[PATCH 1/2] ARM: mmu: have zero_page_remappable() check MMU status

[PATCH 1/2] ARM: mmu: have zero_page_remappable() check MMU status

[Ahmad Fatoum]

zero_page_access() and zero_page_faulting() call remap_range(), which
assumes the TTBR was initialized to page tables set up by barebox.

It's thus not safe to call them from generic code prior to enabling the
MMU, but we are doing just that. In preparation for fixing, let's make
zero_page_remappable reflect MMU status.

While at it, also drop the duplicate zero_page_access() prototype.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 arch/arm/cpu/mmu-common.c |  5 +++++
 include/zero_page.h       | 12 ++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/arch/arm/cpu/mmu-common.c b/arch/arm/cpu/mmu-common.c
index 033ba01ea4c8..92e06b06077f 100644
--- a/arch/arm/cpu/mmu-common.c
+++ b/arch/arm/cpu/mmu-common.c
@@ -81,6 +81,11 @@ void *dma_alloc_writecombine(struct device *dev, size_t size, dma_addr_t *dma_ha
 	return dma_alloc_map(dev, size, dma_handle, MAP_WRITECOMBINE);
 }
 
+bool zero_page_remappable(void)
+{
+	return get_cr() & CR_M;
+}
+
 void zero_page_access(void)
 {
 	remap_range(0x0, PAGE_SIZE, MAP_CACHED);
diff --git a/include/zero_page.h b/include/zero_page.h
index 8dd66a1efb9b..072e71be581e 100644
--- a/include/zero_page.h
+++ b/include/zero_page.h
@@ -20,12 +20,12 @@ void zero_page_faulting(void);
  */
 void zero_page_access(void);
 
-void zero_page_access(void);
-
-static inline bool zero_page_remappable(void)
-{
-	return true;
-}
+/**
+ * zero_page_remappable() - check if zero page can be remapped
+ *
+ * Check if MMU is enabled and zero page remapping support is available.
+ */
+bool zero_page_remappable(void);
 
 #else
 
-- 
2.47.3

[PATCH 2/2] ARM: i.MX8M: romapi: skip zero_page_access() if MMU is disabled

[Ahmad Fatoum]

imx8m_get_bootrom_log() anticipates three situations in which it can be
called:

  1) From PBL running in EL3
  2) From barebox proper running in EL2
  3) From barebox proper hacked to run in EL3 without TF-A

No board makes use of situation 3), but it's occasionally useful
in debugging. To handle that last case, commit b0d0ac502c49
("ARM: i.MX8M: bootrom: access OCRAM directly if running in EL3")
remaps the zero page as it would overlay the BootROM, which is located
at physical address 0.

This worked fine for a while, because zero page control was not
available in the PBL, but this changed with commit
99944ef03dc1 ("ARM: mmu: provide zero page control in PBL") leading to
buggy behavior for situation 1): zero_page_access() would now remap the
zero page, even though barebox never initialized the TTBR.

This was observed to crash TF-A (presumably, because when it unmasks
exceptions) on an i.MX8MP.

Fix by only calling zero_page_access/faulting when our newly dynamic
zero_page_remappable() returns true.

Fixes: 99944ef03dc1 ("ARM: mmu: provide zero page control in PBL")
Reported-by: Holger Assmann <has@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
This issue is IMO worth an entry in the migration guide, once the fix
makes it into master.
---
 arch/arm/mach-imx/romapi.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-imx/romapi.c b/arch/arm/mach-imx/romapi.c
index a4143d372ae8..eaaadc661cc8 100644
--- a/arch/arm/mach-imx/romapi.c
+++ b/arch/arm/mach-imx/romapi.c
@@ -237,14 +237,19 @@ int imx93_romapi_load_image(void *adr)
 const u32 *imx8m_get_bootrom_log(void)
 {
 	if (current_el() == 3) {
+		bool remap_zero_page = zero_page_remappable();
 		ulong *rom_log_addr_offset = (void *)0x9e0;
 		ulong rom_log_addr;
 
 		OPTIMIZER_HIDE_VAR(rom_log_addr_offset);
 
-		zero_page_access();
+		if (remap_zero_page)
+			zero_page_access();
+
 		rom_log_addr = *rom_log_addr_offset;
-		zero_page_faulting();
+
+		if (remap_zero_page)
+			zero_page_faulting();
 
 		if (rom_log_addr < MX8M_OCRAM_BASE_ADDR ||
 		    rom_log_addr >= MX8M_OCRAM_BASE_ADDR + MX8M_OCRAM_MAX_SIZE ||
-- 
2.47.3