From: Patrick Delaunay Date: Fri, 7 May 2021 12:50:35 +0000 (+0200) Subject: stm32mp: don't map the reserved region with no-map property X-Git-Tag: v2025.01-rc5-pxa1908~1819^2~15^2 X-Git-Url: http://git.dujemihanovic.xyz/%22http:/www.sics.se/static/%7B%7B%20.RelPermalink%20%7D%7D?a=commitdiff_plain;h=ade4e0428f4d85454fdb3818702facc7728a274a;p=u-boot.git stm32mp: don't map the reserved region with no-map property No more map the reserved region with "no-map" property by marking the corresponding TLB entries with invalid entry (=0) to avoid speculative access. The device tree parsing done in lmb_init_and_reserve() takes a long time when it is executed without data cache, so it is called in enable_caches() before to disable it. This patch fixes an issue where predictive read access on secure DDR OP-TEE reserved area are caught by firewall. Series-cc: marex Series-cc: pch Series-cc: marek.bykowski@gmail.com Series-cc: Ard Biesheuvel Series-cc: Etienne Carriere Signed-off-by: Patrick Delaunay --- diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c index 8115d58b19..592bfd413d 100644 --- a/arch/arm/mach-stm32mp/cpu.c +++ b/arch/arm/mach-stm32mp/cpu.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -90,6 +91,8 @@ */ u8 early_tlb[PGTABLE_SIZE] __section(".data") __aligned(0x4000); +struct lmb lmb; + #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) #ifndef CONFIG_TFABOOT static void security_init(void) @@ -221,6 +224,8 @@ void dram_bank_mmu_setup(int bank) int i; phys_addr_t start; phys_size_t size; + bool use_lmb = false; + enum dcache_option option; if (IS_ENABLED(CONFIG_SPL_BUILD)) { start = ALIGN_DOWN(STM32_SYSRAM_BASE, MMU_SECTION_SIZE); @@ -229,6 +234,7 @@ void dram_bank_mmu_setup(int bank) /* bd->bi_dram is available only after relocation */ start = bd->bi_dram[bank].start; size = bd->bi_dram[bank].size; + use_lmb = true; } else { /* mark cacheable and executable the beggining of the DDR */ start = STM32_DDR_BASE; @@ -237,8 +243,12 @@ void dram_bank_mmu_setup(int bank) for (i = start >> MMU_SECTION_SHIFT; i < (start >> MMU_SECTION_SHIFT) + (size >> MMU_SECTION_SHIFT); - i++) - set_section_dcache(i, DCACHE_DEFAULT_OPTION); + i++) { + option = DCACHE_DEFAULT_OPTION; + if (use_lmb && lmb_is_reserved_flags(&lmb, i << MMU_SECTION_SHIFT, LMB_NOMAP)) + option = 0; /* INVALID ENTRY in TLB */ + set_section_dcache(i, option); + } } /* * initialize the MMU and activate cache in SPL or in U-Boot pre-reloc stage @@ -302,6 +312,9 @@ int arch_cpu_init(void) void enable_caches(void) { + /* parse device tree when data cache is still activated */ + lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob); + /* I-cache is already enabled in start.S: icache_enable() not needed */ /* deactivate the data cache, early enabled in arch_cpu_init() */