From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67])
 by mx.groups.io with SMTP id smtpd.web12.3076.1583446796597995275
 for <devel@edk2.groups.io>;
 Thu, 05 Mar 2020 14:19:57 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=YgPfplOx;
 spf=pass (domain: linaro.org, ip: 209.85.128.67, mailfrom: ard.biesheuvel@linaro.org)
Received: by mail-wm1-f67.google.com with SMTP id e26so268787wme.5
        for <devel@edk2.groups.io>; Thu, 05 Mar 2020 14:19:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=46slIQtjG6irwbA6FdUsNex90DMYlGPT4GSQdkd0aVc=;
        b=YgPfplOx++xb6sww0rvgENLK7oGEBfhV7BTtS5CGjyKAnAxb4+wFNOmC7d2vNq6LTy
         KLaoH1lZX8fYQqeQd1EGOILXpJvZs2Rm6bg8UpsFXshxG4Q8+33fdzcelw9r89IAhTsu
         aBU260DEJZScHvUR7IwGxG3rgOJ0aPWxYx5fST692lu1FBVUVHo8llQWIxkYVxVFfaHn
         wIfMIsx2enHR//cSCFbsGGxbbKrqD7UNY4KiNWDfuWbFf4UdWu322KRP/wH0iDPcPFdw
         v6u0kH1vfgMTrfs78FRMy6xVG/ywy+106J8na0J4Gft/3W+6/uVCjFOX8E5uh6JKYsdH
         1IFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=46slIQtjG6irwbA6FdUsNex90DMYlGPT4GSQdkd0aVc=;
        b=QQbdNjRWj2sJCY2AKT0p8qZ1+hifCTdklEGy4lwg8Mxg9sEy42WUmRxrVii1LFX3yv
         HTGYwEDnGvDScnDzU5Iu9Xyce+6StEOwjB1ilbDNk6vJPwZ1Qb6Ck/CHevLbiptWOrG7
         CvETxxsLCJd1OzuuNDvO4LnxSygKUD5G4/UGt92F2Sspieo5/WP7Vgmy0eDvaDjovifq
         aOMlyvKEKEeDbo0vzReRWSOSvlnL4g06C/4EuleuqZSnnCL3EF8HvCh870Gau7n1cfzj
         A4pkYaR580k0I0AIrUp2jivGU65PUxzfwg9DG50eltWglfMz6HYcnXPSvlkNjT7TTQab
         Uqrw==
X-Gm-Message-State: ANhLgQ3Qn8bXyr42Fcpp01qjMRSt8qR4y5MI1FrjKocijPmUG9hAWRP8
	JHcyJES/h4a0vTzw7j4j+arf+znjKQ4FNXDWIp9LaNQpBRo=
X-Google-Smtp-Source: ADFU+vt3Ly4VbmbKTLy3X7b9g0oSARJttW6bbxfN8u/nLoefEYYP4SOq/GhsrvL51TGrplEnoPFGsrzBsX2iU+E4Ld8=
X-Received: by 2002:a7b:cb93:: with SMTP id m19mr936446wmi.133.1583446794795;
 Thu, 05 Mar 2020 14:19:54 -0800 (PST)
MIME-Version: 1.0
References: <20200305215010.29436-1-ard.biesheuvel@linaro.org>
In-Reply-To: <20200305215010.29436-1-ard.biesheuvel@linaro.org>
From: "Ard Biesheuvel" <ard.biesheuvel@linaro.org>
Date: Thu, 5 Mar 2020 23:19:43 +0100
Message-ID: <CAKv+Gu9yupL+oD2Tq700iqADGVHrUB6BAap9n8+M_aCcGUs3Jg@mail.gmail.com>
Subject: Re: [PATCH] ArmPkg/ArmMmuLib AARCH64: invalidate page tables before populating them
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Leif Lindholm <leif@nuviainc.com>
Content-Type: text/plain; charset="UTF-8"

On Thu, 5 Mar 2020 at 22:50, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
> As it turns out, ARMv8 (DDI 0487E.a D4.4.5) also permits accesses made
> with the MMU and caches off to hit in the caches, so to ensure that any
> modifications we make before enabling the MMU are visible afterwards as
> well, we should invalidate page tables right after allocation like we do
> now on ARM, if the MMU is still disabled at that point.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Ugh, still not sufficient. I'll send a v2 tomorrow.

> ---
>  ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 25 ++++++++++++++++++++
>  1 file changed, 25 insertions(+)
>
> diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
> index 204e33c75f95..b5d6b66806f8 100644
> --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
> +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
> @@ -282,6 +282,15 @@ GetBlockEntryListFromAddress (
>            return NULL;
>          }
>
> +        if (!ArmMmuEnabled ()) {
> +          //
> +          // Make sure we are not inadvertently hitting in the caches
> +          // when populating the page tables.
> +          //
> +          InvalidateDataCacheRange (TranslationTable,
> +            TT_ENTRY_COUNT * sizeof(UINT64));
> +        }
> +
>          // Populate the newly created lower level table
>          SubTableBlockEntry = TranslationTable;
>          for (Index = 0; Index < TT_ENTRY_COUNT; Index++) {
> @@ -306,6 +315,14 @@ GetBlockEntryListFromAddress (
>            return NULL;
>          }
>
> +        if (!ArmMmuEnabled ()) {
> +          //
> +          // Make sure we are not inadvertently hitting in the caches
> +          // when populating the page tables.
> +          //
> +          InvalidateDataCacheRange (TranslationTable,
> +            TT_ENTRY_COUNT * sizeof(UINT64));
> +        }
>          ZeroMem (TranslationTable, TT_ENTRY_COUNT * sizeof(UINT64));
>
>          // Fill the new BlockEntry with the TranslationTable
> @@ -697,6 +714,14 @@ ArmConfigureMmu (
>      *TranslationTableSize = RootTableEntryCount * sizeof(UINT64);
>    }
>
> +  if (!ArmMmuEnabled ()) {
> +    //
> +    // Make sure we are not inadvertently hitting in the caches
> +    // when populating the page tables.
> +    //
> +    InvalidateDataCacheRange (TranslationTable,
> +      RootTableEntryCount * sizeof(UINT64));
> +  }
>    ZeroMem (TranslationTable, RootTableEntryCount * sizeof(UINT64));
>
>    TranslationTableAttribute = TT_ATTR_INDX_INVALID;
> --
> 2.17.1
>