From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8DA9881F06 for ; Thu, 2 Mar 2017 02:36:25 -0800 (PST) Received: by mail-wm0-x22a.google.com with SMTP id 196so1891006wmm.1 for ; Thu, 02 Mar 2017 02:36:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=EXSvs/+iQQRIYhVtNd0CdUTj2wKBnccCl2n5e3QOPLg=; b=kdJpGIwvw02cwg6tLGJwIJ9Xun3If3SS6zA/rrNl8DVMsD6fvt/jJiDkzWQknEs6D3 lY4SRVt+sDWQCflfuyWhtv3Msr1KJDLpFOvCzCcykMxq8qVn9QC9evm7w/7PbP8F0TPk 7g4IsTCfiu8DWU1Q1Pd8YUvptCd+B1e6wxvUI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=EXSvs/+iQQRIYhVtNd0CdUTj2wKBnccCl2n5e3QOPLg=; b=dsZWarKN8SCwfshLpBLS/IeRp9kWe6IwLWAxEkMP7xQLJM/iHK4lo451ke3GIkf/xd x/+YHsCxta0FLioU/P43X/iOBigdAnlW7eAbtrotzGLz6LeKs/HHcR20TE5w+a+HAaZb ydjXqjDx2lC7sTZ7iLv49ByYFWSXGfquNKwCWDZEdjQSRnG1m5ptoc4W/ruIptCQje82 ggzoOnBt1FE2NbH7p5bINy5Jq+qZsmvTaqTh6iaQBCX4ZUpm8Wt9x7mAWmWiqi+wFENB fNfEQRe7Wzh70OvQ0ctiE40MUWuvOyxIcNyTbiXeUhq0KYhaFtVLKhfMExfPrBvOBSbX l7MQ== X-Gm-Message-State: AMke39mGNZ2mbN0EbOnIMxC5PAElyCf+pG+3zwO32CLdff7RRwlHfQQ/8aR60t8sUoRVsGra X-Received: by 10.28.66.207 with SMTP id k76mr7528078wmi.121.1488450983703; Thu, 02 Mar 2017 02:36:23 -0800 (PST) Received: from localhost.localdomain ([105.147.1.203]) by smtp.gmail.com with ESMTPSA id l138sm4306971wmd.7.2017.03.02.02.36.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 02 Mar 2017 02:36:23 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, lersek@redhat.com Cc: Ard Biesheuvel Date: Thu, 2 Mar 2017 10:36:12 +0000 Message-Id: <1488450976-16257-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [PATCH v2 0/4] ArmPkg, ArmVirtpkg ARM: enable strict memory protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 10:36:26 -0000 This series makes the prerequisite modifications to the ARM version of the CpuDxe driver so we can enable PE/COFF image and NX memory protection for ARM platforms, including ArmVirtPkg (#4) Patch #1 refactors CpuSetMemoryAttributes() so it no longer splits section mappings into page mappings unnecessarily. Patch #2 removes some unnecessary cache/TLB maintenance, which becomes very costly when CpuSetMemoryAttributes() is used in anger as is the case with memory protections enabled. Patch #3 wires up the EFI_MEMORY_RO/EFI_MEMORY_XP attributes, which were ignored before. Patch #4 enables the protection features for ArmVirtPkg platforms when built for 32-bit ARM. Changes since v1: - trigger full TLB flush when UpdatePageEntries() results in a section split - Make cache maintenance of the remapped regions conditional on whether the memory type changed. This prevents an inadvertent cache clean/invalidate by VA of the entire RAM area when the NX attribute is applied to it. - remove DEBUG_INFO attribute from SetMemoryAttributes DEBUG output - add Laszlo's R-b to #4 Ard Biesheuvel (4): ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes() ArmVirtPkg: enable PE/COFF image and memory protection for ARM platforms ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 250 ++++++++++---------- ArmVirtPkg/ArmVirt.dsc.inc | 9 +- 2 files changed, 135 insertions(+), 124 deletions(-) -- 2.7.4