From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>,
"Zeng, Star" <star.zeng@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [PATCH v2 1/5] MdeModulePkg/CapsulePei: clean Dcache before consuming capsule data
Date: Mon, 11 Jun 2018 23:24:42 +0200 [thread overview]
Message-ID: <CAKv+Gu9r0=7+z+7NZKxWbgHExGN8+kqTagQNU=EFTmF5B3GsLw@mail.gmail.com> (raw)
In-Reply-To: <20180608065811.2065-2-ard.biesheuvel@linaro.org>
On 8 June 2018 at 08:58, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> When capsule updates are staged for processing after a warm reboot,
> they are copied into memory with the MMU and caches enabled. When
> the capsule PEI gets around to coalescing the capsule, the MMU and
> caches may still be disabled, and so on architectures where uncached
> accesses are incoherent with the caches (such as ARM and AARCH64),
> we may read stale data if we don't clean the caches to memory first.
>
> Note that this cache maintenance cannot be done during the invocation
> of UpdateCapsule(), since the ScatterGatherList structures are only
> identified by physical address, and at runtime, the firmware doesn't
> know whether and where this memory is mapped, and cache maintenance
> requires a virtual address.
>
> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Star,
If you are ok with this version of the patch, please let me know.
This patch and the PsciResetSystemLib one are prerequisites for making
PersistAcrossReset capsules work at all on ARM systems. The remaining
patches are only relevant when using the new progress reporting APIs,
so those can wait, but I would like to merge this one as soon as it is
ready.
Thanks,
Ard.
> ---
> MdeModulePkg/Universal/CapsulePei/CapsulePei.inf | 1 +
> MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c | 38 ++++++++++++++------
> 2 files changed, 28 insertions(+), 11 deletions(-)
>
> diff --git a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
> index c54bc21a95a8..594e110d1f8a 100644
> --- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
> +++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
> @@ -48,6 +48,7 @@ [Packages]
>
> [LibraryClasses]
> BaseLib
> + CacheMaintenanceLib
> HobLib
> BaseMemoryLib
> PeiServicesLib
> diff --git a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
> index 3e7054cd38a9..52b80e30b479 100644
> --- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
> +++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
> @@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> #include <Guid/CapsuleVendor.h>
>
> #include <Library/BaseMemoryLib.h>
> +#include <Library/CacheMaintenanceLib.h>
> #include <Library/DebugLib.h>
> #include <Library/PrintLib.h>
> #include <Library/BaseLib.h>
> @@ -253,6 +254,7 @@ ValidateCapsuleByMemoryResource (
> )
> {
> UINTN Index;
> + BOOLEAN Valid;
>
> //
> // Sanity Check
> @@ -270,25 +272,39 @@ ValidateCapsuleByMemoryResource (
> return FALSE;
> }
>
> + Valid = FALSE;
> if (MemoryResource == NULL) {
> //
> // No memory resource descriptor reported in HOB list before capsule Coalesce.
> //
> - return TRUE;
> + Valid = TRUE;
> + } else {
> + for (Index = 0; MemoryResource[Index].ResourceLength != 0; Index++) {
> + if ((Address >= MemoryResource[Index].PhysicalStart) &&
> + ((Address + Size) <= (MemoryResource[Index].PhysicalStart + MemoryResource[Index].ResourceLength))) {
> + DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n",
> + Address, Size,
> + Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength));
> + Valid = TRUE;
> + break;
> + }
> + }
> + if (!Valid) {
> + DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any MemoryResource\n", Address, Size));
> + }
> }
>
> - for (Index = 0; MemoryResource[Index].ResourceLength != 0; Index++) {
> - if ((Address >= MemoryResource[Index].PhysicalStart) &&
> - ((Address + Size) <= (MemoryResource[Index].PhysicalStart + MemoryResource[Index].ResourceLength))) {
> - DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n",
> - Address, Size,
> - Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength));
> - return TRUE;
> - }
> + if (Valid) {
> + //
> + // At this point, we may still be running with the MMU and caches disabled,
> + // and on architectures such as ARM or AARCH64, capsule [meta]data loaded
> + // into memory with the caches on is only guaranteed to be visible to the
> + // CPU running with the caches off after performing an explicit writeback.
> + //
> + WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size);
> }
>
> - DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any MemoryResource\n", Address, Size));
> - return FALSE;
> + return Valid;
> }
>
> /**
> --
> 2.17.0
>
next prev parent reply other threads:[~2018-06-11 21:24 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-08 6:58 [PATCH v2 0/5] MdeModulePkg ArmPkg: support for persistent capsules and progress reporting Ard Biesheuvel
2018-06-08 6:58 ` [PATCH v2 1/5] MdeModulePkg/CapsulePei: clean Dcache before consuming capsule data Ard Biesheuvel
2018-06-11 21:24 ` Ard Biesheuvel [this message]
2018-06-11 21:27 ` Yao, Jiewen
2018-06-11 21:28 ` Ard Biesheuvel
2018-06-11 21:40 ` Kinney, Michael D
2018-06-11 22:01 ` Ard Biesheuvel
2018-06-12 0:54 ` Kinney, Michael D
2018-06-12 9:01 ` Ard Biesheuvel
2018-06-12 10:31 ` Ard Biesheuvel
2018-06-12 15:02 ` Kinney, Michael D
2018-06-08 6:58 ` [PATCH v2 2/5] MdeModulePkg/DxeCapsuleLibFmp: permit ProcessCapsules () to be called once Ard Biesheuvel
2018-06-08 12:34 ` Yao, Jiewen
2018-06-08 12:37 ` Ard Biesheuvel
2018-06-10 5:38 ` Yao, Jiewen
2018-06-10 5:41 ` Ard Biesheuvel
2018-06-10 15:57 ` Kinney, Michael D
2018-06-10 19:01 ` Yao, Jiewen
2018-06-10 19:21 ` Yao, Jiewen
2018-06-11 7:27 ` Ard Biesheuvel
2018-06-11 12:37 ` Yao, Jiewen
2018-06-11 12:40 ` Ard Biesheuvel
2018-06-11 13:55 ` Yao, Jiewen
2018-06-11 14:06 ` Ard Biesheuvel
2018-06-11 15:12 ` Yao, Jiewen
2018-06-12 9:41 ` Zeng, Star
2018-06-11 15:12 ` Kinney, Michael D
2018-06-18 10:35 ` Udit Kumar
2018-06-18 14:59 ` Yao, Jiewen
2018-06-08 6:58 ` [PATCH v2 3/5] MdeModulePkg/DxeCapsuleLibFmp: pass progress callback only if it works Ard Biesheuvel
2018-06-08 6:58 ` [PATCH v2 4/5] ArmPkg/PlatformBootManagerLib: call ProcessCapsules() only once Ard Biesheuvel
2018-06-08 6:58 ` [PATCH v2 5/5] ArmPkg/ArmSmcPsciResetSystemLib: implement fallback for warm reboot Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKv+Gu9r0=7+z+7NZKxWbgHExGN8+kqTagQNU=EFTmF5B3GsLw@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox