From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::142; helo=mail-it1-x142.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@ml01.01.org Received: from mail-it1-x142.google.com (mail-it1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3F679211B5082 for ; Wed, 23 Jan 2019 06:02:26 -0800 (PST) Received: by mail-it1-x142.google.com with SMTP id z20so455251itc.3 for ; Wed, 23 Jan 2019 06:02:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6Bo33985eTz+5jwf3u6pdh3CjfNR4rt7nzpCnss3tRc=; b=UCCLJNjpLq9Eiqv/W+Rzm4C0lL9Un1Uxh6qNeD/JAlfFwxOpunkSgiMFSbTXlpD4q5 RycPifgSZeOCVKca0qUzmXR27zijVrc8GvwP182c7IJYkPLtVdxpuUESWHd3tmncYb78 RNmqo1+ud8/rcVarRVSv97ZGx54xDHrZwIw7s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6Bo33985eTz+5jwf3u6pdh3CjfNR4rt7nzpCnss3tRc=; b=SpGzO6zEzu4l0Gdr2q6iNt8E76o3P+En4kh5TOzr/BtqBKGwhEJpJK0T/CNaz6dfxW 1pT5Ft15h9wZRV3KP7c/LmgPxRTjAQYyTfFxBnNT8eIGMrhgZIFyUp4vKpRNhGPhKD53 3ihDF6xegXVSP6Os/xL9BfgFI4QUjdFQhSAuYhI0JuQ1Ua+rSIyTbnDHwUvqidSJdI16 7A01lNqlFJYqT1FPiX2LBp0RtxxP7VtMS109ShHhtQ2nQwjK6szXHvGRp2Ku/QHe1GNx sa7WnPfYUZQg7iE5GIHIcECKKGkdRPf5bb9ceoBlYpB9QBxwbf/Lmy/92D/uhNiZv0mo 9nhw== X-Gm-Message-State: AJcUukfM1FF9AvVHjimiBz4qwZzUepcmGAvgnS97ozCUd4h43s1YdJHn PcVdPvr/KrgTFGh9xBkCyed+JY+HPN64qWgoNS3qyw== X-Google-Smtp-Source: ALg8bN5nXeTvNzoZs+HnAe9ZDpzUmDCQq5/lv6yRSYYZCxWKnCqDIClcvmCT7QkomJPTbvqzj9xRzCtFgB8RTqZctuE= X-Received: by 2002:a24:710:: with SMTP id f16mr1376532itf.121.1548252145344; Wed, 23 Jan 2019 06:02:25 -0800 (PST) MIME-Version: 1.0 References: <1449471969-16949-1-git-send-email-ard.biesheuvel@linaro.org> <2dd4294c-76f0-f433-cbd2-bf0b37114aee@redhat.com> <12fa0861-e25d-eba7-48ea-2bd7d47d58fb@redhat.com> In-Reply-To: <12fa0861-e25d-eba7-48ea-2bd7d47d58fb@redhat.com> From: Ard Biesheuvel Date: Wed, 23 Jan 2019 15:02:14 +0100 Message-ID: To: Laszlo Ersek Cc: Leif Lindholm , "Cohen, Eugene" , "edk2-devel@lists.01.org" , Tanxiaojun , Marc Zyngier , Christoffer Dall Subject: Re: [PATCH] ArmPkg: update InvalidateInstructionCacheRange to flush only to PoU X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2019 14:02:26 -0000 Content-Type: text/plain; charset="UTF-8" On Wed, 23 Jan 2019 at 10:55, Laszlo Ersek wrote: > > On 01/23/19 10:26, Ard Biesheuvel wrote: > > On Wed, 23 Jan 2019 at 10:14, Laszlo Ersek wrote: > >> On 01/22/19 16:37, Ard Biesheuvel wrote: > > >>> Is SetUefiImageMemoryAttributes() being > >>> called to remap the memory R-X ? > >> > >> No, it is not; the grub binary in question doesn't have the required > >> section alignment (... I hope at least that that's what your question > >> refers to): > >> > >>> ProtectUefiImageCommon - 0x3E6C54C0 > >>> - 0x000000013BEEF000 - 0x0000000000030600 > >>> !!!!!!!! ProtectUefiImageCommon - Section Alignment(0x200) is > >> incorrect !!!!!!!! > >> > > > > This is puzzling, given that the exact same binary works on Mustang. > > And even on the original (unspecified) hardware, the same binary works > frequently. My understanding is that there are five VMs executing reboot > loops in parallel, on the same host, and 4 out of 5 may hit the issue in > a reasonable time period (300 reboots or so). > > > So when loaded, GRUB should cover the following regions: > > > > 0x13beef0000 - 0x13bf000000 (0x11000) > > 0x13bf000000 - 0x13bf01f600 (0x1f600) > > > > where neither covers a 2 MB block fully, which means that the TLB > > entry that we are hitting is stale. > > > > Since ProtectUefiImageCommon() does not do anything in this case, the > > stale translation must be the result of > > PcdDxeNxMemoryProtectionPolicy, which either sets the wrong > > permissions for EfiLoaderCode (relying on ProtectUefiImageCommon), or > > we don't flush the TLBs correctly after updating the permissions when > > converting the memory from EfiConventionalMemory to EfiLoaderCode > > > > Are you using the default value for PcdDxeNxMemoryProtectionPolicy? > > Yes, we have > > ArmVirtPkg/ArmVirt.dsc.inc: > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 > > from commit 1acd7c54a724 ("ArmVirtPkg AARCH64: enable NX memory > protection for all platforms", 2017-03-01). > > The binary is from the RPM > "edk2-aarch64-20180508gitee3198e672e2-5.el8+1789+f0947240.noarch", which > is basically upstream ee3198e672e2 plus a small number of backports and > downstream customizations. > This might help: diff --git a/ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S b/ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S index b7173e00b039..4c0b4b4efbd5 100644 --- a/ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S +++ b/ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S @@ -138,7 +138,7 @@ ASM_FUNC(ArmUpdateTranslationTableEntry) ASM_FUNC(ArmInvalidateTlb) EL1_OR_EL2_OR_EL3(x0) -1: tlbi vmalle1 +1: tlbi vmalle1is b 4f 2: tlbi alle2 b 4f diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S index 90192df24f55..d54b1c19accf 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S @@ -34,7 +34,7 @@ // flush the TLBs .if \el == 1 - tlbi vmalle1 + tlbi vmalle1is .else tlbi alle\el .endif