Re: [PATCH v1 2/2] soc: aspeed: add host-side PCIe BMC device driver

public inbox for linux-arm-kernel@lists.infradead.org 
 help / color / mirror / Atom feed

From: Andrew Jeffery <andrew@codeconstruct•com.au>
To: "Andrew Lunn" <andrew@lunn•ch>,
	"Grégoire Layet" <gregoire.layet@9elements•com>
Cc: joel@jms•id.au, jacky_chou@aspeedtech•com,
	yh_chung@aspeedtech•com,  ninad@linux•ibm.com,
	linux-aspeed@lists•ozlabs.org,
	 linux-arm-kernel@lists•infradead.org,
	linux-kernel@vger•kernel.org
Subject: Re: [PATCH v1 2/2] soc: aspeed: add host-side PCIe BMC device driver
Date: Thu, 04 Jun 2026 10:14:03 +0930	[thread overview]
Message-ID: <b45e426913823946871d429d24eeb955718464ae.camel@codeconstruct.com.au> (raw)
In-Reply-To: <77464543-f793-4441-9fce-8666ba1c3d66@lunn.ch>

On Wed, 2026-06-03 at 16:30 +0200, Andrew Lunn wrote:
> On Wed, Jun 03, 2026 at 03:43:36PM +0200, Grégoire Layet wrote:
> > > How virtual is this? Is this directly accessing the hardware via
> > > shared memory? Or is there software on the BMC which traps these
> > > reads/writes and responds?
> > 
> > The VUART is virtual because there is no physical UART link between
> > the host and the BMC.
> > Instead, the AST2600 exposes a 16550-compatible register set on both
> > sides (BMC APB and PCIe host MMIO).
> > The data flows using an internal 16 byte FIFO shared between the two
> > register views.
> > So it's hardware emulated and there is no software in the data path.
> > 
> > The AST2600 has four VUARTs, two of which are accessible via PCIe MMIO.
> > This is based on the following section of the AST2600 datasheet:
> > III.48 VUART and III.64 PCI2VUART.
> > 
> > Because the silicon presents a standard 16550A interface in hardware,
> > the existing 8250 driver works without modification.
> 
> So tell us about security.
> 
> Is only this UART exposed in the shared memory?
> 

No, however the BMC PCI interface provides a PCI-to-LPC bridge, so PCI
accesses can drive cycles in to e.g LPC IO devices exposed by the BMC.

>  So the memory window
> is 8 bytes wide? Or are there other peripherals also exposed? How do
> we know the aspeed is not using the UART itself?
> 

For the "regular" SuperIO-controlled UARTs this is a concern, but it's
not a concern for the VUARTs. Each VUART has a pair of 8250 register
sets, one accessible from the BMC, the other accessible to the host,
where both interfaces share the FIFOs to propagate data.

>  If two drivers are
> using it, are we going to crash one or the other system?

By the above, not for the VUARTs.

> 
> https://en.wikipedia.org/wiki/Core_War
> 
> The advantage of rpmsg is that the aspeed would advertise what
> services it is willing to expose. The security issues are different,
> implementation bugs vs exposing bits of hardware to an attacker.

From my understanding rpmsg seems like a reasonable fit for the mailbox
functionality.

Andrew

next prev parent reply	other threads:[~2026-06-04  0:44 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-02 14:42 [PATCH v1 0/2] soc: aspeed: Add BMC and host driver for PCIe BMC device Grégoire Layet
2026-06-02 14:42 ` [PATCH v1 1/2] soc: aspeed: add BMC-side PCIe BMC device driver Grégoire Layet
2026-06-02 14:42 ` [PATCH v1 2/2] soc: aspeed: add host-side " Grégoire Layet
2026-06-02 15:49   ` Andrew Lunn
2026-06-03 13:43     ` Grégoire Layet
2026-06-03 14:30       ` Andrew Lunn
2026-06-04  0:44         ` Andrew Jeffery [this message]
2026-06-04  0:46       ` Andrew Jeffery

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b45e426913823946871d429d24eeb955718464ae.camel@codeconstruct.com.au \
    --to=andrew@codeconstruct$(echo .)com.au \
    --cc=andrew@lunn$(echo .)ch \
    --cc=gregoire.layet@9elements$(echo .)com \
    --cc=jacky_chou@aspeedtech$(echo .)com \
    --cc=joel@jms$(echo .)id.au \
    --cc=linux-arm-kernel@lists$(echo .)infradead.org \
    --cc=linux-aspeed@lists$(echo .)ozlabs.org \
    --cc=linux-kernel@vger$(echo .)kernel.org \
    --cc=ninad@linux$(echo .)ibm.com \
    --cc=yh_chung@aspeedtech$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox