From patchwork Tue Dec 6 10:34:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 13065644 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1173BC352A1 for ; Tue, 6 Dec 2022 10:35:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=fOT2xPdIuiM6KwlF1+mvCY8i6cfPFX6vso75KlFoMN8=; b=sLJdhtG/aQAua4 nQ577kcio7D9JRFGQ6TLKFV77ZG9ocqCMX22Zsp1bNIY0c2TB04RFdWdsScaz6ko1zT0eBGcFKgT2 mVlIbruD71xHP6xZIoJ9CEj8WA4VbgdZDxNN/lg8T6gZ/kIunOLrnorDV5RqXNstIqudIHU+07/fS D8TbR5JbItqpuYUfnquavHU/AnfBX3frykcxL1q9lDvonSY/vUxPEIsAY7Y02FEuHV6/Zz59xNqLE YggOTkGx/ly5MODYXTTQgCg0oDJQ1Sp/Jzhx7OVfmUcS7maIJGhVmAe+eGT/f/M4g75q+nQmufMls 9LLcqfGkj5H07FUUikUA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1p2VHA-0070HA-KM; Tue, 06 Dec 2022 10:34:12 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1p2VH8-00709v-2w for linux-arm-kernel@lists.infradead.org; Tue, 06 Dec 2022 10:34:11 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5576F615A3; Tue, 6 Dec 2022 10:34:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4394EC433C1; Tue, 6 Dec 2022 10:34:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670322848; bh=hihcDRYm6VWruSnAQTksd2lhZM8JEHc+3yJb0c4YDzg=; h=From:To:Cc:Subject:Date:From; b=tPGLWqYQ1h67lDJUtVWk/4d1eOZGlijKDWWT+fN4mBpPpCe2F1Dt2/R8tkwY+/mfN XSak9tu+Wr4qFKOyRl3uB32asZvxrMVOtilsMEvu6wshSxqPtdJ+Ye0Klhe9xkQqlW yuCbiG7+0Cl8I4phqQOLukbowZiWAHfCIMlfPvOcFJEkdda2MDY5yPkSwe1RtuDnHw xopSLNH3qAkWFKSVLUdXZUnmlMDOdGKcxC+ASrNP7ZB3kv21sWy4JIdvMI6x6T0UyK r0+KqYl0NlUSEHrgVFnjY6oygRlnaueeQM84cDwyhSnNn/eGqSOJVYLE3s5HTNiz5Z pKMyc6wLut7dQ== From: Will Deacon To: linux-arm-kernel@lists.infradead.org Cc: Will Deacon , Amit Pundir , Manivannan Sadhasivam , Catalin Marinas , Thorsten Leemhuis , Sibi Sankar Subject: [PATCH] Revert "arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()" Date: Tue, 6 Dec 2022 10:34:03 +0000 Message-Id: <20221206103403.646-1-will@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221206_023410_236570_507E97B6 X-CRM114-Status: GOOD ( 17.33 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This reverts commit c44094eee32f32f175aadc0efcac449d99b1bbf7. Although the semantics of the DMA API require only a clean operation here, it turns out that the Qualcomm 'qcom_q6v5_mss' remoteproc driver (ab)uses the DMA API for transferring the modem firmware to the secure world via calls to Trustzone [1]. Once the firmware buffer has changed hands, _any_ access from the non-secure side (i.e. Linux) will be detected on the bus and result in a full system reset [2]. Although this is possible even with this revert in place (due to speculative reads via the cacheable linear alias of memory), anecdotally the problem occurs considerably more frequently when the lines have not been invalidated, assumedly due to some micro-architectural interactions with the cache hierarchy. Revert the offending change for now, along with a comment, so that the Qualcomm developers have time to fix the driver [3] to use a firmware buffer which does not have a cacheable alias in the linear map. Link: https://lore.kernel.org/r/20221114110329.68413-1-manivannan.sadhasivam@linaro.org [1] Link: https://lore.kernel.org/r/CAMi1Hd3H2k1J8hJ6e-Miy5+nVDNzv6qQ3nN-9929B0GbHJkXEg@mail.gmail.com/ [2] Link: https://lore.kernel.org/r/20221206092152.GD15486@thinkpad [2] Reported-by: Amit Pundir Reported-by: Manivannan Sadhasivam Cc: Catalin Marinas Cc: Thorsten Leemhuis Cc: Sibi Sankar Signed-off-by: Will Deacon Acked-by: Manivannan Sadhasivam --- arch/arm64/mm/dma-mapping.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c index 3cb101e8cb29..5240f6acad64 100644 --- a/arch/arm64/mm/dma-mapping.c +++ b/arch/arm64/mm/dma-mapping.c @@ -36,7 +36,22 @@ void arch_dma_prep_coherent(struct page *page, size_t size) { unsigned long start = (unsigned long)page_address(page); - dcache_clean_poc(start, start + size); + /* + * The architecture only requires a clean to the PoC here in order to + * meet the requirements of the DMA API. However, some vendors (i.e. + * Qualcomm) abuse the DMA API for transferring buffers from the + * non-secure to the secure world, resetting the system if a non-secure + * access shows up after the buffer has been transferred: + * + * https://lore.kernel.org/r/20221114110329.68413-1-manivannan.sadhasivam@linaro.org + * + * Using clean+invalidate appears to make this issue less likely, but + * the drivers themselves still need fixing as the CPU could issue a + * speculative read from the buffer via the linear mapping irrespective + * of the cache maintenance we use. Once the drivers are fixed, we can + * relax this to a clean operation. + */ + dcache_clean_inval_poc(start, start + size); } #ifdef CONFIG_IOMMU_DMA