From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:400c:c0c::244; helo=mail-wr0-x244.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com [IPv6:2a00:1450:400c:c0c::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 16B35211B85FE for ; Thu, 7 Jun 2018 04:08:18 -0700 (PDT) Received: by mail-wr0-x244.google.com with SMTP id a12-v6so9647815wro.1 for ; Thu, 07 Jun 2018 04:08:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KEYJMTUEqBlBTHgwySNGwZgl7i4BEmO3mp/rs+IeSW8=; b=gFb0GlG+edBio7ur+qxkabmSeFM+nO0b20GEx9DhDutR2OVUDksvgxXNb4Z0wkOywl ISk80Z4gY1q/F+Q142gs1RpKAUY0uW0Y4S6sTHq+P9wTq9oproTeRYOQXEO28lVUfQJH NO161nIAWcAjd50G1Xq3kf0wcAOK050DqQ4H4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KEYJMTUEqBlBTHgwySNGwZgl7i4BEmO3mp/rs+IeSW8=; b=NaNpnlMtYU1syyX90OYqroJ97feIdy6A0QS3/jAX2D0UHBbEhHWtqcNiBh+dNyf5G6 l8NjZ5fLdHcaxON81/2oleYjdxbB8LzSDBMfF5tXdqWTm7dN1klEYn9gtjO9xvt0Q8Mc nLUqXTLaRwasE1YSgUvkHcYchMu4rTA1UweumGUDLE4wLS3N8zcsHaOQgQiHiduRb+98 +Njvjn7eozSHmORfygahryk9rUGsCYt5LGixF3ubZ6yrDPQW7y0UudQeLqlo6A3585ZX IhsHZyCQ5AFB84p37xV5q8+2lniehfrxiCHdm4PG5ar865HJu4P2QU2JA8i4rIkFePXj XBLQ== X-Gm-Message-State: APt69E39wtNS8Nx9atkTgHLJSBu7ugisIaGbyfq/Hse0HEVpfqIUi4y2 5WHrZhR1l4YaG5SNfIpcUpSQjxGBVxM= X-Google-Smtp-Source: ADUXVKJULyYaf/lOaE8Is0r6+vyAepA+P607OkcufZNKdrfL41o3yPzH8NtehS9Zx+A8C7xQp8hEFA== X-Received: by 2002:adf:dc52:: with SMTP id m18-v6mr1405048wrj.84.1528369696418; Thu, 07 Jun 2018 04:08:16 -0700 (PDT) Received: from dogfood.home ([2a01:cb1d:112:6f00:88ff:8f90:37f1:db91]) by smtp.gmail.com with ESMTPSA id 72-v6sm54997900wrb.22.2018.06.07.04.08.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Jun 2018 04:08:15 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org Cc: leif.lindholm@linaro.org, michael.d.kinney@intel.com, jiewen.yao@intel.com, star.zeng@intel.com, Ard Biesheuvel Date: Thu, 7 Jun 2018 13:08:08 +0200 Message-Id: <20180607110812.26778-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180607110812.26778-1-ard.biesheuvel@linaro.org> References: <20180607110812.26778-1-ard.biesheuvel@linaro.org> Subject: [PATCH 1/5] MdeModulePkg/CapsulePei: clean Dcache before consuming capsule data X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2018 11:08:18 -0000 When capsule updates are staged for processing after a warm reboot, they are copied into memory with the MMU and caches enabled. When the capsule PEI gets around to coalescing the capsule, the MMU and caches may still be disabled, and so on architectures where uncached accesses are incoherent with the caches (such as ARM and AARCH64), we may read stale data if we don't clean the caches to memory first. Note that this cache maintenance cannot be done during the invocation of UpdateCapsule(), since the ScatterGatherList structures are only identified by physical address, and at runtime, the firmware doesn't know whether and where this memory is mapped, and cache maintenance requires a virtual address. Reviewed-by: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Universal/CapsulePei/CapsulePei.inf | 1 + MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf index c54bc21a95a8..594e110d1f8a 100644 --- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf +++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf @@ -48,6 +48,7 @@ [Packages] [LibraryClasses] BaseLib + CacheMaintenanceLib HobLib BaseMemoryLib PeiServicesLib diff --git a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c index 3e7054cd38a9..fb59f338f100 100644 --- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c +++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c @@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include #include #include #include @@ -274,6 +275,7 @@ ValidateCapsuleByMemoryResource ( // // No memory resource descriptor reported in HOB list before capsule Coalesce. // + WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size); return TRUE; } @@ -283,6 +285,14 @@ ValidateCapsuleByMemoryResource ( DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n", Address, Size, Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength)); + + // + // At this point, we may still be running with the MMU and caches disabled, + // and on architectures such as ARM or AARCH64, capsule [meta]data loaded + // into memory with the caches on is only guaranteed to be visible to the + // CPU running with the caches off after performing an explicit writeback. + // + WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size); return TRUE; } } -- 2.17.0