KumiSystems/openwrtv4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
openwrtv4/target/linux/ipq40xx/patches-4.14/082-ARM-dts-ipq4019-Add-TZ-and-SMEM-reserved-regions.patch
Stijn Tintel 22b9f99b87 kernel: bump 4.14 to 4.14.59 
Drop patch that was superseded upstream:
ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch

Drop upstreamed patches:
- apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
- apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
- ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
- generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch
- generic/pending/900-gen_stats-fix-netlink-stats-padding.patch

In 4.14.55, a patch was introduced that breaks ext4 images in some
cases. The newly introduced patch
backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
addresses this breakage.

Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883

Compile-tested: ath79, octeon, x86/64
Runtime-tested: ath79, octeon, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-31 05:11:07 +03:00

88 lines
3 KiB
Diff
Raw Blame History

From fc566294610fa49e9d8c31c4ecc9c82f49b11f59 Mon Sep 17 00:00:00 2001
From: Sven Eckelmann <sven.eckelmann@openmesh.com>
Date: Wed, 18 Apr 2018 09:10:44 +0200
Subject: [PATCH] ARM: dts: ipq4019: Add TZ and SMEM reserved regions
The QSEE (trustzone) is started on IPQ4019 before Linux is started.
According to QCA, it is placed in in the the memory region
0x87e80000-0x88000000 and must not be accessed directly. There is an
additional memory region 0x87e00000-0x87E80000 smem which which can be used
for communication with the TZ. The driver for the latter is not yet ready
but it is still not allowed to use this memory region like any other
memory region.
Not reserving this memory region either leads to kernel crashes, kernel
hangs (often during the boot) or bus errors for userspace programs. The
latter happens when a program is using a memory region which is mapped to
these physical memory regions.
[ 571.758058] Unhandled fault: imprecise external abort (0xc06) at 0x01715ff8
[ 571.758099] pgd = cebec000
[ 571.763826] [01715ff8] *pgd=8e7fa835, *pte=87e7f75f, *ppte=87e7fc7f
Bus error
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Forwarded: https://patchwork.kernel.org/patch/10347459/
---
Cc: Sricharan Ramabadhran <srichara@qti.qualcomm.com>
Cc: Senthilkumar N L <snlakshm@qti.qualcomm.com>
There are additional memory regions which have to be initialized first by
Linux. So they are currently not used. We were told by QCA that the
features QSDK uses them for are:
* crash dump feature
- a couple of regions used when 'qca,scm_restart_reason' dt node has the
value 'dload_status' not set to 1
+ apps_bl <0x87000000 0x400000>
+ sbl <0x87400000 0x100000>
+ cnss_debug <0x87400000 0x100000>
+ cpu_context_dump <0x87b00000 0x080000>
- required driver not available in Linux
- safe to remove
* QSEE app execution
- region tz_apps <0x87b80000 0x280000>
- required driver not available in Linux
- safe to remove
* communication with TZ/QSEE
- region smem <0x87b80000 0x280000>
- driver changes not yet upstreamed
- must not be removed because any access can crash kernel/program
* trustzone (QSEE) private memory
- region tz <0x87e80000 0x180000>
- must not be removed because any access can crash kernel/program
The problem with the missing regions was reported in 2016 [1]. So maybe
this change qualifies for a stable@vger.kernel.org submission.
[1] https://www.spinics.net/lists/linux-arm-msm/msg21536.html
---
arch/arm/boot/dts/qcom-ipq4019.dtsi | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
+++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
@@ -23,6 +23,22 @@
compatible = "qcom,ipq4019";
interrupt-parent = <&intc>;
+ reserved-memory {
+ #address-cells = <0x1>;
+ #size-cells = <0x1>;
+ ranges;
+
+ smem_region: smem@87e00000 {
+ reg = <0x87e00000 0x080000>;
+ no-map;
+ };
+
+ tz@87e80000 {
+ reg = <0x87e80000 0x180000>;
+ no-map;
+ };
+ };
+
aliases {
spi0 = &blsp1_spi1;
spi1 = &blsp1_spi2;
Reference in a new issue View git blame Copy permalink