From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from zulu616.server4you.de (zulu616.server4you.de [85.25.223.15])
 by mx.groups.io with SMTP id smtpd.web11.183.1632335243812392583
 for <devel@edk2.groups.io>;
 Wed, 22 Sep 2021 11:27:24 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: csgraf.de, ip: 85.25.223.15, mailfrom: agraf@csgraf.de)
Received: from MacBook-Air.alex.local (dynamic-077-009-082-118.77.9.pool.telefonica.de [77.9.82.118])
	by csgraf.de (Postfix) with ESMTPSA id 1E792608021A;
	Wed, 22 Sep 2021 20:27:22 +0200 (CEST)
From: "Alexander Graf" <agraf@csgraf.de>
Subject: Re: [PATCH] ArmPkg/ArmMmuLib AARCH64: avoid EL0 accessible mappings
To: Ard Biesheuvel <ardb@kernel.org>, devel@edk2.groups.io
Cc: leif@nuviainc.com, peter.maydell@linaro.org
References: <20210922161954.627616-1-ardb@kernel.org>
Message-ID: <56616761-e314-af79-caba-d76a77b8bfe4@csgraf.de>
Date: Wed, 22 Sep 2021 20:27:21 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
 Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <20210922161954.627616-1-ardb@kernel.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US


On 22.09.21 18:19, Ard Biesheuvel wrote:
> We never run any code at EL0, and so it would seem that any access
> permissions set for EL0 (via the AP[1] attribute in the page tables) are
> irrelevant. We currently set EL0 and EL1 permissions to the same value
> arbitrarily.
>
> However, this causes problems on hardware like the Apple M1 running the
> hypervisor framework, which enters EL1 with SCTLR_EL1.SPAN enabled,
> which causes the Privileged Access Never (PAN) feature to be enabled on
> any exception taken to EL1, including the IRQ exceptions that handle our
> timer interrupt. When PAN is enabled, EL1 has no access to any mappings
> that are also accessible to EL0, causing the firmware to crash if it
> attempts to access such a mapping.
>
> Even though it is debatable whether or not SCTLR_EL1.SPAN should be
> disabled at entry or whether the firmware should put all UNKNOWN bits in
> all system registers in a consistent state (which it should), using EL0
> permissions serves no purpose whatsoever so let's fix that regardless.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>


I can confirm that this unbreaks HVF guests running on M1 with
SCTLR_EL1.SPAN=0 as reset state.


Tested-by: Alexander Graf <agraf@csgraf.de>

Alex