)]}'
{
  "commit": "ff2fe1cb852c4bed35737ace5f04d035e962b462",
  "tree": "5b2dcdc1ee0a8663bff033c28bce5168e4cb82d0",
  "parents": [
    "3d7cb6b04c3f3115719235cc6866b10326de34cd"
  ],
  "author": {
    "name": "Ard Biesheuvel",
    "email": "ardb@kernel.org",
    "time": "Mon Jun 06 17:27:44 2022 +0200"
  },
  "committer": {
    "name": "Ard Biesheuvel",
    "email": "ardb@kernel.org",
    "time": "Mon Aug 01 16:50:46 2022 +0200"
  },
  "message": "ARM: mm: shrink permanent FDT mapping to avoid mismatched attributes\n\nZhen Lei writes in commit 598f0a99fa8a (\"ARM: 9210/1: Mark the FDT_FIXED\nsections as shareable\"):\n\n  Commit 7a1be318f579 (\"ARM: 9012/1: move device tree mapping out of\n  linear region\") uses FDT_FIXED_BASE to map the whole FDT_FIXED_SIZE\n  memory area which contains fdt. But it only reserves the exact physical\n  memory that fdt occupied. Unfortunately, this mapping is non-shareable.\n  An illegal or speculative read access can bring the RAM content from\n  non-fdt zone into cache, PIPT makes it to be hit by subsequently read\n  access through shareable mapping (such as linear mapping), and the\n  cache consistency between cores is lost due to non-shareable property.\n\n  |\u003c---------FDT_FIXED_SIZE------\u003e|\n  |                               |\n   -------------------------------\n  | \u003cnon-fdt\u003e | \u003cfdt\u003e | \u003cnon-fdt\u003e |\n   -------------------------------\n\n  1. CoreA read \u003cnon-fdt\u003e through MT_ROM mapping, the old data is loaded\n     into the cache.\n  2. CoreB write \u003cnon-fdt\u003e to update data through linear mapping. CoreA\n     received the notification to invalid the corresponding cachelines,\n     but the property non-shareable makes it to be ignored.\n  3. CoreA read \u003cnon-fdt\u003e through linear mapping, cache hit, the old data\n     is read.\n\nHowever, the resulting fix is incomplete, as mismatched shareability\nattributes are not the only potential problem vector here: the non-fdt\nregions might also be covered by a no-map memory reservation, or be\nmapped with non-cacheable attributes for, e.g., firmware calls or\nnon-coherent DMA. This means, in order to eliminate any potential\nmismatched attribute mappings, we must reduce the size of the FDT\nmapping to match its memblock reservation, and eliminate the non-fdt\nregions altogether.\n\nThe permanent FDT region will no longer cover the ATAGS when booting a\nnon-DT system, but this mapping was never used or exposed after boot\nanyway. (The ATAGS are copied into a separate buffer by the early ATAGS\nprocessing code)\n\nReported-by: Zhen Lei \u003cthunder.leizhen@huawei.com\u003e\nSigned-off-by: Ard Biesheuvel \u003cardb@kernel.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f673e13e0f942279a2fc4b58d71400bbebf14838",
      "old_mode": 33188,
      "old_path": "arch/arm/include/asm/memory.h",
      "new_id": "156e4045c8e6e979da03d92d97853c1572c4a177",
      "new_mode": 33188,
      "new_path": "arch/arm/include/asm/memory.h"
    },
    {
      "type": "modify",
      "old_id": "1e8a50a97edf2e49dc2075b5b119a5d561010b86",
      "old_mode": 33188,
      "old_path": "arch/arm/kernel/setup.c",
      "new_id": "fe07086f7e566e683a87bef06b1f8d0aeebd01b7",
      "new_mode": 33188,
      "new_path": "arch/arm/kernel/setup.c"
    },
    {
      "type": "modify",
      "old_id": "cd17e324aa51ea6596cc83b76049b06ca8c329fb",
      "old_mode": 33188,
      "old_path": "arch/arm/mm/mmu.c",
      "new_id": "af8eacf8181a9859ad3cea5f7dfe0b2681776a21",
      "new_mode": 33188,
      "new_path": "arch/arm/mm/mmu.c"
    }
  ]
}