lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 28 Mar 2024 22:19:04 +0000
From: Volodymyr Babchuk <Volodymyr_Babchuk@...m.com>
To: "Maulik Shah (mkshah)" <quic_mkshah@...cinc.com>
CC: Caleb Connolly <caleb.connolly@...aro.org>,
        "andersson@...nel.org >> Bjorn
 Andersson" <andersson@...nel.org>,
        Konrad Dybcio <konrad.dybcio@...aro.org>,
        linux-arm-msm <linux-arm-msm@...r.kernel.org>,
        LKML
	<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] soc: qcom: cmd-db: map shared memory as WT, not WB


Hi Maulik

"Maulik Shah (mkshah)" <quic_mkshah@...cinc.com> writes:

> On 3/28/2024 1:39 AM, Volodymyr Babchuk wrote:
>> It appears that hardware does not like cacheable accesses to this
>> region. Trying to access this shared memory region as Normal Memory
>> leads to secure interrupt which causes an endless loop somewhere in
>> Trust Zone.
>
> Linux does not write into cmd-db region. This region is write
> protected by XPU. Making this region uncached magically solves the XPU
> write fault
> issue.
>
> Can you please include above details?

Sure, I'll add this to the next version.

>> The only reason it is working right now is because Qualcomm
>> Hypervisor
>> maps the same region as Non-Cacheable memory in Stage 2 translation
>> tables. The issue manifests if we want to use another hypervisor (like
>> Xen or KVM), which does not know anything about those specific
>> mappings. This patch fixes the issue by mapping the shared memory as
>> Write-Through. This removes dependency on correct mappings in Stage 2
>> tables.
>
> Using MEMREMAP_WC also resolves for qcm6490, see below comment.
>
>> I tested this on SA8155P with Xen.
>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@...m.com>
>> ---
>>   drivers/soc/qcom/cmd-db.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>> diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c
>> index a5fd68411bed5..dd5ababdb476c 100644
>> --- a/drivers/soc/qcom/cmd-db.c
>> +++ b/drivers/soc/qcom/cmd-db.c
>> @@ -324,7 +324,7 @@ static int cmd_db_dev_probe(struct platform_device *pdev)
>>   		return -EINVAL;
>>   	}
>>   -	cmd_db_header = memremap(rmem->base, rmem->size, MEMREMAP_WB);
>> +	cmd_db_header = memremap(rmem->base, rmem->size, MEMREMAP_WT);
>
> In downstream, we have below which resolved similar issue on qcm6490.
>
> cmd_db_header = memremap(rmem->base, rmem->size, MEMREMAP_WC);
>
> Downstream SA8155P also have MEMREMAP_WC. Can you please give it a try
> on your device?

Yes, MEMREMAP_WC works as well. This opens the question: which type is
more correct? I have no deep understanding in QCOM internals so it is
hard to me to answer this question.

-- 
WBR, Volodymyr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ