From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.68207.1679564761626736928 for ; Thu, 23 Mar 2023 02:46:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ventanamicro.com header.s=google header.b=XGvu3kLb; spf=pass (domain: ventanamicro.com, ip: 209.85.210.177, mailfrom: sunilvl@ventanamicro.com) Received: by mail-pf1-f177.google.com with SMTP id u38so7998822pfg.10 for ; Thu, 23 Mar 2023 02:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ventanamicro.com; s=google; t=1679564761; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=vk/bl7WPfE9GLQLquhAZMaOgltsvNw228CpZ+Ncme4Q=; b=XGvu3kLbpf1ztnclRlOIdDeA/p3k/BCzV0x+GEfSxoWA2e7X2QZfth64E0ZRh4Mqsi HwRPvMog35PdNZqPICOBv/cdPgSDYIxVPXF10xVxLkmCLjnMll5NnIl4GSYD82AlRB6i 4U8vRETULzQw5qYDb31paTRFagBiQ6sCbPIOD+m0VsQM2x4L0jiymhr+swxyX3HGA8U5 Sgf4z7J2XNT6fJ94/cNoB3+hfOj2OGtnFhxQpV5+NkXmIDFPFpEHranVazw2R5C4zOZL FQhHO5+jv28+i7QigfR9g3tUAdXDdaTIP8g9me/IHS/U/VLrALm2Yywx1uo9ae8/YOfG 2O4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679564761; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vk/bl7WPfE9GLQLquhAZMaOgltsvNw228CpZ+Ncme4Q=; b=YWQRbJb/CD00w7cQh8CM0y/i28vVl4AroeAUpGtC8EjiCQ3OXrAS8YAjD5F7Npox9Z dwKRacFah0E7TgYy5ouWW4DZmZgbuEWdwpR1EsnC6ggBdCohZpDEeY8gA0Pf8BanwOSt iUM/Bq9jEUNxgwbYVJ+m+O29cb4g2j/CNm0ky0tWnXQvOBVMLDZ/GRUL6zB37yTYH+kn pzEIbY7IcgAmY0sjWG84S6M2q4CzW/argkGuzYYTCZm2SId/gapAgdaq9VNGxuIgs9vb kmg9HZW7bhuAimrGByNwGroI5eR+i2xNdRhAxy1MzcgjP9MOj7MG1IEB29aL/xZvamzz V4Qg== X-Gm-Message-State: AO0yUKUfrNa/fIKSB+pOC5lFuUocIzG9zaGraCS8+NEJoukdqE2J6cZx +8RjJFFrTv7jGFVflP9GoiTSTFu+2G8wBjaNph0= X-Google-Smtp-Source: AK7set/G0jCzrVAcDVVi+VrykXvUEVyvNsRUyYtzeTLxciOp7EVAVW1fQbiGE3TxvbHgKG0FHDzpnw== X-Received: by 2002:aa7:97aa:0:b0:627:e1a5:27b4 with SMTP id d10-20020aa797aa000000b00627e1a527b4mr5426627pfq.33.1679564760842; Thu, 23 Mar 2023 02:46:00 -0700 (PDT) Return-Path: Received: from kerodi.Dlink ([49.206.12.197]) by smtp.gmail.com with ESMTPSA id k23-20020aa790d7000000b0059442ec49a2sm11844110pfk.146.2023.03.23.02.45.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Mar 2023 02:46:00 -0700 (PDT) From: "Sunil V L" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Andrei Warkentin Subject: [PATCH 1/1] OvmfPkg/RiscVVirt: Support multiple reserved memory ranges Date: Thu, 23 Mar 2023 15:15:56 +0530 Message-Id: <20230323094556.2580417-1-sunilvl@ventanamicro.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit M-mode firmware ranges should not be used by EDK2/OS. Currently, we search for mmode_resv0 node in FDT and mark it as the reserved memory in EFI memory map. However, if there are multiple M-mode firmware ranges, then this will miss those extra ranges allowing the OS to access the memory and hit a fault. This issue is exposed since recent opensbi started creating two ranges for text and data. Fix this by searching for all reserved memory nodes and marking them as reserved in the EFI memory map. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Andrei Warkentin Signed-off-by: Sunil V L --- OvmfPkg/RiscVVirt/Sec/Memory.c | 208 +++++++++++++++++++++------------ 1 file changed, 136 insertions(+), 72 deletions(-) diff --git a/OvmfPkg/RiscVVirt/Sec/Memory.c b/OvmfPkg/RiscVVirt/Sec/Memory.c index 70935b07b56b..aeae361ebe90 100644 --- a/OvmfPkg/RiscVVirt/Sec/Memory.c +++ b/OvmfPkg/RiscVVirt/Sec/Memory.c @@ -38,31 +38,6 @@ BuildMemoryTypeInformationHob ( VOID ); -/** - Build reserved memory range resource HOB. - - @param MemoryBase Reserved memory range base address. - @param MemorySize Reserved memory range size. - -**/ -STATIC -VOID -AddReservedMemoryBaseSizeHob ( - EFI_PHYSICAL_ADDRESS MemoryBase, - UINT64 MemorySize - ) -{ - BuildResourceDescriptorHob ( - EFI_RESOURCE_MEMORY_RESERVED, - EFI_RESOURCE_ATTRIBUTE_PRESENT | - EFI_RESOURCE_ATTRIBUTE_INITIALIZED | - EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | - EFI_RESOURCE_ATTRIBUTE_TESTED, - MemoryBase, - MemorySize - ); -} - /** Create memory range resource HOB using the memory base address and size. @@ -133,38 +108,143 @@ STATIC VOID InitializeRamRegions ( EFI_PHYSICAL_ADDRESS SystemMemoryBase, - UINT64 SystemMemorySize, - EFI_PHYSICAL_ADDRESS MmodeResvBase, - UINT64 MmodeResvSize + UINT64 SystemMemorySize ) { - /* - * M-mode FW can be loaded anywhere in memory but should not overlap - * with the EDK2. This can happen if some other boot code loads the - * M-mode firmware. - * - * The M-mode firmware memory should be marked as reserved memory - * so that OS doesn't use it. - */ - DEBUG (( - DEBUG_INFO, - "%a: M-mode FW Memory Start:0x%lx End:0x%lx\n", - __FUNCTION__, - MmodeResvBase, - MmodeResvBase + MmodeResvSize - )); - AddReservedMemoryBaseSizeHob (MmodeResvBase, MmodeResvSize); - - if (MmodeResvBase > SystemMemoryBase) { - AddMemoryRangeHob (SystemMemoryBase, MmodeResvBase); - } - AddMemoryRangeHob ( - MmodeResvBase + MmodeResvSize, + SystemMemoryBase, SystemMemoryBase + SystemMemorySize ); } +STATIC +INT32 +GetNumCells ( + VOID *Fdt, + INT32 Node, + CONST CHAR8 *Name + ) +{ + CONST INT32 *Prop; + INT32 Len; + UINT32 Val; + + Prop = fdt_getprop (Fdt, Node, Name, &Len); + if (Prop == NULL) { + return Len; + } + + if (Len != sizeof (*Prop)) { + return -FDT_ERR_BADNCELLS; + } + + Val = fdt32_to_cpu (*Prop); + if (Val > FDT_MAX_NCELLS) { + return -FDT_ERR_BADNCELLS; + } + + return (INT32)Val; +} + +/** Mark reserved memory ranges in the EFI memory map + * + * The M-mode firmware ranges should not be used by the + * EDK2/OS. These ranges are passed via device tree using reserved + * memory nodes. Parse the DT and mark those ranges as of + * type EfiReservedMemoryType. + * + * NOTE: Device Tree spec section 3.5.4 says reserved memory regions + * without no-map property should be installed as EfiBootServicesData. + * As per UEFI spec, memory of type EfiBootServicesData can be used + * by the OS after ExitBootServices(). + * This is not an issue for DT since OS can parse the DT also along + * with EFI memory map and avoid using these ranges. But with ACPI, + * there is no such mechanisms possible. + * Since EDK2 needs to support both DT and ACPI, we are deviating + * from the DT spec and marking all reserved memory ranges as + * EfiReservedMemoryType itself irrespective of no-map. + * + * @param FdtPointer Pointer to FDT + * +**/ +STATIC +VOID +AddReservedMemoryMap ( + VOID *FdtPointer + ) +{ + CONST INT32 *RegProp; + INT32 Node; + INT32 SubNode; + INT32 Len; + EFI_PHYSICAL_ADDRESS Addr; + UINT64 Size; + INTN NumRsv, i; + INT32 NumAddrCells, NumSizeCells; + + NumRsv = fdt_num_mem_rsv (FdtPointer); + + /* Look for an existing entry and add it to the efi mem map. */ + for (i = 0; i < NumRsv; i++) { + if (fdt_get_mem_rsv (FdtPointer, i, &Addr, &Size) != 0) { + continue; + } + + BuildMemoryAllocationHob ( + Addr, + Size, + EfiReservedMemoryType + ); + } + + /* process reserved-memory */ + Node = fdt_subnode_offset (FdtPointer, 0, "reserved-memory"); + if (Node >= 0) { + NumAddrCells = GetNumCells (FdtPointer, Node, "#address-cells"); + if (NumAddrCells <= 0) { + return; + } + + NumSizeCells = GetNumCells (FdtPointer, Node, "#size-cells"); + if (NumSizeCells <= 0) { + return; + } + + fdt_for_each_subnode (SubNode, FdtPointer, Node) { + RegProp = fdt_getprop (FdtPointer, SubNode, "reg", &Len); + + if ((RegProp != 0) && (Len == ((NumAddrCells + NumSizeCells) * sizeof (INT32)))) { + Addr = fdt32_to_cpu (RegProp[0]); + + if (NumAddrCells > 1) { + Addr = (Addr << 32) | fdt32_to_cpu (RegProp[1]); + } + + RegProp += NumAddrCells; + Size = fdt32_to_cpu (RegProp[0]); + + if (NumSizeCells > 1) { + Size = (Size << 32) | fdt32_to_cpu (RegProp[1]); + } + + DEBUG (( + DEBUG_INFO, + "%a: Adding Reserved Memory Addr = 0x%llx, Size = 0x%llx\n", + __func__, + Addr, + Size + )); + + BuildMemoryAllocationHob ( + Addr, + Size, + EfiReservedMemoryType + ); + } + } + } +} + /** Initialize memory hob based on the DTB information. @@ -183,8 +263,6 @@ MemoryPeimInitialization ( INT32 Node, Prev; INT32 Len; VOID *FdtPointer; - EFI_PHYSICAL_ADDRESS MmodeResvBase; - UINT64 MmodeResvSize; FirmwareContext = NULL; GetFirmwareContextPointer (&FirmwareContext); @@ -200,16 +278,6 @@ MemoryPeimInitialization ( return EFI_UNSUPPORTED; } - /* try to locate the reserved memory opensbi node */ - Node = fdt_path_offset (FdtPointer, "/reserved-memory/mmode_resv0"); - if (Node >= 0) { - RegProp = fdt_getprop (FdtPointer, Node, "reg", &Len); - if ((RegProp != 0) && (Len == (2 * sizeof (UINT64)))) { - MmodeResvBase = fdt64_to_cpu (ReadUnaligned64 (RegProp)); - MmodeResvSize = fdt64_to_cpu (ReadUnaligned64 (RegProp + 1)); - } - } - // Look for the lowest memory node for (Prev = 0; ; Prev = Node) { Node = fdt_next_node (FdtPointer, Prev, NULL); @@ -235,16 +303,10 @@ MemoryPeimInitialization ( CurBase + CurSize - 1 )); - if ((MmodeResvBase >= CurBase) && ((MmodeResvBase + MmodeResvSize) <= (CurBase + CurSize))) { - InitializeRamRegions ( - CurBase, - CurSize, - MmodeResvBase, - MmodeResvSize - ); - } else { - AddMemoryBaseSizeHob (CurBase, CurSize); - } + InitializeRamRegions ( + CurBase, + CurSize + ); } else { DEBUG (( DEBUG_ERROR, @@ -255,6 +317,8 @@ MemoryPeimInitialization ( } } + AddReservedMemoryMap (FdtPointer); + InitMmu (); BuildMemoryTypeInformationHob (); -- 2.34.1