ARM: mmu: use client domain permissions to support ARMv7 eXecute Never

Fork: 0

LuminaSensum / barebox

Browse code ARM: mmu: use client domain permissions to support ARMv7 eXecute Never The ARM Architecture Reference Manual notes[1]: > When using the Short-descriptor translation table format, the XN > attribute is not checked for domains marked as Manager. > Therefore, the system must not include read-sensitive memory in > domains marked as Manager, because the XN bit does not prevent > speculative fetches from a Manager domain. To avoid speculative access to read-sensitive memory-mapped peripherals on ARMv7, let's use client domain permissions for all memory, so the XN bit (and also R/W bits) can function. This aligns us with what Linux is doing on ARMv7. This fixes cache corruption instances that had been observed on the i.MX6UL(L) when the instruction prefetcher speculates into memory following the end of a 512M SDRAM[2]. While this is not necessary to avoid speculative accesses on < ARMv7, we could probably have everything there in client domain as well, but due to lack of test coverage, we'll restrict the change to ARMv7. [1]: B3.7.2 - Execute-never restrictions on instruction fetching [2]: "Cache Corruption on MX6UL(L)": https://community.nxp.com/thread/511925 Fixes: 0198567c4 ("ARM: mmu: mark uncached regions as eXecute never on v7") Signed-off-by: Ahmad Fatoum <ahmad@a3f.at> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> WIP_next-LS master next v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0
1 parent 2183ca1 commit 3e4a0405455f66fbae0a98dc1faee5c7c39f17a2 Ahmad Fatoum authored on 9 Oct 2019 Sascha Hauer committed on 14 Oct 2019

Browse code

The ARM Architecture Reference Manual notes[1]:
> When using the Short-descriptor translation table format, the XN
> attribute is not checked for domains marked as Manager.
> Therefore, the system must not include read-sensitive memory in
> domains marked as Manager, because the XN bit does not prevent
> speculative fetches from a Manager domain.

To avoid speculative access to read-sensitive memory-mapped peripherals
on ARMv7, let's use client domain permissions for all memory, so the XN
bit (and also R/W bits) can function.
This aligns us with what Linux is doing on ARMv7.

This fixes cache corruption instances that had been observed on the
i.MX6UL(L) when the instruction prefetcher speculates into memory following
the end of a 512M SDRAM[2].

While this is not necessary to avoid speculative accesses on < ARMv7,
we could probably have everything there in client domain as well, but
due to lack of test coverage, we'll restrict the change to ARMv7.

[1]: B3.7.2 - Execute-never restrictions on instruction fetching
[2]: "Cache Corruption on MX6UL(L)": https://community.nxp.com/thread/511925

Fixes: 0198567c4 ("ARM: mmu: mark uncached regions as eXecute never on v7")
Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

WIP_next-LS master next v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0

1 parent 2183ca1 commit 3e4a0405455f66fbae0a98dc1faee5c7c39f17a2

Ahmad Fatoum authored on 9 Oct 2019

Sascha Hauer committed on 14 Oct 2019

Patch

Unified Split

Showing 3 changed files

Ignore Space Show notes View arch/arm/cpu/mmu-early.c

Ignore Space Show notes View arch/arm/cpu/mmu.c

Ignore Space Show notes View arch/arm/cpu/mmu.h

Show line notes below