From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8D26521A04811 for ; Thu, 6 Apr 2017 02:35:58 -0700 (PDT) Received: by mail-wr0-x234.google.com with SMTP id g19so8439842wrb.0 for ; Thu, 06 Apr 2017 02:35:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=6JX1kkhcAI3qEWOgc85koZNIb/kYxu/CZEE96X+UOTY=; b=kaP/PdwCbTYhaAgj94DMJfZ01emyjVIH0UGW3KjyFUKbbsuglHvpU9U+XCMAKUYni/ vQfjvbDAxTC+VcJqQNqP30WY01biy3aknjrMXVfVPO8y2rkwK9k79LFuXrzehPZPL8aH WoV6Y/DDm6deQPS6dCpAKW2E7J1ZnRG/J1o/Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=6JX1kkhcAI3qEWOgc85koZNIb/kYxu/CZEE96X+UOTY=; b=sro+P2EFNzgWrL3+SgxjC2jKKFKzreWPF7RpTkZrDuYRipxrQ+VEhYcHoBOoDg6tS9 2gqTuL3WjpfxV4oHjSqQUk3E6KQIGX+iJC9qAW23q/pjwFN/D/bBVqG7YeX+j4vC+Lqz azOA3JbNdHXtx2rU97hN7RV15M/KhYWM3rmXPLoX7UIXCZ/2ZuF0lObTh6D3L35tWHbK LxOuH1Gk46QBZ8RWA/yERnFOHbnYIcBJtBc5Cwl7+zvkUeP1atu8fB85xXMidNUXxf8+ feOtyPZ6ZXIgkCKTVQ6aJaidANlTOTSfRZkyUARa4WWivefBFvbhmipkgrrwuRxIBalk WxFg== X-Gm-Message-State: AFeK/H0F6wQGa0j2UKVjlYILEbUfvQkBw5VzIMRpv4B3Ruq4fFezlVoA a1c9hZNOcHcJZndx X-Received: by 10.28.18.207 with SMTP id 198mr23875085wms.133.1491471356569; Thu, 06 Apr 2017 02:35:56 -0700 (PDT) Received: from bivouac.eciton.net (bivouac.eciton.net. [2a00:1098:0:86:1000:23:0:2]) by smtp.gmail.com with ESMTPSA id n53sm1406436wrn.28.2017.04.06.02.35.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Apr 2017 02:35:53 -0700 (PDT) Date: Thu, 6 Apr 2017 10:35:47 +0100 From: Leif Lindholm To: Ard Biesheuvel Cc: Jeremy Linton , "edk2-devel@lists.01.org" , "Gao, Liming" , "Kinney, Michael D" , Charles Garcia-Tobin , Dong Wei , Evan Lloyd Message-ID: <20170406093547.GR25239@bivouac.eciton.net> References: <1473429644-13480-1-git-send-email-ard.biesheuvel@linaro.org> <1473429644-13480-5-git-send-email-ard.biesheuvel@linaro.org> <8871a794-80f8-049f-5abc-ca1d4a8fb3a3@arm.com> MIME-Version: 1.0 In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [PATCH v5 4/4] MdePkg/BaseMemoryLibOptDxe ARM|AARCH64: disallow use in SEC & PEI phases X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 09:35:59 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Apr 05, 2017 at 10:55:49PM +0100, Ard Biesheuvel wrote: > >>> I think this is a problem because nowhere in the UEFI specs do I see such > >>> restrictions on those memory operations. > >> > >> Using device attributes for memory is something we should ban for > >> AArch64 in the spec. Yes, completely agree. And doing so is generally the result of misinderstanding the memory model (i.e., it probably won't provide the guarantee that was sought). Charles/Dong? Something to add to list? Can we insert a test preventing device memory type to be set for regions with _WB attribute? Or is that already only possible through manual trickery? > >>> For a specific problematic example, the LcdGraphicsOutputBlt.c uses it > >>> for > >>> BltVideoFill() and the target of that is likely not regular cached video > >>> memory. > >> > >> Those drivers should be using EFI_MEMORY_WC not EFI_MEMORY_UC for the > >> VRAM mapping. Note that EFI_MEMORY_UC is nGnRnE which is unnecessarily > >> restrictive. > >> > >> I agree there is a general issue here which we should address by > >> tightening the spec. I don't see a lot of value in avoiding DC ZVA and > >> unaligned accesses altogether, I'd rather fix the code instead. > > > > While I agree with the general sentiment, I find the result brittle. If it > > were used as a DEBUG build way to locate sub-optmimal code I would be more > > on board. But shipping it like this, puts it into situations where the user > > inadvertently changes something (say making the background black and > > therefore triggering the DC) or some obscure option ROM (we will get there > > right??!!) triggers it in a place where it can't be debugged. > > > > Particularly since we are talking boot, where the few percent perf > > improvement on this operation is likely completely undetectable. The one > > place where I can think it might even be measurable is in routines to clear > > system memory, and those routines could be a special case anyway. > > I guess this depends on the use case. For server, it may not matter, > but the case is different for mobile, and the Broadcom engineers that > did some benchmarks on this code were very pleased with the result > (and the speedup was significant, although I don't know which routines > are the hotspots) > > As for option ROMs: those will link to their own BaseMemoryLib > implementation (assuming that they are EDK2 based) so the only way > they would have access to these routines is via the CopyMem() and > SetMem() boot services. Note that that does not dismiss the concern at > all, it is just a clarification. > > Leif, any thoughts? I would prefer if we could resolve this without waiting for a new spec version. My gut feeling is that the (end-user, I care a _lot_ less about development platforms) devices that _could_ be affected by this won't be releasing updated firmwares completely rebased onto a newer edk2 HEAD. Rather they're likely to be cherry-picking individual bugfixes and improvements. But certainly having some input from abovementioned Broadcom team, Evan & co, and others is important before we make a call. / Leif