[U-Boot,v2,2/2] arm: Set TTB XN bit in case DCACHE_OFF for LPAE mode

While we setup the mmu initially we mark set_section_dcache with
DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
keeps all the regions execute okay and this leads to random speculative
fetches in random memory regions which was eventually caught by kernel
omap-l3-noc driver.

Fix this to mark the regions as XN by default.

Signed-off-by: Keerthy <j-keerthy@ti.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
---

Changes in v2:

  * Changed printing option value from decimal to hex.

 arch/arm/include/asm/system.h | 2 +-
 arch/arm/lib/cache-cp15.c     | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

On Sat, Oct 29, 2016 at 03:19:10PM +0530, Keerthy wrote:

> While we setup the mmu initially we mark set_section_dcache with
> DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
> is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
> 4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
> DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
> keeps all the regions execute okay and this leads to random speculative
> fetches in random memory regions which was eventually caught by kernel
> omap-l3-noc driver.
> 
> Fix this to mark the regions as XN by default.
> 
> Signed-off-by: Keerthy <j-keerthy@ti.com>
> Reviewed-by: Alexander Graf <agraf@suse.de>

Reviewed-by: Tom Rini <trini@konsulko.com>

On 10/29/2016 07:41 PM, Tom Rini wrote:
> On Sat, Oct 29, 2016 at 03:19:10PM +0530, Keerthy wrote:
> 
>> While we setup the mmu initially we mark set_section_dcache with
>> DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
>> is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
>> 4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
>> DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
>> keeps all the regions execute okay and this leads to random speculative
>> fetches in random memory regions which was eventually caught by kernel
>> omap-l3-noc driver.
>>
>> Fix this to mark the regions as XN by default.
>>
>> Signed-off-by: Keerthy <j-keerthy@ti.com>
>> Reviewed-by: Alexander Graf <agraf@suse.de>
> 
> Reviewed-by: Tom Rini <trini@konsulko.com>
> 
Isn't this patch exactly undoing the following one ?

commit 8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc
Author: Marek Vasut <>
Date:   Tue Dec 29 19:44:02 2015 +0100

    arm: Remove S bit from MMU section entry

    Restore the old behavior of the MMU section entries configuration,
    which is without the S-bit.

On Sat, Oct 29, 2016 at 07:44:34PM +0200, Marek Vasut wrote:
> On 10/29/2016 07:41 PM, Tom Rini wrote:
> > On Sat, Oct 29, 2016 at 03:19:10PM +0530, Keerthy wrote:
> > 
> >> While we setup the mmu initially we mark set_section_dcache with
> >> DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
> >> is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
> >> 4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
> >> DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
> >> keeps all the regions execute okay and this leads to random speculative
> >> fetches in random memory regions which was eventually caught by kernel
> >> omap-l3-noc driver.
> >>
> >> Fix this to mark the regions as XN by default.
> >>
> >> Signed-off-by: Keerthy <j-keerthy@ti.com>
> >> Reviewed-by: Alexander Graf <agraf@suse.de>
> > 
> > Reviewed-by: Tom Rini <trini@konsulko.com>
> > 
> Isn't this patch exactly undoing the following one ?
> 
> commit 8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc
> Author: Marek Vasut <>
> Date:   Tue Dec 29 19:44:02 2015 +0100
> 
>     arm: Remove S bit from MMU section entry
> 
>     Restore the old behavior of the MMU section entries configuration,
>     which is without the S-bit.

Is it?  I guess perhaps you and Keerthy need to chat then as there's
some other problem they're addressing.

On 10/29/2016 07:47 PM, Tom Rini wrote:
> On Sat, Oct 29, 2016 at 07:44:34PM +0200, Marek Vasut wrote:
>> On 10/29/2016 07:41 PM, Tom Rini wrote:
>>> On Sat, Oct 29, 2016 at 03:19:10PM +0530, Keerthy wrote:
>>>
>>>> While we setup the mmu initially we mark set_section_dcache with
>>>> DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
>>>> is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
>>>> 4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
>>>> DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
>>>> keeps all the regions execute okay and this leads to random speculative
>>>> fetches in random memory regions which was eventually caught by kernel
>>>> omap-l3-noc driver.
>>>>
>>>> Fix this to mark the regions as XN by default.
>>>>
>>>> Signed-off-by: Keerthy <j-keerthy@ti.com>
>>>> Reviewed-by: Alexander Graf <agraf@suse.de>
>>>
>>> Reviewed-by: Tom Rini <trini@konsulko.com>
>>>
>> Isn't this patch exactly undoing the following one ?
>>
>> commit 8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc
>> Author: Marek Vasut <>
>> Date:   Tue Dec 29 19:44:02 2015 +0100
>>
>>     arm: Remove S bit from MMU section entry
>>
>>     Restore the old behavior of the MMU section entries configuration,
>>     which is without the S-bit.
> 
> Is it?  I guess perhaps you and Keerthy need to chat then as there's
> some other problem they're addressing.

Ummmm, wait a second, I think this one adds XN bit and the previous one
removed S bit. I think I was wrong, but please double-check this. I
recall we had some odd cache issues on V7 back then.

On Saturday 29 October 2016 11:19 PM, Marek Vasut wrote:
> On 10/29/2016 07:47 PM, Tom Rini wrote:
>> On Sat, Oct 29, 2016 at 07:44:34PM +0200, Marek Vasut wrote:
>>> On 10/29/2016 07:41 PM, Tom Rini wrote:
>>>> On Sat, Oct 29, 2016 at 03:19:10PM +0530, Keerthy wrote:
>>>>
>>>>> While we setup the mmu initially we mark set_section_dcache with
>>>>> DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
>>>>> is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
>>>>> 4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
>>>>> DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
>>>>> keeps all the regions execute okay and this leads to random speculative
>>>>> fetches in random memory regions which was eventually caught by kernel
>>>>> omap-l3-noc driver.
>>>>>
>>>>> Fix this to mark the regions as XN by default.
>>>>>
>>>>> Signed-off-by: Keerthy <j-keerthy@ti.com>
>>>>> Reviewed-by: Alexander Graf <agraf@suse.de>
>>>>
>>>> Reviewed-by: Tom Rini <trini@konsulko.com>
>>>>
>>> Isn't this patch exactly undoing the following one ?
>>>
>>> commit 8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc
>>> Author: Marek Vasut <>
>>> Date:   Tue Dec 29 19:44:02 2015 +0100
>>>
>>>     arm: Remove S bit from MMU section entry
>>>
>>>     Restore the old behavior of the MMU section entries configuration,
>>>     which is without the S-bit.
>>
>> Is it?  I guess perhaps you and Keerthy need to chat then as there's
>> some other problem they're addressing.
>
> Ummmm, wait a second, I think this one adds XN bit and the previous one
> removed S bit. I think I was wrong, but please double-check this. I
> recall we had some odd cache issues on V7 back then.

Marek,

First and foremost if we git blame on the file: 
arch/arm/include/asm/system.h

your commit:
8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc

arm: Remove S bit from MMU section entry

It is removing S bit under
#elif defined(CONFIG_CPU_V7)

I am adding the missing XN bit under:
#ifdef CONFIG_ARMV7_LPAE

So we are dealing with different modes.

In a nutshell your patch removes S bit from MMU section entry for 
non-LPAE cases for ARMV7 and mine adds XN bit for LPAE cases.

Hope this clears out the confusion.

- Keerthy


>

On 10/30/2016 02:59 AM, Keerthy wrote:
> 
> 
> On Saturday 29 October 2016 11:19 PM, Marek Vasut wrote:
>> On 10/29/2016 07:47 PM, Tom Rini wrote:
>>> On Sat, Oct 29, 2016 at 07:44:34PM +0200, Marek Vasut wrote:
>>>> On 10/29/2016 07:41 PM, Tom Rini wrote:
>>>>> On Sat, Oct 29, 2016 at 03:19:10PM +0530, Keerthy wrote:
>>>>>
>>>>>> While we setup the mmu initially we mark set_section_dcache with
>>>>>> DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
>>>>>> is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
>>>>>> 4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
>>>>>> DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
>>>>>> keeps all the regions execute okay and this leads to random
>>>>>> speculative
>>>>>> fetches in random memory regions which was eventually caught by
>>>>>> kernel
>>>>>> omap-l3-noc driver.
>>>>>>
>>>>>> Fix this to mark the regions as XN by default.
>>>>>>
>>>>>> Signed-off-by: Keerthy <j-keerthy@ti.com>
>>>>>> Reviewed-by: Alexander Graf <agraf@suse.de>
>>>>>
>>>>> Reviewed-by: Tom Rini <trini@konsulko.com>
>>>>>
>>>> Isn't this patch exactly undoing the following one ?
>>>>
>>>> commit 8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc
>>>> Author: Marek Vasut <>
>>>> Date:   Tue Dec 29 19:44:02 2015 +0100
>>>>
>>>>     arm: Remove S bit from MMU section entry
>>>>
>>>>     Restore the old behavior of the MMU section entries configuration,
>>>>     which is without the S-bit.
>>>
>>> Is it?  I guess perhaps you and Keerthy need to chat then as there's
>>> some other problem they're addressing.
>>
>> Ummmm, wait a second, I think this one adds XN bit and the previous one
>> removed S bit. I think I was wrong, but please double-check this. I
>> recall we had some odd cache issues on V7 back then.
> 
> Marek,
> 
> First and foremost if we git blame on the file:
> arch/arm/include/asm/system.h
> 
> your commit:
> 8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc
> 
> arm: Remove S bit from MMU section entry
> 
> It is removing S bit under
> #elif defined(CONFIG_CPU_V7)
> 
> I am adding the missing XN bit under:
> #ifdef CONFIG_ARMV7_LPAE
> 
> So we are dealing with different modes.
> 
> In a nutshell your patch removes S bit from MMU section entry for
> non-LPAE cases for ARMV7 and mine adds XN bit for LPAE cases.
> 
> Hope this clears out the confusion.

Yeah, it does, thanks.

On Sunday 30 October 2016 05:30 PM, Marek Vasut wrote:
> On 10/30/2016 02:59 AM, Keerthy wrote:
>>
>>
>> On Saturday 29 October 2016 11:19 PM, Marek Vasut wrote:
>>> On 10/29/2016 07:47 PM, Tom Rini wrote:
>>>> On Sat, Oct 29, 2016 at 07:44:34PM +0200, Marek Vasut wrote:
>>>>> On 10/29/2016 07:41 PM, Tom Rini wrote:
>>>>>> On Sat, Oct 29, 2016 at 03:19:10PM +0530, Keerthy wrote:
>>>>>>
>>>>>>> While we setup the mmu initially we mark set_section_dcache with
>>>>>>> DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
>>>>>>> is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
>>>>>>> 4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
>>>>>>> DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
>>>>>>> keeps all the regions execute okay and this leads to random
>>>>>>> speculative
>>>>>>> fetches in random memory regions which was eventually caught by
>>>>>>> kernel
>>>>>>> omap-l3-noc driver.
>>>>>>>
>>>>>>> Fix this to mark the regions as XN by default.
>>>>>>>
>>>>>>> Signed-off-by: Keerthy <j-keerthy@ti.com>
>>>>>>> Reviewed-by: Alexander Graf <agraf@suse.de>
>>>>>>
>>>>>> Reviewed-by: Tom Rini <trini@konsulko.com>
>>>>>>
>>>>> Isn't this patch exactly undoing the following one ?
>>>>>
>>>>> commit 8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc
>>>>> Author: Marek Vasut <>
>>>>> Date:   Tue Dec 29 19:44:02 2015 +0100
>>>>>
>>>>>     arm: Remove S bit from MMU section entry
>>>>>
>>>>>     Restore the old behavior of the MMU section entries configuration,
>>>>>     which is without the S-bit.
>>>>
>>>> Is it?  I guess perhaps you and Keerthy need to chat then as there's
>>>> some other problem they're addressing.
>>>
>>> Ummmm, wait a second, I think this one adds XN bit and the previous one
>>> removed S bit. I think I was wrong, but please double-check this. I
>>> recall we had some odd cache issues on V7 back then.
>>
>> Marek,
>>
>> First and foremost if we git blame on the file:
>> arch/arm/include/asm/system.h
>>
>> your commit:
>> 8890c2fbe6ed4c5ca9a61f21e846a55f8f2c38fc
>>
>> arm: Remove S bit from MMU section entry
>>
>> It is removing S bit under
>> #elif defined(CONFIG_CPU_V7)
>>
>> I am adding the missing XN bit under:
>> #ifdef CONFIG_ARMV7_LPAE
>>
>> So we are dealing with different modes.
>>
>> In a nutshell your patch removes S bit from MMU section entry for
>> non-LPAE cases for ARMV7 and mine adds XN bit for LPAE cases.
>>
>> Hope this clears out the confusion.
>
> Yeah, it does, thanks.
>

I hope this patch can be pulled if there are no further concerns.

Thanks,
Keerthy

On Sat, Oct 29, 2016 at 03:19:10PM +0530, Keerthy wrote:

> While we setup the mmu initially we mark set_section_dcache with
> DCACHE_OFF flag. In case of non-LPAE mode the DCACHE_OFF macro
> is rightly defined with TTB_SECT_XN_MASK set so as to mark all the
> 4GB XN. In case of LPAE mode  XN(Execute-never) bit is not set with
> DCACHE_OFF. Hence XN bit is not set by default for DCACHE_OFF which
> keeps all the regions execute okay and this leads to random speculative
> fetches in random memory regions which was eventually caught by kernel
> omap-l3-noc driver.
> 
> Fix this to mark the regions as XN by default.
> 
> Signed-off-by: Keerthy <j-keerthy@ti.com>
> Reviewed-by: Alexander Graf <agraf@suse.de>
> Reviewed-by: Tom Rini <trini@konsulko.com>

Applied to u-boot/master, thanks!