[PATCH 3/4] Revert "ARM: mmu: use client domain permissions to support ARMv7 eXecute Never"

Peter Rosin peda at axentia.se
Mon Sep 20 03:22:14 PDT 2021

On 2021-09-20 11:14, Ahmad Fatoum wrote:
> Hi Peter,
> On 19.09.21 09:50, Peter Rosin wrote:
>> On 2021-09-19 09:06, Rouven Czerwinski wrote:
>>> Hi Peter,
>>> while this may break for your board, it fundamentally introduces the
>>> possibility to speculate out of the RAM area on speculation happy
>> I'm aware of that. For me, speculation is not an issue since *any*
>> rogue code running on the embedded device in question is a major fail.
> We have seen Cortex-A7 CPUs speculatively executing I/O memory. That's
> why we mar everything eXecute-Never except for known memory banks and
> expect board code to mark any further regions that are safe to execute
> manually. 
>> Also, from the cover letter:
>> "I'm going to follow up with patches. I very much realize that
>> these patches are most likely not acceptable as-is, but I do
>> include them since they are probably the best description of
>> where the problems are."
>>> processors. Are you calling into SAMA5D3 ROM code somewhere? If so an
>> *I* am not calling anything. Maybe the board code for sama5d3xek is,
>> but I have no idea as it's not "my" code. How can I figure out if it
>> does?
> If you don't revert this patch. Do you get any output at all?
> If not, enable DEBUG_LL and see how far you get before hanging.

No output regardless, if the patch is not reverted (patches 1, 2 and 4
still applied). I only get the following from ROM code and bootstrap:


AT91Bootstrap 3.10.4 (2021-09-16 21:12:56)

NAND: ONFI flash detected
NAND: Manufacturer ID: 0x2c Chip ID: 0xac
NAND: Page Bytes: 2048, Spare Bytes: 64
NAND: ECC Correctability Bits: 4, ECC Sector Bytes: 512
NAND: Disable On-Die ECC
NAND: Initialize PMECC params, cap: 4, sector: 512
NAND: Image: Copy 0xa0000 bytes from 0x40000 to 0x26f00000
NAND: Done to load image

If I also include patch 3 I get this:

initcall-> 0x26f025f8
initcall-> 0x26f07024
initcall-> 0x26f0d108
initcall-> 0x26f0e218
initcall-> 0x26f1fd5c
initcall-> 0x26f39b74
initcall-> 0x26f4090c
initcall-> 0x26f427d0
initcall-> 0x26f239b4
initcall-> 0x26f239a4
initcall-> 0x26f01494
initcall-> 0x26f1f8ec
initcall-> 0x26f1f9f0
initcall-> 0x26f34c08
initcall-> 0x26f3961c
initcall-> 0x26f41204
AT91: Detected soc type: sama5d3
AT91: Detected soc subtype: sama5d31
    probe-> at91sam9x5-gpio0
    probe-> at91sam9x5-gpio1
    probe-> at91sam9x5-gpio2
    probe-> at91sam9x5-gpio3
    probe-> at91sam9x5-gpio4
    probe-> at91-pit
initcall-> 0x26f0fc40
initcall-> 0x26f40878
    probe-> atmel_usart0
Switch to console [cs0]

barebox 2021.08.0 #1 Mon Sep 20 12:10:05 CEST 2021

Board: Atmel sama5d3x-ek
initcall-> 0x26f025f8
etc etc

So, debugging is working (I added DEBUG_INITCALLS and DEBUG_PROBES
in case that would cause earlier output).


More information about the barebox mailing list