[PATCH master] mach-k3: enable mmu after reserved memory is unmapped

Anshul Dalal anshuld at ti.com
Mon May 18 11:12:17 CEST 2026 

On Mon May 18, 2026 at 1:34 PM IST, Ilias Apalodimas wrote:
> Hi Anshul
>
> On Tue, 12 May 2026 at 14:03, Anshul Dalal <anshuld at ti.com> wrote:
>>
>> Currently the sequence to enable caches for the A53/A72 core on K3
>> devices looks as follows:
>>
>>  1. Map entire DDR banks
>>  2. Setup page tables and enable MMU (done by mmu_setup)
>>  3. Unmap reserved-memory regions
>>  4. Enable caches
>>
>> However there is a brief period of execution between #2 and #3 where the
>> core can issue speculative accesses to the entire DDR space (including
>> the reserved-memory regions) despite the caches being disabled.
>
> This is indeed a problem and the fix looks correct.
> What worries me though is that the mmu is common across v8 boards. Is
> there a way to generalize this instead of adding per board variants?
>

I think the issue here is that mmu_setup does two things, first it sets
up the page tables and then it enables the MMU right after that.

We could modify mmu_setup so that it only does the former as follows:

	--- a/arch/arm/cpu/armv8/cache_v8.c
	+++ b/arch/arm/cpu/armv8/cache_v8.c
	@@ -801,20 +801,20 @@ static void setup_all_pgtables(void)
	 /* to activate the MMU we need to set up virtual memory */
	 __weak void mmu_setup(void)
	 {
		int el;

	+       /* disable the mmu */
	+       set_sctlr(get_sctlr() & ~CR_M);
	+
		/* Set up page tables only once */
		if (!gd->arch.tlb_fillptr)
			setup_all_pgtables();

		el = current_el();
		set_ttbr_tcr_mair(el, gd->arch.tlb_addr, get_tcr(NULL, NULL),
				  MEMORY_ATTRIBUTES);
	-
	-       /* enable the mmu */
	-       set_sctlr(get_sctlr() | CR_M);
	 }

Then we can have an `mmu_enable` to explicitly enable the MMU:

	void mmu_enable(void) {
		/* enable the mmu */
		set_sctlr(get_sctlr() | CR_M);
	}

Regards,
Anshul

>
>>
>> A firewall exception is triggered whenever such speculative access is
>> made to secure DDR region of TFA or OP-TEE. This patch fixes the issue
>> by re-ordering the sequence as follows:
>>
>>  1. Map entire DDR banks
>>  2. Setup page tables
>>  3. Unmap reserved-memory regions
>>  4. Enable MMU
>>  5. Enable caches
>>
>> Fixes: f1c694b8fdde ("mach-k3: map all banks using mem_map_from_dram_banks")
>> Signed-off-by: Anshul Dalal <anshuld at ti.com>
>> ---

[snip]

More information about the U-Boot mailing list