From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 76490210E1282 for ; Thu, 7 Jun 2018 23:21:38 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Jun 2018 23:21:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,489,1520924400"; d="scan'208";a="61422312" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga004.fm.intel.com with ESMTP; 07 Jun 2018 23:21:38 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 7 Jun 2018 23:21:38 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.223]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.51]) with mapi id 14.03.0319.002; Fri, 8 Jun 2018 14:21:36 +0800 From: "Zeng, Star" To: Ard Biesheuvel CC: "Kinney, Michael D" , "edk2-devel@lists.01.org" , "Yao, Jiewen" , "leif.lindholm@linaro.org" , "Zeng, Star" Thread-Topic: [edk2] [PATCH 1/5] MdeModulePkg/CapsulePei: clean Dcache before consuming capsule data Thread-Index: AQHT/k/YXbpMFZ6XjUK0LykNMTS7YaRVquHg//+wFQCAAIncQA== Date: Fri, 8 Jun 2018 06:21:35 +0000 Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103BB54D3A@shsmsx102.ccr.corp.intel.com> References: <20180607110812.26778-1-ard.biesheuvel@linaro.org> <20180607110812.26778-2-ard.biesheuvel@linaro.org> <0C09AFA07DD0434D9E2A0C6AEB0483103BB54B3F@shsmsx102.ccr.corp.intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 1/5] MdeModulePkg/CapsulePei: clean Dcache before consuming capsule data X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2018 06:21:39 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable My thought is like below, FYR. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D 8bf218e00d8bd5c4f01c83f3d16c636140d32fda .../Universal/CapsulePei/Common/CapsuleCoalesce.c | 37 +++++++++++++++---= ---- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c b/M= deModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c index 3e7054cd38a9..da047034c988 100644 --- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c +++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c @@ -253,6 +253,7 @@ ValidateCapsuleByMemoryResource ( ) { UINTN Index; + BOOLEAN Valid; =20 // // Sanity Check @@ -270,25 +271,39 @@ ValidateCapsuleByMemoryResource ( return FALSE; } =20 + Valid =3D FALSE; if (MemoryResource =3D=3D NULL) { // // No memory resource descriptor reported in HOB list before capsule C= oalesce. // - return TRUE; + Valid =3D TRUE; + } else { + for (Index =3D 0; MemoryResource[Index].ResourceLength !=3D 0; Index++= ) { + if ((Address >=3D MemoryResource[Index].PhysicalStart) && + ((Address + Size) <=3D (MemoryResource[Index].PhysicalStart + Me= moryResource[Index].ResourceLength))) { + DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[= 0x%x] - Start(0x%lx) Length(0x%lx)\n", + Address, Size, + Index, MemoryResource[Index].PhysicalStart, Me= moryResource[Index].ResourceLength)); + Valid =3D TRUE; + break; + } + } + if (!Valid) { + DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any M= emoryResource\n", Address, Size)); + } } =20 - for (Index =3D 0; MemoryResource[Index].ResourceLength !=3D 0; Index++) = { - if ((Address >=3D MemoryResource[Index].PhysicalStart) && - ((Address + Size) <=3D (MemoryResource[Index].PhysicalStart + Memo= ryResource[Index].ResourceLength))) { - DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x= %x] - Start(0x%lx) Length(0x%lx)\n", - Address, Size, - Index, MemoryResource[Index].PhysicalStart, Memo= ryResource[Index].ResourceLength)); - return TRUE; - } + if (Valid) { + // + // At this point, we may still be running with the MMU and caches disa= bled, + // and on architectures such as ARM or AARCH64, capsule [meta]data loa= ded + // into memory with the caches on is only guaranteed to be visible to = the + // CPU running with the caches off after performing an explicit writeb= ack. + // + WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size); } =20 - DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any Memor= yResource\n", Address, Size)); - return FALSE; + return Valid; } =20 /** =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Thanks, Star -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ard = Biesheuvel Sent: Friday, June 8, 2018 2:07 PM To: Zeng, Star Cc: Kinney, Michael D ; edk2-devel@lists.01.org= ; Yao, Jiewen ; leif.lindholm@linaro.org Subject: Re: [edk2] [PATCH 1/5] MdeModulePkg/CapsulePei: clean Dcache befor= e consuming capsule data On 8 June 2018 at 04:53, Zeng, Star wrote: > I suggest to use goto/adjust code to have one place for both paths to per= form cache maintenance (with comments). > Something like this? @@ -253,6 +254,7 @@ ValidateCapsuleByMemoryResource ( ) { UINTN Index; + BOOLEAN Found; // // Sanity Check @@ -274,19 +276,32 @@ ValidateCapsuleByMemoryResource ( // // No memory resource descriptor reported in HOB list before capsule C= oalesce. // - return TRUE; + Found =3D TRUE; + } else { + Found =3D FALSE; } - for (Index =3D 0; MemoryResource[Index].ResourceLength !=3D 0; Index++) = { + for (Index =3D 0; !Found && MemoryResource[Index].ResourceLength !=3D 0; Index++) { if ((Address >=3D MemoryResource[Index].PhysicalStart) && ((Address + Size) <=3D (MemoryResource[Index].PhysicalStart + MemoryResource[Index].ResourceLength))) { DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x= %x] - Start(0x%lx) Length(0x%lx)\n", Address, Size, Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength)); - return TRUE; + Found =3D TRUE; } } + if (Found) { + // + // At this point, we may still be running with the MMU and caches disa= bled, + // and on architectures such as ARM or AARCH64, capsule [meta]data loa= ded + // into memory with the caches on is only guaranteed to be visible to = the + // CPU running with the caches off after performing an explicit writeb= ack. + // + WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size); + return TRUE; + } + DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any Memor= yResource\n", Address, Size)); return FALSE; } > > Thanks, > Star > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] > Sent: Thursday, June 7, 2018 7:08 PM > To: edk2-devel@lists.01.org > Cc: leif.lindholm@linaro.org; Kinney, Michael D=20 > ; Yao, Jiewen ;=20 > Zeng, Star ; Ard Biesheuvel=20 > > Subject: [PATCH 1/5] MdeModulePkg/CapsulePei: clean Dcache before=20 > consuming capsule data > > When capsule updates are staged for processing after a warm reboot, they = are copied into memory with the MMU and caches enabled. When the capsule PE= I gets around to coalescing the capsule, the MMU and caches may still be di= sabled, and so on architectures where uncached accesses are incoherent with= the caches (such as ARM and AARCH64), we may read stale data if we don't c= lean the caches to memory first. > > Note that this cache maintenance cannot be done during the invocation of = UpdateCapsule(), since the ScatterGatherList structures are only identified= by physical address, and at runtime, the firmware doesn't know whether and= where this memory is mapped, and cache maintenance requires a virtual addr= ess. > > Reviewed-by: Jiewen Yao > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Ard Biesheuvel > --- > MdeModulePkg/Universal/CapsulePei/CapsulePei.inf | 1 + > MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c | 10=20 > ++++++++++ > 2 files changed, 11 insertions(+) > > diff --git a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf=20 > b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf > index c54bc21a95a8..594e110d1f8a 100644 > --- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf > +++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf > @@ -48,6 +48,7 @@ [Packages] > > [LibraryClasses] > BaseLib > + CacheMaintenanceLib > HobLib > BaseMemoryLib > PeiServicesLib > diff --git=20 > a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c=20 > b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c > index 3e7054cd38a9..fb59f338f100 100644 > --- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c > +++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c > @@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. > #include > > #include > +#include > #include > #include > #include > @@ -274,6 +275,7 @@ ValidateCapsuleByMemoryResource ( > // > // No memory resource descriptor reported in HOB list before capsule= Coalesce. > // > + WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size); > return TRUE; > } > > @@ -283,6 +285,14 @@ ValidateCapsuleByMemoryResource ( > DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[= 0x%x] - Start(0x%lx) Length(0x%lx)\n", > Address, Size, > Index, MemoryResource[Index].PhysicalStart,=20 > MemoryResource[Index].ResourceLength)); > + > + // > + // At this point, we may still be running with the MMU and caches = disabled, > + // and on architectures such as ARM or AARCH64, capsule [meta]data= loaded > + // into memory with the caches on is only guaranteed to be visible= to the > + // CPU running with the caches off after performing an explicit wr= iteback. > + // > + WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size); > return TRUE; > } > } > -- > 2.17.0 > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel