From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EE42CC433EF for ; Fri, 4 Mar 2022 17:58:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=oikM/Ym8QwxJ/9G+Alf81c7Eb1pCpwtN2MGZTEgUiKs=; b=iwdZODp0lSCoCH OnFmTW2y8+LDG0VifmWiEPWxCzUmkLGi6L5fyGBQqC0YIeRgC0R53HCYdDkSSQbl/OtIo9CR9ONg3 qh6uT3CmwX4mL2rdUQ8uFrwgedlAa3cHoLzMaM/s7jNKnPjVSujYGgMt8XQ9IchctZSyPuWicETDU 0o8Y1B71wepO09/GmcfzUQhOzj3KRbD2+XEgoKiCy2t6Q7lqypwiWNul43d58LmBp5SMUbzz7WppC gZJ6i7Q8LiUzn1dcko7+I98r7d/XM18W9eRqihOCOeevWECn6Ux2mJ2jeSkA7q/+HTasXA6dI/TTe yjWEmAWv17vFTtbe2n8Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nQCBR-00BSqb-KY; Fri, 04 Mar 2022 17:57:41 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nQCBO-00BSpV-Fv for linux-arm-kernel@lists.infradead.org; Fri, 04 Mar 2022 17:57:39 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CB72C60A57; Fri, 4 Mar 2022 17:57:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D6998C340E9; Fri, 4 Mar 2022 17:57:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1646416656; bh=2Y4VUbIxQ4FtLioBP8URkSIGtPlV2BfVM9ozx8AxkNo=; h=From:To:Cc:Subject:Date:From; b=PYkmbd1RejhrP62vhbmBrHTW8U/RutkKybjJ8Wmi18hLfO3bmTDv0JJ61w3QVrYzS ji8TlWZ7ATMAHigGQbqhKpWj0E7xL0E5zx0luuOzXLjM+YEJz1x4SAAy0At+riFYDt 05QLcRdJr0FLVIVBwV2d0TRkrLIwUnMcFrypo6G8I6utrhmV6zId/Zhk9Srq5oNIiG 7C+fpZSTGhE8YXKHFL93wxWGNoSepelP54x0yZSxR9OLYOFhrTlrxirHJdew1Fnm6/ 12zXh4m6T1Ct2vKL9UBdQlb9ACxmbso7qJT5QuKp8mf6NaF4nRHruxtJxnygW0uAlY 9jl/FV2/oclOA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: mark.rutland@arm.com, android-kvm@google.com, Ard Biesheuvel , Marc Zyngier , Will Deacon Subject: [RFC PATCH 0/8] arm64: efi: leave MMU and caches on at boot Date: Fri, 4 Mar 2022 18:56:49 +0100 Message-Id: <20220304175657.2744400-1-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220304_095738_652922_632EB526 X-CRM114-Status: GOOD ( 16.87 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Currently, booting via the EFI stub involves a fair amount of cache maintenance, as well as two attempts at setting up the page tables when KASLR is enabled, which runs with the MMU and caches off. This may be problematic for virtualization payloads, which sometimes have very tight boot time budgets, and run in a context where uncached accesses to memory are problematic, as they are incoherent with the accesses of the host VMM or the hypervisor. While it makes sense for the boot protocol to be pedantic in this respect, EFI boot is tightly coupled with the core kernel, given that the EFI stub is the de facto bootloader, which is part of the same kernel image. It is therefore justified to cut some corners and simplify things substantially. As UEFI guarantees that all memory is 1:1 mapped with inner/outer writeback cacheable attributes, there is really no need to clean the entire kernel image to the PoC, or do all the cache invalidation that is required to ensure that page tables and other state held in memory is not corrupted by inadvertent writeback of stale dirty cache lines. Since we setup and teardown page tables redundantly for KASLR, fix this first, by permitting the KASLR seed to be passed via register X1 as well as the /chosen/kaslr-seed property. This permits us the run the page table setup code with the firmware's cached 1:1 mapping active, removing the need for any cache invalidation. Then, ensure that the only piece of code we do execute with the MMU off in this case is cleaned to the PoC, which is all held in a single page. (the ID map) Finally, drop all the cache maintenance from the EFI entry code when booting at EL1, and just branch to the kernel with the firmware's 1:1 cached mapping live. Cc: Marc Zyngier Cc: Will Deacon Ard Biesheuvel (8): arm64: kaslr: deal with init called with VA randomization enabled arm64: head: record the MMU state at primary entry arm64: head: take KASLR seed passed via x1 into account arm64: head: avoid cache invalidation when entering with the MMU on arm64: head: populate page tables before disabling the MMU arm64: head: clean the ID map page to the PoC arm64: lds: move idmap_pg_dir out of .rodata arm64: efi: leave MMU and caches on when handing over to the core kernel arch/arm64/kernel/efi-entry.S | 20 ++--- arch/arm64/kernel/head.S | 82 +++++++++++++++++--- arch/arm64/kernel/kaslr.c | 8 +- arch/arm64/kernel/vmlinux.lds.S | 8 +- drivers/firmware/efi/libstub/fdt.c | 6 +- 5 files changed, 95 insertions(+), 29 deletions(-) -- 2.30.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel