* [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches
@ 2018-10-02 12:17 marcandre.lureau
2018-10-02 12:38 ` Laszlo Ersek
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: marcandre.lureau @ 2018-10-02 12:17 UTC (permalink / raw)
To: edk2-devel
Cc: Marc-André Lureau, Jordan Justen, Laszlo Ersek,
Ard Biesheuvel, Anthony Perard, Julien Grall
From: Marc-André Lureau <marcandre.lureau@redhat.com>
This is for conformance with the TCG "Platform Reset Attack Mitigation
Specification". Because clearing the CPU caches at boot doesn't impact
performance significantly, do it unconditionally, for simplicity's
sake.
Flush the cache on all logical processors, thanks to
EFI_PEI_MP_SERVICES_PPI and CacheMaintenanceLib.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20181002120730.13013-1-marcandre.lureau@redhat.com>
---
v3:
- update top comment with notes about TCG spec
- sort headers inclusion
OvmfPkg/PlatformPei/PlatformPei.inf | 2 +
OvmfPkg/PlatformPei/Platform.h | 5 +
OvmfPkg/PlatformPei/ClearCache.c | 117 ++++++++++++++++++++
OvmfPkg/PlatformPei/Platform.c | 1 +
4 files changed, 125 insertions(+)
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 9c5ad9961c4a..5c8dd0fe6d72 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -30,6 +30,7 @@
[Sources]
AmdSev.c
+ ClearCache.c
Cmos.c
Cmos.h
FeatureControl.c
@@ -54,6 +55,7 @@
[LibraryClasses]
BaseLib
+ CacheMaintenanceLib
DebugLib
HobLib
IoLib
diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
index f942e61bb4f9..b12a5c1f5f78 100644
--- a/OvmfPkg/PlatformPei/Platform.h
+++ b/OvmfPkg/PlatformPei/Platform.h
@@ -83,6 +83,11 @@ InstallFeatureControlCallback (
VOID
);
+VOID
+InstallClearCacheCallback (
+ VOID
+ );
+
EFI_STATUS
InitializeXen (
VOID
diff --git a/OvmfPkg/PlatformPei/ClearCache.c b/OvmfPkg/PlatformPei/ClearCache.c
new file mode 100644
index 000000000000..7d15fd925c3c
--- /dev/null
+++ b/OvmfPkg/PlatformPei/ClearCache.c
@@ -0,0 +1,117 @@
+/**@file
+ Install a callback to clear cache on all processors.
+ This is for conformance with the TCG "Platform Reset Attack Mitigation
+ Specification". Because clearing the CPU caches at boot doesn't impact
+ performance significantly, do it unconditionally, for simplicity's
+ sake.
+
+ Copyright (C) 2018, Red Hat, Inc.
+
+ This program and the accompanying materials are licensed and made available
+ under the terms and conditions of the BSD License which accompanies this
+ distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+**/
+
+#include <Library/CacheMaintenanceLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Ppi/MpServices.h>
+
+#include "Platform.h"
+
+/**
+ Invalidate data & instruction caches.
+ All APs execute this function in parallel. The BSP executes the function
+ separately.
+
+ @param[in,out] WorkSpace Pointer to the input/output argument workspace
+ shared by all processors.
+**/
+STATIC
+VOID
+EFIAPI
+ClearCache (
+ IN OUT VOID *WorkSpace
+ )
+{
+ WriteBackInvalidateDataCache ();
+ InvalidateInstructionCache ();
+}
+
+/**
+ Notification function called when EFI_PEI_MP_SERVICES_PPI becomes available.
+
+ @param[in] PeiServices Indirect reference to the PEI Services Table.
+ @param[in] NotifyDescriptor Address of the notification descriptor data
+ structure.
+ @param[in] Ppi Address of the PPI that was installed.
+
+ @return Status of the notification. The status code returned from this
+ function is ignored.
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+ClearCacheOnMpServicesAvailable (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
+ IN VOID *Ppi
+ )
+{
+ EFI_PEI_MP_SERVICES_PPI *MpServices;
+ EFI_STATUS Status;
+
+ DEBUG ((DEBUG_INFO, "%a: %a\n", gEfiCallerBaseName, __FUNCTION__));
+
+ //
+ // Clear cache on all the APs in parallel.
+ //
+ MpServices = Ppi;
+ Status = MpServices->StartupAllAPs (
+ (CONST EFI_PEI_SERVICES **)PeiServices,
+ MpServices,
+ ClearCache, // Procedure
+ FALSE, // SingleThread
+ 0, // TimeoutInMicroSeconds: inf.
+ NULL // ProcedureArgument
+ );
+ if (EFI_ERROR (Status) && Status != EFI_NOT_STARTED) {
+ DEBUG ((DEBUG_ERROR, "%a: StartupAllAps(): %r\n", __FUNCTION__, Status));
+ return Status;
+ }
+
+ //
+ // Now clear cache on the BSP too.
+ //
+ ClearCache (NULL);
+ return EFI_SUCCESS;
+}
+
+//
+// Notification object for registering the callback, for when
+// EFI_PEI_MP_SERVICES_PPI becomes available.
+//
+STATIC CONST EFI_PEI_NOTIFY_DESCRIPTOR mMpServicesNotify = {
+ EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | // Flags
+ EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gEfiPeiMpServicesPpiGuid, // Guid
+ ClearCacheOnMpServicesAvailable // Notify
+};
+
+VOID
+InstallClearCacheCallback (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = PeiServicesNotifyPpi (&mMpServicesNotify);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: failed to set up MP Services callback: %r\n",
+ __FUNCTION__, Status));
+ }
+}
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 5a78668126b4..22139a64cbf4 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -672,6 +672,7 @@ InitializePlatform (
NoexecDxeInitialization ();
}
+ InstallClearCacheCallback ();
AmdSevInitialize ();
MiscInitialization ();
InstallFeatureControlCallback ();
--
2.19.0.271.gfe8321ec05
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches
2018-10-02 12:17 [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches marcandre.lureau
@ 2018-10-02 12:38 ` Laszlo Ersek
2018-10-02 13:27 ` Anthony PERARD
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Laszlo Ersek @ 2018-10-02 12:38 UTC (permalink / raw)
To: marcandre.lureau, edk2-devel; +Cc: Jordan Justen, Anthony Perard
On 10/02/18 14:17, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> This is for conformance with the TCG "Platform Reset Attack Mitigation
> Specification". Because clearing the CPU caches at boot doesn't impact
> performance significantly, do it unconditionally, for simplicity's
> sake.
>
> Flush the cache on all logical processors, thanks to
> EFI_PEI_MP_SERVICES_PPI and CacheMaintenanceLib.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Julien Grall <julien.grall@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Message-Id: <20181002120730.13013-1-marcandre.lureau@redhat.com>
> ---
>
> v3:
> - update top comment with notes about TCG spec
> - sort headers inclusion
So, meta comments first...
I got this patch (v3) in three variants:
(a) the one you sent me off-list, as quoted-printable:
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
(b) this message, reaching me directly from you:
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
(c) this message, reflected by the edk2-devel list software, from you to me:
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Results:
- git-am fails with (a).
- git-am *also* fails with (c).
- git-am only works on (b).
Which means that your setup is now correct, but some mail server on path
(c) is broken, and corrupts your patch email when it transcodes the
email to base64. Yay!
I guess I'll work with copy (b), in my inbox.
Sigh, is the mailing list workflow actually *more* broken than github
pull requests? I thought that was impossible, but I guess I'm being
proven wrong.
Laszlo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches
2018-10-02 12:17 [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches marcandre.lureau
2018-10-02 12:38 ` Laszlo Ersek
@ 2018-10-02 13:27 ` Anthony PERARD
2018-10-02 15:03 ` Laszlo Ersek
2018-10-02 15:23 ` Laszlo Ersek
2018-10-05 16:49 ` Kinney, Michael D
3 siblings, 1 reply; 7+ messages in thread
From: Anthony PERARD @ 2018-10-02 13:27 UTC (permalink / raw)
To: marcandre.lureau
Cc: edk2-devel, Jordan Justen, Laszlo Ersek, Ard Biesheuvel,
Julien Grall
On Tue, Oct 02, 2018 at 04:17:25PM +0400, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> This is for conformance with the TCG "Platform Reset Attack Mitigation
> Specification". Because clearing the CPU caches at boot doesn't impact
> performance significantly, do it unconditionally, for simplicity's
> sake.
>
> Flush the cache on all logical processors, thanks to
> EFI_PEI_MP_SERVICES_PPI and CacheMaintenanceLib.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Julien Grall <julien.grall@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
That patch works for me on Xen. I can still boot guests with the patch
applied, with either 1 or 4 vcpus assigned to the guest:
Tested-by: Anthony PERARD <anthony.perard@citrix.com>
Thanks,
--
Anthony PERARD
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches
2018-10-02 13:27 ` Anthony PERARD
@ 2018-10-02 15:03 ` Laszlo Ersek
0 siblings, 0 replies; 7+ messages in thread
From: Laszlo Ersek @ 2018-10-02 15:03 UTC (permalink / raw)
To: Anthony PERARD, marcandre.lureau
Cc: edk2-devel, Jordan Justen, Ard Biesheuvel, Julien Grall
On 10/02/18 15:27, Anthony PERARD wrote:
> On Tue, Oct 02, 2018 at 04:17:25PM +0400, marcandre.lureau@redhat.com wrote:
>> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>>
>> This is for conformance with the TCG "Platform Reset Attack Mitigation
>> Specification". Because clearing the CPU caches at boot doesn't impact
>> performance significantly, do it unconditionally, for simplicity's
>> sake.
>>
>> Flush the cache on all logical processors, thanks to
>> EFI_PEI_MP_SERVICES_PPI and CacheMaintenanceLib.
>>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Anthony Perard <anthony.perard@citrix.com>
>> Cc: Julien Grall <julien.grall@linaro.org>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> That patch works for me on Xen. I can still boot guests with the patch
> applied, with either 1 or 4 vcpus assigned to the guest:
>
> Tested-by: Anthony PERARD <anthony.perard@citrix.com>
Thanks a lot!
Laszlo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches
2018-10-02 12:17 [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches marcandre.lureau
2018-10-02 12:38 ` Laszlo Ersek
2018-10-02 13:27 ` Anthony PERARD
@ 2018-10-02 15:23 ` Laszlo Ersek
2018-10-05 16:49 ` Kinney, Michael D
3 siblings, 0 replies; 7+ messages in thread
From: Laszlo Ersek @ 2018-10-02 15:23 UTC (permalink / raw)
To: marcandre.lureau, edk2-devel
Cc: Jordan Justen, Ard Biesheuvel, Anthony Perard, Julien Grall,
Michael Kinney
On 10/02/18 14:17, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> This is for conformance with the TCG "Platform Reset Attack Mitigation
> Specification". Because clearing the CPU caches at boot doesn't impact
> performance significantly, do it unconditionally, for simplicity's
> sake.
>
> Flush the cache on all logical processors, thanks to
> EFI_PEI_MP_SERVICES_PPI and CacheMaintenanceLib.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Julien Grall <julien.grall@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Message-Id: <20181002120730.13013-1-marcandre.lureau@redhat.com>
I'm going to remove the Message-Id line on push. I don't know why it's
there, but either way, it's not correct. (The msgid of your posting is
<20181002121725.17178-1-marcandre.lureau@redhat.com>.)
With that:
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Also,
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
I'm ready to push this, but I'd still like to get an A-b from Mike (CC'd).
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches
2018-10-02 12:17 [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches marcandre.lureau
` (2 preceding siblings ...)
2018-10-02 15:23 ` Laszlo Ersek
@ 2018-10-05 16:49 ` Kinney, Michael D
2018-10-05 20:43 ` Laszlo Ersek
3 siblings, 1 reply; 7+ messages in thread
From: Kinney, Michael D @ 2018-10-05 16:49 UTC (permalink / raw)
To: marcandre.lureau@redhat.com, edk2-devel@lists.01.org,
Kinney, Michael D
Cc: Justen, Jordan L, Anthony Perard, Laszlo Ersek
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Mike
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-
> bounces@lists.01.org] On Behalf Of
> marcandre.lureau@redhat.com
> Sent: Tuesday, October 2, 2018 5:17 AM
> To: edk2-devel@lists.01.org
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>;
> Anthony Perard <anthony.perard@citrix.com>; Laszlo Ersek
> <lersek@redhat.com>
> Subject: [edk2] [PATCH v3 1/1] OvmfPkg/PlatformPei:
> clear CPU caches
>
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> This is for conformance with the TCG "Platform Reset
> Attack Mitigation
> Specification". Because clearing the CPU caches at boot
> doesn't impact
> performance significantly, do it unconditionally, for
> simplicity's
> sake.
>
> Flush the cache on all logical processors, thanks to
> EFI_PEI_MP_SERVICES_PPI and CacheMaintenanceLib.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Julien Grall <julien.grall@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Marc-André Lureau
> <marcandre.lureau@redhat.com>
> Message-Id: <20181002120730.13013-1-
> marcandre.lureau@redhat.com>
> ---
>
> v3:
> - update top comment with notes about TCG spec
> - sort headers inclusion
>
> OvmfPkg/PlatformPei/PlatformPei.inf | 2 +
> OvmfPkg/PlatformPei/Platform.h | 5 +
> OvmfPkg/PlatformPei/ClearCache.c | 117
> ++++++++++++++++++++
> OvmfPkg/PlatformPei/Platform.c | 1 +
> 4 files changed, 125 insertions(+)
>
> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf
> b/OvmfPkg/PlatformPei/PlatformPei.inf
> index 9c5ad9961c4a..5c8dd0fe6d72 100644
> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
> @@ -30,6 +30,7 @@
>
> [Sources]
> AmdSev.c
> + ClearCache.c
> Cmos.c
> Cmos.h
> FeatureControl.c
> @@ -54,6 +55,7 @@
>
> [LibraryClasses]
> BaseLib
> + CacheMaintenanceLib
> DebugLib
> HobLib
> IoLib
> diff --git a/OvmfPkg/PlatformPei/Platform.h
> b/OvmfPkg/PlatformPei/Platform.h
> index f942e61bb4f9..b12a5c1f5f78 100644
> --- a/OvmfPkg/PlatformPei/Platform.h
> +++ b/OvmfPkg/PlatformPei/Platform.h
> @@ -83,6 +83,11 @@ InstallFeatureControlCallback (
> VOID
> );
>
> +VOID
> +InstallClearCacheCallback (
> + VOID
> + );
> +
> EFI_STATUS
> InitializeXen (
> VOID
> diff --git a/OvmfPkg/PlatformPei/ClearCache.c
> b/OvmfPkg/PlatformPei/ClearCache.c
> new file mode 100644
> index 000000000000..7d15fd925c3c
> --- /dev/null
> +++ b/OvmfPkg/PlatformPei/ClearCache.c
> @@ -0,0 +1,117 @@
> +/**@file
> + Install a callback to clear cache on all processors.
> + This is for conformance with the TCG "Platform Reset
> Attack Mitigation
> + Specification". Because clearing the CPU caches at
> boot doesn't impact
> + performance significantly, do it unconditionally, for
> simplicity's
> + sake.
> +
> + Copyright (C) 2018, Red Hat, Inc.
> +
> + This program and the accompanying materials are
> licensed and made available
> + under the terms and conditions of the BSD License
> which accompanies this
> + distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON
> AN "AS IS" BASIS, WITHOUT
> + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +**/
> +
> +#include <Library/CacheMaintenanceLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/PeiServicesLib.h>
> +#include <Ppi/MpServices.h>
> +
> +#include "Platform.h"
> +
> +/**
> + Invalidate data & instruction caches.
> + All APs execute this function in parallel. The BSP
> executes the function
> + separately.
> +
> + @param[in,out] WorkSpace Pointer to the input/output
> argument workspace
> + shared by all processors.
> +**/
> +STATIC
> +VOID
> +EFIAPI
> +ClearCache (
> + IN OUT VOID *WorkSpace
> + )
> +{
> + WriteBackInvalidateDataCache ();
> + InvalidateInstructionCache ();
> +}
> +
> +/**
> + Notification function called when
> EFI_PEI_MP_SERVICES_PPI becomes available.
> +
> + @param[in] PeiServices Indirect reference to the
> PEI Services Table.
> + @param[in] NotifyDescriptor Address of the
> notification descriptor data
> + structure.
> + @param[in] Ppi Address of the PPI that
> was installed.
> +
> + @return Status of the notification. The status code
> returned from this
> + function is ignored.
> +**/
> +STATIC
> +EFI_STATUS
> +EFIAPI
> +ClearCacheOnMpServicesAvailable (
> + IN EFI_PEI_SERVICES **PeiServices,
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
> + IN VOID *Ppi
> + )
> +{
> + EFI_PEI_MP_SERVICES_PPI *MpServices;
> + EFI_STATUS Status;
> +
> + DEBUG ((DEBUG_INFO, "%a: %a\n", gEfiCallerBaseName,
> __FUNCTION__));
> +
> + //
> + // Clear cache on all the APs in parallel.
> + //
> + MpServices = Ppi;
> + Status = MpServices->StartupAllAPs (
> + (CONST EFI_PEI_SERVICES
> **)PeiServices,
> + MpServices,
> + ClearCache, //
> Procedure
> + FALSE, //
> SingleThread
> + 0, //
> TimeoutInMicroSeconds: inf.
> + NULL //
> ProcedureArgument
> + );
> + if (EFI_ERROR (Status) && Status != EFI_NOT_STARTED)
> {
> + DEBUG ((DEBUG_ERROR, "%a: StartupAllAps(): %r\n",
> __FUNCTION__, Status));
> + return Status;
> + }
> +
> + //
> + // Now clear cache on the BSP too.
> + //
> + ClearCache (NULL);
> + return EFI_SUCCESS;
> +}
> +
> +//
> +// Notification object for registering the callback,
> for when
> +// EFI_PEI_MP_SERVICES_PPI becomes available.
> +//
> +STATIC CONST EFI_PEI_NOTIFY_DESCRIPTOR
> mMpServicesNotify = {
> + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | // Flags
> + EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
> + &gEfiPeiMpServicesPpiGuid, // Guid
> + ClearCacheOnMpServicesAvailable // Notify
> +};
> +
> +VOID
> +InstallClearCacheCallback (
> + VOID
> + )
> +{
> + EFI_STATUS Status;
> +
> + Status = PeiServicesNotifyPpi (&mMpServicesNotify);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to set up MP
> Services callback: %r\n",
> + __FUNCTION__, Status));
> + }
> +}
> diff --git a/OvmfPkg/PlatformPei/Platform.c
> b/OvmfPkg/PlatformPei/Platform.c
> index 5a78668126b4..22139a64cbf4 100644
> --- a/OvmfPkg/PlatformPei/Platform.c
> +++ b/OvmfPkg/PlatformPei/Platform.c
> @@ -672,6 +672,7 @@ InitializePlatform (
> NoexecDxeInitialization ();
> }
>
> + InstallClearCacheCallback ();
> AmdSevInitialize ();
> MiscInitialization ();
> InstallFeatureControlCallback ();
> --
> 2.19.0.271.gfe8321ec05
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches
2018-10-05 16:49 ` Kinney, Michael D
@ 2018-10-05 20:43 ` Laszlo Ersek
0 siblings, 0 replies; 7+ messages in thread
From: Laszlo Ersek @ 2018-10-05 20:43 UTC (permalink / raw)
To: Kinney, Michael D, marcandre.lureau@redhat.com,
edk2-devel@lists.01.org
Cc: Justen, Jordan L, Anthony Perard
On 10/05/18 18:49, Kinney, Michael D wrote:
> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Great, thank you :)
Patch pushed as commit d20ae95a13e8.
Thanks!
Laszlo
>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-
>> bounces@lists.01.org] On Behalf Of
>> marcandre.lureau@redhat.com
>> Sent: Tuesday, October 2, 2018 5:17 AM
>> To: edk2-devel@lists.01.org
>> Cc: Justen, Jordan L <jordan.l.justen@intel.com>;
>> Anthony Perard <anthony.perard@citrix.com>; Laszlo Ersek
>> <lersek@redhat.com>
>> Subject: [edk2] [PATCH v3 1/1] OvmfPkg/PlatformPei:
>> clear CPU caches
>>
>> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>>
>> This is for conformance with the TCG "Platform Reset
>> Attack Mitigation
>> Specification". Because clearing the CPU caches at boot
>> doesn't impact
>> performance significantly, do it unconditionally, for
>> simplicity's
>> sake.
>>
>> Flush the cache on all logical processors, thanks to
>> EFI_PEI_MP_SERVICES_PPI and CacheMaintenanceLib.
>>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Anthony Perard <anthony.perard@citrix.com>
>> Cc: Julien Grall <julien.grall@linaro.org>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Marc-André Lureau
>> <marcandre.lureau@redhat.com>
>> Message-Id: <20181002120730.13013-1-
>> marcandre.lureau@redhat.com>
>> ---
>>
>> v3:
>> - update top comment with notes about TCG spec
>> - sort headers inclusion
>>
>> OvmfPkg/PlatformPei/PlatformPei.inf | 2 +
>> OvmfPkg/PlatformPei/Platform.h | 5 +
>> OvmfPkg/PlatformPei/ClearCache.c | 117
>> ++++++++++++++++++++
>> OvmfPkg/PlatformPei/Platform.c | 1 +
>> 4 files changed, 125 insertions(+)
>>
>> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf
>> b/OvmfPkg/PlatformPei/PlatformPei.inf
>> index 9c5ad9961c4a..5c8dd0fe6d72 100644
>> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
>> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
>> @@ -30,6 +30,7 @@
>>
>> [Sources]
>> AmdSev.c
>> + ClearCache.c
>> Cmos.c
>> Cmos.h
>> FeatureControl.c
>> @@ -54,6 +55,7 @@
>>
>> [LibraryClasses]
>> BaseLib
>> + CacheMaintenanceLib
>> DebugLib
>> HobLib
>> IoLib
>> diff --git a/OvmfPkg/PlatformPei/Platform.h
>> b/OvmfPkg/PlatformPei/Platform.h
>> index f942e61bb4f9..b12a5c1f5f78 100644
>> --- a/OvmfPkg/PlatformPei/Platform.h
>> +++ b/OvmfPkg/PlatformPei/Platform.h
>> @@ -83,6 +83,11 @@ InstallFeatureControlCallback (
>> VOID
>> );
>>
>> +VOID
>> +InstallClearCacheCallback (
>> + VOID
>> + );
>> +
>> EFI_STATUS
>> InitializeXen (
>> VOID
>> diff --git a/OvmfPkg/PlatformPei/ClearCache.c
>> b/OvmfPkg/PlatformPei/ClearCache.c
>> new file mode 100644
>> index 000000000000..7d15fd925c3c
>> --- /dev/null
>> +++ b/OvmfPkg/PlatformPei/ClearCache.c
>> @@ -0,0 +1,117 @@
>> +/**@file
>> + Install a callback to clear cache on all processors.
>> + This is for conformance with the TCG "Platform Reset
>> Attack Mitigation
>> + Specification". Because clearing the CPU caches at
>> boot doesn't impact
>> + performance significantly, do it unconditionally, for
>> simplicity's
>> + sake.
>> +
>> + Copyright (C) 2018, Red Hat, Inc.
>> +
>> + This program and the accompanying materials are
>> licensed and made available
>> + under the terms and conditions of the BSD License
>> which accompanies this
>> + distribution. The full text of the license may be
>> found at
>> + http://opensource.org/licenses/bsd-license.php
>> +
>> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON
>> AN "AS IS" BASIS, WITHOUT
>> + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
>> EXPRESS OR IMPLIED.
>> +**/
>> +
>> +#include <Library/CacheMaintenanceLib.h>
>> +#include <Library/DebugLib.h>
>> +#include <Library/PeiServicesLib.h>
>> +#include <Ppi/MpServices.h>
>> +
>> +#include "Platform.h"
>> +
>> +/**
>> + Invalidate data & instruction caches.
>> + All APs execute this function in parallel. The BSP
>> executes the function
>> + separately.
>> +
>> + @param[in,out] WorkSpace Pointer to the input/output
>> argument workspace
>> + shared by all processors.
>> +**/
>> +STATIC
>> +VOID
>> +EFIAPI
>> +ClearCache (
>> + IN OUT VOID *WorkSpace
>> + )
>> +{
>> + WriteBackInvalidateDataCache ();
>> + InvalidateInstructionCache ();
>> +}
>> +
>> +/**
>> + Notification function called when
>> EFI_PEI_MP_SERVICES_PPI becomes available.
>> +
>> + @param[in] PeiServices Indirect reference to the
>> PEI Services Table.
>> + @param[in] NotifyDescriptor Address of the
>> notification descriptor data
>> + structure.
>> + @param[in] Ppi Address of the PPI that
>> was installed.
>> +
>> + @return Status of the notification. The status code
>> returned from this
>> + function is ignored.
>> +**/
>> +STATIC
>> +EFI_STATUS
>> +EFIAPI
>> +ClearCacheOnMpServicesAvailable (
>> + IN EFI_PEI_SERVICES **PeiServices,
>> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
>> + IN VOID *Ppi
>> + )
>> +{
>> + EFI_PEI_MP_SERVICES_PPI *MpServices;
>> + EFI_STATUS Status;
>> +
>> + DEBUG ((DEBUG_INFO, "%a: %a\n", gEfiCallerBaseName,
>> __FUNCTION__));
>> +
>> + //
>> + // Clear cache on all the APs in parallel.
>> + //
>> + MpServices = Ppi;
>> + Status = MpServices->StartupAllAPs (
>> + (CONST EFI_PEI_SERVICES
>> **)PeiServices,
>> + MpServices,
>> + ClearCache, //
>> Procedure
>> + FALSE, //
>> SingleThread
>> + 0, //
>> TimeoutInMicroSeconds: inf.
>> + NULL //
>> ProcedureArgument
>> + );
>> + if (EFI_ERROR (Status) && Status != EFI_NOT_STARTED)
>> {
>> + DEBUG ((DEBUG_ERROR, "%a: StartupAllAps(): %r\n",
>> __FUNCTION__, Status));
>> + return Status;
>> + }
>> +
>> + //
>> + // Now clear cache on the BSP too.
>> + //
>> + ClearCache (NULL);
>> + return EFI_SUCCESS;
>> +}
>> +
>> +//
>> +// Notification object for registering the callback,
>> for when
>> +// EFI_PEI_MP_SERVICES_PPI becomes available.
>> +//
>> +STATIC CONST EFI_PEI_NOTIFY_DESCRIPTOR
>> mMpServicesNotify = {
>> + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | // Flags
>> + EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
>> + &gEfiPeiMpServicesPpiGuid, // Guid
>> + ClearCacheOnMpServicesAvailable // Notify
>> +};
>> +
>> +VOID
>> +InstallClearCacheCallback (
>> + VOID
>> + )
>> +{
>> + EFI_STATUS Status;
>> +
>> + Status = PeiServicesNotifyPpi (&mMpServicesNotify);
>> + if (EFI_ERROR (Status)) {
>> + DEBUG ((DEBUG_ERROR, "%a: failed to set up MP
>> Services callback: %r\n",
>> + __FUNCTION__, Status));
>> + }
>> +}
>> diff --git a/OvmfPkg/PlatformPei/Platform.c
>> b/OvmfPkg/PlatformPei/Platform.c
>> index 5a78668126b4..22139a64cbf4 100644
>> --- a/OvmfPkg/PlatformPei/Platform.c
>> +++ b/OvmfPkg/PlatformPei/Platform.c
>> @@ -672,6 +672,7 @@ InitializePlatform (
>> NoexecDxeInitialization ();
>> }
>>
>> + InstallClearCacheCallback ();
>> AmdSevInitialize ();
>> MiscInitialization ();
>> InstallFeatureControlCallback ();
>> --
>> 2.19.0.271.gfe8321ec05
>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
>> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-10-05 20:43 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-02 12:17 [PATCH v3 1/1] OvmfPkg/PlatformPei: clear CPU caches marcandre.lureau
2018-10-02 12:38 ` Laszlo Ersek
2018-10-02 13:27 ` Anthony PERARD
2018-10-02 15:03 ` Laszlo Ersek
2018-10-02 15:23 ` Laszlo Ersek
2018-10-05 16:49 ` Kinney, Michael D
2018-10-05 20:43 ` Laszlo Ersek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox