From: Ahmad Fatoum <a.fatoum@pengutronix.de> To: Peter Rosin <peda@axentia.se>, Rouven Czerwinski <r.czerwinski@pengutronix.de>, Sascha Hauer <s.hauer@pengutronix.de>, Ahmad Fatoum <ahmad@a3f.at> Cc: Barebox List <barebox@lists.infradead.org> Subject: Re: [PATCH 3/4] Revert "ARM: mmu: use client domain permissions to support ARMv7 eXecute Never" Date: Mon, 20 Sep 2021 11:14:01 +0200 [thread overview] Message-ID: <aa1fb3a8-6d97-1c3f-ec7e-82489c8ceb0a@pengutronix.de> (raw) In-Reply-To: <02b09328-e300-f36e-4cc4-daa7afb47ad5@axentia.se> Hi Peter, On 19.09.21 09:50, Peter Rosin wrote: > On 2021-09-19 09:06, Rouven Czerwinski wrote: >> Hi Peter, >> >> while this may break for your board, it fundamentally introduces the >> possibility to speculate out of the RAM area on speculation happy > > I'm aware of that. For me, speculation is not an issue since *any* > rogue code running on the embedded device in question is a major fail. We have seen Cortex-A7 CPUs speculatively executing I/O memory. That's why we mar everything eXecute-Never except for known memory banks and expect board code to mark any further regions that are safe to execute manually. > Also, from the cover letter: > > "I'm going to follow up with patches. I very much realize that > these patches are most likely not acceptable as-is, but I do > include them since they are probably the best description of > where the problems are." > >> processors. Are you calling into SAMA5D3 ROM code somewhere? If so an > > *I* am not calling anything. Maybe the board code for sama5d3xek is, > but I have no idea as it's not "my" code. How can I figure out if it > does? If you don't revert this patch. Do you get any output at all? If not, enable DEBUG_LL and see how far you get before hanging. Cheers, Ahad > > Cheers, > Peter > >> exception can be added similar to the handling for the HAB code >> (arch/arm/cpu/mmu_early.c): >> >> if (IS_ENABLED(CONFIG_HABV4) && IS_ENABLED(CONFIG_ARCH_IMX6)) >> map_region(0x0, SZ_1M, PMD_SECT_DEF_CACHED); >> >> which allows calls into the NXP boot ROM to retrieve the HAB status. > > _______________________________________________ > barebox mailing list > barebox@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/barebox > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2021-09-20 9:15 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-09-17 22:37 at91 sama5d3 "regressions" Peter Rosin 2021-09-17 22:39 ` [PATCH 1/4] common.h: reintroduce region_overlap() as, old_region_overlap() Peter Rosin 2021-09-17 22:39 ` [PATCH 2/4] ARM: copy data if there is a region overlap Peter Rosin 2021-09-17 22:40 ` [PATCH 3/4] Revert "ARM: mmu: use client domain permissions to support ARMv7 eXecute Never" Peter Rosin 2021-09-19 7:06 ` Rouven Czerwinski 2021-09-19 7:50 ` Peter Rosin 2021-09-19 20:33 ` Peter Rosin 2021-09-20 9:14 ` Ahmad Fatoum [this message] 2021-09-20 10:22 ` Peter Rosin 2021-09-17 22:41 ` [PATCH 4/4] lds: the RO_DATA_SECTION macro does not work on my SAMA5D3 board Peter Rosin 2021-09-17 23:57 ` at91 sama5d3 "regressions" Peter Rosin 2021-09-19 6:32 ` Peter Rosin 2021-09-22 7:06 ` Ahmad Fatoum 2021-09-22 7:41 ` Peter Rosin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=aa1fb3a8-6d97-1c3f-ec7e-82489c8ceb0a@pengutronix.de \ --to=a.fatoum@pengutronix.de \ --cc=ahmad@a3f.at \ --cc=barebox@lists.infradead.org \ --cc=peda@axentia.se \ --cc=r.czerwinski@pengutronix.de \ --cc=s.hauer@pengutronix.de \ --subject='Re: [PATCH 3/4] Revert "ARM: mmu: use client domain permissions to support ARMv7 eXecute Never"' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox