| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Mar 2024 10:58:56 +0100 From: Stephan Gerhold <stephan@...hold.net> To: Caleb Connolly <caleb.connolly@...aro.org> Cc: Konrad Dybcio <konrad.dybcio@...aro.org>, Volodymyr Babchuk <Volodymyr_Babchuk@...m.com>, Bjorn Andersson <andersson@...nel.org>, "linux-arm-msm@...r.kernel.org" <linux-arm-msm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Douglas Anderson <dianders@...omium.org>, Rob Clark <robdclark@...il.com>, Stephen Boyd <swboyd@...omium.org> Subject: Re: [PATCH] soc: qcom: cmd-db: map shared memory as WT, not WB On Wed, Mar 27, 2024 at 11:29:09PM +0000, Caleb Connolly wrote: > On 27/03/2024 21:06, Konrad Dybcio wrote: > > On 27.03.2024 10:04 PM, Volodymyr Babchuk wrote: > >> Konrad Dybcio <konrad.dybcio@...aro.org> writes: > >>> On 27.03.2024 9:09 PM, Volodymyr Babchuk wrote: > >>>> It appears that hardware does not like cacheable accesses to this > >>>> region. Trying to access this shared memory region as Normal Memory > >>>> leads to secure interrupt which causes an endless loop somewhere in > >>>> Trust Zone. > >>>> > >>>> The only reason it is working right now is because Qualcomm Hypervisor > >>>> maps the same region as Non-Cacheable memory in Stage 2 translation > >>>> tables. The issue manifests if we want to use another hypervisor (like > >>>> Xen or KVM), which does not know anything about those specific > >>>> mappings. This patch fixes the issue by mapping the shared memory as > >>>> Write-Through. This removes dependency on correct mappings in Stage 2 > >>>> tables. > >>>> > >>>> I tested this on SA8155P with Xen. > >>>> > >>>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@...m.com> > >>>> --- > >>> > >>> Interesting.. > >>> > >>> +Doug, Rob have you ever seen this on Chrome? (FYI, Volodymyr, chromebooks > >>> ship with no qcom hypervisor) > >> > >> Well, maybe I was wrong when called this thing "hypervisor". All I know > >> that it sits in hyp.mbn partition and all what it does is setup EL2 > >> before switching to EL1 and running UEFI. > >> > >> In my experiments I replaced contents of hyp.mbn with U-Boot, which gave > >> me access to EL2 and I was able to boot Xen and then Linux as Dom0. > > > > Yeah we're talking about the same thing. I was just curious whether > > the Chrome folks have heard of it, or whether they have any changes/ > > workarounds for it. > > Does Linux ever write to this region? Given that the Chromebooks don't > seem to have issues with this (we have a bunch of them in pmOS and I'd > be very very surprised if this was an issue there which nobody had tried > upstreaming before) I'd guess the significant difference here is between > booting Linux in EL2 (as Chromebooks do?) vs with Xen. > FWIW: This old patch series from Stephen Boyd is closely related: https://lore.kernel.org/linux-arm-msm/20190910160903.65694-1-swboyd@chromium.org/ > The main use case I have is to map the command-db memory region on > Qualcomm devices with a read-only mapping. It's already a const marked > pointer and the API returns const pointers as well, so this series > makes sure that even stray writes can't modify the memory. Stephen, what was the end result of that patch series? Mapping the cmd-db read-only sounds cleaner than trying to be lucky with the right set of cache flags. Thanks, Stephan
Powered by blists - more mailing lists