From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Laszlo Ersek <lersek@redhat.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
"Leif Lindholm" <leif.lindholm@linaro.org>,
"Gao, Liming" <liming.gao@intel.com>,
"Auger Eric" <eric.auger@redhat.com>,
"Andrew Jones" <drjones@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>
Subject: Re: [PATCH] Revert "MdePkg/ProcessorBind.h AARCH64: limit MAX_ADDRESS to 48 bits"
Date: Fri, 7 Dec 2018 11:43:14 +0100 [thread overview]
Message-ID: <CAKv+Gu-Cn96fm=7G9F6vnaHJHuq25EAMVsQN0GcgjsYcVaPuzQ@mail.gmail.com> (raw)
In-Reply-To: <14bc84c4-9b86-51b0-3b09-152e8877950c@redhat.com>
On Fri, 7 Dec 2018 at 11:41, Laszlo Ersek <lersek@redhat.com> wrote:
>
> On 12/06/18 22:37, Ard Biesheuvel wrote:
> > This reverts commit 82379bf6603274e81604d5a6f6bb14bdde616286.
> >
> > On AArch64, we can only use 48 address bits while running in UEFI,
> > while the GCD and UEFI memory maps may describe up to 52 bits of
> > physical address space. For this reason, MAX_ADDRESS was reduced
> > to 48 bits, to ensure that the firmware does not inadvertently
> > attempt to allocate memory that we cannot access.
> >
> > However, MAX_ADDRESS is used in runtime drivers as well, and
> > runtime drivers may deal with kernel virtual addresses, which have
> > bits [63:48] set. In fact, the OS may be running with 64 KB pages
> > and pass addresses into the runtime services that use up to 52
> > bits of address space, either with the top bits set or cleared,
> > even if the physical address space does not extend beyond 48 bits.
> >
> > In summary, changing MAX_ADDRESS is a mistake, and needs to be
> > reverted.
> >
> > Cc: Leif Lindholm <leif.lindholm@linaro.org>
> > Cc: Liming Gao <liming.gao@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Eric Auger <eric.auger@redhat.com>
> > Cc: Andrew Jones <drjones@redhat.com>
> > Cc: Philippe Mathieu-Daude <philmd@redhat.com>
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > ---
> > MdePkg/Include/AArch64/ProcessorBind.h | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/MdePkg/Include/AArch64/ProcessorBind.h b/MdePkg/Include/AArch64/ProcessorBind.h
> > index dad75df1c579..968c18f915ae 100644
> > --- a/MdePkg/Include/AArch64/ProcessorBind.h
> > +++ b/MdePkg/Include/AArch64/ProcessorBind.h
> > @@ -138,9 +138,9 @@ typedef INT64 INTN;
> > #define MAX_2_BITS 0xC000000000000000ULL
> >
> > ///
> > -/// Maximum legal AARCH64 address (48 bits for 4 KB page size)
> > +/// Maximum legal AARCH64 address
> > ///
> > -#define MAX_ADDRESS 0xFFFFFFFFFFFFULL
> > +#define MAX_ADDRESS 0xFFFFFFFFFFFFFFFFULL
> >
> > ///
> > /// Maximum legal AArch64 INTN and UINTN values.
> >
>
> I was worried the patch could regress some things, but unfortunately, I
> couldn't name any specific area of concern. Sorry about that.
>
Sometimes a hunch should be taken more seriously, I suppose :-)
> For this change:
>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
Thanks
> Topic change: the patch that's being reverted was originally posted as:
>
> [edk2] [PATCH v3 05/16]
> MdePkg/ProcessorBind.h AARCH64: limit MAX_ADDRESS to 48 bits
>
> in the series
>
> [edk2] [PATCH v3 00/16]
> [Arm|ArmVirt|MdePkg|Embedded]Pkg: lift 40-bit IPA space limit
>
> In further patches of that series, we depended on the lowered limit of
> MAX_ADDRESS. Given that MAX_ADDRESS is being raised back to its original
> value, I think those dependent locations should be re-checked.
>
> For example, in
>
> [edk2] [PATCH v3 08/16]
> ArmPkg/ArmMmuLib: take the CPU supported maximum PA space into account
>
> (commit e36b243c7178), we added
>
> //
> // Limit the virtual address space to what we can actually use: UEFI
> // mandates a 1:1 mapping, so no point in making the virtual address
> // space larger than the physical address space. We also have to take
> // into account the architectural limitations that result from UEFI's
> // use of 4 KB pages.
> //
> MaxAddress = MIN (LShiftU64 (1ULL, ArmGetPhysicalAddressBits ()) - 1,
> MAX_ADDRESS);
>
> Presumably, we should now replace MAX_ADDRESS with 0xFFFFFFFFFFFFULL.
>
> (I'm unsure if other modules updated by the rest of the patches are
> affected -- I tried to grep them for MAX_ADDRESS, and I couldn't find
> any (obvious) matches.)
>
I am looking into an alternative approach, involving the introduction
of MAX_ALLOC_ADDRESS, and updating the page allocator to honour it.
The MMU library should be updated to refer to it as well, thanks for
reminding me.
next prev parent reply other threads:[~2018-12-07 10:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-06 21:37 [PATCH] Revert "MdePkg/ProcessorBind.h AARCH64: limit MAX_ADDRESS to 48 bits" Ard Biesheuvel
2018-12-07 0:03 ` Gao, Liming
2018-12-07 10:41 ` Laszlo Ersek
2018-12-07 10:43 ` Ard Biesheuvel [this message]
2018-12-07 11:26 ` Ard Biesheuvel
2018-12-07 11:54 ` Leif Lindholm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKv+Gu-Cn96fm=7G9F6vnaHJHuq25EAMVsQN0GcgjsYcVaPuzQ@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox