[PATCH v2 00/10] ARM: mmu: inhibit speculation into secure memory

[Ahmad Fatoum <a.fatoum@pengutronix.de>]

v1 -> v2:
  - fold misplaced hunk changing %u added in [01/10] into 0x%x in
    [02/10] directly into [01/10] (Ulrich)
  - Correct typo in commit message (Sascha)

When setting up page tables, barebox marks all the address space as
eXecute Never and uncached, except for the memory banks. If we happen to
have secure memory, this is andequate as speculative execution may read
from secure memory or even attempt to execute it leading to spurious
data aborts. The way around this so far was either having OP-TEE in SRAM
(which normally isn't a barebox memory bank) or having it at the end of
DRAM, but adjusting size, so it's not covered by a memory bank.

This adds a generic solution to the issue. We already request the SDRAM
regions described by the reserved memory entries in the DT. We go a step
further and mark them as IORESOURCE_BUSY, which we can then evaluat in
the MMU setup code to map these regions uncached and eXecute Never.

There has been previous attempts by Rouven to achieve this, the latest
being:

  https://lore.barebox.org/barebox/20210803094418.475609-1-r.czerwinski@pengutronix.de/

While this series tries to achieve the same end goal, it goes about it
in a different manner: We don't use FDT fixup table to tell us what to
nstead have both the FDT fixup table and the /reserved-memory child
nodes feed into the barebox request_sdram_region allocator and then
use to apply caching attributes.

Note that this doesn't yet solve all problems. For example, PPA secure
monitor installation on Layerscape may happen with CONFIG_MMU_EARLY=y,
in which case barebox in EL2 may speculate into the secure memory
before any device tree reserved-memory settings are considered. For this
reason, both early MMU and normal MMU setup must be aware of the
reserved memory regions. The original patch set by Rouven used FDT
parsing in PBL to achieve this, but this is omitted here to limit
scope of the patch series. Instead we only handle the CONFIG_OPTEE_SIZE
case out-of-the-box.

Ahmad Fatoum (9):
  resource: add flags parameter to __request_region
  common: allow requesting SDRAM regions with custom flags
  memory: define reserve_sdram_region helper
  init: define new postmem_initcall()
  of: reserved-mem: reserve regions prior to mmu_initcall()
  ARM: mmu64: map reserved regions uncached
  ARM: mmu: define attrs_uncached_mem() helper
  ARM: early-mmu: don't cache/prefetch OPTEE_SIZE bytes from end of
    memory
  commands: iomem: point out [R]eserved regions

Rouven Czerwinski (1):
  ARM: mmu: use reserve mem entries to modify maps

 arch/arm/cpu/mmu-common.h         | 15 ++++++++++++
 arch/arm/cpu/mmu.c                | 40 ++++++++++++++++++++++---------
 arch/arm/cpu/mmu.h                |  9 +++++--
 arch/arm/cpu/mmu_64.c             | 10 +++++++-
 arch/arm/cpu/start.c              |  2 +-
 arch/arm/cpu/uncompress.c         |  2 +-
 commands/iomemport.c              |  9 ++++---
 common/memory.c                   | 27 ++++++++-------------
 common/resource.c                 | 13 +++++-----
 drivers/of/reserved-mem.c         | 34 +++++++++++++++++---------
 include/asm-generic/barebox.lds.h |  1 +
 include/init.h                    | 21 ++++++++--------
 include/linux/ioport.h            |  4 ++--
 include/memory.h                  | 25 +++++++++++++++++--
 include/of.h                      |  7 ------
 15 files changed, 145 insertions(+), 74 deletions(-)

-- 
2.30.2