CVE-2024-46689

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> soc: qcom: cmd-db: Map shared memory as WC, not WB<br /> <br /> Linux does not write into cmd-db region. This region of memory is write<br /> protected by XPU. XPU may sometime falsely detect clean cache eviction<br /> as "write" into the write protected region leading to secure interrupt<br /> which causes an endless loop somewhere in Trust Zone.<br /> <br /> The only reason it is working right now is because Qualcomm Hypervisor<br /> maps the same region as Non-Cacheable memory in Stage 2 translation<br /> tables. The issue manifests if we want to use another hypervisor (like<br /> Xen or KVM), which does not know anything about those specific mappings.<br /> <br /> Changing the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC<br /> removes dependency on correct mappings in Stage 2 tables. This patch<br /> fixes the issue by updating the mapping to MEMREMAP_WC.<br /> <br /> I tested this on SA8155P with Xen.