Secure-world cache consistency bug on Raspberry Pi

[0xabu]

There's a gremlin lurking in the Raspberry Pi memory system that we haven't yet figured out. The Pi has a TrustZone-capable core, but its memory system (in theory) doesn't distinguish secure-world from normal-world physical addresses. Despite marking all secure-world PTEs as using not-secure physical addresses and setting the NS bit on the page-table base register, the caches do not always appear to be consistent between normal world and secure world.

There are a number of explicit cache flushes in the Linux driver when creating enclaves to work around this problem, but it still occasionally surfaces as a page fault on the first execution of a new enclave.

[xiexiewww]

so ,is there a solution to figure it out.....

[0xabu]

Most likely the cause of this is that page table walks from a secure world context always access secure physical memory (NS=0). The Pi's memory system ignores the NS bit, but the core's caches respect it, so we have a coherence bug. As a workaround, we should flush the cache before returning from any SMC or SVC handler that modifies page table entries.

Spec reference: ARMv7 ARM B3.4 "Secure and Non-secure address spaces"