From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by mx.groups.io with SMTP id smtpd.web10.9262.1585136338631911305 for ; Wed, 25 Mar 2020 04:38:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=Cj+8rtgW; spf=pass (domain: linaro.org, ip: 209.85.128.68, mailfrom: ard.biesheuvel@linaro.org) Received: by mail-wm1-f68.google.com with SMTP id g62so2246656wme.1 for ; Wed, 25 Mar 2020 04:38:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8QVTWaoBtu5YNW7QatxYlsvt1GnHCQrGjnrFOLwcbVE=; b=Cj+8rtgWEjssrRVcLm+JrPVW8kq/5JkXMyarlrBjLJ4b6UTXK9Y1SMk6BT43dawc0O Si1N0aQqKX+onzXqA5XFyq9TAeHJWNKKECKfgAZYeTEcp8SghbaRIY64UKmRG/EuMLMR VdYnldsIPZLd+N2ltyp3+xndyq1THLocBgFrReeg5+xhUzcQjOVV8XEc18v3aaDiqDlk XjbXwsFr7/Mf04jpNaot2kbu6MlXEG7+VlwYrIHehoOv9EwfGBX4MYfyHMASeTKEYIgX gTWgrI5YTAyoQHeDtTuQ5RlTows55cCfdXC2KMggK2JZDV/dHRRT8XTM/W5kO4vSGK77 TkXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8QVTWaoBtu5YNW7QatxYlsvt1GnHCQrGjnrFOLwcbVE=; b=KhiqSIJd7rJX93q/ZIicBKyNDyJbX0R4qxLlPbt3WHrrbqqGfPqwB8Ncnxis8seA09 rV7NVGoh33Eje9WDDUXCR+K25R6rJQa0tDbfYvg9Hh2P18I8THbJ3J+Nam4kDrhiCiG/ Wxzcm/a9dRgIQmd2WLEhX4Jz5bF/2MEKPXbOC0D/7docz68te3eMCo4KJbegV1fa8LtS OgMAW4oYbrYidSeoabiO4J1LNJai74kVq0GY60+3Och9MD5S7523U9cx5hK+2Cg+icx9 +Ao1KbuNJzOnMVD2wlmTQpcNpYDE3vLiSVGE81AWw73v+Jb1klT+4Y0dHqRkCXsuHgr4 ojKw== X-Gm-Message-State: ANhLgQ1C4DL+ObsIwJNe7U4KhWT4v5FuoBjHDdZ393i9jjmngkWt+41U 6aTEI2ZmR03k7JmecgcXW5+2a4kg9mex8Qrk X-Google-Smtp-Source: ADFU+vvzV2qtcVyxQgtQMBpu1Hj4mssuId3FVF/c5wjen68LZabouERV/4iUeKkuy1rXAyt7leqVVA== X-Received: by 2002:a05:600c:2f01:: with SMTP id r1mr2966697wmn.31.1585136336860; Wed, 25 Mar 2020 04:38:56 -0700 (PDT) Return-Path: Received: from e123331-lin.home (amontpellier-657-1-18-247.w109-210.abo.wanadoo.fr. [109.210.65.247]) by smtp.gmail.com with ESMTPSA id v26sm33259682wra.7.2020.03.25.04.38.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Mar 2020 04:38:55 -0700 (PDT) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Laszlo Ersek , Leif Lindholm , Ashish Singhal Subject: [PATCH v2 2/2] ArmPkg/ArmMmuLib AARCH64: preserve attributes when replacing a table entry Date: Wed, 25 Mar 2020 12:38:46 +0100 Message-Id: <20200325113846.21700-3-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200325113846.21700-1-ard.biesheuvel@linaro.org> References: <20200325113846.21700-1-ard.biesheuvel@linaro.org> Currently, depending on the size of the region being (re)mapped, the page table manipulation code may replace a table entry with a block entry, even if the existing table entry uses different mapping attributes to describe different parts of the region it covers. This is undesirable, and instead, we should avoid doing so unless we are disregarding the original attributes anyway. And if we make such a replacement, we should free all the page tables that have become orphaned in the process. So let's implement this, by taking the table entry path through the code for block sized regions if a table entry already exists, and the clear mask is set (which means we are preserving attributes from the existing mapping). And when we do replace a table entry with a block entry, free all the pages that are no longer referenced. Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 25 ++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c index 6f6ef5b05fbc..488156e69057 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -223,8 +223,12 @@ UpdateRegionMappingRecursive ( // than a block, and recurse to create the block or page entries at // the next level. No block mappings are allowed at all at level 0, // so in that case, we have to recurse unconditionally. + // If we are changing a table entry and the AttributeClearMask is non-zero, + // we cannot replace it with a block entry without potentially losing + // attribute information, so keep the table entry in that case. // - if (Level == 0 || ((RegionStart | BlockEnd) & BlockMask) != 0) { + if (Level == 0 || ((RegionStart | BlockEnd) & BlockMask) != 0 || + (IsTableEntry (*Entry, Level) && AttributeClearMask != 0)) { ASSERT (Level < 3); if (!IsTableEntry (*Entry, Level)) { @@ -245,6 +249,8 @@ UpdateRegionMappingRecursive ( InvalidateDataCacheRange (TranslationTable, EFI_PAGE_SIZE); } + ZeroMem (TranslationTable, EFI_PAGE_SIZE); + if (IsBlockEntry (*Entry, Level)) { // // We are splitting an existing block entry, so we have to populate @@ -262,8 +268,6 @@ UpdateRegionMappingRecursive ( FreePages (TranslationTable, 1); return Status; } - } else { - ZeroMem (TranslationTable, EFI_PAGE_SIZE); } } else { TranslationTable = (VOID *)(UINTN)(*Entry & TT_ADDRESS_MASK_BLOCK_ENTRY); @@ -300,7 +304,20 @@ UpdateRegionMappingRecursive ( EntryValue |= (Level == 3) ? TT_TYPE_BLOCK_ENTRY_LEVEL3 : TT_TYPE_BLOCK_ENTRY; - ReplaceTableEntry (Entry, EntryValue, RegionStart, FALSE); + if (IsTableEntry (*Entry, Level)) { + // + // We are replacing a table entry with a block entry. This is only + // possible if we are keeping none of the original attributes. + // We can free the table entry's page table, and all the ones below + // it, since we are dropping the only possible reference to it. + // + ASSERT (AttributeClearMask == 0); + TranslationTable = (VOID *)(UINTN)(*Entry & TT_ADDRESS_MASK_BLOCK_ENTRY); + ReplaceTableEntry (Entry, EntryValue, RegionStart, TRUE); + FreePageTablesRecursive (TranslationTable); + } else { + ReplaceTableEntry (Entry, EntryValue, RegionStart, FALSE); + } } } return EFI_SUCCESS; -- 2.17.1