Trustzone: DSB before/after SMC
Måns Rullgård
mans at mansr.com
Tue Oct 27 07:54:40 PDT 2015
Mark Rutland <mark.rutland at arm.com> writes:
> On Tue, Oct 27, 2015 at 03:05:46PM +0100, Mason wrote:
>> On 27/10/2015 14:43, Mark Rutland wrote:
>>
>> > On Tue, Oct 27, 2015 at 02:31:38PM +0100, Mason wrote:
>> >
>> >> I have a few questions about SMC. (I'm using Cortex-A9)
>> >>
>> >> Platforms that use SMC often/always execute DSB beforehand.
>> >
>> > Please give an example. We don't do this for PSCI, for instance.
>>
>> arch/arm/mach-exynos/exynos-smc.S
>> arch/arm/mach-highbank/smc.S
>> arch/arm/mach-omap2/omap-smc.S
>
> From a quick look, it's not obvious to me why those DSBs are present. It
> would be best to ask the original authors; it may simply be that this
> was never necessary and has simply been copied.
It could be required due to secure firmware bugs or CPU errata.
>> In my case, I just want to write the L2_CONTROL register.
>
> Is that a register in the L2, or in the CPU? Which L2/CPU?
Cortex-A9, he said. I believe it's the usual PL310 L2 controller.
> There may be a constraint that the memory system needs to be quiescent
> or something to that effect. Without more information I cannot say what
> specifically you need to do.
>
>> > A DSB is certainly not always required before nor after an SMC.
>>
>> That makes sense. But a colleague mentioned that the secure OS may
>> be using different MMU mappings. In that case, it might be required
>> to wait for all in-flight accesses to resolve?
It's normally a design error for a more secure domain to require things
of a less secure one. If the secure monitor code requires a DMB for
proper operation, it had better do it itself, or else hostile non-secure
code might be able to exploit it.
--
Måns Rullgård
mans at mansr.com
More information about the linux-arm-kernel
mailing list