core: mm: core_mmu: don't use check_va_matches_pa() on RISC-V

The arch_va2pa_helper() in the RISC-V implements a software page table walker. It requires phys_to_virt() to convert the physical page on the PTE to the virtual address of the next level page table. The process can lead to a stack overflow caused by indirect recursion as below: phys_to_virt() <--------------------------------. -> check_va_matches_pa() | -> virt_to_phys() | -> arch_va2pa_helper() | -> core_mmu_xlat_table_entry_pa2va()-' As arch_va2pa_helper() can return true if va matches pa, we don't use and check_va_matches_pa() when CFG_TEE_CORE_DEBUG is enabled. Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com> Reviewed-by: Alvin Chang <alvinga@andestech.com> Tested-by: Alvin Chang <alvinga@andestech.com> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
gagachang · Sep 16, 2024 · 1502e43 · 1502e43
1 parent b1e2527
commit 1502e43
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/core/mm/core_mmu.c b/core/mm/core_mmu.c
@@ -2379,7 +2379,14 @@ paddr_t virt_to_phys(void *va)
 	return pa;
 }
 
-#if defined(CFG_TEE_CORE_DEBUG)
+/*
+ * Don't use check_va_matches_pa() for RISC-V, as its callee
+ * arch_va2pa_helper() will call it eventually, this creates
+ * indirect recursion and can lead to a stack overflow.
+ * Moreover, if arch_va2pa_helper() returns true, it implies
+ * the va2pa mapping is matched, no need to check it again.
+ */
+#if defined(CFG_TEE_CORE_DEBUG) && !defined(__riscv)
 static void check_va_matches_pa(paddr_t pa, void *va)
 {
 	paddr_t p = 0;