From patchwork Mon Aug 15 14:10:27 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb@kernel.org>
X-Patchwork-Id: 12943648
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id D1A46C00140
	for <linux-arm-kernel@archiver.kernel.org>;
 Mon, 15 Aug 2022 14:33:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=hUnu9tVHnL3nzmXiEB2iX1GesqqhsMtdCcSMIcLGqg8=; b=q7FAoXre6gVUZ3
	f0zZiiIgmbTiPEnm+nfzjqHlWtfEgZ6ywcUfBvtKf58m220tLe5HR2+hoTb0MixnysJPirl1ZDFJo
	nf9d//8kV8J82YFzvsWMlA0zivwAPtHc/c99ZAl1Cguiy0uA9LIOHDQrNDi48/Li31aVXeLDh1WAw
	GAbuy7B8/X2Q08cvQMKOb2x5991r1m8i0mJWcWGhxerCVjvdVO8egCXYtT8VVrpiWDYrE/fjfdjHf
	euj9aDM5WCGjSuUmUNyE+F+hVFHf4IVh7ALGcKi20G2yT80KaWsIA2XIM95IlPW5x0cKajaF5uk7e
	Ok83Vf6THxewrYAzt0pQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1oNb8T-0004FW-Al; Mon, 15 Aug 2022 14:32:09 +0000
Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1])
	by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
	id 1oNap2-00HLAo-Cf
	for linux-arm-kernel@lists.infradead.org; Mon, 15 Aug 2022 14:12:06 +0000
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 2722D60F7A;
	Mon, 15 Aug 2022 14:12:03 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59663C433C1;
	Mon, 15 Aug 2022 14:12:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1660572722;
	bh=XnBfITvDhHiX6fl8hs7D2+kD7Ri3dgQAeB1DQHOrIDQ=;
	h=From:To:Cc:Subject:Date:From;
	b=K6PO1LWI9daYagVu3Ez8N0gOgj/Eu3hWaZx7JOSOzv/nZaIeZnpm0EN9S//5iJghZ
	 g4IQjeSVj4dTwutmu0lyg61KJv71MmRNJguBO0gn1ecNUVPmyq0l8BLWRkzMUqVlAQ
	 8i3BPnO2Zl2SNSzro9ztdw0iy6OntUAJQIiJirWOOatlLsdgcioZHiWKAnCTtXsKY2
	 Z1vNqOBl7/7N9H7qpDLv+9BKQ55b4rMlFpnTRYxm2VZjzA1+coytVPpoJx402x5AkI
	 rcwCuksf5jrxgkMsEGoV67NFKEZ7Kn3fW+jpFgy6nhKjGK+1pKmcBF9pw9Ka9UrSQq
	 r1kq8M0J+81nQ==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org,
	linux@armlinux.org.uk
Cc: linus.walleij@linaro.org,
	thunder.leizhen@huawei.com,
	Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH] ARM: mm: shrink permanent FDT mapping to avoid mismatched
 attributes
Date: Mon, 15 Aug 2022 16:10:27 +0200
Message-Id: <20220815141027.780659-1-ardb@kernel.org>
X-Mailer: git-send-email 2.35.1
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=4849; i=ardb@kernel.org;
 h=from:subject; bh=XnBfITvDhHiX6fl8hs7D2+kD7Ri3dgQAeB1DQHOrIDQ=;
 b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBi+lPR6Nc/NbmxXQT5UVS3tmuX7hb3QbjVKQfGIJSB
 YrnqBUSJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYvpT0QAKCRDDTyI5ktmPJBGSC/
 4r8iZBwL+2mlL/jrDRnAy/PtvTbfORzLpL5KIXU+TGpodOxSGYB5uh9kdYNQgTR4UphRPt8AzEUMxi
 17eGPpTFeTv3lreMDwEpDkCxjBRCZSTjoZV8zEjOYX0R5gnfZi79LryjZr86d5ChZgL7pwi3/xOOmW
 iuPRDZN4ImN+/tXmXr+NkU7YYYFzo5D/LfaqdaxougoS1+PZOLhN1tTTj3iJ0pPRNhgvKWF1knv60X
 nlxo0xErD8naTbHsIYJpwBN3jcN3r17KeAB6E4JN5hNr09Pq68T8vyCTdbT60eZgOa2au9ho6J8eVO
 8VWoX+hiXTgoPeZOgX4DNfE1S7TPgFCKvQ5p8Yns0h3rMS25woA5K6L6Oj86ubWGO8jnBzTP3gZpIG
 BRJk5Bf4WpeFeX9vro6byr4AR91ZfrNpR50VS2cNleB4RiQBXd437YTvWplFty774lQ4+A+MDAidkN
 CSoEYOoXJMlWnrKzkpAEHIZ3ec8vBrJ2dOL4GwBjVYBA8=
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220815_071205_066908_E360666B 
X-CRM114-Status: GOOD (  22.54  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Zhen Lei writes in commit 598f0a99fa8a ("ARM: 9210/1: Mark the FDT_FIXED
sections as shareable"):

  Commit 7a1be318f579 ("ARM: 9012/1: move device tree mapping out of
  linear region") uses FDT_FIXED_BASE to map the whole FDT_FIXED_SIZE
  memory area which contains fdt. But it only reserves the exact physical
  memory that fdt occupied. Unfortunately, this mapping is non-shareable.
  An illegal or speculative read access can bring the RAM content from
  non-fdt zone into cache, PIPT makes it to be hit by subsequently read
  access through shareable mapping (such as linear mapping), and the
  cache consistency between cores is lost due to non-shareable property.

  |<---------FDT_FIXED_SIZE------>|
  |                               |
   -------------------------------
  | <non-fdt> | <fdt> | <non-fdt> |
   -------------------------------

  1. CoreA read <non-fdt> through MT_ROM mapping, the old data is loaded
     into the cache.
  2. CoreB write <non-fdt> to update data through linear mapping. CoreA
     received the notification to invalid the corresponding cachelines,
     but the property non-shareable makes it to be ignored.
  3. CoreA read <non-fdt> through linear mapping, cache hit, the old data
     is read.

However, the resulting fix is incomplete, as mismatched shareability
attributes are not the only potential problem vector here: the non-fdt
regions might also be covered by a no-map memory reservation, or be
mapped with non-cacheable attributes for, e.g., firmware calls or
non-coherent DMA. This means, in order to eliminate any potential
mismatched attribute mappings, we must reduce the size of the FDT
mapping to match its memblock reservation, and eliminate the non-fdt
regions altogether.

The permanent FDT region will no longer cover the ATAGS when booting a
non-DT system, but this mapping was never used or exposed after boot
anyway. (The ATAGS are copied into a separate buffer by the early ATAGS
processing code)

Fixes: 7a1be318f579 ("ARM: 9012/1: move device tree mapping out of linear region")
Reported-by: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm/include/asm/memory.h |  1 -
 arch/arm/kernel/setup.c       |  9 ++++++---
 arch/arm/mm/mmu.c             | 13 ++++++++-----
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/arch/arm/include/asm/memory.h b/arch/arm/include/asm/memory.h
index a55a9038abc8..aeb83eb5d251 100644
--- a/arch/arm/include/asm/memory.h
+++ b/arch/arm/include/asm/memory.h
@@ -79,7 +79,6 @@
 #define XIP_VIRT_ADDR(physaddr)  (MODULES_VADDR + ((physaddr) & 0x000fffff))
 
 #define FDT_FIXED_BASE		UL(0xff800000)
-#define FDT_FIXED_SIZE		(2 * SECTION_SIZE)
 #define FDT_VIRT_BASE(physbase)	((void *)(FDT_FIXED_BASE | (physbase) % SECTION_SIZE))
 
 #if !defined(CONFIG_SMP) && !defined(CONFIG_ARM_LPAE)
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
index 1e8a50a97edf..fe07086f7e56 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -1092,6 +1092,8 @@ static struct notifier_block arm_restart_nb = {
 	.priority = 128,
 };
 
+unsigned int __initdata dtsize;
+
 void __init setup_arch(char **cmdline_p)
 {
 	const struct machine_desc *mdesc = NULL;
@@ -1103,9 +1105,10 @@ void __init setup_arch(char **cmdline_p)
 	setup_processor();
 	if (atags_vaddr) {
 		mdesc = setup_machine_fdt(atags_vaddr);
-		if (mdesc)
-			memblock_reserve(__atags_pointer,
-					 fdt_totalsize(atags_vaddr));
+		if (mdesc) {
+			dtsize = fdt_totalsize(atags_vaddr);
+			memblock_reserve(__atags_pointer, dtsize);
+		}
 	}
 	if (!mdesc)
 		mdesc = setup_machine_tags(atags_vaddr, __machine_arch_type);
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
index a49f0b9c0f75..ffe87df966ab 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -39,7 +39,7 @@
 #include "mm.h"
 #include "tcm.h"
 
-extern unsigned long __atags_pointer;
+extern void *initial_boot_params;
 
 /*
  * empty_zero_page is a special page that is used for
@@ -1388,11 +1388,14 @@ static void __init devicemaps_init(const struct machine_desc *mdesc)
 	for (addr = VMALLOC_START; addr < (FIXADDR_TOP & PMD_MASK); addr += PMD_SIZE)
 		pmd_clear(pmd_off_k(addr));
 
-	if (__atags_pointer) {
+	if (IS_ENABLED(CONFIG_OF_FLATTREE) && initial_boot_params) {
 		/* create a read-only mapping of the device tree */
-		map.pfn = __phys_to_pfn(__atags_pointer & SECTION_MASK);
-		map.virtual = FDT_FIXED_BASE;
-		map.length = FDT_FIXED_SIZE;
+		extern unsigned long __atags_pointer;
+		extern unsigned int dtsize;
+
+		map.pfn = __phys_to_pfn(__atags_pointer);
+		map.virtual = (unsigned long)initial_boot_params;
+		map.length = dtsize;
 		map.type = MT_MEMORY_RO;
 		create_mapping(&map);
 	}