Hi,
It it the v3 serie of [1].
This v3 serie is rebased on top of v2021.07-rc1 with integrated previous series: - [2] for stm32mp parts and added dram_bank_mmu_setup - [3] for LMB impacts
On STM32MP15x platform we can use OP-TEE, loaded in DDR in a region protected by a firewall. This region is reserved in device with "no-map" property.
Sometime the platform boot failed in U-Boot on a Cortex A7 access to this region (depending of the binary and the issue can change with compiler version or with code alignment), then the firewall raise an error, for example:
E/TC:0 tzc_it_handler:19 TZC permission failure E/TC:0 dump_fail_filter:420 Permission violation on filter 0 E/TC:0 dump_fail_filter:425 Violation @0xde5c6bf0, non-secure privileged read, AXI ID 5c0 E/TC:0 Panic
After investigation, the forbidden access is a speculative request performed by the Cortex A7 because all the DDR is mapped as MEMORY with CACHEABLE property.
The issue is solved only when the region reserved by OP-TEE is no more mapped in U-Boot as it is already done in Linux kernel.
Tested on DK2 board with OP-TEE 3.12 / TF-A 2.4:
With hard-coded address for OP-TEE reserved memory, the error doesn't occur.
void dram_bank_mmu_setup(int bank) { ....
for (i = start >> MMU_SECTION_SHIFT; i < (start >> MMU_SECTION_SHIFT) + (size >> MMU_SECTION_SHIFT); i++) { option = DCACHE_DEFAULT_OPTION; if (i >= 0xde0) option = INVALID_ENTRY; set_section_dcache(i, option); } }
Just by modifying the test on 0xde0 to 0xdf0, the OP-TEE memory protected by firewall is mapped cacheable and the error occurs.
I think that can be a general issue for ARM architecture: the no-map tag in device should be respected by U-Boot.
But I don't propose a generic solution in arm/lib/cache-cp15.c:dram_bank_mmu_setup() because the device tree parsing done in lmb_init_and_reserve() take a long time when it is executed without data cache.
=> the previous path 7/7 of v2 series is dropped to avoid performance issue on other ARM target.
To avoid this issue on stm32mp32mp platform, this V3 series moves the lmb initialization in enable_caches() and the lmb variable becomes a static struct.
This v3 series is composed by 7 patches - 1..3/7: preliminary steps to support flags in library in lmb (as it is done in memblock.c in Linux) - 4/7: unitary test on the added feature in lmb lib - 5/7: save the no-map flags in lmb when the device tree is parsed - 6/7: solve issue for the size of cacheable area in pre-reloc case - 7/7: update the stm32mp mmu support
See also [4] which handle same speculative access on armv8 for area with Executable attribute.
[1] http://patchwork.ozlabs.org/project/uboot/list/?series=228543&state=* [2] http://patchwork.ozlabs.org/project/uboot/list/?series=228202&state=* [3] http://patchwork.ozlabs.org/project/uboot/list/?series=227570&state=* [4] http://patchwork.ozlabs.org/project/uboot/patch/20200903000106.5016-1-marek....
Regards Patrick
Changes in v3: - NEW: solve performance issue as relocated DT is not marked cacheable - call lmb_init_and_reserve when data cache is activated in enable_caches() - drop v2 patch "arm: cache: cp15: don't map the reserved region with no-map property"
Changes in v2: - remove unnecessary comments in lmb.h - rebase on latest lmb patches - NEW: update in stm32mp specific MMU setup functions
Patrick Delaunay (7): lmb: Add support of flags for no-map properties lmb: add lmb_is_reserved_flags lmb: add lmb_dump_region() function test: lmb: add test for lmb_reserve_flags image-fdt: save no-map parameter of reserve-memory stm32mp: Increase the reserved memory in board_get_usable_ram_top stm32mp: don't map the reserved region with no-map property
arch/arm/mach-stm32mp/cpu.c | 17 +++++- arch/arm/mach-stm32mp/dram_init.c | 3 +- common/image-fdt.c | 23 +++++--- include/lmb.h | 21 +++++++ lib/lmb.c | 94 ++++++++++++++++++++++--------- test/lib/lmb.c | 89 +++++++++++++++++++++++++++++ 6 files changed, 209 insertions(+), 38 deletions(-)