From: Jean-Philippe Brucker <jean-philippe@linaro.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: "Gavin Shan" <gshan@redhat.com>,
"Itaru Kitayama" <itaru.kitayama@linux.dev>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
qemu-devel@nongnu.org, qemu-arm <qemu-arm@nongnu.org>,
"Richard Henderson" <richard.henderson@linaro.org>
Subject: Re: Unexpected error in rme_configure_one() at ../target/arm/kvm-rme.c:159
Date: Tue, 4 Jun 2024 19:08:36 +0100 [thread overview]
Message-ID: <20240604180836.GC875061@myrica> (raw)
In-Reply-To: <CAMj1kXHK+xTTMsfP0sfn+-8S_fJebSXr4QTcHU2aCzd7t5x3HA@mail.gmail.com>
On Fri, May 31, 2024 at 05:24:44PM +0200, Ard Biesheuvel wrote:
> > I'm able to reproduce this even without RME. This code was introduced
> > recently by c98f7f755089 ("ArmVirtPkg: Use dynamic PCD to set the SMCCC
> > conduit"). Maybe Ard (Cc'd) knows what could be going wrong here.
> >
> > A slightly reduced reproducer:
> >
> > $ cd edk2/
> > $ build -b DEBUG -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtQemuKernel.dsc
> > $ cd ..
> >
> > $ git clone https://github.com/ARM-software/arm-trusted-firmware.git tf-a
> > $ cd tf-a/
> > $ make -j CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu DEBUG=1 LOG_LEVEL=40 QEMU_USE_GIC_DRIVER=QEMU_GICV3 BL33=../edk2/Build/ArmVirtQemuKernel-AARCH64/DEBUG_GCC5/FV/QEMU_EFI.fd all fip && \
> > dd if=build/qemu/debug/bl1.bin of=flash.bin && \
> > dd if=build/qemu/debug/fip.bin of=flash.bin seek=64 bs=4096
> > $ qemu-system-aarch64 -M virt,virtualization=on,secure=on,gic-version=3 -cpu max -m 2G -smp 8 -monitor none -serial mon:stdio -nographic -bios flash.bin
> >
>
> Hmm, this is not something I anticipated.
>
> The problem here is that ArmVirtQemuKernel does not actually support
> dynamic PCDs, so instead, the PCD here is 'patchable', which means
> that the underlying value is just overwritten in the binary image, and
> does not propagate to the rest of the firmware. I assume the write
> ends up targettng a location that does not tolerate this.
Yes, the QemuVirtMemInfoLib declares this region read-only, so we end up
with a permission fault
// Map the FV region as normal executable memory
VirtualMemoryTable[2].PhysicalBase = PcdGet64 (PcdFvBaseAddress);
VirtualMemoryTable[2].VirtualBase = VirtualMemoryTable[2].PhysicalBase;
VirtualMemoryTable[2].Length = FixedPcdGet32 (PcdFvSize);
VirtualMemoryTable[2].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_RO;
Making it writable doesn't seem sufficient, since I then get a "HVC issued
at EL2" fault. I'll keep debugging.
Thanks,
Jean
>
> Running ArmVirtQemu or ArmVirtQemuKernel at EL2 has really only ever
> worked by accident, it was simply never intended for that. The fix in
> question was a last minute tweak to prevent some CVE fixes pushed by
> MicroSoft from breaking network boot entirely, and now that the
> release has been made, I guess we should revisit this and fix it
> properly.
>
> So the underlying issue here is that on these platforms, we need to
> decide at runtime whether to use HVC or SMC instructions for SMCCC
> calls. This code attempts to record this into a dynamic PCD once at
> boot, in a way that permits other users of the same library to simply
> hardcode this in the platform definition (given that bare metal
> platforms never need this flexibility).
next prev parent reply other threads:[~2024-06-04 18:08 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-30 4:30 Unexpected error in rme_configure_one() at ../target/arm/kvm-rme.c:159 Itaru Kitayama
2024-05-30 13:30 ` Peter Maydell
2024-05-30 13:30 ` Philippe Mathieu-Daudé
2024-05-31 4:19 ` Itaru Kitayama
2024-05-31 6:23 ` Gavin Shan
2024-05-31 15:09 ` Jean-Philippe Brucker
2024-05-31 15:24 ` Ard Biesheuvel
2024-06-04 18:08 ` Jean-Philippe Brucker [this message]
2024-06-04 19:04 ` Ard Biesheuvel
2024-06-01 10:14 ` Gavin Shan
2024-06-03 8:24 ` Jean-Philippe Brucker
2024-06-04 3:02 ` Gavin Shan
2024-06-04 11:15 ` Jean-Philippe Brucker
2024-06-05 1:28 ` Gavin Shan
2024-06-05 15:56 ` Jean-Philippe Brucker
2024-06-06 5:05 ` Gavin Shan
2024-06-06 10:13 ` Gavin Shan
2024-06-06 11:03 ` Jean-Philippe Brucker
2024-05-31 9:57 ` Peter Maydell
2024-05-31 10:21 ` Jean-Philippe Brucker
2024-05-31 14:16 ` Itaru Kitayama
2024-05-31 16:09 ` Jean-Philippe Brucker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240604180836.GC875061@myrica \
--to=jean-philippe@linaro.org \
--cc=ardb@kernel.org \
--cc=gshan@redhat.com \
--cc=itaru.kitayama@linux.dev \
--cc=philmd@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.