From patchwork Fri Jun 8 06:58:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 137922 Delivered-To: patch@linaro.org Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp511814lji; Thu, 7 Jun 2018 23:58:23 -0700 (PDT) X-Google-Smtp-Source: ADUXVKL9GeOo4I080WlalOA7JqxaHVjXZLRR5Pd3EkU9MIbOeTXpvuVGCLv4w7a6rW0vxmaSDT74 X-Received: by 2002:a65:5686:: with SMTP id v6-v6mr4243618pgs.141.1528441103294; Thu, 07 Jun 2018 23:58:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528441103; cv=none; d=google.com; s=arc-20160816; b=QZjp54V+iuY2AU3Bjymo/mIGdUJ3UUdNeAmEqvxmvubC4HcqVtzCpgFfxVbW2pBZ1S 55KrNRTO9eGNvMaCVoimQcXEdONz1479xLYgmkVxUQPrrQLF2bfLumAGWRsTLn29GEtY UFmMklLmZ1HuRvHpHk9iEbgbrr9w5jNUb5m9y4mgCA3Zkif2EOV0JLaBGKViSavqoHnq YSCQKMr0kfYdwJXIhwc4qCPpKnvdBVLg76PUK7RmJxub7hxBdMeW5RmbeIhaBHtQCn/f j4yUg6zLqt4RLny+IQgqVdi5+e7za/q6RwsFBxX0iDtnMthye8vPN48tdUvkg6dknFJp 2RMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to:arc-authentication-results; bh=c1MfLzAwPu9ZXt8vXsUUhsWuSJz7S37BmfYGkP44tGc=; b=YvdS8s9WNi208NfSXUQhPaVQVPP2HmZyyRIW0lhSLQJy++fbeANodhGORXGbSi3sN4 PxpXJBAyZWher5Z41Mhlr25XPOambB/x474Z74Xk1c2qu8Bt89jlZBXXT6+HKGDxQ9Hc OAsixhuJ9/76RMTFiyCp7Fn0bIj+0hCJ0KbXlYBZOJqBAExpR64JRwBVYnVpuvHAdjIa Y2iUW6cKzBWIBcESmcygPDFC+LLorEEEjVUrioqG3dO8wdgxCc7Vetmj5xq28F8DCbsO y4oEmlCO3aWVYtArRWAsW4E026ClfkXN8upQDvPiCHMdE8jhAcKHtUt+8WVaH5vSSEXQ 40cw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=ESVMBgjG; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id o128-v6si8876752pfg.5.2018.06.07.23.58.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Jun 2018 23:58:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=ESVMBgjG; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C247D21106FC4; Thu, 7 Jun 2018 23:58:21 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:400c:c09::243; helo=mail-wm0-x243.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 04AA1210F201E for ; Thu, 7 Jun 2018 23:58:20 -0700 (PDT) Received: by mail-wm0-x243.google.com with SMTP id o13-v6so1380747wmf.4 for ; Thu, 07 Jun 2018 23:58:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=RWqKvEvKmAO2K2dbqQlsQ1VVnNu/xEo9tC2DsTsKjcM=; b=ESVMBgjGvc+U1o/p8VrHS5d/msXumrsITAI0zdkyUAPzTQIoI4ukl6eKn17fiJgjS6 obeR2N9wPi1vJmzFDFLAuoawaLzOs1zqSSRdvQMYDLQOW0ozfRyiwI+1MHszzok587vv UqVALigcCCHSuIVO8WiHuKJeTAHv8ILo7Di2Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=RWqKvEvKmAO2K2dbqQlsQ1VVnNu/xEo9tC2DsTsKjcM=; b=D+OHe5LHLHAq/yrP/MkGWcZP/ERDOj4c9qNgLXFA/wkBYpaLvHzNDw1gM0avSSfJiH +kkZm6hvA0ct46OomSK5RO2QmW5qRJPC0QZHw55RC+9ZvHiJyCU4UDah9xmQ/PiRAgM7 Fljckfg8FKefqKIXTdaA7NzyQZ9g7mz4wEa8A3hVr+N64eNefXZuNNjVZKtoiMj04fXx ZdIk1m6PjEtD9177oMBY3YZvsD1DaQ0erQzFumWavMe0b4ST1SPwl+tdEng2D/M4NAOa D8rg295nF9W+GmA6JSmNHWKZS/nM8knNyzOQtvNZTTevUR9uVPFddCoTL5j9y+rt+10y orBQ== X-Gm-Message-State: APt69E3i5zWIII/QxLWDh3ntq4byDQlNnbHIBB8ufZXzajFXHE9+NwDA UqgwdlK1NYCGdWyoJiJWpPzEfHVhrZs= X-Received: by 2002:a1c:e846:: with SMTP id f67-v6mr605786wmh.63.1528441099247; Thu, 07 Jun 2018 23:58:19 -0700 (PDT) Received: from dogfood.home (LFbn-NIC-1-75-91.w2-15.abo.wanadoo.fr. [2.15.165.91]) by smtp.gmail.com with ESMTPSA id x130-v6sm892491wme.24.2018.06.07.23.58.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Jun 2018 23:58:18 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Fri, 8 Jun 2018 08:58:07 +0200 Message-Id: <20180608065811.2065-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180608065811.2065-1-ard.biesheuvel@linaro.org> References: <20180608065811.2065-1-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH v2 1/5] MdeModulePkg/CapsulePei: clean Dcache before consuming capsule data X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: michael.d.kinney@intel.com, jiewen.yao@intel.com, star.zeng@intel.com, leif.lindholm@linaro.org, Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" When capsule updates are staged for processing after a warm reboot, they are copied into memory with the MMU and caches enabled. When the capsule PEI gets around to coalescing the capsule, the MMU and caches may still be disabled, and so on architectures where uncached accesses are incoherent with the caches (such as ARM and AARCH64), we may read stale data if we don't clean the caches to memory first. Note that this cache maintenance cannot be done during the invocation of UpdateCapsule(), since the ScatterGatherList structures are only identified by physical address, and at runtime, the firmware doesn't know whether and where this memory is mapped, and cache maintenance requires a virtual address. Reviewed-by: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Universal/CapsulePei/CapsulePei.inf | 1 + MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c | 38 ++++++++++++++------ 2 files changed, 28 insertions(+), 11 deletions(-) -- 2.17.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf index c54bc21a95a8..594e110d1f8a 100644 --- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf +++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf @@ -48,6 +48,7 @@ [Packages] [LibraryClasses] BaseLib + CacheMaintenanceLib HobLib BaseMemoryLib PeiServicesLib diff --git a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c index 3e7054cd38a9..52b80e30b479 100644 --- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c +++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c @@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include #include #include #include @@ -253,6 +254,7 @@ ValidateCapsuleByMemoryResource ( ) { UINTN Index; + BOOLEAN Valid; // // Sanity Check @@ -270,25 +272,39 @@ ValidateCapsuleByMemoryResource ( return FALSE; } + Valid = FALSE; if (MemoryResource == NULL) { // // No memory resource descriptor reported in HOB list before capsule Coalesce. // - return TRUE; + Valid = TRUE; + } else { + for (Index = 0; MemoryResource[Index].ResourceLength != 0; Index++) { + if ((Address >= MemoryResource[Index].PhysicalStart) && + ((Address + Size) <= (MemoryResource[Index].PhysicalStart + MemoryResource[Index].ResourceLength))) { + DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n", + Address, Size, + Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength)); + Valid = TRUE; + break; + } + } + if (!Valid) { + DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any MemoryResource\n", Address, Size)); + } } - for (Index = 0; MemoryResource[Index].ResourceLength != 0; Index++) { - if ((Address >= MemoryResource[Index].PhysicalStart) && - ((Address + Size) <= (MemoryResource[Index].PhysicalStart + MemoryResource[Index].ResourceLength))) { - DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x%x] - Start(0x%lx) Length(0x%lx)\n", - Address, Size, - Index, MemoryResource[Index].PhysicalStart, MemoryResource[Index].ResourceLength)); - return TRUE; - } + if (Valid) { + // + // At this point, we may still be running with the MMU and caches disabled, + // and on architectures such as ARM or AARCH64, capsule [meta]data loaded + // into memory with the caches on is only guaranteed to be visible to the + // CPU running with the caches off after performing an explicit writeback. + // + WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size); } - DEBUG ((EFI_D_ERROR, "ERROR: Address(0x%lx) Size(0x%lx) not in any MemoryResource\n", Address, Size)); - return FALSE; + return Valid; } /**