[Uboot-stm32] [PATCH 0/7] arm: cache: cp15: don't map reserved region with no-map property
Ahmad Fatoum
a.fatoum at pengutronix.de
Wed Oct 7 13:52:39 CEST 2020
Hello,
On 10/7/20 1:23 PM, Ahmad Fatoum wrote:
> My findings[1] back then were that U-Boot did set the eXecute Never bit only on
> OMAP, but not for other platforms. So I could imagine this being the root cause
> of Patrick's issues as well:
Rereading my own link, my memory is a little less fuzzy: eXecute Never was being
set, but was without effect due Manager mode being set in the DACR:
> The ARM Architecture Reference Manual notes[1]:
> > When using the Short-descriptor translation table format, the XN
> > attribute is not checked for domains marked as Manager.
> > Therefore, the system must not include read-sensitive memory in
> > domains marked as Manager, because the XN bit does not prevent
> > speculative fetches from a Manager domain.
> To avoid speculative access to read-sensitive memory-mapped peripherals
> on ARMv7, we'll need U-Boot to use client domain permissions, so the XN
> bit can function.
> This issue has come up before and was fixed in de63ac278
> ("ARM: mmu: Set domain permissions to client access") for OMAP2 only.
> It's equally applicable to all ARMv7-A platforms where caches are
> enabled.
> [1]: B3.7.2 - Execute-never restrictions on instruction fetching
Hope this helps,
Ahmad
> The CPU is speculatively executing from the region that the firewalled DRAM
> is mapped at.
>
> barebox now configures XN for non-RAM before it turns on the MMU. You should
> do that as well (in ARM arch code, not only for stm32mp1). Additionally,
> you will want to XN map the region where your OP-TEE sits at.
>
> [1]: https://community.nxp.com/thread/511925
>
> Cheers
> Ahmad
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the U-Boot
mailing list