From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2439D80318 for ; Mon, 6 Mar 2017 09:32:22 -0800 (PST) Received: by mail-wm0-x229.google.com with SMTP id t193so70837807wmt.1 for ; Mon, 06 Mar 2017 09:32:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=Pkpmh5tA4Im5dUApUbt5ZTj4/ekDaExKw9DmxMjk8ns=; b=YNQLu9XNjdoF7eySjuewBZ/+wN4iej2wlq4tPoT7vhThff0U/ZklYSh9oBQJEh1aND 3knRWyMRi84QX5/QL6wmKl1Pnv1a5vC24Lh58hgEagPwh6fhjCNQjmmDEvYBjMkq+nXf ZNJKPRUeNIuu3K5mIhxd7xYiS2YKPPcpx16ao= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Pkpmh5tA4Im5dUApUbt5ZTj4/ekDaExKw9DmxMjk8ns=; b=E6pqG2po0Y9pkm3XBbPldwyf3KWbiQgSy7hvLBJkNHpXRJA9WW6gV4VUjvmlhnmHsG ZFESqytZcEoEKQCjukhSWqiM4+UNtuSxr5EKObALoML96Eg+nA79h7SGPeOMxAg+HRN4 rSJmz4RMp8Jbsp3nz5dk4ZabKU1AY5DxuLsw6UQZzlmFS0A1snF8ZNC3f1poKZ5i8rA0 r+7EDi1ajLNg0dzqBceRK6aWgoYAywe/WNAO1ET+bIm4impUY0SXBckaJZZtdKe07toW Hl6L/eyUQdu6ZV1/9J3gBVgnE4cVIYvJbSp/coQ4zbgSM8qe60aqkrqHS9g+7ePwTCbH QALQ== X-Gm-Message-State: AMke39l63d/u1qKiVLTVL34wpKZJahWPaz1Vg6L57di6d2F5Wk/Cv+PF0++nH1f45Iw0FnKh X-Received: by 10.28.107.141 with SMTP id a13mr15136147wmi.61.1488821540341; Mon, 06 Mar 2017 09:32:20 -0800 (PST) Received: from ards-macbook-pro.c.hoisthospitality.com ([109.74.48.129]) by smtp.gmail.com with ESMTPSA id 136sm15704335wmg.12.2017.03.06.09.32.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Mar 2017 09:32:19 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org Cc: lersek@redhat.com, Ard Biesheuvel Date: Mon, 6 Mar 2017 18:32:11 +0100 Message-Id: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [PATCH v3 0/4] ArmPkg, ArmVirtpkg ARM: enable strict memory protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 17:32:22 -0000 This series makes the prerequisite modifications to the ARM version of the CpuDxe driver so we can enable PE/COFF image and NX memory protection for ARM platforms, including ArmVirtPkg (#4) Patch #1 refactors CpuSetMemoryAttributes() so it no longer splits section mappings into page mappings unnecessarily. Patch #2 removes some unnecessary cache/TLB maintenance, which becomes very costly when CpuSetMemoryAttributes() is used in anger as is the case with memory protections enabled. Patch #3 wires up the EFI_MEMORY_RO/EFI_MEMORY_XP attributes, which were ignored before. Patch #4 enables the protection features for ArmVirtPkg platforms when built for 32-bit ARM. Changes since v2: - minor code tweaks for style and correctness - add R-b's from Leif to #1 and #2 Changes since v1: - trigger full TLB flush when UpdatePageEntries() results in a section split - Make cache maintenance of the remapped regions conditional on whether the memory type changed. This prevents an inadvertent cache clean/invalidate by VA of the entire RAM area when the NX attribute is applied to it. - remove DEBUG_INFO attribute from SetMemoryAttributes DEBUG output - add Laszlo's R-b to #4 Ard Biesheuvel (4): ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes() ArmVirtPkg: enable PE/COFF image and memory protection for ARM platforms ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 277 +++++++++++--------- ArmVirtPkg/ArmVirt.dsc.inc | 9 +- 2 files changed, 161 insertions(+), 125 deletions(-) -- 2.7.4