From: Jean-Philippe Brucker <jean-philippe@linaro.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: "Gavin Shan" <gshan@redhat.com>,
"Itaru Kitayama" <itaru.kitayama@linux.dev>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
qemu-devel@nongnu.org, qemu-arm <qemu-arm@nongnu.org>,
"Richard Henderson" <richard.henderson@linaro.org>
Subject: Re: Unexpected error in rme_configure_one() at ../target/arm/kvm-rme.c:159
Date: Tue, 4 Jun 2024 19:08:36 +0100 [thread overview]
Message-ID: <20240604180836.GC875061@myrica> (raw)
In-Reply-To: <CAMj1kXHK+xTTMsfP0sfn+-8S_fJebSXr4QTcHU2aCzd7t5x3HA@mail.gmail.com>
On Fri, May 31, 2024 at 05:24:44PM +0200, Ard Biesheuvel wrote:
> > I'm able to reproduce this even without RME. This code was introduced
> > recently by c98f7f755089 ("ArmVirtPkg: Use dynamic PCD to set the SMCCC
> > conduit"). Maybe Ard (Cc'd) knows what could be going wrong here.
> >
> > A slightly reduced reproducer:
> >
> > $ cd edk2/
> > $ build -b DEBUG -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtQemuKernel.dsc
> > $ cd ..
> >
> > $ git clone https://github.com/ARM-software/arm-trusted-firmware.git tf-a
> > $ cd tf-a/
> > $ make -j CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu DEBUG=1 LOG_LEVEL=40 QEMU_USE_GIC_DRIVER=QEMU_GICV3 BL33=../edk2/Build/ArmVirtQemuKernel-AARCH64/DEBUG_GCC5/FV/QEMU_EFI.fd all fip && \
> > dd if=build/qemu/debug/bl1.bin of=flash.bin && \
> > dd if=build/qemu/debug/fip.bin of=flash.bin seek=64 bs=4096
> > $ qemu-system-aarch64 -M virt,virtualization=on,secure=on,gic-version=3 -cpu max -m 2G -smp 8 -monitor none -serial mon:stdio -nographic -bios flash.bin
> >
>
> Hmm, this is not something I anticipated.
>
> The problem here is that ArmVirtQemuKernel does not actually support
> dynamic PCDs, so instead, the PCD here is 'patchable', which means
> that the underlying value is just overwritten in the binary image, and
> does not propagate to the rest of the firmware. I assume the write
> ends up targettng a location that does not tolerate this.
Yes, the QemuVirtMemInfoLib declares this region read-only, so we end up
with a permission fault
// Map the FV region as normal executable memory
VirtualMemoryTable[2].PhysicalBase = PcdGet64 (PcdFvBaseAddress);
VirtualMemoryTable[2].VirtualBase = VirtualMemoryTable[2].PhysicalBase;
VirtualMemoryTable[2].Length = FixedPcdGet32 (PcdFvSize);
VirtualMemoryTable[2].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_RO;
Making it writable doesn't seem sufficient, since I then get a "HVC issued
at EL2" fault. I'll keep debugging.
Thanks,
Jean
>
> Running ArmVirtQemu or ArmVirtQemuKernel at EL2 has really only ever
> worked by accident, it was simply never intended for that. The fix in
> question was a last minute tweak to prevent some CVE fixes pushed by
> MicroSoft from breaking network boot entirely, and now that the
> release has been made, I guess we should revisit this and fix it
> properly.
>
> So the underlying issue here is that on these platforms, we need to
> decide at runtime whether to use HVC or SMC instructions for SMCCC
> calls. This code attempts to record this into a dynamic PCD once at
> boot, in a way that permits other users of the same library to simply
> hardcode this in the platform definition (given that bare metal
> platforms never need this flexibility).
next prev parent reply other threads:[~2024-06-04 18:09 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-30 4:30 Unexpected error in rme_configure_one() at ../target/arm/kvm-rme.c:159 Itaru Kitayama
2024-05-30 13:30 ` Peter Maydell
2024-05-30 13:30 ` Philippe Mathieu-Daudé
2024-05-31 4:19 ` Itaru Kitayama
2024-05-31 6:23 ` Gavin Shan
2024-05-31 15:09 ` Jean-Philippe Brucker
2024-05-31 15:24 ` Ard Biesheuvel
2024-06-04 18:08 ` Jean-Philippe Brucker [this message]
2024-06-04 19:04 ` Ard Biesheuvel
2024-06-01 10:14 ` Gavin Shan
2024-06-03 8:24 ` Jean-Philippe Brucker
2024-06-04 3:02 ` Gavin Shan
2024-06-04 11:15 ` Jean-Philippe Brucker
2024-06-05 1:28 ` Gavin Shan
2024-06-05 15:56 ` Jean-Philippe Brucker
2024-06-06 5:05 ` Gavin Shan
2024-06-06 10:13 ` Gavin Shan
2024-06-06 11:03 ` Jean-Philippe Brucker
2024-05-31 9:57 ` Peter Maydell
2024-05-31 10:21 ` Jean-Philippe Brucker
2024-05-31 14:16 ` Itaru Kitayama
2024-05-31 16:09 ` Jean-Philippe Brucker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240604180836.GC875061@myrica \
--to=jean-philippe@linaro.org \
--cc=ardb@kernel.org \
--cc=gshan@redhat.com \
--cc=itaru.kitayama@linux.dev \
--cc=philmd@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).