diff mbox series

[1/2] arm64: dts: meson: fix reserve memory regions

Message ID 20181015162833.7544-2-jbrunet@baylibre.com (mailing list archive)
State New, archived
Headers show
Series arm64: dts: meson: reserved memory updates | expand

Commit Message

Jerome Brunet Oct. 15, 2018, 4:28 p.m. UTC
Since commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem")
was merged Amlogic's boards using mainline u-boot started showing the
following warning:

WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions+0xd8/0x144
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7-00263-g385684b3eb27-dirty #254
pstate: 40000005 (nZcv daif -PAN -UAO)
pc : reserve_memblock_reserved_regions+0xd8/0x144
lr : reserve_memblock_reserved_regions+0xd0/0x144
[...]

This is due to u-boot setting some /reservedmem/ region while our
dts declares reserved memory on the same region with no-map.

The conflict produce the warning. This is fixed by using /reservedmem/
in our dts as well, which is probably something we should have done from
the beginning.

Cc: stable@vger.kernel.org
Cc: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
---

Hi Kevin,

I would have liked to put a Fixes tag above but I could not figure out
which commit to pick, considering how much we changed those regions in
the past. If you have suggestion, I'll be happy to repost this patch.
If you prefer, feel free to amend this patch directly.

Cheers
Jerome

 arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 24 +++++--------------
 arch/arm64/boot/dts/amlogic/meson-gx.dtsi  | 27 ++++++++--------------
 2 files changed, 15 insertions(+), 36 deletions(-)

Comments

Mark Rutland Oct. 15, 2018, 4:42 p.m. UTC | #1
On Mon, Oct 15, 2018 at 06:28:32PM +0200, Jerome Brunet wrote:
> Since commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem")
> was merged Amlogic's boards using mainline u-boot started showing the
> following warning:
>
> WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions+0xd8/0x144
> Modules linked in:
> CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7-00263-g385684b3eb27-dirty #254
> pstate: 40000005 (nZcv daif -PAN -UAO)
> pc : reserve_memblock_reserved_regions+0xd8/0x144
> lr : reserve_memblock_reserved_regions+0xd0/0x144
> [...]
>
> This is due to u-boot setting some /reservedmem/ region while our
> dts declares reserved memory on the same region with no-map.
>
> The conflict produce the warning. This is fixed by using /reservedmem/
> in our dts as well, which is probably something we should have done from
> the beginning.

A /memreserve/ does not ensure no-map, and the kernel will map regions
which are described in a memory node and only protected with a
/memreserve/ entry.

Is it safe for the kernel to map these? e.g. speculative fetches won't
trigger a TrustZone controller to reboot the system?

... or are they not in memory nodes to begin with?

Thanks,
Mark.

>
> Cc: stable@vger.kernel.org
> Cc: Neil Armstrong <narmstrong@baylibre.com>
> Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
> ---
>
> Hi Kevin,
>
> I would have liked to put a Fixes tag above but I could not figure out
> which commit to pick, considering how much we changed those regions in
> the past. If you have suggestion, I'll be happy to repost this patch.
> If you prefer, feel free to amend this patch directly.
>
> Cheers
> Jerome
>
>  arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 24 +++++--------------
>  arch/arm64/boot/dts/amlogic/meson-gx.dtsi  | 27 ++++++++--------------
>  2 files changed, 15 insertions(+), 36 deletions(-)
>
> diff --git a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi
> index 178d8e8c56b8..06a06f11f114 100644
> --- a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi
> +++ b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi
> @@ -13,6 +13,12 @@
>  #include <dt-bindings/reset/amlogic,meson-axg-audio-arb.h>
>  #include <dt-bindings/reset/amlogic,meson-axg-reset.h>
>
> +/* 16 MiB reserved for Hardware ROM Firmware */
> +/memreserve/ 0x0 0x1000000;
> +
> +/* 3 MiB reserved for ARM Trusted Firmware (BL31) */
> +/memreserve/ 0x05000000 0x300000;
> +
>  / {
>       compatible = "amlogic,meson-axg";
>
> @@ -115,24 +121,6 @@
>               method = "smc";
>       };
>
> -     reserved-memory {
> -             #address-cells = <2>;
> -             #size-cells = <2>;
> -             ranges;
> -
> -             /* 16 MiB reserved for Hardware ROM Firmware */
> -             hwrom_reserved: hwrom@0 {
> -                     reg = <0x0 0x0 0x0 0x1000000>;
> -                     no-map;
> -             };
> -
> -             /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */
> -             secmon_reserved: secmon@5000000 {
> -                     reg = <0x0 0x05000000 0x0 0x300000>;
> -                     no-map;
> -             };
> -     };
> -
>       soc {
>               compatible = "simple-bus";
>               #address-cells = <2>;
> diff --git a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi
> index 676a995fb912..23e879b29b1e 100644
> --- a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi
> +++ b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi
> @@ -13,6 +13,15 @@
>  #include <dt-bindings/interrupt-controller/irq.h>
>  #include <dt-bindings/interrupt-controller/arm-gic.h>
>
> +/* 16 MiB reserved for Hardware ROM Firmware */
> +/memreserve/ 0x0 0x1000000;
> +
> +/* 2 MiB reserved for ARM Trusted Firmware (BL31) */
> +/memreserve/ 0x10000000 0x200000;
> +
> +/* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */
> +/memreserve/ 0x05000000 0x300000;
> +
>  / {
>       interrupt-parent = <&gic>;
>       #address-cells = <2>;
> @@ -23,24 +32,6 @@
>               #size-cells = <2>;
>               ranges;
>
> -             /* 16 MiB reserved for Hardware ROM Firmware */
> -             hwrom_reserved: hwrom@0 {
> -                     reg = <0x0 0x0 0x0 0x1000000>;
> -                     no-map;
> -             };
> -
> -             /* 2 MiB reserved for ARM Trusted Firmware (BL31) */
> -             secmon_reserved: secmon@10000000 {
> -                     reg = <0x0 0x10000000 0x0 0x200000>;
> -                     no-map;
> -             };
> -
> -             /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */
> -             secmon_reserved_alt: secmon@5000000 {
> -                     reg = <0x0 0x05000000 0x0 0x300000>;
> -                     no-map;
> -             };
> -
>               linux,cma {
>                       compatible = "shared-dma-pool";
>                       reusable;
> --
> 2.17.2
>
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Neil Armstrong Oct. 16, 2018, 8:23 a.m. UTC | #2
Hi Mark,

On 15/10/2018 18:42, Mark Rutland wrote:
> On Mon, Oct 15, 2018 at 06:28:32PM +0200, Jerome Brunet wrote:
>> Since commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem")
>> was merged Amlogic's boards using mainline u-boot started showing the
>> following warning:
>>
>> WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions+0xd8/0x144
>> Modules linked in:
>> CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7-00263-g385684b3eb27-dirty #254
>> pstate: 40000005 (nZcv daif -PAN -UAO)
>> pc : reserve_memblock_reserved_regions+0xd8/0x144
>> lr : reserve_memblock_reserved_regions+0xd0/0x144
>> [...]
>>
>> This is due to u-boot setting some /reservedmem/ region while our
>> dts declares reserved memory on the same region with no-map.
>>
>> The conflict produce the warning. This is fixed by using /reservedmem/
>> in our dts as well, which is probably something we should have done from
>> the beginning.
> 
> A /memreserve/ does not ensure no-map, and the kernel will map regions
> which are described in a memory node and only protected with a
> /memreserve/ entry.
> 
> Is it safe for the kernel to map these? e.g. speculative fetches won't
> trigger a TrustZone controller to reboot the system?
> 
> ... or are they not in memory nodes to begin with?

Do you ask if these memory zones are protected by an Hardware Protection on the AXI bus
instead of simply protected by the ARM TZ MMU entries ?

In the later case, a speculative fetch won't fail, is that right ?
These zones are mapped on the DDR, and seems to be simply protected by the MMU
from the ATF code, there are other HW protected RAM zones we haven't modeled.

BTW Can the Cortex-A53 do speculative fetches ? I thought no.

Neil

> 
> Thanks,
> Mark.
> 
>>
>> Cc: stable@vger.kernel.org
>> Cc: Neil Armstrong <narmstrong@baylibre.com>
>> Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
>> ---
>>
>> Hi Kevin,
>>
>> I would have liked to put a Fixes tag above but I could not figure out
>> which commit to pick, considering how much we changed those regions in
>> the past. If you have suggestion, I'll be happy to repost this patch.
>> If you prefer, feel free to amend this patch directly.
>>
>> Cheers
>> Jerome
>>
>>  arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 24 +++++--------------
>>  arch/arm64/boot/dts/amlogic/meson-gx.dtsi  | 27 ++++++++--------------
>>  2 files changed, 15 insertions(+), 36 deletions(-)
>>
[...]
Mark Rutland Oct. 16, 2018, 10:15 a.m. UTC | #3
On Tue, Oct 16, 2018 at 10:23:50AM +0200, Neil Armstrong wrote:
> Hi Mark,
> 
> On 15/10/2018 18:42, Mark Rutland wrote:
> > On Mon, Oct 15, 2018 at 06:28:32PM +0200, Jerome Brunet wrote:
> >> Since commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem")
> >> was merged Amlogic's boards using mainline u-boot started showing the
> >> following warning:
> >>
> >> WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions+0xd8/0x144
> >> Modules linked in:
> >> CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7-00263-g385684b3eb27-dirty #254
> >> pstate: 40000005 (nZcv daif -PAN -UAO)
> >> pc : reserve_memblock_reserved_regions+0xd8/0x144
> >> lr : reserve_memblock_reserved_regions+0xd0/0x144
> >> [...]
> >>
> >> This is due to u-boot setting some /reservedmem/ region while our
> >> dts declares reserved memory on the same region with no-map.
> >>
> >> The conflict produce the warning. This is fixed by using /reservedmem/
> >> in our dts as well, which is probably something we should have done from
> >> the beginning.
> > 
> > A /memreserve/ does not ensure no-map, and the kernel will map regions
> > which are described in a memory node and only protected with a
> > /memreserve/ entry.
> > 
> > Is it safe for the kernel to map these? e.g. speculative fetches won't
> > trigger a TrustZone controller to reboot the system?
> > 
> > ... or are they not in memory nodes to begin with?
> 
> Do you ask if these memory zones are protected by an Hardware
> Protection on the AXI bus

Yes.

> instead of simply protected by the ARM TZ MMU entries ?

The secure world MMU has no impact whatsoever on SW running in the
normal world.

Only the HW (like a TZC on the bus) can enforce restrictions.

> In the later case, a speculative fetch won't fail, is that right ?
> These zones are mapped on the DDR, and seems to be simply protected by the MMU
> from the ATF code, there are other HW protected RAM zones we haven't modeled.

If the bus does not protect these ranges, a speculative fetch from the
normal world will not fail.

However, this means that the normal world can trivially escalate
privilege to the secure world, and any bug in normal world software
could corrupt secure world SW. So I *hope* there is some protection in
place.

> BTW Can the Cortex-A53 do speculative fetches ? I thought no.

I believe COrtex-A53 can prefetch, so yes.

Thanks,
Mark.
diff mbox series

Patch

diff --git a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi
index 178d8e8c56b8..06a06f11f114 100644
--- a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi
@@ -13,6 +13,12 @@ 
 #include <dt-bindings/reset/amlogic,meson-axg-audio-arb.h>
 #include <dt-bindings/reset/amlogic,meson-axg-reset.h>
 
+/* 16 MiB reserved for Hardware ROM Firmware */
+/memreserve/ 0x0 0x1000000;
+
+/* 3 MiB reserved for ARM Trusted Firmware (BL31) */
+/memreserve/ 0x05000000 0x300000;
+
 / {
 	compatible = "amlogic,meson-axg";
 
@@ -115,24 +121,6 @@ 
 		method = "smc";
 	};
 
-	reserved-memory {
-		#address-cells = <2>;
-		#size-cells = <2>;
-		ranges;
-
-		/* 16 MiB reserved for Hardware ROM Firmware */
-		hwrom_reserved: hwrom@0 {
-			reg = <0x0 0x0 0x0 0x1000000>;
-			no-map;
-		};
-
-		/* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */
-		secmon_reserved: secmon@5000000 {
-			reg = <0x0 0x05000000 0x0 0x300000>;
-			no-map;
-		};
-	};
-
 	soc {
 		compatible = "simple-bus";
 		#address-cells = <2>;
diff --git a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi
index 676a995fb912..23e879b29b1e 100644
--- a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi
@@ -13,6 +13,15 @@ 
 #include <dt-bindings/interrupt-controller/irq.h>
 #include <dt-bindings/interrupt-controller/arm-gic.h>
 
+/* 16 MiB reserved for Hardware ROM Firmware */
+/memreserve/ 0x0 0x1000000;
+
+/* 2 MiB reserved for ARM Trusted Firmware (BL31) */
+/memreserve/ 0x10000000 0x200000;
+
+/* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */
+/memreserve/ 0x05000000 0x300000;
+
 / {
 	interrupt-parent = <&gic>;
 	#address-cells = <2>;
@@ -23,24 +32,6 @@ 
 		#size-cells = <2>;
 		ranges;
 
-		/* 16 MiB reserved for Hardware ROM Firmware */
-		hwrom_reserved: hwrom@0 {
-			reg = <0x0 0x0 0x0 0x1000000>;
-			no-map;
-		};
-
-		/* 2 MiB reserved for ARM Trusted Firmware (BL31) */
-		secmon_reserved: secmon@10000000 {
-			reg = <0x0 0x10000000 0x0 0x200000>;
-			no-map;
-		};
-
-		/* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */
-		secmon_reserved_alt: secmon@5000000 {
-			reg = <0x0 0x05000000 0x0 0x300000>;
-			no-map;
-		};
-
 		linux,cma {
 			compatible = "shared-dma-pool";
 			reusable;