From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by mx.groups.io with SMTP id smtpd.web12.4459.1664231937506526184 for ; Mon, 26 Sep 2022 15:38:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=jAoWKvrH; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: quicinc.com, ip: 205.220.168.131, mailfrom: quic_llindhol@quicinc.com) Received: from pps.filterd (m0279862.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28QMRShA014866; Mon, 26 Sep 2022 22:38:51 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=qcppdkim1; bh=PoANRdt0a3wcw9WCy91Z8vc1sVq2oqleXZaBUEVL0xo=; b=jAoWKvrHwW9IXHAUqzlbOvEYbIhi8fx2K9aR4EoWq3m38C2F2ZOSTeVN7r/4IkLHCoZL wXUKWBJ55mwD8WmavkkImqT9usIlW2Nfo7hvYHW+bcgS4AKjVMbZnnwZYMnbxZKgGL5i YICXXxJdYp5f0adpJC1U84Wb7ZNA5jirMMOZQJlwgKgY3bzo9ggNMBTL+ul3TFNJmvHH ICFCdpbLi+yFWsLwwZ+02w6c8WKqbOSRUScsCNm1ucfwmxOawjypOEDx/tDW7N+17clV OQniok9dZcShdLUDaEF2ilmOVI5Dl19NStRI5kbtdQSdEqRGQiDiZJfqGwqtUgkhQCpi dQ== Received: from nasanppmta05.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3ju8e1a5tc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 26 Sep 2022 22:38:50 +0000 Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.45.79.139]) by NASANPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 28QMcn1X009212 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 26 Sep 2022 22:38:49 GMT Received: from [10.110.26.2] (10.80.80.8) by nasanex01c.na.qualcomm.com (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Mon, 26 Sep 2022 15:38:48 -0700 Message-ID: <70e64b91-eede-14eb-723a-bd6a352feb74@quicinc.com> Date: Mon, 26 Sep 2022 15:38:47 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0 Subject: Re: [PATCH v3 08/16] ArmPkg/ArmMmuLib: Reuse XIP MMU routines when splitting entries To: Ard Biesheuvel , CC: Alexander Graf References: <20220926082511.2110797-1-ardb@kernel.org> <20220926082511.2110797-9-ardb@kernel.org> From: "Leif Lindholm" In-Reply-To: <20220926082511.2110797-9-ardb@kernel.org> X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nasanex01c.na.qualcomm.com (10.45.79.139) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: HnnnG0R8Mu7n0Q90XzdMJdIi4eTGDweL X-Proofpoint-ORIG-GUID: HnnnG0R8Mu7n0Q90XzdMJdIi4eTGDweL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-26_11,2022-09-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 suspectscore=0 mlxlogscore=790 lowpriorityscore=0 spamscore=0 adultscore=0 priorityscore=1501 bulkscore=0 impostorscore=0 phishscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2209260140 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit On 2022-09-26 01:25, Ard Biesheuvel wrote: > In order to reduce the likelihood that we will need to rely on the logic > that disables and re-enables the MMU for updating a page table entry > safely, expose the XIP version of the helper routine via a HOB and use > it instead of the one that is copied into DRAM. Since the XIP copy is > already clean to the PoC, and will never end up getting unmapped during > a block entry split, we can use it safely without any cache maintenance, > and without running the risk of pulling the rug from under our feet when > updating an entry by going through an invalid mapping. > > Signed-off-by: Ard Biesheuvel Acked-by: Leif Lindholm / Leif > --- > ArmPkg/ArmPkg.dec | 2 ++ > ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 27 ++++++++++++-------- > ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c | 17 ++++++++++++ > ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf | 4 +++ > ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf | 4 +++ > 5 files changed, 44 insertions(+), 10 deletions(-) > > diff --git a/ArmPkg/ArmPkg.dec b/ArmPkg/ArmPkg.dec > index 9da1bbc9f216..cfb6fe602485 100644 > --- a/ArmPkg/ArmPkg.dec > +++ b/ArmPkg/ArmPkg.dec > @@ -99,6 +99,8 @@ [Guids.common] > # Include/Guid/ArmMpCoreInfo.h > > gArmMpCoreInfoGuid = { 0xa4ee0728, 0xe5d7, 0x4ac5, {0xb2, 0x1e, 0x65, 0x8e, 0xd8, 0x57, 0xe8, 0x34} } > > > > + gArmMmuReplaceLiveTranslationEntryFuncGuid = { 0xa8b50ff3, 0x08ec, 0x4dd3, {0xbf, 0x04, 0x28, 0xbf, 0x71, 0x75, 0xc7, 0x4a} } > > + > > [Protocols.common] > > ## Arm System Control and Management Interface(SCMI) Base protocol > > ## ArmPkg/Include/Protocol/ArmScmiBaseProtocol.h > > diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > index ae59e9a7d04e..764c7d362e2e 100644 > --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c > @@ -10,6 +10,7 @@ > **/ > > > > #include > > +#include > > #include > > #include > > #include > > @@ -120,14 +121,14 @@ ReplaceTableEntry ( > // use an ordinary break before make. Otherwise, we will need to > > // temporarily disable the MMU. > > DisableMmu = FALSE; > > - if ((((RegionStart ^ (UINTN)ArmReplaceLiveTranslationEntry) & ~BlockMask) == 0) || > > + if ((((RegionStart ^ (UINTN)mReplaceLiveEntryFunc) & ~BlockMask) == 0) || > > (((RegionStart ^ (UINTN)Entry) & ~BlockMask) == 0)) > > { > > DisableMmu = TRUE; > > DEBUG ((DEBUG_WARN, "%a: splitting block entry with MMU disabled\n", __FUNCTION__)); > > } > > > > - ArmReplaceLiveTranslationEntry (Entry, Value, RegionStart, DisableMmu); > > + mReplaceLiveEntryFunc (Entry, Value, RegionStart, DisableMmu); > > } > > } > > > > @@ -747,15 +748,21 @@ ArmMmuBaseLibConstructor ( > ) > > { > > extern UINT32 ArmReplaceLiveTranslationEntrySize; > > + VOID *Hob; > > > > - // > > - // The ArmReplaceLiveTranslationEntry () helper function may be invoked > > - // with the MMU off so we have to ensure that it gets cleaned to the PoC > > - // > > - WriteBackDataCacheRange ( > > - (VOID *)(UINTN)ArmReplaceLiveTranslationEntry, > > - ArmReplaceLiveTranslationEntrySize > > - ); > > + Hob = GetFirstGuidHob (&gArmMmuReplaceLiveTranslationEntryFuncGuid); > > + if (Hob != NULL) { > > + mReplaceLiveEntryFunc = *(VOID **)GET_GUID_HOB_DATA (Hob); > > + } else { > > + // > > + // The ArmReplaceLiveTranslationEntry () helper function may be invoked > > + // with the MMU off so we have to ensure that it gets cleaned to the PoC > > + // > > + WriteBackDataCacheRange ( > > + (VOID *)(UINTN)ArmReplaceLiveTranslationEntry, > > + ArmReplaceLiveTranslationEntrySize > > + ); > > + } > > > > return RETURN_SUCCESS; > > } > > diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c > index caace2c17cdc..5f50a605a338 100644 > --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c > +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuPeiLibConstructor.c > @@ -12,6 +12,7 @@ > #include > > #include > > #include > > +#include > > > > EFI_STATUS > > EFIAPI > > @@ -21,6 +22,8 @@ ArmMmuPeiLibConstructor ( > ) > > { > > extern UINT32 ArmReplaceLiveTranslationEntrySize; > > + VOID *ArmReplaceLiveTranslationEntryFunc; > > + VOID *Hob; > > > > EFI_FV_FILE_INFO FileInfo; > > EFI_STATUS Status; > > @@ -42,6 +45,20 @@ ArmMmuPeiLibConstructor ( > (UINTN)ArmReplaceLiveTranslationEntry + ArmReplaceLiveTranslationEntrySize)) > > { > > DEBUG ((DEBUG_INFO, "ArmMmuLib: skipping cache maintenance on XIP PEIM\n")); > > + > > + // > > + // Expose the XIP version of the ArmReplaceLiveTranslationEntry() routine > > + // via a HOB so we can fall back to it later when we need to split block > > + // mappings in a way that adheres to break-before-make requirements. > > + // > > + ArmReplaceLiveTranslationEntryFunc = ArmReplaceLiveTranslationEntry; > > + > > + Hob = BuildGuidDataHob ( > > + &gArmMmuReplaceLiveTranslationEntryFuncGuid, > > + &ArmReplaceLiveTranslationEntryFunc, > > + sizeof ArmReplaceLiveTranslationEntryFunc > > + ); > > + ASSERT (Hob != NULL); > > } else { > > DEBUG ((DEBUG_INFO, "ArmMmuLib: performing cache maintenance on shadowed PEIM\n")); > > // > > diff --git a/ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf b/ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf > index 3d78e7dabf47..57cb71f90ee3 100644 > --- a/ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf > +++ b/ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf > @@ -36,7 +36,11 @@ [Packages] > [LibraryClasses] > > ArmLib > > CacheMaintenanceLib > > + HobLib > > MemoryAllocationLib > > > > +[Guids] > > + gArmMmuReplaceLiveTranslationEntryFuncGuid > > + > > [Pcd.ARM] > > gArmTokenSpaceGuid.PcdNormalMemoryNonshareableOverride > > diff --git a/ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf b/ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf > index ce9674ea99ef..02f874a1a994 100644 > --- a/ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf > +++ b/ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf > @@ -29,4 +29,8 @@ [Packages] > [LibraryClasses] > > ArmLib > > CacheMaintenanceLib > > + HobLib > > MemoryAllocationLib > > + > > +[Guids] > > + gArmMmuReplaceLiveTranslationEntryFuncGuid >