From patchwork Thu Jun  7 11:08:08 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 137875
Delivered-To: patch@linaro.org
Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp1950568lji;
 Thu, 7 Jun 2018 04:08:22 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKIrdhExgSXgqQpO3djkMNgONkb2J5oiB7gr8S3CRxsPjHAOkPsuRgoIoth+uIsXY/KaE5U9
X-Received: by 2002:a62:8d5:: with SMTP id
 82-v6mr1395459pfi.154.1528369702060; 
 Thu, 07 Jun 2018 04:08:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528369702; cv=none;
 d=google.com; s=arc-20160816;
 b=qlGkukkxq36l+YpwHdTapSgEUOgy/+cTDkGHzKsdAFDHsyx3BM+nsj+nnaY5pMLU6K
 CoTDUfKg5CVWFIvcpMG4WJPwt9033yisAUpMHJTbZm9YCsORhE3ED4JrIO3KhEJ92c2X
 o9BbJdAx4VUbWXe2B4mImEGUFviA4Ro9i0DB2ziLfA0eeJ2LwbBLCn8cxEFeRU6zcCQ4
 4HxTHSFYuahYY0W54n8+X+c3rFfdEXjvR0sy1GHrHykPJ069CQGqtdd1AiDsOuyjRja7
 H3P0IcTQypI9ZbiTNL3N/cf8zadXuzlz+h2PwNdWZbnUCwun/emOzbI/1SEiagQSswXA
 bLdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version:cc
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:references:in-reply-to:message-id:date
 :to:from:dkim-signature:delivered-to:arc-authentication-results;
 bh=H5si6LLwgFMoBhYgp+yfgymiL62Gi28cNS88IVg2o+g=;
 b=trS4EsV0etXfRY1JarCDPFEWlc7q6FouvF/gUKCP0R4hpMYIqv9YKAkJUAsbTMx0Om
 0G1SxqfyV5d9JMBuPR+oWLr0kNLLEGB7On996SdXGRhF2k46+O31CRzKrWU9nd3918Ew
 IcOt6J9IGXWtYR6riI7X9FzuYk8aLwCPCsmG7sJqvG5yO+jSVbLw8jMTQQNIVyIzXZSy
 iuXENAuZbluaECEUWv5Q488W9OAKkmhlEqrO3AnD2EgFiLpOnavbW0PCKr2GYc4VSG8b
 YKymSlSSGqtwn+wVap9KHn+/sZKkSQw5Pj9DVmo6dRInQ4ak55jLe+V7WawVKdMMhZnf
 wsSA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=gFb0GlG+; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [198.145.21.10])
 by mx.google.com with ESMTPS id
 x2-v6si15464029pfn.315.2018.06.07.04.08.20
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 07 Jun 2018 04:08:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender) client-ip=198.145.21.10; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=gFb0GlG+; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id 48504211C3F6D;
 Thu,  7 Jun 2018 04:08:19 -0700 (PDT)
X-Original-To: edk2-devel@lists.01.org
Delivered-To: edk2-devel@lists.01.org
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:400c:c0c::244; helo=mail-wr0-x244.google.com;
 envelope-from=ard.biesheuvel@linaro.org;
 receiver=edk2-devel@lists.01.org 
Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com
 [IPv6:2a00:1450:400c:c0c::244])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 16B35211B85FE
 for <edk2-devel@lists.01.org>; Thu,  7 Jun 2018 04:08:18 -0700 (PDT)
Received: by mail-wr0-x244.google.com with SMTP id a12-v6so9647815wro.1
 for <edk2-devel@lists.01.org>; Thu, 07 Jun 2018 04:08:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=KEYJMTUEqBlBTHgwySNGwZgl7i4BEmO3mp/rs+IeSW8=;
 b=gFb0GlG+edBio7ur+qxkabmSeFM+nO0b20GEx9DhDutR2OVUDksvgxXNb4Z0wkOywl
 ISk80Z4gY1q/F+Q142gs1RpKAUY0uW0Y4S6sTHq+P9wTq9oproTeRYOQXEO28lVUfQJH
 NO161nIAWcAjd50G1Xq3kf0wcAOK050DqQ4H4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=KEYJMTUEqBlBTHgwySNGwZgl7i4BEmO3mp/rs+IeSW8=;
 b=NaNpnlMtYU1syyX90OYqroJ97feIdy6A0QS3/jAX2D0UHBbEhHWtqcNiBh+dNyf5G6
 l8NjZ5fLdHcaxON81/2oleYjdxbB8LzSDBMfF5tXdqWTm7dN1klEYn9gtjO9xvt0Q8Mc
 nLUqXTLaRwasE1YSgUvkHcYchMu4rTA1UweumGUDLE4wLS3N8zcsHaOQgQiHiduRb+98
 +Njvjn7eozSHmORfygahryk9rUGsCYt5LGixF3ubZ6yrDPQW7y0UudQeLqlo6A3585ZX
 IhsHZyCQ5AFB84p37xV5q8+2lniehfrxiCHdm4PG5ar865HJu4P2QU2JA8i4rIkFePXj
 XBLQ==
X-Gm-Message-State: APt69E39wtNS8Nx9atkTgHLJSBu7ugisIaGbyfq/Hse0HEVpfqIUi4y2
 5WHrZhR1l4YaG5SNfIpcUpSQjxGBVxM=
X-Received: by 2002:adf:dc52:: with SMTP id
 m18-v6mr1405048wrj.84.1528369696418; 
 Thu, 07 Jun 2018 04:08:16 -0700 (PDT)
Received: from dogfood.home ([2a01:cb1d:112:6f00:88ff:8f90:37f1:db91])
 by smtp.gmail.com with ESMTPSA id
 72-v6sm54997900wrb.22.2018.06.07.04.08.15
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 07 Jun 2018 04:08:15 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org
Date: Thu,  7 Jun 2018 13:08:08 +0200
Message-Id: <20180607110812.26778-2-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180607110812.26778-1-ard.biesheuvel@linaro.org>
References: <20180607110812.26778-1-ard.biesheuvel@linaro.org>
Subject: [edk2] [PATCH 1/5] MdeModulePkg/CapsulePei: clean Dcache before
 consuming capsule data
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: michael.d.kinney@intel.com, jiewen.yao@intel.com, star.zeng@intel.com,
 leif.lindholm@linaro.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

When capsule updates are staged for processing after a warm reboot,
they are copied into memory with the MMU and caches enabled. When
the capsule PEI gets around to coalescing the capsule, the MMU and
caches may still be disabled, and so on architectures where uncached
accesses are incoherent with the caches (such as ARM and AARCH64),
we may read stale data if we don't clean the caches to memory first.

Note that this cache maintenance cannot be done during the invocation
of UpdateCapsule(), since the ScatterGatherList structures are only
identified by physical address, and at runtime, the firmware doesn't
know whether and where this memory is mapped, and cache maintenance
requires a virtual address.

Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 MdeModulePkg/Universal/CapsulePei/CapsulePei.inf           |  1 +
 MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c | 10 ++++++++++
 2 files changed, 11 insertions(+)

-- 
2.17.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

diff --git a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
index c54bc21a95a8..594e110d1f8a 100644
--- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
+++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
@@ -48,6 +48,7 @@ [Packages]
 
 [LibraryClasses]
   BaseLib
+  CacheMaintenanceLib
   HobLib
   BaseMemoryLib
   PeiServicesLib
diff --git a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
index 3e7054cd38a9..fb59f338f100 100644
--- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
+++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
@@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Guid/CapsuleVendor.h>
 
 #include <Library/BaseMemoryLib.h>
+#include <Library/CacheMaintenanceLib.h>
 #include <Library/DebugLib.h>
 #include <Library/PrintLib.h>
 #include <Library/BaseLib.h>
@@ -274,6 +275,7 @@ ValidateCapsuleByMemoryResource (
     //
     // No memory resource descriptor reported in HOB list before capsule Coalesce.
     //
+    WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size);
     return TRUE;
   }
 
@@ -283,6 +285,14 @@ ValidateCapsuleByMemoryResource (
       DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n",
                           Address, Size,
                           Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength));
+
+      //
+      // At this point, we may still be running with the MMU and caches disabled,
+      // and on architectures such as ARM or AARCH64, capsule [meta]data loaded
+      // into memory with the caches on is only guaranteed to be visible to the
+      // CPU running with the caches off after performing an explicit writeback.
+      //
+      WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size);
       return TRUE;
     }
   }