Re: [PATCH v2 00/10] ARM: mmu: inhibit speculation into secure memory

[Sascha Hauer <sha@pengutronix.de>]

On Wed, Aug 17, 2022 at 01:42:34PM +0200, Ahmad Fatoum wrote:
> v1 -> v2:
>   - fold misplaced hunk changing %u added in [01/10] into 0x%x in
>     [02/10] directly into [01/10] (Ulrich)
>   - Correct typo in commit message (Sascha)
> 
> When setting up page tables, barebox marks all the address space as
> eXecute Never and uncached, except for the memory banks. If we happen to
> have secure memory, this is andequate as speculative execution may read
> from secure memory or even attempt to execute it leading to spurious
> data aborts. The way around this so far was either having OP-TEE in SRAM
> (which normally isn't a barebox memory bank) or having it at the end of
> DRAM, but adjusting size, so it's not covered by a memory bank.
> 
> This adds a generic solution to the issue. We already request the SDRAM
> regions described by the reserved memory entries in the DT. We go a step
> further and mark them as IORESOURCE_BUSY, which we can then evaluat in
> the MMU setup code to map these regions uncached and eXecute Never.
> 
> There has been previous attempts by Rouven to achieve this, the latest
> being:
> 
>   https://lore.barebox.org/barebox/20210803094418.475609-1-r.czerwinski@pengutronix.de/
> 
> While this series tries to achieve the same end goal, it goes about it
> in a different manner: We don't use FDT fixup table to tell us what to
> nstead have both the FDT fixup table and the /reserved-memory child
> nodes feed into the barebox request_sdram_region allocator and then
> use to apply caching attributes.
> 
> Note that this doesn't yet solve all problems. For example, PPA secure
> monitor installation on Layerscape may happen with CONFIG_MMU_EARLY=y,
> in which case barebox in EL2 may speculate into the secure memory
> before any device tree reserved-memory settings are considered. For this
> reason, both early MMU and normal MMU setup must be aware of the
> reserved memory regions. The original patch set by Rouven used FDT
> parsing in PBL to achieve this, but this is omitted here to limit
> scope of the patch series. Instead we only handle the CONFIG_OPTEE_SIZE
> case out-of-the-box.
> 
> Ahmad Fatoum (9):
>   resource: add flags parameter to __request_region
>   common: allow requesting SDRAM regions with custom flags
>   memory: define reserve_sdram_region helper
>   init: define new postmem_initcall()
>   of: reserved-mem: reserve regions prior to mmu_initcall()
>   ARM: mmu64: map reserved regions uncached
>   ARM: mmu: define attrs_uncached_mem() helper
>   ARM: early-mmu: don't cache/prefetch OPTEE_SIZE bytes from end of
>     memory
>   commands: iomem: point out [R]eserved regions
> 
> Rouven Czerwinski (1):
>   ARM: mmu: use reserve mem entries to modify maps

Applied, thanks

Sascha


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |