From nobody Fri Dec 27 02:15:58 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
	dmarc=fail(p=none dis=none)  header.from=linaro.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1528369701395413.14074960116636;
 Thu, 7 Jun 2018 04:08:21 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 48504211C3F6D;
	Thu,  7 Jun 2018 04:08:19 -0700 (PDT)
Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com
 [IPv6:2a00:1450:400c:c0c::244])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 16B35211B85FE
 for <edk2-devel@lists.01.org>; Thu,  7 Jun 2018 04:08:18 -0700 (PDT)
Received: by mail-wr0-x244.google.com with SMTP id a12-v6so9647815wro.1
 for <edk2-devel@lists.01.org>; Thu, 07 Jun 2018 04:08:17 -0700 (PDT)
Received: from dogfood.home ([2a01:cb1d:112:6f00:88ff:8f90:37f1:db91])
 by smtp.gmail.com with ESMTPSA id 72-v6sm54997900wrb.22.2018.06.07.04.08.15
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 07 Jun 2018 04:08:15 -0700 (PDT)
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:400c:c0c::244; helo=mail-wr0-x244.google.com;
 envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=KEYJMTUEqBlBTHgwySNGwZgl7i4BEmO3mp/rs+IeSW8=;
 b=gFb0GlG+edBio7ur+qxkabmSeFM+nO0b20GEx9DhDutR2OVUDksvgxXNb4Z0wkOywl
 ISk80Z4gY1q/F+Q142gs1RpKAUY0uW0Y4S6sTHq+P9wTq9oproTeRYOQXEO28lVUfQJH
 NO161nIAWcAjd50G1Xq3kf0wcAOK050DqQ4H4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=KEYJMTUEqBlBTHgwySNGwZgl7i4BEmO3mp/rs+IeSW8=;
 b=NaNpnlMtYU1syyX90OYqroJ97feIdy6A0QS3/jAX2D0UHBbEhHWtqcNiBh+dNyf5G6
 l8NjZ5fLdHcaxON81/2oleYjdxbB8LzSDBMfF5tXdqWTm7dN1klEYn9gtjO9xvt0Q8Mc
 nLUqXTLaRwasE1YSgUvkHcYchMu4rTA1UweumGUDLE4wLS3N8zcsHaOQgQiHiduRb+98
 +Njvjn7eozSHmORfygahryk9rUGsCYt5LGixF3ubZ6yrDPQW7y0UudQeLqlo6A3585ZX
 IhsHZyCQ5AFB84p37xV5q8+2lniehfrxiCHdm4PG5ar865HJu4P2QU2JA8i4rIkFePXj
 XBLQ==
X-Gm-Message-State: APt69E39wtNS8Nx9atkTgHLJSBu7ugisIaGbyfq/Hse0HEVpfqIUi4y2
 5WHrZhR1l4YaG5SNfIpcUpSQjxGBVxM=
X-Google-Smtp-Source: 
 ADUXVKJULyYaf/lOaE8Is0r6+vyAepA+P607OkcufZNKdrfL41o3yPzH8NtehS9Zx+A8C7xQp8hEFA==
X-Received: by 2002:adf:dc52:: with SMTP id
 m18-v6mr1405048wrj.84.1528369696418;
 Thu, 07 Jun 2018 04:08:16 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org
Date: Thu,  7 Jun 2018 13:08:08 +0200
Message-Id: <20180607110812.26778-2-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180607110812.26778-1-ard.biesheuvel@linaro.org>
References: <20180607110812.26778-1-ard.biesheuvel@linaro.org>
Subject: [edk2] [PATCH 1/5] MdeModulePkg/CapsulePei: clean Dcache before
 consuming capsule data
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: michael.d.kinney@intel.com, jiewen.yao@intel.com, star.zeng@intel.com,
 leif.lindholm@linaro.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

When capsule updates are staged for processing after a warm reboot,
they are copied into memory with the MMU and caches enabled. When
the capsule PEI gets around to coalescing the capsule, the MMU and
caches may still be disabled, and so on architectures where uncached
accesses are incoherent with the caches (such as ARM and AARCH64),
we may read stale data if we don't clean the caches to memory first.

Note that this cache maintenance cannot be done during the invocation
of UpdateCapsule(), since the ScatterGatherList structures are only
identified by physical address, and at runtime, the firmware doesn't
know whether and where this memory is mapped, and cache maintenance
requires a virtual address.

Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 MdeModulePkg/Universal/CapsulePei/CapsulePei.inf           |  1 +
 MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf b/MdeModulePk=
g/Universal/CapsulePei/CapsulePei.inf
index c54bc21a95a8..594e110d1f8a 100644
--- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
+++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
@@ -48,6 +48,7 @@ [Packages]
=20
 [LibraryClasses]
   BaseLib
+  CacheMaintenanceLib
   HobLib
   BaseMemoryLib
   PeiServicesLib
diff --git a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c b/M=
deModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
index 3e7054cd38a9..fb59f338f100 100644
--- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
+++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
@@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER=
 EXPRESS OR IMPLIED.
 #include <Guid/CapsuleVendor.h>
=20
 #include <Library/BaseMemoryLib.h>
+#include <Library/CacheMaintenanceLib.h>
 #include <Library/DebugLib.h>
 #include <Library/PrintLib.h>
 #include <Library/BaseLib.h>
@@ -274,6 +275,7 @@ ValidateCapsuleByMemoryResource (
     //
     // No memory resource descriptor reported in HOB list before capsule C=
oalesce.
     //
+    WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size);
     return TRUE;
   }
=20
@@ -283,6 +285,14 @@ ValidateCapsuleByMemoryResource (
       DEBUG ((EFI_D_INFO, "Address(0x%lx) Size(0x%lx) in MemoryResource[0x=
%x] - Start(0x%lx) Length(0x%lx)\n",
                           Address, Size,
                           Index, MemoryResource[Index].PhysicalStart, Memo=
ryResource[Index].ResourceLength));
+
+      //
+      // At this point, we may still be running with the MMU and caches di=
sabled,
+      // and on architectures such as ARM or AARCH64, capsule [meta]data l=
oaded
+      // into memory with the caches on is only guaranteed to be visible t=
o the
+      // CPU running with the caches off after performing an explicit writ=
eback.
+      //
+      WriteBackDataCacheRange ((VOID *)(UINTN)Address, (UINTN)Size);
       return TRUE;
     }
   }
--=20
2.17.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel