lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240718-cmd_db_uncached-v2-1-f6cf53164c90@quicinc.com>
Date: Thu, 18 Jul 2024 11:33:23 +0530
From: Maulik Shah <quic_mkshah@...cinc.com>
To: Bjorn Andersson <andersson@...nel.org>,
        Konrad Dybcio
	<konrad.dybcio@...aro.org>
CC: <caleb.connolly@...aro.org>, <stephan@...hold.net>, <swboyd@...omium.org>,
        <dianders@...omium.org>, <robdclark@...il.com>, <nikita@...n.ru>,
        <quic_eberman@...cinc.com>, <quic_pkondeti@...cinc.com>,
        <quic_lsrao@...cinc.com>, <linux-arm-msm@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>,
        Volodymyr Babchuk
	<Volodymyr_Babchuk@...m.com>,
        <stable@...r.kernel.org>,
        Volodymyr Babchuk
	<volodymyr_babchuk@...m.com>,
        Maulik Shah <quic_mkshah@...cinc.com>
Subject: [PATCH v2] soc: qcom: cmd-db: Map shared memory as WC, not WB

From: Volodymyr Babchuk <Volodymyr_Babchuk@...m.com>

Linux does not write into cmd-db region. This region of memory is write
protected by XPU. XPU may sometime falsely detect clean cache eviction
as "write" into the write protected region leading to secure interrupt
which causes an endless loop somewhere in Trust Zone.

The only reason it is working right now is because Qualcomm Hypervisor
maps the same region as Non-Cacheable memory in Stage 2 translation
tables. The issue manifests if we want to use another hypervisor (like
Xen or KVM), which does not know anything about those specific mappings.

Changing the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC
removes dependency on correct mappings in Stage 2 tables. This patch
fixes the issue by updating the mapping to MEMREMAP_WC.

I tested this on SA8155P with Xen.

Fixes: 312416d9171a ("drivers: qcom: add command DB driver")
Cc: stable@...r.kernel.org # 5.4+
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@...m.com>
Tested-by: Nikita Travkin <nikita@...n.ru> # sc7180 WoA in EL2
Signed-off-by: Maulik Shah <quic_mkshah@...cinc.com>
---
Changes in v2:
 - Use MEMREMAP_WC instead of MEMREMAP_WT
 - Update commit message from comments in v1
 - Add Fixes tag and Cc to stable
 - Link to v1: https://lore.kernel.org/lkml/20240327200917.2576034-1-volodymyr_babchuk@epam.com
---
 drivers/soc/qcom/cmd-db.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c
index d84572662017..ae66c2623d25 100644
--- a/drivers/soc/qcom/cmd-db.c
+++ b/drivers/soc/qcom/cmd-db.c
@@ -349,7 +349,7 @@ static int cmd_db_dev_probe(struct platform_device *pdev)
 		return -EINVAL;
 	}
 
-	cmd_db_header = memremap(rmem->base, rmem->size, MEMREMAP_WB);
+	cmd_db_header = memremap(rmem->base, rmem->size, MEMREMAP_WC);
 	if (!cmd_db_header) {
 		ret = -ENOMEM;
 		cmd_db_header = NULL;

---
base-commit: 797012914d2d031430268fe512af0ccd7d8e46ef
change-id: 20240718-cmd_db_uncached-e896da5c5296

Best regards,
-- 
Maulik Shah <quic_mkshah@...cinc.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ