something else. Running code inside of the AML interpreter is fairly limited for the purpose of an attack [*], but there might be bugs in the interpreter that allow arbitrary code execution from malicious firmware. I think this case would be similar to constructing a malicious DT blob that exploits a bug in the DT parser for arbitrary code execution. The AML interpreter is a relatively large chunk of code, but it's self-contained. In comparison, the DT parser is much smaller, but has the additional (theoretical) problem of potential buffer overflows in any drivers that use it incorrectly (e.g. format string attacks on string properties). Another difference is that the AML code is intended to not be user-upgradable without a full firmware upgrade, while a DT blob is meant to be easily replaced if necessary without flashing the firmware, using the same permissions you need for updating the OS. I'm deliberately not trying to draw conclusions regarding whether AML is more or less secure than DT, but the above is my understanding of the fundamental differences. Arnd [*] I would assume you can get AML code to write to arbitrary physical memory locations without much effort, but it has rather limited arithmetical capabilities which makes it hard to know where to write to. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wednesday 07 January 2015 17:59:04 Jason Cooper wrote: On Wed, Jan 07, 2015 at 03:05:14PM -0500, Jon Masters wrote: On 01/07/2015 02:58 PM, Jon Masters wrote: On 01/07/2015 01:41 PM, Jason Cooper wrote: One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html ACPI is not the great satan. I'm aware certain others in the community have written missinformed blog posts and G+ rants equating ACPI with SMI and even with various other system firmware. I can't force someone to become informed on a topic, especially if it's politically useful to them to hate on ACPI and use the security paranoia handwavy argument. To clarify, and this is not directed at you Jason, it is politically useful to some who have written rants those business models are built upon being paid to enable platforms. For those folks, standardized platforms which allow a common OS approach are seen as threatening. Ahh, thanks for clarifying. In the previous rants (which were really instigated as a result of the above) ACPI was equated with SMM (System Management Mode), which is a bit like the Secure/Trusted world on AArch64 in which you might run another Trusted OS. These are the places where you want to watch out to malware of the kind cited in your link, not in ACPI tables. fwiw, I *am* concerned about those spaces. It seems we agree on their vulnerability to attack (plus being meaty targets). To more concisely state my other reply to you, wrt to AML, I'm primarily concerned about a malicious update to the ACPI tables. The ACPI tables in the update would be otherwise normal, except for the AML blob that contains some extra code. The malicious payload. Then, a routine call into an AML (for pinctrl, say) executes the malicious code. The plausibility and preventability of that style of attack is what I'm hoping to nail down with this discussion. If you want to run hidden code through the firmware, then doing an attack on Intel SMM or ARM TrustZone would be much harder to detect and as easy to get in, as long as you have the ability to flash arbitrary firmware. I think this has been shown to happen in the wild. That code could go and manipulate the running kernel image to do something else. Running code inside of the AML interpreter is fairly limited for the purpose of an attack [*], but there might be bugs in the interpreter that allow arbitrary code execution from malicious firmware. I think this case would be similar to constructing a malicious DT blob that exploits a bug in the DT parser for arbitrary code execution. The AML interpreter is a relatively large chunk of code, but it's self-contained. In comparison, the DT parser is much smaller, but has the additional (theoretical) problem of potential buffer overflows in any drivers that use it incorrectly (e.g. format string attacks on string properties). Another difference is that the AML code is intended to not be user-upgradable without a full firmware upgrade, while a DT blob is meant to be easily replaced if necessary without flashing the firmware, using the same permissions you need for updating the OS. I'm deliberately not trying to draw conclusions regarding whether AML is more or less secure than DT, but the above is my understanding of the fundamental differences. Arnd [*] I would assume you can get AML code to write to arbitrary physical memory locations without much effort, but it has rather limited arithmetical capabilities which makes it hard to know where to write to. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
Security is a much big scale issue. The industry has all kind of solutions to deal with firmware security. In ARM system, the Firmware has been designed with higher privilege/security than OS. I will suggest we trust firmware security and focus on Linux itself. -Original Message- From: linaro-acpi-boun...@lists.linaro.org [mailto:linaro-acpi-boun...@lists.linaro.org] On Behalf Of Arnd Bergmann Sent: Thursday, January 08, 2015 3:27 AM To: Jason Cooper Cc: Rob Herring; Daniel Lezcano; Robert Richter; linaro-a...@lists.linaro.org; Marc Zyngier; Jon Masters; Randy Dunlap; Liviu Dudau; Robert Moore; Will Deacon; linux-kernel@vger.kernel.org; linux-a...@vger.kernel.org; Mark Brown; Rafael J. Wysocki; Lv Zheng; Catalin Marinas; Bjorn Helgaas; linux-arm-ker...@lists.infradead.org; Olof Johansson Subject: Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64 On Wednesday 07 January 2015 17:59:04 Jason Cooper wrote: On Wed, Jan 07, 2015 at 03:05:14PM -0500, Jon Masters wrote: On 01/07/2015 02:58 PM, Jon Masters wrote: On 01/07/2015 01:41 PM, Jason Cooper wrote: One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has -back-doors-for-numerous-devices-a-940994.html ACPI is not the great satan. I'm aware certain others in the community have written missinformed blog posts and G+ rants equating ACPI with SMI and even with various other system firmware. I can't force someone to become informed on a topic, especially if it's politically useful to them to hate on ACPI and use the security paranoia handwavy argument. To clarify, and this is not directed at you Jason, it is politically useful to some who have written rants those business models are built upon being paid to enable platforms. For those folks, standardized platforms which allow a common OS approach are seen as threatening. Ahh, thanks for clarifying. In the previous rants (which were really instigated as a result of the above) ACPI was equated with SMM (System Management Mode), which is a bit like the Secure/Trusted world on AArch64 in which you might run another Trusted OS. These are the places where you want to watch out to malware of the kind cited in your link, not in ACPI tables. fwiw, I *am* concerned about those spaces. It seems we agree on their vulnerability to attack (plus being meaty targets). To more concisely state my other reply to you, wrt to AML, I'm primarily concerned about a malicious update to the ACPI tables. The ACPI tables in the update would be otherwise normal, except for the AML blob that contains some extra code. The malicious payload. Then, a routine call into an AML (for pinctrl, say) executes the malicious code. The plausibility and preventability of that style of attack is what I'm hoping to nail down with this discussion. If you want to run hidden code through the firmware, then doing an attack on Intel SMM or ARM TrustZone would be much harder to detect and as easy to get in, as long as you have the ability to flash arbitrary firmware. I think this has been shown to happen in the wild. That code could go and manipulate the running kernel image to do something else. Running code inside of the AML interpreter is fairly limited for the purpose of an attack [*], but there might be bugs in the interpreter that allow arbitrary code execution from malicious firmware. I think this case would be similar to constructing a malicious DT blob that exploits a bug in the DT parser for arbitrary code execution. The AML interpreter is a relatively large chunk of code, but it's self-contained. In comparison, the DT parser is much smaller, but has the additional (theoretical) problem of potential buffer overflows in any drivers that use it incorrectly (e.g. format string attacks on string properties). Another difference is that the AML code is intended to not be user-upgradable without a full firmware upgrade, while a DT blob is meant to be easily replaced if necessary without flashing the firmware, using the same permissions you need for updating the OS. I'm deliberately not trying to draw conclusions regarding whether AML is more or less secure than DT, but the above is my understanding of the fundamental differences. Arnd [*] I would assume you can get AML code to write to arbitrary physical memory locations without much effort, but it has rather limited arithmetical capabilities which makes it hard to know where to write to. ___ Linaro-acpi mailing list linaro-a...@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 03:05:14PM -0500, Jon Masters wrote: > On 01/07/2015 02:58 PM, Jon Masters wrote: > > On 01/07/2015 01:41 PM, Jason Cooper wrote: > > >> One of the reasons I've really enjoyed working with ARM platforms and DT > >> is the absence of this type of 'feature'. I honestly don't care whether > >> the kernel gets the board configuration info from DT or ACPI or FOO, as > >> long as we can avoid the security mistakes of the past: > >> > >> > >> http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html > > > > ACPI is not the great satan. I'm aware certain others in the community > > have written missinformed blog posts and G+ rants equating ACPI with SMI > > and even with various other system firmware. I can't force someone to > > become informed on a topic, especially if it's politically useful to > > them to hate on ACPI and use the security paranoia handwavy argument. > > To clarify, and this is not directed at you Jason, it is politically > useful to some who have written rants those business models are built > upon being paid to enable platforms. For those folks, standardized > platforms which allow a common OS approach are seen as threatening. Ahh, thanks for clarifying. > In the previous rants (which were really instigated as a result of the > above) ACPI was equated with SMM (System Management Mode), which is a > bit like the Secure/Trusted world on AArch64 in which you might run > another "Trusted" OS. These are the places where you want to watch out > to malware of the kind cited in your link, not in ACPI tables. fwiw, I *am* concerned about those spaces. It seems we agree on their vulnerability to attack (plus being meaty targets). To more concisely state my other reply to you, wrt to AML, I'm primarily concerned about a malicious update to the ACPI tables. The ACPI tables in the update would be otherwise normal, except for the AML blob that contains some extra code. The malicious payload. Then, a routine call into an AML (for pinctrl, say) executes the malicious code. The plausibility and preventability of that style of attack is what I'm hoping to nail down with this discussion. thx, Jason. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
Jason, Will followup more later...was being a little sarcastic before...no raw nerve ;) but sarcasm translates badly so apologies. Will send a better reply when back online :) Good points! Jon. -- Computer Architect | Sent from my #ARM Powered Mobile Device On Jan 7, 2015 4:41 PM, Jason Cooper wrote: > > On Wed, Jan 07, 2015 at 02:58:42PM -0500, Jon Masters wrote: > > On 01/07/2015 01:41 PM, Jason Cooper wrote: On Wed, Jan 07, 2015 at 02:58:42PM -0500, Jon Masters wrote: > On 01/07/2015 01:41 PM, Jason Cooper wrote: > > On Wed, Jan 07, 2015 at 05:27:41PM +, Mark Brown wrote: > >> On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: > >>> On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: > >> > From what I gathered so far, the main reason for _some_ vendors is not > support for "other" OS but actually features that ACPI has and DT > doesn't (like AML; I deliberately ignore statements like "industry > standard"). _If_ such reasons are sound, maybe they have a case for > ACPI-only machines targeted primarily at Linux. > >> > >>> What I got from the replies from HP, Huawei and from earlier discussions > >>> with Jon is that they all hope to get to the point of relying on AML > >>> alone to bridge the differences between SoC families. However, I don't > >>> see that happening with the limited hardware compatibility that the > >>> existing SBSA provides: > >> > >> I tend to agree with you that it's an overreach to think that this is > >> going to completely abstract away the differences between SoCs from > >> different vendors without substantial further standardization work. > >> However it does seem reasonable to expect that features like AML are > >> going to be more successful in handling board differences and > >> incremental revisions of SoCs - things like interactions with system > >> power controllers for example. That seems like a useful win in and of > >> itself, and one that's worth supporting. > > > > This piqued my interest, so I did a little research and found the > > following to describe AML (second para under "What does this mean?") > > > > > > http://community.arm.com/groups/processors/blog/2014/05/01/let-s-talk-acpi-for-servers > > > > iiuc, AML are basically drivers for some low-level functions provided as > > binary blobs via the ACPI tables. > > AML isn't a "driver" per se. Think of it as providing a couple of > methods for doing things like turning on a device, where the interpreted > code might cause e.g. a memory address to be written with a value that > causes a side effect (e.g. talking with a system configuration > co-processor hidden inside the SoC the adjusts the clocking, enables > power, configures PHY parameters, etc.). Most of the "AML" that you see > on servers is actually just informational, or methods that return data > describing the hardware installed. So, similar in scope to an irqchip driver? Because that's what I was thinking when I said "driver", not alsa or drm... Thanks for great description. > > How does this work in a trusted boot scenario? > > No different than on x86. Suprisingly, I don't do much with x86 development-wise. The x86 boxes are just tools to me. So I'm not very familiar with the intricacies there. Do you have a pointer to ACPI update security standards/protocols? > > Can the ACPI tables, and these binary blobs with it, be updated from > > userspace? > > Tables are baked into the firmware and are updated as a result of normal > firmware updates (which already has a defined process). There are > secondary tables that can augment things like the primary DSDT but those > are also provided by the platform. There are only two ways the "OS" > might provide a DSDT, but only including here for pedantry: > > 1). If you compile a kernel specially with an embedded DSDT within the > image itself (nobody does this one any more AFAIK). > > 2). If you attach a special update test DSDT into your initramfs in a > particular way, in which case I believe secure boot already is disabled. > > But these are all developer/debug things, not intended for users running > in a secure boot environment. Right, I'm more concerned about the update process being the vector to inject bad code. > > If so, is there an authentication mechanism (including for non-secure boot > > scenarios)? > > It's no different than scenarios on x86, which are well covered. > > > One of the reasons I've really enjoyed working with ARM platforms and DT > > is the absence of this type of 'feature'. I honestly don't care whether > > the kernel gets the board configuration info from DT or ACPI or FOO, as > > long as we can avoid the security mistakes of the past: > > > > > > http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html > > ACPI is not the great satan. Relax, I'm not saying, nor implying that. :) I *am* saying that upgradeable executable code not
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 02:58:42PM -0500, Jon Masters wrote: > On 01/07/2015 01:41 PM, Jason Cooper wrote: > > On Wed, Jan 07, 2015 at 05:27:41PM +, Mark Brown wrote: > >> On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: > >>> On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: > >> > From what I gathered so far, the main reason for _some_ vendors is not > support for "other" OS but actually features that ACPI has and DT > doesn't (like AML; I deliberately ignore statements like "industry > standard"). _If_ such reasons are sound, maybe they have a case for > ACPI-only machines targeted primarily at Linux. > >> > >>> What I got from the replies from HP, Huawei and from earlier discussions > >>> with Jon is that they all hope to get to the point of relying on AML > >>> alone to bridge the differences between SoC families. However, I don't > >>> see that happening with the limited hardware compatibility that the > >>> existing SBSA provides: > >> > >> I tend to agree with you that it's an overreach to think that this is > >> going to completely abstract away the differences between SoCs from > >> different vendors without substantial further standardization work. > >> However it does seem reasonable to expect that features like AML are > >> going to be more successful in handling board differences and > >> incremental revisions of SoCs - things like interactions with system > >> power controllers for example. That seems like a useful win in and of > >> itself, and one that's worth supporting. > > > > This piqued my interest, so I did a little research and found the > > following to describe AML (second para under "What does this mean?") > > > > > > http://community.arm.com/groups/processors/blog/2014/05/01/let-s-talk-acpi-for-servers > > > > iiuc, AML are basically drivers for some low-level functions provided as > > binary blobs via the ACPI tables. > > AML isn't a "driver" per se. Think of it as providing a couple of > methods for doing things like turning on a device, where the interpreted > code might cause e.g. a memory address to be written with a value that > causes a side effect (e.g. talking with a system configuration > co-processor hidden inside the SoC the adjusts the clocking, enables > power, configures PHY parameters, etc.). Most of the "AML" that you see > on servers is actually just informational, or methods that return data > describing the hardware installed. So, similar in scope to an irqchip driver? Because that's what I was thinking when I said "driver", not alsa or drm... Thanks for great description. > > How does this work in a trusted boot scenario? > > No different than on x86. Suprisingly, I don't do much with x86 development-wise. The x86 boxes are just tools to me. So I'm not very familiar with the intricacies there. Do you have a pointer to ACPI update security standards/protocols? > > Can the ACPI tables, and these binary blobs with it, be updated from > > userspace? > > Tables are baked into the firmware and are updated as a result of normal > firmware updates (which already has a defined process). There are > secondary tables that can augment things like the primary DSDT but those > are also provided by the platform. There are only two ways the "OS" > might provide a DSDT, but only including here for pedantry: > > 1). If you compile a kernel specially with an embedded DSDT within the > image itself (nobody does this one any more AFAIK). > > 2). If you attach a special update test DSDT into your initramfs in a > particular way, in which case I believe secure boot already is disabled. > > But these are all developer/debug things, not intended for users running > in a secure boot environment. Right, I'm more concerned about the update process being the vector to inject bad code. > > If so, is there an authentication mechanism (including for non-secure boot > > scenarios)? > > It's no different than scenarios on x86, which are well covered. > > > One of the reasons I've really enjoyed working with ARM platforms and DT > > is the absence of this type of 'feature'. I honestly don't care whether > > the kernel gets the board configuration info from DT or ACPI or FOO, as > > long as we can avoid the security mistakes of the past: > > > > > > http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html > > ACPI is not the great satan. Relax, I'm not saying, nor implying that. :) I *am* saying that upgradeable executable code not loaded from traditional OS storage (harddisk, flash) is a valid security concern. > I'm aware certain others in the community have written missinformed > blog posts and G+ rants equating ACPI with SMI and even with various > other system firmware. You're in luck, I don't blog or do social media. :-P > I can't force someone to become informed on a topic, especially if > it's politically useful to them to hate on ACPI and
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/07/2015 03:05 PM, Mark Brown wrote: > On Wed, Jan 07, 2015 at 08:48:48PM +0100, Arnd Bergmann wrote: >> On Wednesday 07 January 2015 12:44:56 Jon Masters wrote: >>> On 01/07/2015 12:27 PM, Mark Brown wrote: > That level of hardware compatibility does partly come from the need to run existing software. I'd expect that similar effects will start to come into play with ARMv8 ACPI systems if they become successful; people will do things like ensure compatibility with common IPs that have existing Linux drivers that distros tend to include as standard. > >>> Agreed. > >> There are two problems I see in trying to do the same thing on ARM: > >> * we don't have a single vendor that makes de-facto standards that >> everyone else has to copy in the way that the few remaining x86 >> vendors copy everything that Intel does. In fact, we prefer to >> have a large number of independent vendors. > > Right, I'd guess that (modulo any standards being defined and becoming > successful) it'll more be a case of vendors keeping compatibility with > their own stuff. We *are* seeing greater reliance on off the shelf IPs > for more boring things like DMA and basic bus controllers but there's > plenty of other areas that still affect servers. I expect to see a greater level of standardization. SBBR is the beginning, but it is far from the end. There will be a lot more as the vendors come together and agree on common platform components. I've spent a lot of time over the past few years with a large number of vendors going over lots of these issues in lieu of more of a Windows Hardware Qualification style guide. I intend to have one this year that captures what Red Hat think an ARM server looks like, and to circulate that among the broader ecosystem of vendors to feed into SBBR++. >> * There is a general mindset about deprecating unwanted features >> early. ARMv8 aarch32 bit mode removes support for older instructions >> or makes them optional. Even the virtualization mode doesn't allow >> to trap on architecture version specific differences, so you can't >> completely emulate an older architecture level. >> This is nice for implementers but not so much for users that rely >> on old (mis-)features. It's also not just the CPU core, other >> components also get easily replaced, like a GICv3 that is not >> a strict superset of GICv2. > > This is indeed worrying, though hopefully the fact that we're already > seeing negative impacts in the app ecosystem for Android will have > focused some minds - once you're talking about full system images it > gets even more fun. GICv2/3 was something a bunch of us discussed years ago. At the time we debated whether there was a need to compel the superset option. It was deemed early enough not to be a critical issue. But there have already been other cases where we've pushed to ensure backward compatibility for all time. And there will be more of those as the ecosystem develops out into a world of existing Operating System images and apps that need to run on these emerging platforms. Deprecating instructions and formalizing other behaviors is an area where it's ephemeral - what made sense in the past might not make sense in the future, and ARM know that. Their architecture team features some of the smartest minds. (on architecture revisions, Red Hat has stated in the past that we only care about AArch64, not even running 32-bit code on 64-bit processors, which is one reason I have pushed for some silicon designs not to implement the 32-bit compatibility when it comes to servers) Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/07/2015 02:58 PM, Jon Masters wrote: > On 01/07/2015 01:41 PM, Jason Cooper wrote: >> One of the reasons I've really enjoyed working with ARM platforms and DT >> is the absence of this type of 'feature'. I honestly don't care whether >> the kernel gets the board configuration info from DT or ACPI or FOO, as >> long as we can avoid the security mistakes of the past: >> >> >> http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html > > ACPI is not the great satan. I'm aware certain others in the community > have written missinformed blog posts and G+ rants equating ACPI with SMI > and even with various other system firmware. I can't force someone to > become informed on a topic, especially if it's politically useful to > them to hate on ACPI and use the security paranoia handwavy argument. To clarify, and this is not directed at you Jason, it is politically useful to some who have written rants those business models are built upon being paid to enable platforms. For those folks, standardized platforms which allow a common OS approach are seen as threatening. In the previous rants (which were really instigated as a result of the above) ACPI was equated with SMM (System Management Mode), which is a bit like the Secure/Trusted world on AArch64 in which you might run another "Trusted" OS. These are the places where you want to watch out to malware of the kind cited in your link, not in ACPI tables. Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 08:48:48PM +0100, Arnd Bergmann wrote: > On Wednesday 07 January 2015 12:44:56 Jon Masters wrote: > > On 01/07/2015 12:27 PM, Mark Brown wrote: > > > That level of hardware compatibility does partly come from the need to > > > run existing software. I'd expect that similar effects will start to > > > come into play with ARMv8 ACPI systems if they become successful; people > > > will do things like ensure compatibility with common IPs that have > > > existing Linux drivers that distros tend to include as standard. > > Agreed. > There are two problems I see in trying to do the same thing on ARM: > * we don't have a single vendor that makes de-facto standards that > everyone else has to copy in the way that the few remaining x86 > vendors copy everything that Intel does. In fact, we prefer to > have a large number of independent vendors. Right, I'd guess that (modulo any standards being defined and becoming successful) it'll more be a case of vendors keeping compatibility with their own stuff. We *are* seeing greater reliance on off the shelf IPs for more boring things like DMA and basic bus controllers but there's plenty of other areas that still affect servers. > * There is a general mindset about deprecating unwanted features > early. ARMv8 aarch32 bit mode removes support for older instructions > or makes them optional. Even the virtualization mode doesn't allow > to trap on architecture version specific differences, so you can't > completely emulate an older architecture level. > This is nice for implementers but not so much for users that rely > on old (mis-)features. It's also not just the CPU core, other > components also get easily replaced, like a GICv3 that is not > a strict superset of GICv2. This is indeed worrying, though hopefully the fact that we're already seeing negative impacts in the app ecosystem for Android will have focused some minds - once you're talking about full system images it gets even more fun. signature.asc Description: Digital signature
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/07/2015 01:41 PM, Jason Cooper wrote: > On Wed, Jan 07, 2015 at 05:27:41PM +, Mark Brown wrote: >> On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: >>> On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: >> From what I gathered so far, the main reason for _some_ vendors is not support for "other" OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like "industry standard"). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. >> >>> What I got from the replies from HP, Huawei and from earlier discussions >>> with Jon is that they all hope to get to the point of relying on AML >>> alone to bridge the differences between SoC families. However, I don't >>> see that happening with the limited hardware compatibility that the >>> existing SBSA provides: >> >> I tend to agree with you that it's an overreach to think that this is >> going to completely abstract away the differences between SoCs from >> different vendors without substantial further standardization work. >> However it does seem reasonable to expect that features like AML are >> going to be more successful in handling board differences and >> incremental revisions of SoCs - things like interactions with system >> power controllers for example. That seems like a useful win in and of >> itself, and one that's worth supporting. > > This piqued my interest, so I did a little research and found the > following to describe AML (second para under "What does this mean?") > > > http://community.arm.com/groups/processors/blog/2014/05/01/let-s-talk-acpi-for-servers > > iiuc, AML are basically drivers for some low-level functions provided as > binary blobs via the ACPI tables. AML isn't a "driver" per se. Think of it as providing a couple of methods for doing things like turning on a device, where the interpreted code might cause e.g. a memory address to be written with a value that causes a side effect (e.g. talking with a system configuration co-processor hidden inside the SoC the adjusts the clocking, enables power, configures PHY parameters, etc.). Most of the "AML" that you see on servers is actually just informational, or methods that return data describing the hardware installed. > How does this work in a trusted boot scenario? No different than on x86. > Can the ACPI tables, and these binary blobs with it, be updated from > userspace? Tables are baked into the firmware and are updated as a result of normal firmware updates (which already has a defined process). There are secondary tables that can augment things like the primary DSDT but those are also provided by the platform. There are only two ways the "OS" might provide a DSDT, but only including here for pedantry: 1). If you compile a kernel specially with an embedded DSDT within the image itself (nobody does this one any more AFAIK). 2). If you attach a special update test DSDT into your initramfs in a particular way, in which case I believe secure boot already is disabled. But these are all developer/debug things, not intended for users running in a secure boot environment. > If so, is there an authentication mechanism (including for non-secure boot > scenarios)? It's no different than scenarios on x86, which are well covered. > One of the reasons I've really enjoyed working with ARM platforms and DT > is the absence of this type of 'feature'. I honestly don't care whether > the kernel gets the board configuration info from DT or ACPI or FOO, as > long as we can avoid the security mistakes of the past: > > > http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html ACPI is not the great satan. I'm aware certain others in the community have written missinformed blog posts and G+ rants equating ACPI with SMI and even with various other system firmware. I can't force someone to become informed on a topic, especially if it's politically useful to them to hate on ACPI and use the security paranoia handwavy argument. > I'm not advocating "throw out AML and ACPI with it!", rather I'd like to > see a serious, open, discussion about the security implications of a > convenience feature such as AML. AML is in (almost) every server you're using today. What you want to be worried about is hidden firmware, especially what might be running inside a Trusted environment or inside an SMI context, or the radio firmware on your phone that the NSA have backdoored. Once we've solved every other issue, we can come back to whether the extremely limited capabilities of AML are what the evil bad guys are using to infiltrate our minds and make us think that we all want to use ACPI. Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wednesday 07 January 2015 12:44:56 Jon Masters wrote: > On 01/07/2015 12:27 PM, Mark Brown wrote: > > On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: > >> On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: > > > >>> From what I gathered so far, the main reason for _some_ vendors is not > >>> support for "other" OS but actually features that ACPI has and DT > >>> doesn't (like AML; I deliberately ignore statements like "industry > >>> standard"). _If_ such reasons are sound, maybe they have a case for > >>> ACPI-only machines targeted primarily at Linux. > > > >> What I got from the replies from HP, Huawei and from earlier discussions > >> with Jon is that they all hope to get to the point of relying on AML > >> alone to bridge the differences between SoC families. > > I'm expecting to need new drivers for SoC IP blocks that are net new, > but generational differences between iterations of the same SoC should > be abstracted behind the firmware (and we are already seeing this with > at least one platform). Platform wise, it's nice to already see e.g. > mmconfig working to handle the specific ways a platform wires PCI. Yes, the parts that are mandated by SBSA, like the way that PCI needs to be done are generally good. Unfortunately a lot of the hardware that I've seen has a rather lax interpretation of the spec, so just because something is mandated doesn't mean it's done that way ;-) In other cases that's actually a good thing. One such example is the "Principles of ARM Memory Maps" document that tells hardware implementers to do a rather complex mapping "To support 36-bit x86 PAE compatible operating systems, such as Linux." but makes life much harder in the process than any of the random mappings we have seen in the wild. > > I tend to agree with you that it's an overreach to think that this is > > going to completely abstract away the differences between SoCs from > > different vendors without substantial further standardization work. > > (which we plan to do - I intend ultimately for us to have an answer to > the Windows Hardware Qualification guides for ARM server systems) Ok, good. > >> The main problem here is that can AML only cover part of the problem: > >> it can talk to a clock controller e.g. over I2C, SPI, GPIO, UART > >> or IPMI, but you still need a device driver in the kernel to talk to > >> those, and SBSA doesn't mandate a specific implementation so you can > >> expect every other SoC that is coming out to have a different one. > > > >> Similarly, SBSA is rather vague about some peripherals it mandates, > >> and if a new SoC has a slightly different AHCI variation, there is > >> nothing you can do about it in AML. > > > >> x86 gets around this problem by having an extreme level of hardware > >> backwards compatibility, so you don't even need AML for this and > >> can generally boot a (almost) full-featured Linux kernel with > >> acpi=off on the command line. > > > > That level of hardware compatibility does partly come from the need to > > run existing software. I'd expect that similar effects will start to > > come into play with ARMv8 ACPI systems if they become successful; people > > will do things like ensure compatibility with common IPs that have > > existing Linux drivers that distros tend to include as standard. > > Agreed. There are two problems I see in trying to do the same thing on ARM: * we don't have a single vendor that makes de-facto standards that everyone else has to copy in the way that the few remaining x86 vendors copy everything that Intel does. In fact, we prefer to have a large number of independent vendors. * There is a general mindset about deprecating unwanted features early. ARMv8 aarch32 bit mode removes support for older instructions or makes them optional. Even the virtualization mode doesn't allow to trap on architecture version specific differences, so you can't completely emulate an older architecture level. This is nice for implementers but not so much for users that rely on old (mis-)features. It's also not just the CPU core, other components also get easily replaced, like a GICv3 that is not a strict superset of GICv2. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 05:27:41PM +, Mark Brown wrote: > On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: > > On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: > > > > From what I gathered so far, the main reason for _some_ vendors is not > > > support for "other" OS but actually features that ACPI has and DT > > > doesn't (like AML; I deliberately ignore statements like "industry > > > standard"). _If_ such reasons are sound, maybe they have a case for > > > ACPI-only machines targeted primarily at Linux. > > > What I got from the replies from HP, Huawei and from earlier discussions > > with Jon is that they all hope to get to the point of relying on AML > > alone to bridge the differences between SoC families. However, I don't > > see that happening with the limited hardware compatibility that the > > existing SBSA provides: > > I tend to agree with you that it's an overreach to think that this is > going to completely abstract away the differences between SoCs from > different vendors without substantial further standardization work. > However it does seem reasonable to expect that features like AML are > going to be more successful in handling board differences and > incremental revisions of SoCs - things like interactions with system > power controllers for example. That seems like a useful win in and of > itself, and one that's worth supporting. This piqued my interest, so I did a little research and found the following to describe AML (second para under "What does this mean?") http://community.arm.com/groups/processors/blog/2014/05/01/let-s-talk-acpi-for-servers iiuc, AML are basically drivers for some low-level functions provided as binary blobs via the ACPI tables. How does this work in a trusted boot scenario? Can the ACPI tables, and these binary blobs with it, be updated from userspace? If so, is there an authentication mechanism (including for non-secure boot scenarios)? One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html """ ... The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. ... """ I'm not advocating "throw out AML and ACPI with it!", rather I'd like to see a serious, open, discussion about the security implications of a convenience feature such as AML. And wrt the kernel, we should ensure we can always provide a fallback for users who prefer not to trust the binary blobs. Which shouldn't be too difficult as we aren't dependent on AML or similar atm. thx, Jason. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/07/2015 12:27 PM, Mark Brown wrote: > On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: >> On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: > >>> From what I gathered so far, the main reason for _some_ vendors is not >>> support for "other" OS but actually features that ACPI has and DT >>> doesn't (like AML; I deliberately ignore statements like "industry >>> standard"). _If_ such reasons are sound, maybe they have a case for >>> ACPI-only machines targeted primarily at Linux. > >> What I got from the replies from HP, Huawei and from earlier discussions >> with Jon is that they all hope to get to the point of relying on AML >> alone to bridge the differences between SoC families. I'm expecting to need new drivers for SoC IP blocks that are net new, but generational differences between iterations of the same SoC should be abstracted behind the firmware (and we are already seeing this with at least one platform). Platform wise, it's nice to already see e.g. mmconfig working to handle the specific ways a platform wires PCI. > I tend to agree with you that it's an overreach to think that this is > going to completely abstract away the differences between SoCs from > different vendors without substantial further standardization work. (which we plan to do - I intend ultimately for us to have an answer to the Windows Hardware Qualification guides for ARM server systems) > However it does seem reasonable to expect that features like AML are > going to be more successful in handling board differences and > incremental revisions of SoCs - things like interactions with system > power controllers for example. That seems like a useful win in and of > itself, and one that's worth supporting. Indeed. >> The main problem here is that can AML only cover part of the problem: >> it can talk to a clock controller e.g. over I2C, SPI, GPIO, UART >> or IPMI, but you still need a device driver in the kernel to talk to >> those, and SBSA doesn't mandate a specific implementation so you can >> expect every other SoC that is coming out to have a different one. > >> Similarly, SBSA is rather vague about some peripherals it mandates, >> and if a new SoC has a slightly different AHCI variation, there is >> nothing you can do about it in AML. > >> x86 gets around this problem by having an extreme level of hardware >> backwards compatibility, so you don't even need AML for this and >> can generally boot a (almost) full-featured Linux kernel with >> acpi=off on the command line. > > That level of hardware compatibility does partly come from the need to > run existing software. I'd expect that similar effects will start to > come into play with ARMv8 ACPI systems if they become successful; people > will do things like ensure compatibility with common IPs that have > existing Linux drivers that distros tend to include as standard. Agreed. Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: > On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: > > From what I gathered so far, the main reason for _some_ vendors is not > > support for "other" OS but actually features that ACPI has and DT > > doesn't (like AML; I deliberately ignore statements like "industry > > standard"). _If_ such reasons are sound, maybe they have a case for > > ACPI-only machines targeted primarily at Linux. > What I got from the replies from HP, Huawei and from earlier discussions > with Jon is that they all hope to get to the point of relying on AML > alone to bridge the differences between SoC families. However, I don't > see that happening with the limited hardware compatibility that the > existing SBSA provides: I tend to agree with you that it's an overreach to think that this is going to completely abstract away the differences between SoCs from different vendors without substantial further standardization work. However it does seem reasonable to expect that features like AML are going to be more successful in handling board differences and incremental revisions of SoCs - things like interactions with system power controllers for example. That seems like a useful win in and of itself, and one that's worth supporting. > The main problem here is that can AML only cover part of the problem: > it can talk to a clock controller e.g. over I2C, SPI, GPIO, UART > or IPMI, but you still need a device driver in the kernel to talk to > those, and SBSA doesn't mandate a specific implementation so you can > expect every other SoC that is coming out to have a different one. > Similarly, SBSA is rather vague about some peripherals it mandates, > and if a new SoC has a slightly different AHCI variation, there is > nothing you can do about it in AML. > x86 gets around this problem by having an extreme level of hardware > backwards compatibility, so you don't even need AML for this and > can generally boot a (almost) full-featured Linux kernel with > acpi=off on the command line. That level of hardware compatibility does partly come from the need to run existing software. I'd expect that similar effects will start to come into play with ARMv8 ACPI systems if they become successful; people will do things like ensure compatibility with common IPs that have existing Linux drivers that distros tend to include as standard. signature.asc Description: Digital signature
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: > On Wed, Jan 07, 2015 at 10:36:13AM +, Arnd Bergmann wrote: > > On Tuesday 06 January 2015 23:55:58 Jon Masters wrote: > > > On 01/06/2015 05:06 PM, Jon Masters wrote: > > > > On 01/06/2015 02:21 PM, Arnd Bergmann wrote: > > > >> On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: > > > >>> On 01/06/2015 06:20 AM, Catalin Marinas wrote: > > > >>> > > > Now, what's preventing a vendor firmware from providing only ACPI > > > tables? Do we enforce it in some way (arm-acpi.txt, kernel warning > > > etc.) > > > that both DT and ACPI are supported, or at least that dts files are > > > merged in the kernel first? > > > >>> > > > >>> I know of some (server) firmware that will only provide ACPI in the > > > >>> medium term, so this is coming. > > > >> > > > >> Medium term is fine, as long as they are not expecting their hardware > > > >> to be supported by Linux before ACPI support is stable enough for > > > >> general consumption. > > > > > > > > To be clear, I think that's reasonable for upstream. I may love ACPI, > > > > but vendors can always ship kernels with a config supporting ACPI only > > > > platforms in the interim period if they have a commercial justification > > > > and that doesn't have to be supported in terms of the upstream default. > > > > I would hope that none of the ACPI-only machines are meant to run Linux > > as a primary operating system, that would be very sad. > > I keep hearing different stories around this. I think this goes back to > the last point on Al's to-do list, the reason _why_ vendors need ACPI. > As you mentioned some time ago, I would also like to see a summary of > such reasons included in the cover letter for the arm64 ACPI patches. In > the meantime, we can assume that DT is required. Right, if we can finish the discussion about the reason for having ACPI, we can skip a lot of pointless back-and-forth on the other issues. > From what I gathered so far, the main reason for _some_ vendors is not > support for "other" OS but actually features that ACPI has and DT > doesn't (like AML; I deliberately ignore statements like "industry > standard"). _If_ such reasons are sound, maybe they have a case for > ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. However, I don't see that happening with the limited hardware compatibility that the existing SBSA provides: > In theory, it may be beneficial to the kernel maintainers as such > ACPI-only machine would potentially require less kernel driver code > compared to DT. For example, no need for pin control, clocks or voltage > regulator drivers as they are handled in AML. Of course, the counter > argument is that it's harder to debug when problems appear but I would > expect on such ACPI-only machines that the hardware vendor is very > active on solving them (I'm more thinking for machines that sit in some > data centre and are actively maintained rather than some board I keep in > my house; for the latter, I definitely prefer DT and full control). The main problem here is that can AML only cover part of the problem: it can talk to a clock controller e.g. over I2C, SPI, GPIO, UART or IPMI, but you still need a device driver in the kernel to talk to those, and SBSA doesn't mandate a specific implementation so you can expect every other SoC that is coming out to have a different one. Similarly, SBSA is rather vague about some peripherals it mandates, and if a new SoC has a slightly different AHCI variation, there is nothing you can do about it in AML. x86 gets around this problem by having an extreme level of hardware backwards compatibility, so you don't even need AML for this and can generally boot a (almost) full-featured Linux kernel with acpi=off on the command line. > > Vendors that are interested in Linux support should instead work on getting > > their hardware supported upstream so they don't need a private kernel to > > match their private firmware. > > I agree, irrespective of whether they target ACPI longer term or not. > > As I said yesterday, at some point in the future, ACPI-only SoC support > may not require any new kernel code, just usual PCIe drivers that may > already be there. If we ever get to that stage (it's not a kernel > problem, it's more about SoC standardisation), vendors would be able to > run mainline kernels without additional driver code with a few SoC > differences handled by AML (e.g. clocks). At that point, I don't see any > incentive for them to upstream additional driver code (e.g. clocks) just > to support a DT-only kernel. We are probably still a long way, nothing > to worry about just yet ;). Agreed on all points, yes. Arnd -- To unsubscribe from this list: send the line "unsubscribe
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 10:36:13AM +, Arnd Bergmann wrote: > On Tuesday 06 January 2015 23:55:58 Jon Masters wrote: > > On 01/06/2015 05:06 PM, Jon Masters wrote: > > > On 01/06/2015 02:21 PM, Arnd Bergmann wrote: > > >> On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: > > >>> On 01/06/2015 06:20 AM, Catalin Marinas wrote: > > >>> > > Now, what's preventing a vendor firmware from providing only ACPI > > tables? Do we enforce it in some way (arm-acpi.txt, kernel warning > > etc.) > > that both DT and ACPI are supported, or at least that dts files are > > merged in the kernel first? > > >>> > > >>> I know of some (server) firmware that will only provide ACPI in the > > >>> medium term, so this is coming. > > >> > > >> Medium term is fine, as long as they are not expecting their hardware > > >> to be supported by Linux before ACPI support is stable enough for > > >> general consumption. > > > > > > To be clear, I think that's reasonable for upstream. I may love ACPI, > > > but vendors can always ship kernels with a config supporting ACPI only > > > platforms in the interim period if they have a commercial justification > > > and that doesn't have to be supported in terms of the upstream default. > > I would hope that none of the ACPI-only machines are meant to run Linux > as a primary operating system, that would be very sad. I keep hearing different stories around this. I think this goes back to the last point on Al's to-do list, the reason _why_ vendors need ACPI. As you mentioned some time ago, I would also like to see a summary of such reasons included in the cover letter for the arm64 ACPI patches. In the meantime, we can assume that DT is required. >From what I gathered so far, the main reason for _some_ vendors is not support for "other" OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like "industry standard"). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. In theory, it may be beneficial to the kernel maintainers as such ACPI-only machine would potentially require less kernel driver code compared to DT. For example, no need for pin control, clocks or voltage regulator drivers as they are handled in AML. Of course, the counter argument is that it's harder to debug when problems appear but I would expect on such ACPI-only machines that the hardware vendor is very active on solving them (I'm more thinking for machines that sit in some data centre and are actively maintained rather than some board I keep in my house; for the latter, I definitely prefer DT and full control). > Vendors that are interested in Linux support should instead work on getting > their hardware supported upstream so they don't need a private kernel to > match their private firmware. I agree, irrespective of whether they target ACPI longer term or not. As I said yesterday, at some point in the future, ACPI-only SoC support may not require any new kernel code, just usual PCIe drivers that may already be there. If we ever get to that stage (it's not a kernel problem, it's more about SoC standardisation), vendors would be able to run mainline kernels without additional driver code with a few SoC differences handled by AML (e.g. clocks). At that point, I don't see any incentive for them to upstream additional driver code (e.g. clocks) just to support a DT-only kernel. We are probably still a long way, nothing to worry about just yet ;). -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tuesday 06 January 2015 23:55:58 Jon Masters wrote: > On 01/06/2015 05:06 PM, Jon Masters wrote: > > Hi Arnd, > > > > Happy New Year! > > > > On 01/06/2015 02:21 PM, Arnd Bergmann wrote: > >> On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: > >>> On 01/06/2015 06:20 AM, Catalin Marinas wrote: > >>> > Now, what's preventing a vendor firmware from providing only ACPI > tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) > that both DT and ACPI are supported, or at least that dts files are > merged in the kernel first? > >>> > >>> I know of some (server) firmware that will only provide ACPI in the > >>> medium term, so this is coming. > >> > >> Medium term is fine, as long as they are not expecting their hardware > >> to be supported by Linux before ACPI support is stable enough for > >> general consumption. > > > > To be clear, I think that's reasonable for upstream. I may love ACPI, > > but vendors can always ship kernels with a config supporting ACPI only > > platforms in the interim period if they have a commercial justification > > and that doesn't have to be supported in terms of the upstream default. I would hope that none of the ACPI-only machines are meant to run Linux as a primary operating system, that would be very sad. Vendors that are interested in Linux support should instead work on getting their hardware supported upstream so they don't need a private kernel to match their private firmware. > > But, perhaps there's a way to have it both ways, you could consider also > > a CONFIG_EXPERT option that would allow you to build a kernel with ACPI > > only support in the medium term. That way, if someone is running a > > vendor kernel, but wants to track upstream development more closely, > > they can do so on such hardware by enabling the expert config bit. I don't see how this helps. The main point of requiring users to add the option is to ensure that everyone understands the support is experimental and not guaranteed to work across firmware releases or kernel versions, until we have stopped making incompatible changes. If someone is tracking the upstream kernel, they should know that they have to get working DT support in first, and test both ways with the same kernel anyway. > Clarification: I'm suggesting that in the medium term the dependency > upon CONFIG_EXPERT either goes away or is replaced with requiring ACPI > and DTB in the non "expert" case Sure, no debate on that. > and requiring "expert" selected to allow a kernel that will boot with > ACPI only. But only a suggestion. This is a separate issue. I personally think we shouldn't bother with this, as such a configuration would just break a lot of assumptions we make today and removes hardware support, but it's something we can discuss after we get to the point of having ACPI enabled by default. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tuesday 06 January 2015 23:55:58 Jon Masters wrote: On 01/06/2015 05:06 PM, Jon Masters wrote: Hi Arnd, Happy New Year! On 01/06/2015 02:21 PM, Arnd Bergmann wrote: On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: On 01/06/2015 06:20 AM, Catalin Marinas wrote: Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? I know of some (server) firmware that will only provide ACPI in the medium term, so this is coming. Medium term is fine, as long as they are not expecting their hardware to be supported by Linux before ACPI support is stable enough for general consumption. To be clear, I think that's reasonable for upstream. I may love ACPI, but vendors can always ship kernels with a config supporting ACPI only platforms in the interim period if they have a commercial justification and that doesn't have to be supported in terms of the upstream default. I would hope that none of the ACPI-only machines are meant to run Linux as a primary operating system, that would be very sad. Vendors that are interested in Linux support should instead work on getting their hardware supported upstream so they don't need a private kernel to match their private firmware. But, perhaps there's a way to have it both ways, you could consider also a CONFIG_EXPERT option that would allow you to build a kernel with ACPI only support in the medium term. That way, if someone is running a vendor kernel, but wants to track upstream development more closely, they can do so on such hardware by enabling the expert config bit. I don't see how this helps. The main point of requiring users to add the option is to ensure that everyone understands the support is experimental and not guaranteed to work across firmware releases or kernel versions, until we have stopped making incompatible changes. If someone is tracking the upstream kernel, they should know that they have to get working DT support in first, and test both ways with the same kernel anyway. Clarification: I'm suggesting that in the medium term the dependency upon CONFIG_EXPERT either goes away or is replaced with requiring ACPI and DTB in the non expert case Sure, no debate on that. and requiring expert selected to allow a kernel that will boot with ACPI only. But only a suggestion. This is a separate issue. I personally think we shouldn't bother with this, as such a configuration would just break a lot of assumptions we make today and removes hardware support, but it's something we can discuss after we get to the point of having ACPI enabled by default. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 10:36:13AM +, Arnd Bergmann wrote: On Tuesday 06 January 2015 23:55:58 Jon Masters wrote: On 01/06/2015 05:06 PM, Jon Masters wrote: On 01/06/2015 02:21 PM, Arnd Bergmann wrote: On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: On 01/06/2015 06:20 AM, Catalin Marinas wrote: Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? I know of some (server) firmware that will only provide ACPI in the medium term, so this is coming. Medium term is fine, as long as they are not expecting their hardware to be supported by Linux before ACPI support is stable enough for general consumption. To be clear, I think that's reasonable for upstream. I may love ACPI, but vendors can always ship kernels with a config supporting ACPI only platforms in the interim period if they have a commercial justification and that doesn't have to be supported in terms of the upstream default. I would hope that none of the ACPI-only machines are meant to run Linux as a primary operating system, that would be very sad. I keep hearing different stories around this. I think this goes back to the last point on Al's to-do list, the reason _why_ vendors need ACPI. As you mentioned some time ago, I would also like to see a summary of such reasons included in the cover letter for the arm64 ACPI patches. In the meantime, we can assume that DT is required. From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. In theory, it may be beneficial to the kernel maintainers as such ACPI-only machine would potentially require less kernel driver code compared to DT. For example, no need for pin control, clocks or voltage regulator drivers as they are handled in AML. Of course, the counter argument is that it's harder to debug when problems appear but I would expect on such ACPI-only machines that the hardware vendor is very active on solving them (I'm more thinking for machines that sit in some data centre and are actively maintained rather than some board I keep in my house; for the latter, I definitely prefer DT and full control). Vendors that are interested in Linux support should instead work on getting their hardware supported upstream so they don't need a private kernel to match their private firmware. I agree, irrespective of whether they target ACPI longer term or not. As I said yesterday, at some point in the future, ACPI-only SoC support may not require any new kernel code, just usual PCIe drivers that may already be there. If we ever get to that stage (it's not a kernel problem, it's more about SoC standardisation), vendors would be able to run mainline kernels without additional driver code with a few SoC differences handled by AML (e.g. clocks). At that point, I don't see any incentive for them to upstream additional driver code (e.g. clocks) just to support a DT-only kernel. We are probably still a long way, nothing to worry about just yet ;). -- Catalin -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: On Wed, Jan 07, 2015 at 10:36:13AM +, Arnd Bergmann wrote: On Tuesday 06 January 2015 23:55:58 Jon Masters wrote: On 01/06/2015 05:06 PM, Jon Masters wrote: On 01/06/2015 02:21 PM, Arnd Bergmann wrote: On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: On 01/06/2015 06:20 AM, Catalin Marinas wrote: Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? I know of some (server) firmware that will only provide ACPI in the medium term, so this is coming. Medium term is fine, as long as they are not expecting their hardware to be supported by Linux before ACPI support is stable enough for general consumption. To be clear, I think that's reasonable for upstream. I may love ACPI, but vendors can always ship kernels with a config supporting ACPI only platforms in the interim period if they have a commercial justification and that doesn't have to be supported in terms of the upstream default. I would hope that none of the ACPI-only machines are meant to run Linux as a primary operating system, that would be very sad. I keep hearing different stories around this. I think this goes back to the last point on Al's to-do list, the reason _why_ vendors need ACPI. As you mentioned some time ago, I would also like to see a summary of such reasons included in the cover letter for the arm64 ACPI patches. In the meantime, we can assume that DT is required. Right, if we can finish the discussion about the reason for having ACPI, we can skip a lot of pointless back-and-forth on the other issues. From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. However, I don't see that happening with the limited hardware compatibility that the existing SBSA provides: In theory, it may be beneficial to the kernel maintainers as such ACPI-only machine would potentially require less kernel driver code compared to DT. For example, no need for pin control, clocks or voltage regulator drivers as they are handled in AML. Of course, the counter argument is that it's harder to debug when problems appear but I would expect on such ACPI-only machines that the hardware vendor is very active on solving them (I'm more thinking for machines that sit in some data centre and are actively maintained rather than some board I keep in my house; for the latter, I definitely prefer DT and full control). The main problem here is that can AML only cover part of the problem: it can talk to a clock controller e.g. over I2C, SPI, GPIO, UART or IPMI, but you still need a device driver in the kernel to talk to those, and SBSA doesn't mandate a specific implementation so you can expect every other SoC that is coming out to have a different one. Similarly, SBSA is rather vague about some peripherals it mandates, and if a new SoC has a slightly different AHCI variation, there is nothing you can do about it in AML. x86 gets around this problem by having an extreme level of hardware backwards compatibility, so you don't even need AML for this and can generally boot a (almost) full-featured Linux kernel with acpi=off on the command line. Vendors that are interested in Linux support should instead work on getting their hardware supported upstream so they don't need a private kernel to match their private firmware. I agree, irrespective of whether they target ACPI longer term or not. As I said yesterday, at some point in the future, ACPI-only SoC support may not require any new kernel code, just usual PCIe drivers that may already be there. If we ever get to that stage (it's not a kernel problem, it's more about SoC standardisation), vendors would be able to run mainline kernels without additional driver code with a few SoC differences handled by AML (e.g. clocks). At that point, I don't see any incentive for them to upstream additional driver code (e.g. clocks) just to support a DT-only kernel. We are probably still a long way, nothing to worry about just yet ;). Agreed on all points, yes. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 03:05:14PM -0500, Jon Masters wrote: On 01/07/2015 02:58 PM, Jon Masters wrote: On 01/07/2015 01:41 PM, Jason Cooper wrote: One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html ACPI is not the great satan. I'm aware certain others in the community have written missinformed blog posts and G+ rants equating ACPI with SMI and even with various other system firmware. I can't force someone to become informed on a topic, especially if it's politically useful to them to hate on ACPI and use the security paranoia handwavy argument. To clarify, and this is not directed at you Jason, it is politically useful to some who have written rants those business models are built upon being paid to enable platforms. For those folks, standardized platforms which allow a common OS approach are seen as threatening. Ahh, thanks for clarifying. In the previous rants (which were really instigated as a result of the above) ACPI was equated with SMM (System Management Mode), which is a bit like the Secure/Trusted world on AArch64 in which you might run another Trusted OS. These are the places where you want to watch out to malware of the kind cited in your link, not in ACPI tables. fwiw, I *am* concerned about those spaces. It seems we agree on their vulnerability to attack (plus being meaty targets). To more concisely state my other reply to you, wrt to AML, I'm primarily concerned about a malicious update to the ACPI tables. The ACPI tables in the update would be otherwise normal, except for the AML blob that contains some extra code. The malicious payload. Then, a routine call into an AML (for pinctrl, say) executes the malicious code. The plausibility and preventability of that style of attack is what I'm hoping to nail down with this discussion. thx, Jason. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wednesday 07 January 2015 12:44:56 Jon Masters wrote: On 01/07/2015 12:27 PM, Mark Brown wrote: On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. I'm expecting to need new drivers for SoC IP blocks that are net new, but generational differences between iterations of the same SoC should be abstracted behind the firmware (and we are already seeing this with at least one platform). Platform wise, it's nice to already see e.g. mmconfig working to handle the specific ways a platform wires PCI. Yes, the parts that are mandated by SBSA, like the way that PCI needs to be done are generally good. Unfortunately a lot of the hardware that I've seen has a rather lax interpretation of the spec, so just because something is mandated doesn't mean it's done that way ;-) In other cases that's actually a good thing. One such example is the Principles of ARM Memory Maps document that tells hardware implementers to do a rather complex mapping To support 36-bit x86 PAE compatible operating systems, such as Linux. but makes life much harder in the process than any of the random mappings we have seen in the wild. I tend to agree with you that it's an overreach to think that this is going to completely abstract away the differences between SoCs from different vendors without substantial further standardization work. (which we plan to do - I intend ultimately for us to have an answer to the Windows Hardware Qualification guides for ARM server systems) Ok, good. The main problem here is that can AML only cover part of the problem: it can talk to a clock controller e.g. over I2C, SPI, GPIO, UART or IPMI, but you still need a device driver in the kernel to talk to those, and SBSA doesn't mandate a specific implementation so you can expect every other SoC that is coming out to have a different one. Similarly, SBSA is rather vague about some peripherals it mandates, and if a new SoC has a slightly different AHCI variation, there is nothing you can do about it in AML. x86 gets around this problem by having an extreme level of hardware backwards compatibility, so you don't even need AML for this and can generally boot a (almost) full-featured Linux kernel with acpi=off on the command line. That level of hardware compatibility does partly come from the need to run existing software. I'd expect that similar effects will start to come into play with ARMv8 ACPI systems if they become successful; people will do things like ensure compatibility with common IPs that have existing Linux drivers that distros tend to include as standard. Agreed. There are two problems I see in trying to do the same thing on ARM: * we don't have a single vendor that makes de-facto standards that everyone else has to copy in the way that the few remaining x86 vendors copy everything that Intel does. In fact, we prefer to have a large number of independent vendors. * There is a general mindset about deprecating unwanted features early. ARMv8 aarch32 bit mode removes support for older instructions or makes them optional. Even the virtualization mode doesn't allow to trap on architecture version specific differences, so you can't completely emulate an older architecture level. This is nice for implementers but not so much for users that rely on old (mis-)features. It's also not just the CPU core, other components also get easily replaced, like a GICv3 that is not a strict superset of GICv2. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/07/2015 02:58 PM, Jon Masters wrote: On 01/07/2015 01:41 PM, Jason Cooper wrote: One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html ACPI is not the great satan. I'm aware certain others in the community have written missinformed blog posts and G+ rants equating ACPI with SMI and even with various other system firmware. I can't force someone to become informed on a topic, especially if it's politically useful to them to hate on ACPI and use the security paranoia handwavy argument. To clarify, and this is not directed at you Jason, it is politically useful to some who have written rants those business models are built upon being paid to enable platforms. For those folks, standardized platforms which allow a common OS approach are seen as threatening. In the previous rants (which were really instigated as a result of the above) ACPI was equated with SMM (System Management Mode), which is a bit like the Secure/Trusted world on AArch64 in which you might run another Trusted OS. These are the places where you want to watch out to malware of the kind cited in your link, not in ACPI tables. Jon. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/07/2015 03:05 PM, Mark Brown wrote: On Wed, Jan 07, 2015 at 08:48:48PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 12:44:56 Jon Masters wrote: On 01/07/2015 12:27 PM, Mark Brown wrote: That level of hardware compatibility does partly come from the need to run existing software. I'd expect that similar effects will start to come into play with ARMv8 ACPI systems if they become successful; people will do things like ensure compatibility with common IPs that have existing Linux drivers that distros tend to include as standard. Agreed. There are two problems I see in trying to do the same thing on ARM: * we don't have a single vendor that makes de-facto standards that everyone else has to copy in the way that the few remaining x86 vendors copy everything that Intel does. In fact, we prefer to have a large number of independent vendors. Right, I'd guess that (modulo any standards being defined and becoming successful) it'll more be a case of vendors keeping compatibility with their own stuff. We *are* seeing greater reliance on off the shelf IPs for more boring things like DMA and basic bus controllers but there's plenty of other areas that still affect servers. I expect to see a greater level of standardization. SBBR is the beginning, but it is far from the end. There will be a lot more as the vendors come together and agree on common platform components. I've spent a lot of time over the past few years with a large number of vendors going over lots of these issues in lieu of more of a Windows Hardware Qualification style guide. I intend to have one this year that captures what Red Hat think an ARM server looks like, and to circulate that among the broader ecosystem of vendors to feed into SBBR++. * There is a general mindset about deprecating unwanted features early. ARMv8 aarch32 bit mode removes support for older instructions or makes them optional. Even the virtualization mode doesn't allow to trap on architecture version specific differences, so you can't completely emulate an older architecture level. This is nice for implementers but not so much for users that rely on old (mis-)features. It's also not just the CPU core, other components also get easily replaced, like a GICv3 that is not a strict superset of GICv2. This is indeed worrying, though hopefully the fact that we're already seeing negative impacts in the app ecosystem for Android will have focused some minds - once you're talking about full system images it gets even more fun. GICv2/3 was something a bunch of us discussed years ago. At the time we debated whether there was a need to compel the superset option. It was deemed early enough not to be a critical issue. But there have already been other cases where we've pushed to ensure backward compatibility for all time. And there will be more of those as the ecosystem develops out into a world of existing Operating System images and apps that need to run on these emerging platforms. Deprecating instructions and formalizing other behaviors is an area where it's ephemeral - what made sense in the past might not make sense in the future, and ARM know that. Their architecture team features some of the smartest minds. (on architecture revisions, Red Hat has stated in the past that we only care about AArch64, not even running 32-bit code on 64-bit processors, which is one reason I have pushed for some silicon designs not to implement the 32-bit compatibility when it comes to servers) Jon. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 08:48:48PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 12:44:56 Jon Masters wrote: On 01/07/2015 12:27 PM, Mark Brown wrote: That level of hardware compatibility does partly come from the need to run existing software. I'd expect that similar effects will start to come into play with ARMv8 ACPI systems if they become successful; people will do things like ensure compatibility with common IPs that have existing Linux drivers that distros tend to include as standard. Agreed. There are two problems I see in trying to do the same thing on ARM: * we don't have a single vendor that makes de-facto standards that everyone else has to copy in the way that the few remaining x86 vendors copy everything that Intel does. In fact, we prefer to have a large number of independent vendors. Right, I'd guess that (modulo any standards being defined and becoming successful) it'll more be a case of vendors keeping compatibility with their own stuff. We *are* seeing greater reliance on off the shelf IPs for more boring things like DMA and basic bus controllers but there's plenty of other areas that still affect servers. * There is a general mindset about deprecating unwanted features early. ARMv8 aarch32 bit mode removes support for older instructions or makes them optional. Even the virtualization mode doesn't allow to trap on architecture version specific differences, so you can't completely emulate an older architecture level. This is nice for implementers but not so much for users that rely on old (mis-)features. It's also not just the CPU core, other components also get easily replaced, like a GICv3 that is not a strict superset of GICv2. This is indeed worrying, though hopefully the fact that we're already seeing negative impacts in the app ecosystem for Android will have focused some minds - once you're talking about full system images it gets even more fun. signature.asc Description: Digital signature
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/07/2015 01:41 PM, Jason Cooper wrote: On Wed, Jan 07, 2015 at 05:27:41PM +, Mark Brown wrote: On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. However, I don't see that happening with the limited hardware compatibility that the existing SBSA provides: I tend to agree with you that it's an overreach to think that this is going to completely abstract away the differences between SoCs from different vendors without substantial further standardization work. However it does seem reasonable to expect that features like AML are going to be more successful in handling board differences and incremental revisions of SoCs - things like interactions with system power controllers for example. That seems like a useful win in and of itself, and one that's worth supporting. This piqued my interest, so I did a little research and found the following to describe AML (second para under What does this mean?) http://community.arm.com/groups/processors/blog/2014/05/01/let-s-talk-acpi-for-servers iiuc, AML are basically drivers for some low-level functions provided as binary blobs via the ACPI tables. AML isn't a driver per se. Think of it as providing a couple of methods for doing things like turning on a device, where the interpreted code might cause e.g. a memory address to be written with a value that causes a side effect (e.g. talking with a system configuration co-processor hidden inside the SoC the adjusts the clocking, enables power, configures PHY parameters, etc.). Most of the AML that you see on servers is actually just informational, or methods that return data describing the hardware installed. How does this work in a trusted boot scenario? No different than on x86. Can the ACPI tables, and these binary blobs with it, be updated from userspace? Tables are baked into the firmware and are updated as a result of normal firmware updates (which already has a defined process). There are secondary tables that can augment things like the primary DSDT but those are also provided by the platform. There are only two ways the OS might provide a DSDT, but only including here for pedantry: 1). If you compile a kernel specially with an embedded DSDT within the image itself (nobody does this one any more AFAIK). 2). If you attach a special update test DSDT into your initramfs in a particular way, in which case I believe secure boot already is disabled. But these are all developer/debug things, not intended for users running in a secure boot environment. If so, is there an authentication mechanism (including for non-secure boot scenarios)? It's no different than scenarios on x86, which are well covered. One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html ACPI is not the great satan. I'm aware certain others in the community have written missinformed blog posts and G+ rants equating ACPI with SMI and even with various other system firmware. I can't force someone to become informed on a topic, especially if it's politically useful to them to hate on ACPI and use the security paranoia handwavy argument. I'm not advocating throw out AML and ACPI with it!, rather I'd like to see a serious, open, discussion about the security implications of a convenience feature such as AML. AML is in (almost) every server you're using today. What you want to be worried about is hidden firmware, especially what might be running inside a Trusted environment or inside an SMI context, or the radio firmware on your phone that the NSA have backdoored. Once we've solved every other issue, we can come back to whether the extremely limited capabilities of AML are what the evil bad guys are using to infiltrate our minds and make us think that we all want to use ACPI. Jon. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
Jason, Will followup more later...was being a little sarcastic before...no raw nerve ;) but sarcasm translates badly so apologies. Will send a better reply when back online :) Good points! Jon. -- Computer Architect | Sent from my #ARM Powered Mobile Device On Jan 7, 2015 4:41 PM, Jason Cooper ja...@lakedaemon.net wrote: On Wed, Jan 07, 2015 at 02:58:42PM -0500, Jon Masters wrote: On 01/07/2015 01:41 PM, Jason Cooper wrote: On Wed, Jan 07, 2015 at 02:58:42PM -0500, Jon Masters wrote: On 01/07/2015 01:41 PM, Jason Cooper wrote: On Wed, Jan 07, 2015 at 05:27:41PM +, Mark Brown wrote: On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. However, I don't see that happening with the limited hardware compatibility that the existing SBSA provides: I tend to agree with you that it's an overreach to think that this is going to completely abstract away the differences between SoCs from different vendors without substantial further standardization work. However it does seem reasonable to expect that features like AML are going to be more successful in handling board differences and incremental revisions of SoCs - things like interactions with system power controllers for example. That seems like a useful win in and of itself, and one that's worth supporting. This piqued my interest, so I did a little research and found the following to describe AML (second para under What does this mean?) http://community.arm.com/groups/processors/blog/2014/05/01/let-s-talk-acpi-for-servers iiuc, AML are basically drivers for some low-level functions provided as binary blobs via the ACPI tables. AML isn't a driver per se. Think of it as providing a couple of methods for doing things like turning on a device, where the interpreted code might cause e.g. a memory address to be written with a value that causes a side effect (e.g. talking with a system configuration co-processor hidden inside the SoC the adjusts the clocking, enables power, configures PHY parameters, etc.). Most of the AML that you see on servers is actually just informational, or methods that return data describing the hardware installed. So, similar in scope to an irqchip driver? Because that's what I was thinking when I said driver, not alsa or drm... Thanks for great description. How does this work in a trusted boot scenario? No different than on x86. Suprisingly, I don't do much with x86 development-wise. The x86 boxes are just tools to me. So I'm not very familiar with the intricacies there. Do you have a pointer to ACPI update security standards/protocols? Can the ACPI tables, and these binary blobs with it, be updated from userspace? Tables are baked into the firmware and are updated as a result of normal firmware updates (which already has a defined process). There are secondary tables that can augment things like the primary DSDT but those are also provided by the platform. There are only two ways the OS might provide a DSDT, but only including here for pedantry: 1). If you compile a kernel specially with an embedded DSDT within the image itself (nobody does this one any more AFAIK). 2). If you attach a special update test DSDT into your initramfs in a particular way, in which case I believe secure boot already is disabled. But these are all developer/debug things, not intended for users running in a secure boot environment. Right, I'm more concerned about the update process being the vector to inject bad code. If so, is there an authentication mechanism (including for non-secure boot scenarios)? It's no different than scenarios on x86, which are well covered. One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html ACPI is not the great satan. Relax, I'm not saying, nor implying that. :) I *am* saying that upgradeable executable code not loaded from traditional OS storage (harddisk, flash) is a valid security concern. I'm aware certain others in the community have written missinformed blog
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 02:58:42PM -0500, Jon Masters wrote: On 01/07/2015 01:41 PM, Jason Cooper wrote: On Wed, Jan 07, 2015 at 05:27:41PM +, Mark Brown wrote: On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. However, I don't see that happening with the limited hardware compatibility that the existing SBSA provides: I tend to agree with you that it's an overreach to think that this is going to completely abstract away the differences between SoCs from different vendors without substantial further standardization work. However it does seem reasonable to expect that features like AML are going to be more successful in handling board differences and incremental revisions of SoCs - things like interactions with system power controllers for example. That seems like a useful win in and of itself, and one that's worth supporting. This piqued my interest, so I did a little research and found the following to describe AML (second para under What does this mean?) http://community.arm.com/groups/processors/blog/2014/05/01/let-s-talk-acpi-for-servers iiuc, AML are basically drivers for some low-level functions provided as binary blobs via the ACPI tables. AML isn't a driver per se. Think of it as providing a couple of methods for doing things like turning on a device, where the interpreted code might cause e.g. a memory address to be written with a value that causes a side effect (e.g. talking with a system configuration co-processor hidden inside the SoC the adjusts the clocking, enables power, configures PHY parameters, etc.). Most of the AML that you see on servers is actually just informational, or methods that return data describing the hardware installed. So, similar in scope to an irqchip driver? Because that's what I was thinking when I said driver, not alsa or drm... Thanks for great description. How does this work in a trusted boot scenario? No different than on x86. Suprisingly, I don't do much with x86 development-wise. The x86 boxes are just tools to me. So I'm not very familiar with the intricacies there. Do you have a pointer to ACPI update security standards/protocols? Can the ACPI tables, and these binary blobs with it, be updated from userspace? Tables are baked into the firmware and are updated as a result of normal firmware updates (which already has a defined process). There are secondary tables that can augment things like the primary DSDT but those are also provided by the platform. There are only two ways the OS might provide a DSDT, but only including here for pedantry: 1). If you compile a kernel specially with an embedded DSDT within the image itself (nobody does this one any more AFAIK). 2). If you attach a special update test DSDT into your initramfs in a particular way, in which case I believe secure boot already is disabled. But these are all developer/debug things, not intended for users running in a secure boot environment. Right, I'm more concerned about the update process being the vector to inject bad code. If so, is there an authentication mechanism (including for non-secure boot scenarios)? It's no different than scenarios on x86, which are well covered. One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html ACPI is not the great satan. Relax, I'm not saying, nor implying that. :) I *am* saying that upgradeable executable code not loaded from traditional OS storage (harddisk, flash) is a valid security concern. I'm aware certain others in the community have written missinformed blog posts and G+ rants equating ACPI with SMI and even with various other system firmware. You're in luck, I don't blog or do social media. :-P I can't force someone to become informed on a topic, especially if it's politically useful to them to hate on ACPI and use the security paranoia handwavy argument. I'm not sure where you got that from. I said very specifically, since trimmed, that I don't care where the board configuration data
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/07/2015 12:27 PM, Mark Brown wrote: On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. I'm expecting to need new drivers for SoC IP blocks that are net new, but generational differences between iterations of the same SoC should be abstracted behind the firmware (and we are already seeing this with at least one platform). Platform wise, it's nice to already see e.g. mmconfig working to handle the specific ways a platform wires PCI. I tend to agree with you that it's an overreach to think that this is going to completely abstract away the differences between SoCs from different vendors without substantial further standardization work. (which we plan to do - I intend ultimately for us to have an answer to the Windows Hardware Qualification guides for ARM server systems) However it does seem reasonable to expect that features like AML are going to be more successful in handling board differences and incremental revisions of SoCs - things like interactions with system power controllers for example. That seems like a useful win in and of itself, and one that's worth supporting. Indeed. The main problem here is that can AML only cover part of the problem: it can talk to a clock controller e.g. over I2C, SPI, GPIO, UART or IPMI, but you still need a device driver in the kernel to talk to those, and SBSA doesn't mandate a specific implementation so you can expect every other SoC that is coming out to have a different one. Similarly, SBSA is rather vague about some peripherals it mandates, and if a new SoC has a slightly different AHCI variation, there is nothing you can do about it in AML. x86 gets around this problem by having an extreme level of hardware backwards compatibility, so you don't even need AML for this and can generally boot a (almost) full-featured Linux kernel with acpi=off on the command line. That level of hardware compatibility does partly come from the need to run existing software. I'd expect that similar effects will start to come into play with ARMv8 ACPI systems if they become successful; people will do things like ensure compatibility with common IPs that have existing Linux drivers that distros tend to include as standard. Agreed. Jon. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 05:27:41PM +, Mark Brown wrote: On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. However, I don't see that happening with the limited hardware compatibility that the existing SBSA provides: I tend to agree with you that it's an overreach to think that this is going to completely abstract away the differences between SoCs from different vendors without substantial further standardization work. However it does seem reasonable to expect that features like AML are going to be more successful in handling board differences and incremental revisions of SoCs - things like interactions with system power controllers for example. That seems like a useful win in and of itself, and one that's worth supporting. This piqued my interest, so I did a little research and found the following to describe AML (second para under What does this mean?) http://community.arm.com/groups/processors/blog/2014/05/01/let-s-talk-acpi-for-servers iiuc, AML are basically drivers for some low-level functions provided as binary blobs via the ACPI tables. How does this work in a trusted boot scenario? Can the ACPI tables, and these binary blobs with it, be updated from userspace? If so, is there an authentication mechanism (including for non-secure boot scenarios)? One of the reasons I've really enjoyed working with ARM platforms and DT is the absence of this type of 'feature'. I honestly don't care whether the kernel gets the board configuration info from DT or ACPI or FOO, as long as we can avoid the security mistakes of the past: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html ... The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. ... I'm not advocating throw out AML and ACPI with it!, rather I'd like to see a serious, open, discussion about the security implications of a convenience feature such as AML. And wrt the kernel, we should ensure we can always provide a fallback for users who prefer not to trust the binary blobs. Which shouldn't be too difficult as we aren't dependent on AML or similar atm. thx, Jason. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Wed, Jan 07, 2015 at 02:06:28PM +0100, Arnd Bergmann wrote: On Wednesday 07 January 2015 11:50:39 Catalin Marinas wrote: From what I gathered so far, the main reason for _some_ vendors is not support for other OS but actually features that ACPI has and DT doesn't (like AML; I deliberately ignore statements like industry standard). _If_ such reasons are sound, maybe they have a case for ACPI-only machines targeted primarily at Linux. What I got from the replies from HP, Huawei and from earlier discussions with Jon is that they all hope to get to the point of relying on AML alone to bridge the differences between SoC families. However, I don't see that happening with the limited hardware compatibility that the existing SBSA provides: I tend to agree with you that it's an overreach to think that this is going to completely abstract away the differences between SoCs from different vendors without substantial further standardization work. However it does seem reasonable to expect that features like AML are going to be more successful in handling board differences and incremental revisions of SoCs - things like interactions with system power controllers for example. That seems like a useful win in and of itself, and one that's worth supporting. The main problem here is that can AML only cover part of the problem: it can talk to a clock controller e.g. over I2C, SPI, GPIO, UART or IPMI, but you still need a device driver in the kernel to talk to those, and SBSA doesn't mandate a specific implementation so you can expect every other SoC that is coming out to have a different one. Similarly, SBSA is rather vague about some peripherals it mandates, and if a new SoC has a slightly different AHCI variation, there is nothing you can do about it in AML. x86 gets around this problem by having an extreme level of hardware backwards compatibility, so you don't even need AML for this and can generally boot a (almost) full-featured Linux kernel with acpi=off on the command line. That level of hardware compatibility does partly come from the need to run existing software. I'd expect that similar effects will start to come into play with ARMv8 ACPI systems if they become successful; people will do things like ensure compatibility with common IPs that have existing Linux drivers that distros tend to include as standard. signature.asc Description: Digital signature
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/06/2015 05:06 PM, Jon Masters wrote: > Hi Arnd, > > Happy New Year! > > On 01/06/2015 02:21 PM, Arnd Bergmann wrote: >> On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: >>> On 01/06/2015 06:20 AM, Catalin Marinas wrote: >>> Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? >>> >>> I know of some (server) firmware that will only provide ACPI in the >>> medium term, so this is coming. >> >> Medium term is fine, as long as they are not expecting their hardware >> to be supported by Linux before ACPI support is stable enough for >> general consumption. > > To be clear, I think that's reasonable for upstream. I may love ACPI, > but vendors can always ship kernels with a config supporting ACPI only > platforms in the interim period if they have a commercial justification > and that doesn't have to be supported in terms of the upstream default. > > But, perhaps there's a way to have it both ways, you could consider also > a CONFIG_EXPERT option that would allow you to build a kernel with ACPI > only support in the medium term. That way, if someone is running a > vendor kernel, but wants to track upstream development more closely, > they can do so on such hardware by enabling the expert config bit. Clarification: I'm suggesting that in the medium term the dependency upon CONFIG_EXPERT either goes away or is replaced with requiring ACPI and DTB in the non "expert" case and requiring "expert" selected to allow a kernel that will boot with ACPI only. But only a suggestion. Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
Hi Arnd, Happy New Year! On 01/06/2015 02:21 PM, Arnd Bergmann wrote: > On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: >> On 01/06/2015 06:20 AM, Catalin Marinas wrote: >> >>> Now, what's preventing a vendor firmware from providing only ACPI >>> tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) >>> that both DT and ACPI are supported, or at least that dts files are >>> merged in the kernel first? >> >> I know of some (server) firmware that will only provide ACPI in the >> medium term, so this is coming. > > Medium term is fine, as long as they are not expecting their hardware > to be supported by Linux before ACPI support is stable enough for > general consumption. To be clear, I think that's reasonable for upstream. I may love ACPI, but vendors can always ship kernels with a config supporting ACPI only platforms in the interim period if they have a commercial justification and that doesn't have to be supported in terms of the upstream default. But, perhaps there's a way to have it both ways, you could consider also a CONFIG_EXPERT option that would allow you to build a kernel with ACPI only support in the medium term. That way, if someone is running a vendor kernel, but wants to track upstream development more closely, they can do so on such hardware by enabling the expert config bit. > I have no idea how long that will take, but my > guess is that we shouldn't plan on supporting ACPI-only platforms in > Linux for the next couple of years and just demand that all drivers > have DT support to let users add a valid DTB that can describe the > hardware. I'm not opposed. It was particularly useful in the early days of ACPI to be able to boot our internal systems (which now all default to ACPI on by default) with acpi=off when there were glitches that needed to be isolated to whether they were ACPI related. One reason I was very keen for a DT UUID in UEFI early on was so that there was a clean way to specify both sets of tables on a UEFI platform. Keeping them in sync is not something we can rely on in the longer term, but during bringup timeframe I suspect you'll continue to see many platforms with both sets of tables. This is especially true for early silicon that might be supporting both embedded and server environments - hence a platform that appears to be a server might have a DT posted upstream anyway if such a platform is also being used for unrelated embedded work. > That should always be possible using something like grub2 as an > intermediate that boots using the UEFI interfaces and loads the > kernel and DT from disk. This is another reason (but it's up to you, I understand your position) why it may not be a huge problem if there are ACPI only systems, since the "devicetree" directive in GRUB2 configs is always possible. Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tuesday 06 January 2015 14:11:33 Catalin Marinas wrote: > On Tue, Jan 06, 2015 at 01:59:27PM +, Arnd Bergmann wrote: > > On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: > > > On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: > > > > On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: > > > > > > since passing no DT tables to OS but > > > > > > acpi=force is missing is a corner case, we can do a follow up patch > > > > > > to > > > > > > fix that, does it make sense? > > > > > > > > > > Not entirely. Why would no dtb and no acpi=force be a corner case? I > > > > > thought this should be the default when only ACPI tables are passed, > > > > > no > > > > > need for an additional acpi=force argument. > > > > > > > > We don't really support the case of only ACPI tables for now. The > > > > expectation > > > > is that you always have working DT support, at least for the next few > > > > years > > > > as ACPI features are ramping up, and without acpi=force it should not > > > > try > > > > to use ACPI at all. > > > > > > So if both DT and ACPI are present, just use DT unless acpi=force is > > > passed. So far I think we agree but what I want to avoid is always > > > mandating acpi=force even when the DT tables are missing (in the long > > > run). > > > > > > Now, what's preventing a vendor firmware from providing only ACPI > > > tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) > > > that both DT and ACPI are supported, or at least that dts files are > > > merged in the kernel first? > > > > We have no way of enforcing what a board vendor ships, so if they want > > to have ACPI-only machines for MS Windows, they just won't work by > > default on Linux. > > What do you mean by "won't work by default on Linux"? Assuming no > additional drivers are needed (i.e. a few devices mentioned in SBSA and > the rest on a PCIe bus, using existing drivers without further > modifications), do you still want mainline to fail to boot on such > ACPI-only systems? I mean it won't work without acpi=force on the command line. > > Once ACPI support is mature enough, we can also have a whitelist or a > > different default for using it automatically when no DT is present. > > Having a white-list requires some for of SoC identification. Does ACPI > provide such thing (like "model" or "compatible" strings in the top DT > node)? This is independent of the SoC: All SoCs we support have DT drivers, so machines like this would be board whose vendor doesn't care about Linux, but happens to use a SoC that we support. What we would need here is a whitelist of boards. > > For drivers merged upstream, I would insist that every driver merged > > for an ARM64 platform has a documented DT binding that is used in the > > driver. > > That's fine by me. I just hope that for hardware aimed at ACPI we won't > need many non-PCIe drivers. Yes, that is a reasonable assumption. Looking at the AMD patches that were posted already, there are however a few devices that are not on the PCI bus: - pl011 uart - pl022 spi - pl061 gpio - pl330 dma - designware i2c - custom 10gbit ethernet - probably some I forgot Most of these will likely just not be needed on servers (pl330) or handled by AML (spi, i2c, gpio) transparently without needing a driver, but we do need to support the ethernet port and the uart. I expect that other SoCs come with different ethernet implementations that are also not discoverable through PCI. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: > On 01/06/2015 06:20 AM, Catalin Marinas wrote: > > > Now, what's preventing a vendor firmware from providing only ACPI > > tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) > > that both DT and ACPI are supported, or at least that dts files are > > merged in the kernel first? > > I know of some (server) firmware that will only provide ACPI in the > medium term, so this is coming. Medium term is fine, as long as they are not expecting their hardware to be supported by Linux before ACPI support is stable enough for general consumption. I have no idea how long that will take, but my guess is that we shouldn't plan on supporting ACPI-only platforms in Linux for the next couple of years and just demand that all drivers have DT support to let users add a valid DTB that can describe the hardware. That should always be possible using something like grub2 as an intermediate that boots using the UEFI interfaces and loads the kernel and DT from disk. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tue, Jan 06, 2015 at 01:59:27PM +, Arnd Bergmann wrote: > On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: > > On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: > > > On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: > > > > > since passing no DT tables to OS but > > > > > acpi=force is missing is a corner case, we can do a follow up patch to > > > > > fix that, does it make sense? > > > > > > > > Not entirely. Why would no dtb and no acpi=force be a corner case? I > > > > thought this should be the default when only ACPI tables are passed, no > > > > need for an additional acpi=force argument. > > > > > > We don't really support the case of only ACPI tables for now. The > > > expectation > > > is that you always have working DT support, at least for the next few > > > years > > > as ACPI features are ramping up, and without acpi=force it should not try > > > to use ACPI at all. > > > > So if both DT and ACPI are present, just use DT unless acpi=force is > > passed. So far I think we agree but what I want to avoid is always > > mandating acpi=force even when the DT tables are missing (in the long > > run). > > > > Now, what's preventing a vendor firmware from providing only ACPI > > tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) > > that both DT and ACPI are supported, or at least that dts files are > > merged in the kernel first? > > We have no way of enforcing what a board vendor ships, so if they want > to have ACPI-only machines for MS Windows, they just won't work by > default on Linux. What do you mean by "won't work by default on Linux"? Assuming no additional drivers are needed (i.e. a few devices mentioned in SBSA and the rest on a PCIe bus, using existing drivers without further modifications), do you still want mainline to fail to boot on such ACPI-only systems? > Once ACPI support is mature enough, we can also have a whitelist or a > different default for using it automatically when no DT is present. Having a white-list requires some for of SoC identification. Does ACPI provide such thing (like "model" or "compatible" strings in the top DT node)? > For drivers merged upstream, I would insist that every driver merged > for an ARM64 platform has a documented DT binding that is used in the > driver. That's fine by me. I just hope that for hardware aimed at ACPI we won't need many non-PCIe drivers. -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: > On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: > > On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: > > > > since passing no DT tables to OS but > > > > acpi=force is missing is a corner case, we can do a follow up patch to > > > > fix that, does it make sense? > > > > > > Not entirely. Why would no dtb and no acpi=force be a corner case? I > > > thought this should be the default when only ACPI tables are passed, no > > > need for an additional acpi=force argument. > > > > We don't really support the case of only ACPI tables for now. The > > expectation > > is that you always have working DT support, at least for the next few years > > as ACPI features are ramping up, and without acpi=force it should not try > > to use ACPI at all. > > So if both DT and ACPI are present, just use DT unless acpi=force is > passed. So far I think we agree but what I want to avoid is always > mandating acpi=force even when the DT tables are missing (in the long > run). > > Now, what's preventing a vendor firmware from providing only ACPI > tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) > that both DT and ACPI are supported, or at least that dts files are > merged in the kernel first? We have no way of enforcing what a board vendor ships, so if they want to have ACPI-only machines for MS Windows, they just won't work by default on Linux. Once ACPI support is mature enough, we can also have a whitelist or a different default for using it automatically when no DT is present. For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: since passing no DT tables to OS but acpi=force is missing is a corner case, we can do a follow up patch to fix that, does it make sense? Not entirely. Why would no dtb and no acpi=force be a corner case? I thought this should be the default when only ACPI tables are passed, no need for an additional acpi=force argument. We don't really support the case of only ACPI tables for now. The expectation is that you always have working DT support, at least for the next few years as ACPI features are ramping up, and without acpi=force it should not try to use ACPI at all. So if both DT and ACPI are present, just use DT unless acpi=force is passed. So far I think we agree but what I want to avoid is always mandating acpi=force even when the DT tables are missing (in the long run). Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? We have no way of enforcing what a board vendor ships, so if they want to have ACPI-only machines for MS Windows, they just won't work by default on Linux. Once ACPI support is mature enough, we can also have a whitelist or a different default for using it automatically when no DT is present. For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tue, Jan 06, 2015 at 01:59:27PM +, Arnd Bergmann wrote: On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: since passing no DT tables to OS but acpi=force is missing is a corner case, we can do a follow up patch to fix that, does it make sense? Not entirely. Why would no dtb and no acpi=force be a corner case? I thought this should be the default when only ACPI tables are passed, no need for an additional acpi=force argument. We don't really support the case of only ACPI tables for now. The expectation is that you always have working DT support, at least for the next few years as ACPI features are ramping up, and without acpi=force it should not try to use ACPI at all. So if both DT and ACPI are present, just use DT unless acpi=force is passed. So far I think we agree but what I want to avoid is always mandating acpi=force even when the DT tables are missing (in the long run). Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? We have no way of enforcing what a board vendor ships, so if they want to have ACPI-only machines for MS Windows, they just won't work by default on Linux. What do you mean by won't work by default on Linux? Assuming no additional drivers are needed (i.e. a few devices mentioned in SBSA and the rest on a PCIe bus, using existing drivers without further modifications), do you still want mainline to fail to boot on such ACPI-only systems? Once ACPI support is mature enough, we can also have a whitelist or a different default for using it automatically when no DT is present. Having a white-list requires some for of SoC identification. Does ACPI provide such thing (like model or compatible strings in the top DT node)? For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. That's fine by me. I just hope that for hardware aimed at ACPI we won't need many non-PCIe drivers. -- Catalin -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tuesday 06 January 2015 14:11:33 Catalin Marinas wrote: On Tue, Jan 06, 2015 at 01:59:27PM +, Arnd Bergmann wrote: On Tuesday 06 January 2015 11:20:01 Catalin Marinas wrote: On Mon, Jan 05, 2015 at 08:16:30PM +, Arnd Bergmann wrote: On Monday 05 January 2015 13:13:02 Catalin Marinas wrote: since passing no DT tables to OS but acpi=force is missing is a corner case, we can do a follow up patch to fix that, does it make sense? Not entirely. Why would no dtb and no acpi=force be a corner case? I thought this should be the default when only ACPI tables are passed, no need for an additional acpi=force argument. We don't really support the case of only ACPI tables for now. The expectation is that you always have working DT support, at least for the next few years as ACPI features are ramping up, and without acpi=force it should not try to use ACPI at all. So if both DT and ACPI are present, just use DT unless acpi=force is passed. So far I think we agree but what I want to avoid is always mandating acpi=force even when the DT tables are missing (in the long run). Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? We have no way of enforcing what a board vendor ships, so if they want to have ACPI-only machines for MS Windows, they just won't work by default on Linux. What do you mean by won't work by default on Linux? Assuming no additional drivers are needed (i.e. a few devices mentioned in SBSA and the rest on a PCIe bus, using existing drivers without further modifications), do you still want mainline to fail to boot on such ACPI-only systems? I mean it won't work without acpi=force on the command line. Once ACPI support is mature enough, we can also have a whitelist or a different default for using it automatically when no DT is present. Having a white-list requires some for of SoC identification. Does ACPI provide such thing (like model or compatible strings in the top DT node)? This is independent of the SoC: All SoCs we support have DT drivers, so machines like this would be board whose vendor doesn't care about Linux, but happens to use a SoC that we support. What we would need here is a whitelist of boards. For drivers merged upstream, I would insist that every driver merged for an ARM64 platform has a documented DT binding that is used in the driver. That's fine by me. I just hope that for hardware aimed at ACPI we won't need many non-PCIe drivers. Yes, that is a reasonable assumption. Looking at the AMD patches that were posted already, there are however a few devices that are not on the PCI bus: - pl011 uart - pl022 spi - pl061 gpio - pl330 dma - designware i2c - custom 10gbit ethernet - probably some I forgot Most of these will likely just not be needed on servers (pl330) or handled by AML (spi, i2c, gpio) transparently without needing a driver, but we do need to support the ethernet port and the uart. I expect that other SoCs come with different ethernet implementations that are also not discoverable through PCI. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: On 01/06/2015 06:20 AM, Catalin Marinas wrote: Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? I know of some (server) firmware that will only provide ACPI in the medium term, so this is coming. Medium term is fine, as long as they are not expecting their hardware to be supported by Linux before ACPI support is stable enough for general consumption. I have no idea how long that will take, but my guess is that we shouldn't plan on supporting ACPI-only platforms in Linux for the next couple of years and just demand that all drivers have DT support to let users add a valid DTB that can describe the hardware. That should always be possible using something like grub2 as an intermediate that boots using the UEFI interfaces and loads the kernel and DT from disk. Arnd -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
Hi Arnd, Happy New Year! On 01/06/2015 02:21 PM, Arnd Bergmann wrote: On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: On 01/06/2015 06:20 AM, Catalin Marinas wrote: Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? I know of some (server) firmware that will only provide ACPI in the medium term, so this is coming. Medium term is fine, as long as they are not expecting their hardware to be supported by Linux before ACPI support is stable enough for general consumption. To be clear, I think that's reasonable for upstream. I may love ACPI, but vendors can always ship kernels with a config supporting ACPI only platforms in the interim period if they have a commercial justification and that doesn't have to be supported in terms of the upstream default. But, perhaps there's a way to have it both ways, you could consider also a CONFIG_EXPERT option that would allow you to build a kernel with ACPI only support in the medium term. That way, if someone is running a vendor kernel, but wants to track upstream development more closely, they can do so on such hardware by enabling the expert config bit. I have no idea how long that will take, but my guess is that we shouldn't plan on supporting ACPI-only platforms in Linux for the next couple of years and just demand that all drivers have DT support to let users add a valid DTB that can describe the hardware. I'm not opposed. It was particularly useful in the early days of ACPI to be able to boot our internal systems (which now all default to ACPI on by default) with acpi=off when there were glitches that needed to be isolated to whether they were ACPI related. One reason I was very keen for a DT UUID in UEFI early on was so that there was a clean way to specify both sets of tables on a UEFI platform. Keeping them in sync is not something we can rely on in the longer term, but during bringup timeframe I suspect you'll continue to see many platforms with both sets of tables. This is especially true for early silicon that might be supporting both embedded and server environments - hence a platform that appears to be a server might have a DT posted upstream anyway if such a platform is also being used for unrelated embedded work. That should always be possible using something like grub2 as an intermediate that boots using the UEFI interfaces and loads the kernel and DT from disk. This is another reason (but it's up to you, I understand your position) why it may not be a huge problem if there are ACPI only systems, since the devicetree directive in GRUB2 configs is always possible. Jon. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On 01/06/2015 05:06 PM, Jon Masters wrote: Hi Arnd, Happy New Year! On 01/06/2015 02:21 PM, Arnd Bergmann wrote: On Tuesday 06 January 2015 11:24:43 Jon Masters wrote: On 01/06/2015 06:20 AM, Catalin Marinas wrote: Now, what's preventing a vendor firmware from providing only ACPI tables? Do we enforce it in some way (arm-acpi.txt, kernel warning etc.) that both DT and ACPI are supported, or at least that dts files are merged in the kernel first? I know of some (server) firmware that will only provide ACPI in the medium term, so this is coming. Medium term is fine, as long as they are not expecting their hardware to be supported by Linux before ACPI support is stable enough for general consumption. To be clear, I think that's reasonable for upstream. I may love ACPI, but vendors can always ship kernels with a config supporting ACPI only platforms in the interim period if they have a commercial justification and that doesn't have to be supported in terms of the upstream default. But, perhaps there's a way to have it both ways, you could consider also a CONFIG_EXPERT option that would allow you to build a kernel with ACPI only support in the medium term. That way, if someone is running a vendor kernel, but wants to track upstream development more closely, they can do so on such hardware by enabling the expert config bit. Clarification: I'm suggesting that in the medium term the dependency upon CONFIG_EXPERT either goes away or is replaced with requiring ACPI and DTB in the non expert case and requiring expert selected to allow a kernel that will boot with ACPI only. But only a suggestion. Jon. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/