mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH 0/3] ARMv7: mmu: fix setting eXecute Never for device memory
@ 2019-10-09 16:40 Ahmad Fatoum
  2019-10-09 16:40 ` [PATCH 1/3] ARM: cache-armv7: remove duplicate domain initialization Ahmad Fatoum
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Ahmad Fatoum @ 2019-10-09 16:40 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum

Greetings,

in 0198567c4 ("ARM: mmu: mark uncached regions as eXecute never on v7"),
I had my first attempt at supporting eXecute Never in barebox.
This was meant to prevent speculative execution from accessing
read-sensitive device memory and the erratic behavior it could entail.

The XN bit not only prevents speculation, but also any execution at all,
as the name suggests, so the patchset can be tested by just executing
the code and asserting that the prefetch abort occurs, something that
I unfortunately missed during the first time round.

This patchset rectifies this and now Prefetch Aborts are thrown as
expected. They weren't before barebox uses a domain with manager permissions
for all mappings. This means that no permission checks at all are conducted
and our new XN settings were without effect.

There are theoritical regressions with this patch: any ARMv7 barebox platform
that directly jumps into ROM code with the MMU enabled will cease to
work. Assuming all memory outside of the barebox text section and SDRAM to be
non-executable however seems the right thing to do. Platforms that do
call back into ROM code should explicitly indicate that they intend to
do so in the PBL.

These patches fix a cache corruption issue[1] I've observed on the i.MX6UL(L)
that resulted from speculative fetches into the MMDC region following the 512M
SDRAM on the EVKs.

This time I tested it by by jumping into IO memory with go -m, which I had
introduced in this patch:
https://www.spinics.net/lists/u-boot-v2/msg38947.html

Tested SoCs:

- i.MX6UL (Cortex-A7, barebox directly loaded into SDRAM)
- i.MX6Q  (Cortex-A9, barebox directly loaded into SDRAM)
- SAMA5D3 (Cortex-A5, barebox loaded into SRAM then SDRAM)

[1]: https://community.nxp.com/thread/511925

Cheers
Ahmad Fatoum (3):
  ARM: cache-armv7: remove duplicate domain initialization
  ARM: mmu: set R/W bits in ARMv7 translation table
  ARM: mmu: use client domain permissions to support ARMv7 eXecute Never

 arch/arm/cpu/cache-armv7.S |  2 --
 arch/arm/cpu/mmu-early.c   |  7 ++++++-
 arch/arm/cpu/mmu.c         | 18 ++++++++++++------
 arch/arm/cpu/mmu.h         |  1 +
 4 files changed, 19 insertions(+), 9 deletions(-)

-- 
2.23.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2019-10-14 10:47 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-09 16:40 [PATCH 0/3] ARMv7: mmu: fix setting eXecute Never for device memory Ahmad Fatoum
2019-10-09 16:40 ` [PATCH 1/3] ARM: cache-armv7: remove duplicate domain initialization Ahmad Fatoum
2019-10-09 16:40 ` [PATCH 2/3] ARM: mmu: set R/W bits in ARMv7 translation table Ahmad Fatoum
2019-10-09 16:40 ` [PATCH 3/3] ARM: mmu: use client domain permissions to support ARMv7 eXecute Never Ahmad Fatoum
2019-10-14 10:47 ` [PATCH 0/3] ARMv7: mmu: fix setting eXecute Never for device memory Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox