[U-Boot] [PATCH 1/2] arm: Set TTB XN bit in case DCACHE_OFF for LPAE mode
While we setup the mmu initially we mark set_section_dcache with DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro is rightly defined with TTB_SECT_XN_MASK set so as to mark all the 4GB XN. In case of LPAE mode XN(Execute-never) bit is not set with DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which keeps all the regions execute okay and this leads to random speculative fetches in random memory regions which was eventually caught by kernel omap-l3-noc driver.
Fix this to mark the regions as XN by default.
Signed-off-by: Keerthy j-keerthy@ti.com --- arch/arm/include/asm/system.h | 2 +- arch/arm/lib/cache-cp15.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index b928bd8..2f430ad 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h @@ -329,7 +329,7 @@ static inline void set_dacr(unsigned int val)
/* options available for data cache on each page */ enum dcache_option { - DCACHE_OFF = TTB_SECT | TTB_SECT_MAIR(0), + DCACHE_OFF = TTB_SECT | TTB_SECT_MAIR(0) | TTB_SECT_XN_MASK, DCACHE_WRITETHROUGH = TTB_SECT | TTB_SECT_MAIR(1), DCACHE_WRITEBACK = TTB_SECT | TTB_SECT_MAIR(2), DCACHE_WRITEALLOC = TTB_SECT | TTB_SECT_MAIR(3), diff --git a/arch/arm/lib/cache-cp15.c b/arch/arm/lib/cache-cp15.c index 70e94f0..4d9903e 100644 --- a/arch/arm/lib/cache-cp15.c +++ b/arch/arm/lib/cache-cp15.c @@ -71,8 +71,13 @@ void mmu_set_region_dcache_behaviour(phys_addr_t start, size_t size,
end = ALIGN(start + size, MMU_SECTION_SIZE) >> MMU_SECTION_SHIFT; start = start >> MMU_SECTION_SHIFT; +#ifdef CONFIG_ARMV7_LPAE + debug("%s: start=%pa, size=%zu, option=%llu\n", __func__, &start, size, + option); +#else debug("%s: start=%pa, size=%zu, option=%d\n", __func__, &start, size, option); +#endif for (upto = start; upto < end; upto++) set_section_dcache(upto, option);
Clear the XN bit in the ARMV7_DCACHE_POLICY so as to mark the regions as execute okay.
Signed-off-by: Keerthy j-keerthy@ti.com --- arch/arm/cpu/armv7/omap-common/omap-cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/cpu/armv7/omap-common/omap-cache.c b/arch/arm/cpu/armv7/omap-common/omap-cache.c index b37163a..a71aa0d 100644 --- a/arch/arm/cpu/armv7/omap-common/omap-cache.c +++ b/arch/arm/cpu/armv7/omap-common/omap-cache.c @@ -34,7 +34,7 @@ DECLARE_GLOBAL_DATA_PTR; */
#ifdef CONFIG_ARMV7_LPAE -#define ARMV7_DCACHE_POLICY DCACHE_WRITEALLOC +#define ARMV7_DCACHE_POLICY DCACHE_WRITEALLOC & ~TTB_SECT_XN_MASK #else #define ARMV7_DCACHE_POLICY DCACHE_WRITEBACK & ~TTB_SECT_XN_MASK #endif
On 28/10/2016 08:31, Keerthy wrote:
Clear the XN bit in the ARMV7_DCACHE_POLICY so as to mark the regions as execute okay.
Signed-off-by: Keerthy j-keerthy@ti.com
How did you ever get the bit set in DCACHE_WRITEALLOC or WRITEBACK in the first place? Both are RAM mapping flags which shouldn't have the XN mask set.
Alex
arch/arm/cpu/armv7/omap-common/omap-cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/cpu/armv7/omap-common/omap-cache.c b/arch/arm/cpu/armv7/omap-common/omap-cache.c index b37163a..a71aa0d 100644 --- a/arch/arm/cpu/armv7/omap-common/omap-cache.c +++ b/arch/arm/cpu/armv7/omap-common/omap-cache.c @@ -34,7 +34,7 @@ DECLARE_GLOBAL_DATA_PTR; */
#ifdef CONFIG_ARMV7_LPAE -#define ARMV7_DCACHE_POLICY DCACHE_WRITEALLOC +#define ARMV7_DCACHE_POLICY DCACHE_WRITEALLOC & ~TTB_SECT_XN_MASK #else #define ARMV7_DCACHE_POLICY DCACHE_WRITEBACK & ~TTB_SECT_XN_MASK #endif
On Friday 28 October 2016 12:56 PM, Alexander Graf wrote:
On 28/10/2016 08:31, Keerthy wrote:
Clear the XN bit in the ARMV7_DCACHE_POLICY so as to mark the regions as execute okay.
Signed-off-by: Keerthy j-keerthy@ti.com
How did you ever get the bit set in DCACHE_WRITEALLOC or WRITEBACK in the first place? Both are RAM mapping flags which shouldn't have the XN mask set.
Just searched through none of them have the bit sit so that is redundant. I added to be doubly sure and can be removed. This patch is not needed.
Alex
arch/arm/cpu/armv7/omap-common/omap-cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/cpu/armv7/omap-common/omap-cache.c b/arch/arm/cpu/armv7/omap-common/omap-cache.c index b37163a..a71aa0d 100644 --- a/arch/arm/cpu/armv7/omap-common/omap-cache.c +++ b/arch/arm/cpu/armv7/omap-common/omap-cache.c @@ -34,7 +34,7 @@ DECLARE_GLOBAL_DATA_PTR; */
#ifdef CONFIG_ARMV7_LPAE -#define ARMV7_DCACHE_POLICY DCACHE_WRITEALLOC +#define ARMV7_DCACHE_POLICY DCACHE_WRITEALLOC & ~TTB_SECT_XN_MASK #else #define ARMV7_DCACHE_POLICY DCACHE_WRITEBACK & ~TTB_SECT_XN_MASK #endif
On Fri, Oct 28, 2016 at 12:01:44PM +0530, Keerthy wrote:
Clear the XN bit in the ARMV7_DCACHE_POLICY so as to mark the regions as execute okay.
Signed-off-by: Keerthy j-keerthy@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On 28/10/2016 08:31, Keerthy wrote:
While we setup the mmu initially we mark set_section_dcache with DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro is rightly defined with TTB_SECT_XN_MASK set so as to mark all the 4GB XN. In case of LPAE mode XN(Execute-never) bit is not set with DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which keeps all the regions execute okay and this leads to random speculative fetches in random memory regions which was eventually caught by kernel omap-l3-noc driver.
Fix this to mark the regions as XN by default.
Signed-off-by: Keerthy j-keerthy@ti.com
Reviewed-by: Alexander Graf agraf@suse.de
I guess in theory we could have the same problem on armv8, but we don't right now because we only map known populated memory regions. And cross our fingers that speculative instruction fetches don't both MMIO regions. Hmm.
Alex
arch/arm/include/asm/system.h | 2 +- arch/arm/lib/cache-cp15.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index b928bd8..2f430ad 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h @@ -329,7 +329,7 @@ static inline void set_dacr(unsigned int val)
/* options available for data cache on each page */ enum dcache_option {
- DCACHE_OFF = TTB_SECT | TTB_SECT_MAIR(0),
- DCACHE_OFF = TTB_SECT | TTB_SECT_MAIR(0) | TTB_SECT_XN_MASK, DCACHE_WRITETHROUGH = TTB_SECT | TTB_SECT_MAIR(1), DCACHE_WRITEBACK = TTB_SECT | TTB_SECT_MAIR(2), DCACHE_WRITEALLOC = TTB_SECT | TTB_SECT_MAIR(3),
diff --git a/arch/arm/lib/cache-cp15.c b/arch/arm/lib/cache-cp15.c index 70e94f0..4d9903e 100644 --- a/arch/arm/lib/cache-cp15.c +++ b/arch/arm/lib/cache-cp15.c @@ -71,8 +71,13 @@ void mmu_set_region_dcache_behaviour(phys_addr_t start, size_t size,
end = ALIGN(start + size, MMU_SECTION_SIZE) >> MMU_SECTION_SHIFT; start = start >> MMU_SECTION_SHIFT; +#ifdef CONFIG_ARMV7_LPAE
- debug("%s: start=%pa, size=%zu, option=%llu\n", __func__, &start, size,
option);+#else debug("%s: start=%pa, size=%zu, option=%d\n", __func__, &start, size, option); +#endif for (upto = start; upto < end; upto++) set_section_dcache(upto, option);
On Fri, Oct 28, 2016 at 12:01:43PM +0530, Keerthy wrote:
While we setup the mmu initially we mark set_section_dcache with DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro is rightly defined with TTB_SECT_XN_MASK set so as to mark all the 4GB XN. In case of LPAE mode XN(Execute-never) bit is not set with DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which keeps all the regions execute okay and this leads to random speculative fetches in random memory regions which was eventually caught by kernel omap-l3-noc driver.
Fix this to mark the regions as XN by default.
Signed-off-by: Keerthy j-keerthy@ti.com
arch/arm/include/asm/system.h | 2 +- arch/arm/lib/cache-cp15.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index b928bd8..2f430ad 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h @@ -329,7 +329,7 @@ static inline void set_dacr(unsigned int val)
/* options available for data cache on each page */ enum dcache_option {
- DCACHE_OFF = TTB_SECT | TTB_SECT_MAIR(0),
- DCACHE_OFF = TTB_SECT | TTB_SECT_MAIR(0) | TTB_SECT_XN_MASK, DCACHE_WRITETHROUGH = TTB_SECT | TTB_SECT_MAIR(1), DCACHE_WRITEBACK = TTB_SECT | TTB_SECT_MAIR(2), DCACHE_WRITEALLOC = TTB_SECT | TTB_SECT_MAIR(3),
diff --git a/arch/arm/lib/cache-cp15.c b/arch/arm/lib/cache-cp15.c index 70e94f0..4d9903e 100644 --- a/arch/arm/lib/cache-cp15.c +++ b/arch/arm/lib/cache-cp15.c @@ -71,8 +71,13 @@ void mmu_set_region_dcache_behaviour(phys_addr_t start, size_t size,
end = ALIGN(start + size, MMU_SECTION_SIZE) >> MMU_SECTION_SHIFT; start = start >> MMU_SECTION_SHIFT; +#ifdef CONFIG_ARMV7_LPAE
- debug("%s: start=%pa, size=%zu, option=%llu\n", __func__, &start, size,
option);+#else debug("%s: start=%pa, size=%zu, option=%d\n", __func__, &start, size, option); +#endif
Does it really make sense to be printing option in decimal rather than hex here?
On Friday 28 October 2016 06:42 PM, Tom Rini wrote:
On Fri, Oct 28, 2016 at 12:01:43PM +0530, Keerthy wrote:
While we setup the mmu initially we mark set_section_dcache with DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro is rightly defined with TTB_SECT_XN_MASK set so as to mark all the 4GB XN. In case of LPAE mode XN(Execute-never) bit is not set with DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which keeps all the regions execute okay and this leads to random speculative fetches in random memory regions which was eventually caught by kernel omap-l3-noc driver.
Fix this to mark the regions as XN by default.
Signed-off-by: Keerthy j-keerthy@ti.com
arch/arm/include/asm/system.h | 2 +- arch/arm/lib/cache-cp15.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index b928bd8..2f430ad 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h @@ -329,7 +329,7 @@ static inline void set_dacr(unsigned int val)
/* options available for data cache on each page */ enum dcache_option {
- DCACHE_OFF = TTB_SECT | TTB_SECT_MAIR(0),
- DCACHE_OFF = TTB_SECT | TTB_SECT_MAIR(0) | TTB_SECT_XN_MASK, DCACHE_WRITETHROUGH = TTB_SECT | TTB_SECT_MAIR(1), DCACHE_WRITEBACK = TTB_SECT | TTB_SECT_MAIR(2), DCACHE_WRITEALLOC = TTB_SECT | TTB_SECT_MAIR(3),
diff --git a/arch/arm/lib/cache-cp15.c b/arch/arm/lib/cache-cp15.c index 70e94f0..4d9903e 100644 --- a/arch/arm/lib/cache-cp15.c +++ b/arch/arm/lib/cache-cp15.c @@ -71,8 +71,13 @@ void mmu_set_region_dcache_behaviour(phys_addr_t start, size_t size,
end = ALIGN(start + size, MMU_SECTION_SIZE) >> MMU_SECTION_SHIFT; start = start >> MMU_SECTION_SHIFT; +#ifdef CONFIG_ARMV7_LPAE
- debug("%s: start=%pa, size=%zu, option=%llu\n", __func__, &start, size,
option);+#else debug("%s: start=%pa, size=%zu, option=%d\n", __func__, &start, size, option); +#endif
Does it really make sense to be printing option in decimal rather than hex here?
Okay. I will change that to hex and re-post.
participants (3)
-
Alexander Graf -
Keerthy -
Tom Rini