From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from zulu616.server4you.de (zulu616.server4you.de [85.25.223.15]) by mx.groups.io with SMTP id smtpd.web11.183.1632335243812392583 for ; Wed, 22 Sep 2021 11:27:24 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: csgraf.de, ip: 85.25.223.15, mailfrom: agraf@csgraf.de) Received: from MacBook-Air.alex.local (dynamic-077-009-082-118.77.9.pool.telefonica.de [77.9.82.118]) by csgraf.de (Postfix) with ESMTPSA id 1E792608021A; Wed, 22 Sep 2021 20:27:22 +0200 (CEST) From: "Alexander Graf" Subject: Re: [PATCH] ArmPkg/ArmMmuLib AARCH64: avoid EL0 accessible mappings To: Ard Biesheuvel , devel@edk2.groups.io Cc: leif@nuviainc.com, peter.maydell@linaro.org References: <20210922161954.627616-1-ardb@kernel.org> Message-ID: <56616761-e314-af79-caba-d76a77b8bfe4@csgraf.de> Date: Wed, 22 Sep 2021 20:27:21 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: <20210922161954.627616-1-ardb@kernel.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 22.09.21 18:19, Ard Biesheuvel wrote: > We never run any code at EL0, and so it would seem that any access > permissions set for EL0 (via the AP[1] attribute in the page tables) are > irrelevant. We currently set EL0 and EL1 permissions to the same value > arbitrarily. > > However, this causes problems on hardware like the Apple M1 running the > hypervisor framework, which enters EL1 with SCTLR_EL1.SPAN enabled, > which causes the Privileged Access Never (PAN) feature to be enabled on > any exception taken to EL1, including the IRQ exceptions that handle our > timer interrupt. When PAN is enabled, EL1 has no access to any mappings > that are also accessible to EL0, causing the firmware to crash if it > attempts to access such a mapping. > > Even though it is debatable whether or not SCTLR_EL1.SPAN should be > disabled at entry or whether the firmware should put all UNKNOWN bits in > all system registers in a consistent state (which it should), using EL0 > permissions serves no purpose whatsoever so let's fix that regardless. > > Signed-off-by: Ard Biesheuvel I can confirm that this unbreaks HVF guests running on M1 with SCTLR_EL1.SPAN=0 as reset state. Tested-by: Alexander Graf Alex