[PATCH v2 0/7] arm: cache: cp15: don't map reserved region with no-map property
Patrick Delaunay
patrick.delaunay at foss.st.com
Mon Feb 8 14:26:48 CET 2021
Hi,
It it the v2 serie of [1].
This v2 serie is build/can be applied on top of 2 previous series
- [2] for stm32mp parts and added dram_bank_mmu_setup
- [3] for LMB impacts
After V1 remarks, I propose this separate serie [2] for DACR support.
On STM32MP15x platform we can use OP-TEE, loaded in DDR in a region
protected by a firewall. This region is reserved in device with "no-map"
property.
Sometime the platform boot failed in U-boot on a Cortex A7 access to
this region (depending of the binary and the issue can change with compiler
version or with code alignment), then the firewall raise an error,
for example:
E/TC:0 tzc_it_handler:19 TZC permission failure
E/TC:0 dump_fail_filter:420 Permission violation on filter 0
E/TC:0 dump_fail_filter:425 Violation @0xde5c6bf0, non-secure privileged read,
AXI ID 5c0
E/TC:0 Panic
After investigation, the forbidden access is a speculative request performed
by the Cortex A7 because all the DDR is mapped as MEMORY with CACHEABLE
property.
The issue is solved only when the region reserved by OP-TEE is no more
mapped in U-Boot as it is already done in Linux kernel.
Tested on DK2 board with OP-TEE 3.12 / TF-A 2.4:
With hard-coded address for OP-TEE reserved memory,
the error doesn't occur.
void dram_bank_mmu_setup(int bank)
{
....
for (i = start >> MMU_SECTION_SHIFT;
i < (start >> MMU_SECTION_SHIFT) + (size >> MMU_SECTION_SHIFT);
i++) {
option = DCACHE_DEFAULT_OPTION;
if (i >= 0xde0)
option = INVALID_ENTRY;
set_section_dcache(i, option);
}
}
Just by modifying the test on 0xde0 to 0xdf0, the OP-TEE memory protected
by firewall is mapped cacheable and the error occurs.
I think that can be a general issue for ARM architecture: the no-map tag
in device should be respected by U-boot, so I propose a generic solution
in arm/lib/cache-cp15.c:dram_bank_mmu_setup().
This v2 serie is composed by 7 patches
- 1..3/7: preliminary steps to support flags in library in lmb
(as it is done in memblock.c in Linux)
- 4/7: unitary test on the added feature in lmb lib
- 5/7: save the no-map flags in lmb when the device tree is parsed
- 6/7: update the stm32mp mmu support
- 7/7: update the generic behavior for "no-map" region in
arm/lib/cache-cp15.c::dram_bank_mmu_setup()
I can drop this last patch if this feature is not required by other
ARM architectures; the weak function is updated in patch 6
in STM32MP architecture (in arch/arm/mach-stm32mp/cpu.c)
to correct the initial problem.
See also [4] which handle same speculative access on armv8 for area
with Executable attribute.
[1] http://patchwork.ozlabs.org/project/uboot/list/?series=206296&state=*
[2] http://patchwork.ozlabs.org/project/uboot/list/?series=228202&state=*
[3] http://patchwork.ozlabs.org/project/uboot/list/?series=227570&state=*
[4] http://patchwork.ozlabs.org/project/uboot/patch/20200903000106.5016-1-marek.bykowski@gmail.com/
Regards
Patrick
Changes in v2:
- remove unnecessary comments in lmb.h
- rebase on latest lmb patches
- NEW: update in stm32mp specific MMU setup functions
Patrick Delaunay (7):
lmb: Add support of flags for no-map properties
lmb: add lmb_is_reserved_flags
lmb: add lmb_dump_region() function
test: lmb: add test for lmb_reserve_flags
image-fdt: save no-map parameter of reserve-memory
stm32mp: don't map the reserved region with no-map property
arm: cache: cp15: don't map the reserved region with no-map property
arch/arm/include/asm/system.h | 3 ++
arch/arm/lib/cache-cp15.c | 19 ++++++-
arch/arm/mach-stm32mp/cpu.c | 16 +++++-
common/image-fdt.c | 23 ++++++---
include/lmb.h | 21 ++++++++
lib/lmb.c | 94 +++++++++++++++++++++++++----------
test/lib/lmb.c | 89 +++++++++++++++++++++++++++++++++
7 files changed, 226 insertions(+), 39 deletions(-)
--
2.17.1
More information about the U-Boot
mailing list