[PATCH 1/2] fdtdec: optionally add property no-map to created reserved memory node

[PATCH 1/2] fdtdec: optionally add property no-map to created reserved memory node

[Patrice Chotard]

From: Etienne Carriere <etienne.carriere@st.com>

Add boolean input argument @no_map to helper function
fdtdec_add_reserved_memory() to add "no-map" property for an added
reserved memory node. This is needed for example when the reserved
memory relates to secure memory that the dear Linux kernel shall
not even map unless what non-secure world speculative accesses of the
CPU can violate the memory firmware configuration.

No function change. A later change will update to OPTEE library to
add no-map property to OP-TEE reserved memory nodes.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
---

 include/fdtdec.h  |  5 +++--
 lib/fdtdec.c      | 10 ++++++++--
 lib/optee/optee.c |  2 +-
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/include/fdtdec.h b/include/fdtdec.h
index 760b392bdf..ad2b0879d7 100644
--- a/include/fdtdec.h
+++ b/include/fdtdec.h
@@ -999,7 +999,7 @@ static inline int fdtdec_set_phandle(void *blob, int node, uint32_t phandle)
  *     };
  *     uint32_t phandle;
  *
- *     fdtdec_add_reserved_memory(fdt, "framebuffer", &fb, &phandle);
+ *     fdtdec_add_reserved_memory(fdt, "framebuffer", &fb, &phandle, false);
  *
  * This results in the following subnode being added to the top-level
  * /reserved-memory node:
@@ -1026,11 +1026,12 @@ static inline int fdtdec_set_phandle(void *blob, int node, uint32_t phandle)
  * @param carveout	information about the carveout region
  * @param phandlep	return location for the phandle of the carveout region
  *			can be NULL if no phandle should be added
+ * @param no_map	add "no-map" property if true
  * @return 0 on success or a negative error code on failure
  */
 int fdtdec_add_reserved_memory(void *blob, const char *basename,
 			       const struct fdt_memory *carveout,
-			       uint32_t *phandlep);
+			       uint32_t *phandlep, bool no_map);
 
 /**
  * fdtdec_get_carveout() - reads a carveout from an FDT
diff --git a/lib/fdtdec.c b/lib/fdtdec.c
index 78576b530f..303455e44b 100644
--- a/lib/fdtdec.c
+++ b/lib/fdtdec.c
@@ -1255,7 +1255,7 @@ static int fdtdec_init_reserved_memory(void *blob)
 
 int fdtdec_add_reserved_memory(void *blob, const char *basename,
 			       const struct fdt_memory *carveout,
-			       uint32_t *phandlep)
+			       uint32_t *phandlep, bool no_map)
 {
 	fdt32_t cells[4] = {}, *ptr = cells;
 	uint32_t upper, lower, phandle;
@@ -1355,6 +1355,12 @@ int fdtdec_add_reserved_memory(void *blob, const char *basename,
 	if (err < 0)
 		return err;
 
+	if (no_map) {
+		err = fdt_setprop(blob, node, "no-map", NULL, 0);
+		if (err < 0)
+			return err;
+	}
+
 	/* return the phandle for the new node for the caller to use */
 	if (phandlep)
 		*phandlep = phandle;
@@ -1420,7 +1426,7 @@ int fdtdec_set_carveout(void *blob, const char *node, const char *prop_name,
 	fdt32_t value;
 	void *prop;
 
-	err = fdtdec_add_reserved_memory(blob, name, carveout, &phandle);
+	err = fdtdec_add_reserved_memory(blob, name, carveout, &phandle, false);
 	if (err < 0) {
 		debug("failed to add reserved memory: %d\n", err);
 		return err;
diff --git a/lib/optee/optee.c b/lib/optee/optee.c
index 457d4cca8a..963c2ff430 100644
--- a/lib/optee/optee.c
+++ b/lib/optee/optee.c
@@ -192,7 +192,7 @@ int optee_copy_fdt_nodes(const void *old_blob, void *new_blob)
 				ret = fdtdec_add_reserved_memory(new_blob,
 								 nodename,
 								 &carveout,
-								 NULL);
+								 NULL, false);
 				free(oldname);
 
 				if (ret < 0)
-- 
2.17.1

[PATCH 2/2] optee: add property no-map to secure reserved memory

[Patrice Chotard]

From: Etienne Carriere <etienne.carriere@st.com>

OP-TEE reserved memory node must set property "no-map" to prevent
Linux kernel from mapping secure memory unless what non-secure world
speculative accesses of the CPU can violate the memory firmware
configuration.

Fixes: 6ccb05eae01b ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
---

 lib/optee/optee.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/optee/optee.c b/lib/optee/optee.c
index 963c2ff430..9e6606568f 100644
--- a/lib/optee/optee.c
+++ b/lib/optee/optee.c
@@ -192,7 +192,7 @@ int optee_copy_fdt_nodes(const void *old_blob, void *new_blob)
 				ret = fdtdec_add_reserved_memory(new_blob,
 								 nodename,
 								 &carveout,
-								 NULL, false);
+								 NULL, true);
 				free(oldname);
 
 				if (ret < 0)
-- 
2.17.1

[PATCH 1/2] fdtdec: optionally add property no-map to created reserved memory node

[Simon Glass]

On Thu, 13 Aug 2020 at 03:47, Patrice Chotard <patrice.chotard@st.com> wrote:
>
> From: Etienne Carriere <etienne.carriere@st.com>
>
> Add boolean input argument @no_map to helper function
> fdtdec_add_reserved_memory() to add "no-map" property for an added
> reserved memory node. This is needed for example when the reserved
> memory relates to secure memory that the dear Linux kernel shall
> not even map unless what non-secure world speculative accesses of the
> CPU can violate the memory firmware configuration.
>
> No function change. A later change will update to OPTEE library to
> add no-map property to OP-TEE reserved memory nodes.
>
> Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
> Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
> ---
>
>  include/fdtdec.h  |  5 +++--
>  lib/fdtdec.c      | 10 ++++++++--
>  lib/optee/optee.c |  2 +-
>  3 files changed, 12 insertions(+), 5 deletions(-)

Please can you check this as it seems to have a build error.

[PATCH 1/2] fdtdec: optionally add property no-map to created reserved memory node

[Patrice CHOTARD]

Hi Simon

On 8/22/20 5:09 PM, Simon Glass wrote:
> On Thu, 13 Aug 2020 at 03:47, Patrice Chotard <patrice.chotard@st.com> wrote:
>> From: Etienne Carriere <etienne.carriere@st.com>
>>
>> Add boolean input argument @no_map to helper function
>> fdtdec_add_reserved_memory() to add "no-map" property for an added
>> reserved memory node. This is needed for example when the reserved
>> memory relates to secure memory that the dear Linux kernel shall
>> not even map unless what non-secure world speculative accesses of the
>> CPU can violate the memory firmware configuration.
>>
>> No function change. A later change will update to OPTEE library to
>> add no-map property to OP-TEE reserved memory nodes.
>>
>> Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
>> Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
>> ---
>>
>>  include/fdtdec.h  |  5 +++--
>>  lib/fdtdec.c      | 10 ++++++++--
>>  lib/optee/optee.c |  2 +-
>>  3 files changed, 12 insertions(+), 5 deletions(-)
> Please can you check this as it seems to have a build error.

Yes, sorry, we forgot to update dm test and other platform piece of code.

A v2 will be send.

Thanks

Patrice