From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web08.3200.1645910322150963277 for ; Sat, 26 Feb 2022 13:18:42 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ALKiJRwJ; spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: maz@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EC31FB80B23; Sat, 26 Feb 2022 21:18:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 98317C340E8; Sat, 26 Feb 2022 21:18:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1645910318; bh=LRHveGBMWgDmTvKy+OQbK7mdtCMNTqogkbfWtzTmENo=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=ALKiJRwJapxxb7TIYf9rBsbRn2AMjsfjqDNF+B+M4CDndMRz2q6jN2BK0K2BbEYIh DKUoM0FIh2jQXgXPm4NN77aqnXyUPV7e9os2RrPDYgGsjAZUVWRh1P/xZF9puHcJy3 dYnIBnnsm3VeDgCj8qZFrydW5vFnoKWYvWQgsXuR9KSA7QOqwqipSFM+d1hHLCxRBH aIiDlgW8p1Qwr1jvlkNzj4jT2DGGDIwadHgeVfqbGgtpIHNUh+x/1OV1aGES8oVhye 1yHQOFAcwIXkCYyBXsqdwJU3jlVfQgfx+9d2RAJyLzue2L2hVaF4m86V/YO5i9RntM c3wPYm4iXmDyw== Received: from ip-185-104-136-29.ptr.icomera.net ([185.104.136.29] helo=billy-the-mountain.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nO4Sa-00AmjG-6Y; Sat, 26 Feb 2022 21:18:36 +0000 Date: Sat, 26 Feb 2022 21:18:34 +0000 Message-ID: <87zgmd5nth.wl-maz@kernel.org> From: Marc Zyngier To: Ashish Singhal Cc: , , , Subject: Re: [PATCH v2] ArmPkg: Invalidate Instruction Cache On MMU Enable In-Reply-To: <9f95ba0bb19fd034af27f4f564e5eeff0ec19fff.1645850486.git.ashishsingha@nvidia.com> References: <9f95ba0bb19fd034af27f4f564e5eeff0ec19fff.1645850486.git.ashishsingha@nvidia.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 185.104.136.29 X-SA-Exim-Rcpt-To: ashishsingha@nvidia.com, devel@edk2.groups.io, quic_llindhol@quicinc.com, ardb+tianocore@kernel.org, sami.mujawar@arm.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sat, 26 Feb 2022 04:43:37 +0000, Ashish Singhal wrote: >=20 > Even with MMU turned off, instruction cache can speculate > and fetch instructions. This can cause a crash if region > being executed has been modified recently. With this patch, Modified by what? > we ensure that instruction cache is invalidated right after > MMU has been enabled and any potentially stale instruction > fetched earlier has been discarded. > > This is specially helpful when the memory attributes of a > region in MMU are being changed and some instructions Changed from what to what else? Are you concerned with the content of the memory being changed? Or by the attribute being changed? Or both? > operating on the region are prefetched in the instruction > cache. I don't see how this fixes anything. Yes, speculation occurs. But if your icache contains crap, how is it safe to first enable the MMU first and then nuke the icache? You could well be executing garbage at that point. Worse case, and assuming that you have an aliasing VIVT icache, this will invalidate fetches that would alias with the layout of the memory once the MMU is on. But as far as I know, EDK2 is entirely identity mapped. I also don't think it uses instruction patching. Finally, if you see speculative accesses on regions that shouldn't be accessed as such, it could well be because the code is placed too close to such a region, as mentioned in the ARM ARM (DDI0487H_a, page D5-4828): Behavior of instruction fetches when all associated stages of translation are disabled [...] To ensure architectural compliance, software must ensure that both of the following apply: =E2=80=A2 Instructions that will be executed when all associated stages of address translation are disabled are located in blocks of the address space, of the translation granule size, that contain only memory that is tolerant to speculative accesses. =E2=80=A2 Each block of the address space, of the translation granule size, that immediately follows a similar block that holds instructions that will be executed when all associated stages address translation are disabled, contains only memory that is tolerant to speculative accesses. Thanks, M --=20 Without deviation from the norm, progress is not possible.