From patchwork Fri Nov 30 11:28:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 152522 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp3539631ljp; Fri, 30 Nov 2018 03:28:48 -0800 (PST) X-Google-Smtp-Source: AFSGD/UtCLwANhjXiOLCr7HdJW8Wo+MhNeJ+lzsPx5Dz6Y3JaQCRKZ0nGg7FCBBMBjMMpU+kpdCE X-Received: by 2002:a62:31c1:: with SMTP id x184mr5400349pfx.204.1543577328783; Fri, 30 Nov 2018 03:28:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543577328; cv=none; d=google.com; s=arc-20160816; b=Hb4T5VMDuIguECF1mNJJZ+qdVn4vw2dS5vBQ52pTK4mJ77A7rzug06YqFFqgwo4L2a rn4sTXSZ5w3LxXI/oe2pNMKY+hEJSwVsymM3kyfIX2xC2gtEW/LjYniWJI84e8CCV8ld P6Z57bn106sBg7s7kVB9+OFJXPHXp2igB8duejtPWC4O+aZRkkYrLVfo0ybNz1XN5JEq hwSahW54JNVHvG3OdmIakqfbDs2h4z+G11vcpivcW1zegD4MZmcon63pacFmuDd5v0k3 MjjaK5A+sKf5bPPDs0jrwsbzr+d5cCtMvVpynDGGgMXcCY4OtQIYMECxYvXgtzk7PcaL Dm1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=98h+ZGD9KLiP13EuTZvnGLgRapMQhOB8mKxyIFyd4pM=; b=pjfSsaNYAdSXO1xHdmddlJfNVfJ8Dd5Dqd3PtIc5vVzRquMDswPD01Vps/w2cX/Ej1 n4pTlLTk5SWMSkQENKZOEcdqG0Vz9zXqjSCHomgUNW+VH8RvPKQ5zAMg4Ty5jmliZiOZ GQA6Lb1FHhpkEUURF/rHQDgQB4QT1WDifz1Pv0V7xTiFrWBTHatlPZWPouMyvVVbJmvd L57H8Pk4yLCv0NvcgOlOsqyqtpl58TpBf6H4GS1cMcNdQTilJqIg65a5/h1OC+sljboT O1wX5rAKDnANMl2z0RQy/vhz9Nj4JnMAt8Pqtrk4h0xqXlESzCgxgisFm6MV2VLk7hcS SqjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=DYWliSqt; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1]) by mx.google.com with ESMTPS id t75si5137568pfa.170.2018.11.30.03.28.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Nov 2018 03:28:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) client-ip=2001:19d0:306:5::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=DYWliSqt; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 5F89C21197B07; Fri, 30 Nov 2018 03:28:42 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::344; helo=mail-wm1-x344.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4C7B12119621B for ; Fri, 30 Nov 2018 03:28:39 -0800 (PST) Received: by mail-wm1-x344.google.com with SMTP id 125so5453044wmh.0 for ; Fri, 30 Nov 2018 03:28:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4J4s4Z+Da5KYfTmxw0rgK6u8yguHuT/uO6R+YAazook=; b=DYWliSqtfPBwafO6DBedagJmrdECsXA64fudiUK2fEX0Zzf2OSoPWre3OgWELz9ERF w9XycaSTqeu1fFRNazpFLfUNrLsxfgUsnKTg9XcnscZ2PN63IKst/WCTOHmhBrB2CJkE RqnQrzu1LFb9UfMC/cvCBqg1wLRYo2Jo5qWgY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4J4s4Z+Da5KYfTmxw0rgK6u8yguHuT/uO6R+YAazook=; b=PW6qlIVN8eCJGOYQA8tJqdBYx1rk3aiRDF3tsx8ppxip24Eria7Z/Q5IlWRnsQJ7hb GKQnZWBs44NhS3qCMtuaLNDSoKsNWDD5dq/pifcTElqgWATIECb/Mv6TtI9Bkg8fVMxg zBGp5sAHsrhLQ1kmFKUjn9ynxJdFQOxfqpiptCIIjA2nm4VFP+0Tbo3hg34triUkRo8Q M7Dzw3o/YUcDH62Ez/dlH2v9uOoFJqAXMb7UOlEjvgfQBHULE+mPhEdalAXOfU7PvbMg xuxGLas1zfZ9TEmqVtN1SwbaklZ+cFJbe4OGmnOIdlGF+5RAPmV+nkeQ6js/Fd/6exZm lx4w== X-Gm-Message-State: AA+aEWZ81HuZsMYwOsZYvGZebtBziGWE7B6yCAAys1zChnEFNT1ZiIp6 c9GZuDZGJs80Eaik6PZ3jjdGi5wVBLQ= X-Received: by 2002:a1c:5506:: with SMTP id j6mr5593817wmb.44.1543577317586; Fri, 30 Nov 2018 03:28:37 -0800 (PST) Received: from harold.home ([2a01:cb1d:112:6f00:f070:d240:312e:9f99]) by smtp.gmail.com with ESMTPSA id h16sm4340570wrs.60.2018.11.30.03.28.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Nov 2018 03:28:36 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Fri, 30 Nov 2018 12:28:29 +0100 Message-Id: <20181130112829.12173-5-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181130112829.12173-1-ard.biesheuvel@linaro.org> References: <20181130112829.12173-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Subject: [edk2] [PATCH v2 4/4] ArmVirtPkg/QemuVirtMemInfoLib: trim the MMIO region mapping X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andrew Jones , Laszlo Ersek Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" QEMU/mach-virt is rather unhelpful when it comes to tracking down NULL pointer dereferences that occur while running in UEFI: since we have NOR flash mapped at address 0x0, inadvertent reads go unnoticed, and even most writes are silently dropped, unless you're unlucky and the instruction in question is one that KVM cannot emulate, in which case you end up with a QEMU crash like this: error: kvm run failed Function not implemented PC=000000013f7ff804 X00=000000013f7ab108 X01=0000000000000064 X02=000000013f801988 X03=00000000800003c4 X04=0000000000000000 X05=0000000096000044 X06=fffffffffffd8270 X07=000000013f7ab4a0 X08=0000000000000001 X09=000000013f803b88 X10=000000013f7e88d0 X11=0000000000000009 X12=000000013f7ab554 X13=0000000000000008 X14=0000000000000002 X15=0000000000000000 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=0000000000000000 X20=000000013f81c000 X21=000000013f7ab170 X22=000000013f81c000 X23=0000000009000018 X24=000000013f407020 X25=000000013f81c000 X26=000000013f803530 X27=000000013f802000 X28=000000013f7ab270 X29=000000013f7ab0d0 X30=000000013f7fee10 SP=000000013f7a6f30 PSTATE=800003c5 N--- EL1h and a warning in the host kernel log that load/store instruction decoding is not supported by KVM. Given that the first page of the flash device is not actually used anyway, let's reduce the mappings of the peripheral space and the flash device (both of which cover page #0) to only cover what is actually required: ArmVirtQemu.fdf: > 0x00001000|0x001ff000 > gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize ArmVirtQemuKernel.fdf: > 0x00008000|0x001f8000 > gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize For ArmVirtQemu, the resulting virtual mapping looks roughly like: - [0, 4K) : flash, unmapped - [4K, 2M) : flash, mapped as WB+X RAM - [2M, 64M) : flash, unmapped - [64M, 128M) : varstore flash, will be mapped by the NOR flash driver - [128M, 256M) : peripherals, mapped as device - [256M, 1GB) : 32-bit MMIO aperture, translated IO aperture, ECAM, will be mapped by the PCI host bridge driver - [1GB, ...) : RAM, mapped. After this change, any inadvertent read or write from/to the first physical page will trigger a translation fault inside the guest, regardless of the nature of the instruction, without crashing QEMU. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf | 4 ++-- ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf | 2 ++ ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 23 ++++++++++++++------ 3 files changed, 20 insertions(+), 9 deletions(-) -- 2.19.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel Reviewed-by: Laszlo Ersek diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf index 5c5b841051ad..b6abc52531a8 100644 --- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf +++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf @@ -39,9 +39,9 @@ [LibraryClasses] PcdLib [Pcd] - gArmTokenSpaceGuid.PcdFdBaseAddress + gArmTokenSpaceGuid.PcdFvBaseAddress gArmTokenSpaceGuid.PcdSystemMemoryBase gArmTokenSpaceGuid.PcdSystemMemorySize [FixedPcd] - gArmTokenSpaceGuid.PcdFdSize + gArmTokenSpaceGuid.PcdFvSize diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf index d12089760b22..16802c5c414b 100644 --- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf +++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf @@ -43,9 +43,11 @@ [LibraryClasses] [Pcd] gArmTokenSpaceGuid.PcdFdBaseAddress + gArmTokenSpaceGuid.PcdFvBaseAddress gArmTokenSpaceGuid.PcdSystemMemoryBase gArmTokenSpaceGuid.PcdSystemMemorySize [FixedPcd] gArmTokenSpaceGuid.PcdFdSize + gArmTokenSpaceGuid.PcdFvSize gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c index 0285a11b1d77..a26b2fbad9be 100644 --- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c +++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c @@ -21,6 +21,15 @@ // Number of Virtual Memory Map Descriptors #define MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS 5 +// +// mach-virt's core peripherals such as the UART, the GIC and the RTC are +// all mapped in the 'miscellaneous device I/O' region, which we just map +// in its entirety rather than device by device. Note that it does not +// cover any of the NOR flash banks or PCI resource windows. +// +#define MACH_VIRT_PERIPH_BASE 0x08000000 +#define MACH_VIRT_PERIPH_SIZE SIZE_128MB + /** Return the Virtual Memory Map of your platform @@ -66,16 +75,16 @@ ArmVirtGetMemoryMap ( VirtualMemoryTable[0].VirtualBase, VirtualMemoryTable[0].Length)); - // Peripheral space before DRAM - VirtualMemoryTable[1].PhysicalBase = 0x0; - VirtualMemoryTable[1].VirtualBase = 0x0; - VirtualMemoryTable[1].Length = VirtualMemoryTable[0].PhysicalBase; + // Memory mapped peripherals (UART, RTC, GIC, virtio-mmio, etc) + VirtualMemoryTable[1].PhysicalBase = MACH_VIRT_PERIPH_BASE; + VirtualMemoryTable[1].VirtualBase = MACH_VIRT_PERIPH_BASE; + VirtualMemoryTable[1].Length = MACH_VIRT_PERIPH_SIZE; VirtualMemoryTable[1].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_DEVICE; - // Remap the FD region as normal executable memory - VirtualMemoryTable[2].PhysicalBase = PcdGet64 (PcdFdBaseAddress); + // Map the FV region as normal executable memory + VirtualMemoryTable[2].PhysicalBase = PcdGet64 (PcdFvBaseAddress); VirtualMemoryTable[2].VirtualBase = VirtualMemoryTable[2].PhysicalBase; - VirtualMemoryTable[2].Length = FixedPcdGet32 (PcdFdSize); + VirtualMemoryTable[2].Length = FixedPcdGet32 (PcdFvSize); VirtualMemoryTable[2].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK; // End of Table