| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Mar 2024 23:29:09 +0000 From: Caleb Connolly <caleb.connolly@...aro.org> To: Konrad Dybcio <konrad.dybcio@...aro.org>, Volodymyr Babchuk <Volodymyr_Babchuk@...m.com> Cc: Bjorn Andersson <andersson@...nel.org>, "linux-arm-msm@...r.kernel.org" <linux-arm-msm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Douglas Anderson <dianders@...omium.org>, Rob Clark <robdclark@...il.com> Subject: Re: [PATCH] soc: qcom: cmd-db: map shared memory as WT, not WB On 27/03/2024 21:06, Konrad Dybcio wrote: > On 27.03.2024 10:04 PM, Volodymyr Babchuk wrote: >> >> Hi Konrad, >> >> Konrad Dybcio <konrad.dybcio@...aro.org> writes: >> >>> On 27.03.2024 9:09 PM, Volodymyr Babchuk wrote: >>>> It appears that hardware does not like cacheable accesses to this >>>> region. Trying to access this shared memory region as Normal Memory >>>> leads to secure interrupt which causes an endless loop somewhere in >>>> Trust Zone. >>>> >>>> The only reason it is working right now is because Qualcomm Hypervisor >>>> maps the same region as Non-Cacheable memory in Stage 2 translation >>>> tables. The issue manifests if we want to use another hypervisor (like >>>> Xen or KVM), which does not know anything about those specific >>>> mappings. This patch fixes the issue by mapping the shared memory as >>>> Write-Through. This removes dependency on correct mappings in Stage 2 >>>> tables. >>>> >>>> I tested this on SA8155P with Xen. >>>> >>>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@...m.com> >>>> --- >>> >>> Interesting.. >>> >>> +Doug, Rob have you ever seen this on Chrome? (FYI, Volodymyr, chromebooks >>> ship with no qcom hypervisor) >> >> Well, maybe I was wrong when called this thing "hypervisor". All I know >> that it sits in hyp.mbn partition and all what it does is setup EL2 >> before switching to EL1 and running UEFI. >> >> In my experiments I replaced contents of hyp.mbn with U-Boot, which gave >> me access to EL2 and I was able to boot Xen and then Linux as Dom0. > > Yeah we're talking about the same thing. I was just curious whether > the Chrome folks have heard of it, or whether they have any changes/ > workarounds for it. Does Linux ever write to this region? Given that the Chromebooks don't seem to have issues with this (we have a bunch of them in pmOS and I'd be very very surprised if this was an issue there which nobody had tried upstreaming before) I'd guess the significant difference here is between booting Linux in EL2 (as Chromebooks do?) vs with Xen. Volodymyr: have you tried booting the kernel directly from U-Boot in EL2? Can you confirm if this issues also happens then? > > Konrad -- // Caleb (they/them)
Powered by blists - more mailing lists