lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Nov 2022 14:11:10 +0000 From: Will Deacon <will@...nel.org> To: Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org> Cc: catalin.marinas@....com, robin.murphy@....com, amit.pundir@...aro.org, andersson@...nel.org, quic_sibis@...cinc.com, sumit.semwal@...aro.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Revert "arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()" On Mon, Nov 14, 2022 at 04:33:29PM +0530, Manivannan Sadhasivam wrote: > This reverts commit c44094eee32f32f175aadc0efcac449d99b1bbf7. > > As reported by Amit [1], dropping cache invalidation from > arch_dma_prep_coherent() triggers a crash on the Qualcomm SM8250 platform > (most probably on other Qcom platforms too). The reason is, Qcom > qcom_q6v5_mss driver copies the firmware metadata and shares it with modem > for validation. The modem has a secure block (XPU) that will trigger a > whole system crash if the shared memory is accessed by the CPU while modem > is poking at it. > > To avoid this issue, the qcom_q6v5_mss driver allocates a chunk of memory > with no kernel mapping, vmap's it, copies the firmware metadata and > unvmap's it. Finally the address is then shared with modem for metadata > validation [2]. > > Now because of the removal of cache invalidation from > arch_dma_prep_coherent(), there will be cache lines associated with this > memory even after sharing with modem. So when the CPU accesses it, the XPU > violation gets triggered. This last past is a non-sequitur: the buffer is no longer mapped on the CPU side, so how would the CPU access it? As I just replied to Amit, we need more information about what this "access" is and how it is being detected. Will
Powered by blists - more mailing lists