[PATCH v1] armv8: MMU: Fix the memory map for RAM

Tom Rini trini at konsulko.com
Fri Sep 4 21:17:14 CEST 2020 

On Fri, Sep 04, 2020 at 09:05:51PM +0200, Marek Bykowski wrote:
> Hi Patrick,
> 
> First of all thanks for your feedback...
> 
> > >                    -----------------|
> > >                    |                |      Read-Only
> > >     Cacheable      |      Code      |    Not-Executable
> > 
> > Code is executable I think...
> > 
> 
> Good catch, copy/paste error from a rectangle above. 
> > 
> > If all DDR is " Not-Executable", excepted code of U-boot himself and EFI, I think that
> > the standalone application can't be more execute except if the MMU configuration
> > change before to execute it.
> 
> Yes, that's why I referred that any new use of memory, except already
> remapped by this patch should take account of attributing properly
> Instruction and Data regions. Maybe I should re-phrase that part.
> 
> The current situation in which the whole RAM is RW, XN=0 (Executable)
> advocates the improper CPU uses. CPU (fetch logic) really behaves differently
> whether interacting with a Code or Data region. Situation in which it is generic
> (but wrong) and working for 99% cases doesn't justify.
> 
> I really think we should impose on users/developers the proper use of the CPU.
> 
> > 
> > See do_bootm_standalone().
> > 
> > PS: it is done for Linux in do_bootm_linux/ do_bootm_linux/ announce_and_cleanup.....
> >       caches ans MMU are deactivated
> > 
> 
> Will check but after MMU is turned off the pages are no matter anymore so
> should be good. With MMU off for armv8 all data accesses are Device_nGnRnE,
> all instruction fetches are cacheable, all addresses are RW, XN=1 (Executable).
> 
> > For information I have the same issue on armV7 platform stm32mp1: speculative access
> > on memory, used by OP-TEE, protected by firewall.
> > 
> 
> The fault/faults I'm observing on Cortex-A57 is the System Memory Controller gets
> violated and raises an error interrupt. The error is out-of-order, an attempt to
> read from an out-of-range address with sample details below:
> 
> out_of_range_addr 0x702200200   -> faulting address
> out_of_range_length 0x40        -> burst size
> out_of_range_type 0x5           -> stands for a wrapped read command
> out_of_range_source_id 0x0      -> source indicates it is coming from CPU0
> 
> Burst size 64 bytes (a cache line size) and wrapped read (AXI4) may suggest
> the data side memory system hit into the cache loaded by mispredited
> instruction fetch, all due to improper MMU programming.  
> 
> > I propose a other solution [1]: no more map the reserved memory region with the property
> > "no-map", bt only for cache-cp15.
> > 
> > It is based lmb library so it could done also in armv8 cache  functions.
> > 
> > [1] http://patchwork.ozlabs.org/project/uboot/list/?series=199486
> > 
> > 
> 
> If there is another (better) solution I'm in for it as we *should really* fix it
> this or that way. The link copied doesn't work with me. Can you resend?  

The full link is
http://patchwork.ozlabs.org/project/uboot/list/?series=199486&state=* as
patchwork "hides" stuff by default when it's in some states such as RFC.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200904/a7732d28/attachment.sig>

More information about the U-Boot mailing list