From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26076.1664180730285594418 for ; Mon, 26 Sep 2022 01:25:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tQ2XZvUU; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9ED756190C; Mon, 26 Sep 2022 08:25:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 736F8C433D7; Mon, 26 Sep 2022 08:25:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1664180729; bh=GV+DBOntTNfiMiMWFM2pn2n9BdwcmOk4EKuUUYfWENI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tQ2XZvUUlQrgBQpcjnoIfbZUlH1NcYkl+LiCpX8egg65vRiTxpRAKZZ50DKpoY+GP OKSFFMcoSoWa8V85sx+LKxZuiR1+6ArNkQaerZ5tPV4GkG1CtHh8Bpvi9W+R6W8qOf wXUQ2IMCHwQdDJ+TDod4v/4gN+ocAURcYWCKvNfpL53XUHXelkqcn08oALVs95GQC8 30ttnh4aa/j1GdLyylTDkvgEJAyM6GflJLwmjhXPQCvFZk0hokAWREhysSO07TmM3u LA1SAMPWF2JgEr36ByXx6FJsjqvegu9WcbA0JQbSBxqoA0vBf4mglHn5AnNR7HAfgu oxjJNyn985sIw== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Leif Lindholm , Alexander Graf Subject: [PATCH v3 08/16] ArmPkg/ArmMmuLib: Reuse XIP MMU routines when splitting entries Date: Mon, 26 Sep 2022 10:25:03 +0200 Message-Id: <20220926082511.2110797-9-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220926082511.2110797-1-ardb@kernel.org> References: <20220926082511.2110797-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable In order to reduce the likelihood that we will need to rely on the logic that disables and re-enables the MMU for updating a page table entry safely, expose the XIP version of the helper routine via a HOB and use it instead of the one that is copied into DRAM. Since the XIP copy is already clean to the PoC, and will never end up getting unmapped during a block entry split, we can use it safely without any cache maintenance, and without running the risk of pulling the rug from under our feet when updating an entry by going through an invalid mapping. Signed-off-by: Ard Biesheuvel --- ArmPkg/ArmPkg.dec | 2 ++ ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 27 ++++++++++= ++-------- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c | 17 ++++++++++= ++ ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf | 4 +++ ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf | 4 +++ 5 files changed, 44 insertions(+), 10 deletions(-) diff --git a/ArmPkg/ArmPkg.dec b/ArmPkg/ArmPkg.dec index 9da1bbc9f216..cfb6fe602485 100644 --- a/ArmPkg/ArmPkg.dec +++ b/ArmPkg/ArmPkg.dec @@ -99,6 +99,8 @@ [Guids.common] # Include/Guid/ArmMpCoreInfo.h=0D gArmMpCoreInfoGuid =3D { 0xa4ee0728, 0xe5d7, 0x4ac5, {0xb2, 0x1e, 0x65,= 0x8e, 0xd8, 0x57, 0xe8, 0x34} }=0D =0D + gArmMmuReplaceLiveTranslationEntryFuncGuid =3D { 0xa8b50ff3, 0x08ec, 0x4= dd3, {0xbf, 0x04, 0x28, 0xbf, 0x71, 0x75, 0xc7, 0x4a} }=0D +=0D [Protocols.common]=0D ## Arm System Control and Management Interface(SCMI) Base protocol=0D ## ArmPkg/Include/Protocol/ArmScmiBaseProtocol.h=0D diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index ae59e9a7d04e..764c7d362e2e 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -10,6 +10,7 @@ **/=0D =0D #include =0D +#include =0D #include =0D #include =0D #include =0D @@ -120,14 +121,14 @@ ReplaceTableEntry ( // use an ordinary break before make. Otherwise, we will need to=0D // temporarily disable the MMU.=0D DisableMmu =3D FALSE;=0D - if ((((RegionStart ^ (UINTN)ArmReplaceLiveTranslationEntry) & ~BlockMa= sk) =3D=3D 0) ||=0D + if ((((RegionStart ^ (UINTN)mReplaceLiveEntryFunc) & ~BlockMask) =3D= =3D 0) ||=0D (((RegionStart ^ (UINTN)Entry) & ~BlockMask) =3D=3D 0))=0D {=0D DisableMmu =3D TRUE;=0D DEBUG ((DEBUG_WARN, "%a: splitting block entry with MMU disabled\n",= __FUNCTION__));=0D }=0D =0D - ArmReplaceLiveTranslationEntry (Entry, Value, RegionStart, DisableMmu)= ;=0D + mReplaceLiveEntryFunc (Entry, Value, RegionStart, DisableMmu);=0D }=0D }=0D =0D @@ -747,15 +748,21 @@ ArmMmuBaseLibConstructor ( )=0D {=0D extern UINT32 ArmReplaceLiveTranslationEntrySize;=0D + VOID *Hob;=0D =0D - //=0D - // The ArmReplaceLiveTranslationEntry () helper function may be invoked= =0D - // with the MMU off so we have to ensure that it gets cleaned to the PoC= =0D - //=0D - WriteBackDataCacheRange (=0D - (VOID *)(UINTN)ArmReplaceLiveTranslationEntry,=0D - ArmReplaceLiveTranslationEntrySize=0D - );=0D + Hob =3D GetFirstGuidHob (&gArmMmuReplaceLiveTranslationEntryFuncGuid);=0D + if (Hob !=3D NULL) {=0D + mReplaceLiveEntryFunc =3D *(VOID **)GET_GUID_HOB_DATA (Hob);=0D + } else {=0D + //=0D + // The ArmReplaceLiveTranslationEntry () helper function may be invoke= d=0D + // with the MMU off so we have to ensure that it gets cleaned to the P= oC=0D + //=0D + WriteBackDataCacheRange (=0D + (VOID *)(UINTN)ArmReplaceLiveTranslationEntry,=0D + ArmReplaceLiveTranslationEntrySize=0D + );=0D + }=0D =0D return RETURN_SUCCESS;=0D }=0D diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c b/A= rmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c index caace2c17cdc..5f50a605a338 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c @@ -12,6 +12,7 @@ #include =0D #include =0D #include =0D +#include =0D =0D EFI_STATUS=0D EFIAPI=0D @@ -21,6 +22,8 @@ ArmMmuPeiLibConstructor ( )=0D {=0D extern UINT32 ArmReplaceLiveTranslationEntrySize;=0D + VOID *ArmReplaceLiveTranslationEntryFunc;=0D + VOID *Hob;=0D =0D EFI_FV_FILE_INFO FileInfo;=0D EFI_STATUS Status;=0D @@ -42,6 +45,20 @@ ArmMmuPeiLibConstructor ( (UINTN)ArmReplaceLiveTranslationEntry + ArmReplaceLiveTranslationEn= trySize))=0D {=0D DEBUG ((DEBUG_INFO, "ArmMmuLib: skipping cache maintenance on XIP PEIM= \n"));=0D +=0D + //=0D + // Expose the XIP version of the ArmReplaceLiveTranslationEntry() rout= ine=0D + // via a HOB so we can fall back to it later when we need to split blo= ck=0D + // mappings in a way that adheres to break-before-make requirements.=0D + //=0D + ArmReplaceLiveTranslationEntryFunc =3D ArmReplaceLiveTranslationEntry;= =0D +=0D + Hob =3D BuildGuidDataHob (=0D + &gArmMmuReplaceLiveTranslationEntryFuncGuid,=0D + &ArmReplaceLiveTranslationEntryFunc,=0D + sizeof ArmReplaceLiveTranslationEntryFunc=0D + );=0D + ASSERT (Hob !=3D NULL);=0D } else {=0D DEBUG ((DEBUG_INFO, "ArmMmuLib: performing cache maintenance on shadow= ed PEIM\n"));=0D //=0D diff --git a/ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf b/ArmPkg/Library/Ar= mMmuLib/ArmMmuBaseLib.inf index 3d78e7dabf47..57cb71f90ee3 100644 --- a/ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf +++ b/ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf @@ -36,7 +36,11 @@ [Packages] [LibraryClasses]=0D ArmLib=0D CacheMaintenanceLib=0D + HobLib=0D MemoryAllocationLib=0D =0D +[Guids]=0D + gArmMmuReplaceLiveTranslationEntryFuncGuid=0D +=0D [Pcd.ARM]=0D gArmTokenSpaceGuid.PcdNormalMemoryNonshareableOverride=0D diff --git a/ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf b/ArmPkg/Library/Arm= MmuLib/ArmMmuPeiLib.inf index ce9674ea99ef..02f874a1a994 100644 --- a/ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf +++ b/ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf @@ -29,4 +29,8 @@ [Packages] [LibraryClasses]=0D ArmLib=0D CacheMaintenanceLib=0D + HobLib=0D MemoryAllocationLib=0D +=0D +[Guids]=0D + gArmMmuReplaceLiveTranslationEntryFuncGuid=0D --=20 2.35.1