From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 918FD82082 for ; Thu, 9 Feb 2017 22:41:51 -0800 (PST) Received: by mail-wm0-x22b.google.com with SMTP id r141so39806042wmg.1 for ; Thu, 09 Feb 2017 22:41:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BsomKzvRm6mTwWKYKxUGgIzWgKig5xpzmwKplA/Pzd8=; b=fl1HV+Wi1cE0sYsUqud224YnyqvwJMYs3+nvGNXlUXZ1NatqK2+8FtfXbcn9a5Mmx2 rNXCfCNjUs7bhBtCH5zZEohOMrfhQ3r7N7PLKU74diTw9HuSJx7eq0NgfRj0Lb2RdXWO KQ0GY9TQc0cAvWhv8h7Qw+0jpt+He5k7UoczI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BsomKzvRm6mTwWKYKxUGgIzWgKig5xpzmwKplA/Pzd8=; b=KM4F2OIWwVVT1QFPLm+my1Bw0u1xQHAhBfssRjmtfMvHLqNOxWmHoJvbGaSKXqrVIL 2EFkFYrIdrFtlYYhCZ4j20hbH3VyyvK8kyanb7RGHjJRVBVUfEnnmSMET0xMQo0IoEmK PB/MWsxe7Nj4Ec+7WJXLJUz05EqA/B1P3mB4UiG15jGERPIROeDIDPP5qooFUgFnNdg4 r793ynG8L5xWd9tcIfoxYMYZhJUP4R+4ouyTCziIfRNSuTsDrS2HSYt2WlGyHYlSqTR/ jQxV0r7bMWEEZ38rhoAHeGV+mAdMj2zgjo35a7sCqC4qcglaBO1/gG5gBOHIYExsH29a ZIXg== X-Gm-Message-State: AMke39nmwjThH2oQENhUS+5SEozSW7Tvk0TmD1ir72QmuXGKgExCp6mGGecw2KV88htWeBwF X-Received: by 10.28.209.202 with SMTP id i193mr6569656wmg.20.1486708910072; Thu, 09 Feb 2017 22:41:50 -0800 (PST) Received: from [105.138.117.86] ([105.138.117.86]) by smtp.gmail.com with ESMTPSA id z134sm2083347wmc.20.2017.02.09.22.41.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Feb 2017 22:41:49 -0800 (PST) Mime-Version: 1.0 (1.0) From: Ard Biesheuvel X-Mailer: iPhone Mail (14D27) In-Reply-To: <4F3E8C94-BFF2-42A5-8E12-C03F955627F8@linaro.org> Date: Fri, 10 Feb 2017 06:41:46 +0000 Cc: "Tian, Feng" , "edk2-devel@lists.01.org" , Leif Lindholm , "Kinney, Michael D" , "Fan, Jeff" , "Zeng, Star" Message-Id: <0ACD6B44-66A4-474E-A9E5-55A322FD169B@linaro.org> References: <1486624832-15736-1-git-send-email-jiewen.yao@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EBD52@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EBEC3@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EBF20@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EC023@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EC093@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EC562@shsmsx102.ccr.corp.intel.com> <4F3E8C94-BFF2-42A5-8E12-C03F955627F8@linaro.org> To: "Yao, Jiewen" X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: [PATCH V3 0/4] DXE Memory Protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2017 06:41:52 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable > On 10 Feb 2017, at 06:34, Ard Biesheuvel wrote= : >=20 >=20 >=20 >> On 10 Feb 2017, at 02:26, Yao, Jiewen wrote: >>=20 >> Very good question. >> =20 >> 1) Yes, I did test UEFI OS boot, which is mentioned in V1 summary: >> =3D=3D=3D=3D=3D=3D >> Tested OS: UEFI Win10, UEFI Ubuntu 16.04. >> =3D=3D=3D=3D=3D=3D >> =20 >> 2) Star helps double confirm that OS already takes over the control= of page table on SetVirtualAddressMap(). >> See below log on UEFI Win10. >> =3D=3D=3D=3D=3D=3D >> DXEIPL CR3 0x88140000 >> RUNTIMEDXE CR3 0x1AB000 >> =3D=3D=3D=3D=3D=3D >> =20 >=20 > Not on AArch64/ARM linux, and the spec does not mandate it, so we need to d= eal with this imo >=20 I think we should probably undo the protections for runtime drivers in EBS()= >> Thank you >> Yao Jiewen >> =20 >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ar= d Biesheuvel >> Sent: Thursday, February 9, 2017 8:48 AM >> To: Yao, Jiewen >> Cc: Tian, Feng ; edk2-devel@lists.01.org; Leif Lindh= olm ; Kinney, Michael D ; Fan, Jeff ; Zeng, Star >> Subject: Re: [edk2] [PATCH V3 0/4] DXE Memory Protection >> =20 >> On 9 February 2017 at 16:30, Ard Biesheuvel w= rote: >> > On 9 February 2017 at 16:29, Yao, Jiewen wrote: >> >> Very good point. >> >> >> >> Can ARCH64 set 4K paging for 64K aligned runtime memory? >> >> >> > >> > UEFI always uses 4 KB, but the OS may use 64 KB, so to create the >> > virtual address map it needs the runtime regions to be 64 KB aligned. >> > >> >> >> >> >> >> If yes, how about we use >> >> >> >> =E2=80=9CImageRecord->ImageSize =3D ALIGN_VALUE(LoadedImage->ImageSize= , >> >> EFI_PAGE_SIZE);=E2=80=9D >> >> >> > >>=20 >> Another question: did you try SetVirtualAddressMap()? It looks like we >> need to lift read-only permissions to allow the runtime PE/COFF >> relocation to apply the fixups >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org >> https://lists.01.org/mailman/listinfo/edk2-devel