From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 22E657803CF for ; Tue, 15 Aug 2023 15:05:25 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=0Ua3Drq9o78lhToHPJ8PucyIAHrZIQZPqF5cH9CL/p8=; c=relaxed/simple; d=groups.io; h=From:Message-id:MIME-version:Subject:Date:In-reply-to:Cc:To:References:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-type; s=20140610; t=1692111924; v=1; b=BwspWLz943EGKLosbPhjdZT+5/Km9ocNK2uaARma3zLVNWaH1zQ2I0tGeLrjRx9If8CoLTmT 4KdcS12XwBnajMqHflNthW/zKXROJV39Jrze2nCVTRfyZCL3AQA7WDJ59OrG0BDMLvGTAoqi4YX A5fWrxt7ezW6qJavHGMUP87k= X-Received: by 127.0.0.2 with SMTP id xhJLYY7687511xiSoMfbN76J; Tue, 15 Aug 2023 08:05:24 -0700 X-Received: from rn-mailsvcp-mx-lapp02.apple.com (rn-mailsvcp-mx-lapp02.apple.com [17.179.253.23]) by mx.groups.io with SMTP id smtpd.web10.136522.1692111924183253046 for ; Tue, 15 Aug 2023 08:05:24 -0700 X-Received: from ma-mailsvcp-mta-lapp03.corp.apple.com (ma-mailsvcp-mta-lapp03.corp.apple.com [10.226.18.135]) by rn-mailsvcp-mx-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0RZF0115ATWYAX10@rn-mailsvcp-mx-lapp02.rno.apple.com> for devel@edk2.groups.io; Tue, 15 Aug 2023 08:05:23 -0700 (PDT) X-Proofpoint-GUID: A26KWZ0tXeZCjt7kcvS4IsC82MKB-YJz X-Proofpoint-ORIG-GUID: A26KWZ0tXeZCjt7kcvS4IsC82MKB-YJz X-Received: from ma-mailsvcp-mmp-lapp03.apple.com (ma-mailsvcp-mmp-lapp03.apple.com [17.32.222.16]) by ma-mailsvcp-mta-lapp03.corp.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0RZF00K9UTWY3E70@ma-mailsvcp-mta-lapp03.corp.apple.com>; Tue, 15 Aug 2023 08:05:22 -0700 (PDT) X-Received: from process_milters-daemon.ma-mailsvcp-mmp-lapp03.apple.com by ma-mailsvcp-mmp-lapp03.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0RZF00700TM9XM00@ma-mailsvcp-mmp-lapp03.apple.com>; Tue, 15 Aug 2023 08:05:22 -0700 (PDT) X-Va-A: X-Va-T-CD: e8694c3c822791ddeae7f8346da5dcb1 X-Va-E-CD: a79fd2dfc6232e7fdb69a3f9586137f7 X-Va-R-CD: e4c78c371ebf7c6b093b9a3c3edfe85c X-Va-ID: 9aad12fd-9b27-4c50-a7f0-b72de1327983 X-Va-CD: 0 X-V-A: X-V-T-CD: e8694c3c822791ddeae7f8346da5dcb1 X-V-E-CD: a79fd2dfc6232e7fdb69a3f9586137f7 X-V-R-CD: e4c78c371ebf7c6b093b9a3c3edfe85c X-V-ID: f7b4dfed-e47f-4cf9-9d84-af3226576945 X-V-CD: 0 X-Received: from smtpclient.apple (unknown [17.235.89.10]) by ma-mailsvcp-mmp-lapp03.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0RZF00ZC0TWTKN00@ma-mailsvcp-mmp-lapp03.apple.com>; Tue, 15 Aug 2023 08:05:22 -0700 (PDT) From: "Andrew Fish via groups.io" Message-id: <30CC4A49-0827-4960-A8F5-F44F534051F9@apple.com> MIME-version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Re: [edk2-devel] About EDK2 supports Self Modifying Code Date: Tue, 15 Aug 2023 08:05:06 -0700 In-reply-to: <0026aa43-c2d6-92bf-77a0-391a608e8b22@loongson.cn> Cc: Ard Biesheuvel , Liming Gao , Bob Feng , Yuwei Chen To: edk2-devel-groups-io , lichao@loongson.cn References: <22642530-3177-d5d9-426a-d5a68ebfe8c6@loongson.cn> <4EB062B0-6C13-480F-A2CC-95C715A08ECD@apple.com> <0026aa43-c2d6-92bf-77a0-391a608e8b22@loongson.cn> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,afish@apple.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: LU5dGswDnwFmFkBE7gK11xmxx7686176AA= Content-type: multipart/alternative; boundary="Apple-Mail=_CFA3CF69-3442-4A08-9D92-2C5C7EC890E8" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=BwspWLz9; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io --Apple-Mail=_CFA3CF69-3442-4A08-9D92-2C5C7EC890E8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Chao, >From a quick google it looks like CSR* is used to access banks of registers= that relate to things like performance counters and debug infrastructure a= nd the number of banks of these register sets is likely implementation defi= ned. Seems like we could introduce some Fixed At Build PCD values that defi= ne the maximum number of elements in a given bank.=20 If we are forced to use assembler it might be possible to write some macros= that used the fixed at build values to only generate functions for banks t= hat are needed for a given build. Then I think it becomes an exercise in de= ad code stripping the assembler. Most compilers generate assembler that con= tains functions that can be stripped as long as those functions follow cert= ain rules. As a side note it would be good for us to have an FAQ/Wiki entry for the de= ad code stripping rules for the various flavors of assembler. I know the Ap= ple assembler has a unique take on this. =20 Thanks, Andrew Fish > On Aug 15, 2023, at 1:54 AM, Chao Li wrote: >=20 > Hi Ard,=20 >=20 > Ok, I see, thanks for you suggestion. >=20 >=20 > Thanks, > Chao > =E5=9C=A8 2023/8/15 16:28, Ard Biesheuvel =E5=86=99=E9=81=93: >> On Tue, 15 Aug 2023 at 10:20, Chao Li wrote: >>> Hi Andrew, >>>=20 >>> Yes, you are right, I also think that SMC is a bit flawed in terms of s= ecurity, but can we use some security mechanism to protect the SMC, like en= cryption and decryption? Sorry, I'm not consider mature enough about SMC se= curity. >>>=20 >>> I can tell you real problem, there are some CSR instructions in LoongAr= ch64 that can only accept immediate value, for example: `csrrd $a0, 0x1`, t= he 0x1 is the selection of CSR register number, it can't use the registers = to select. This operation should be in the MdePkg base library. >>>=20 >> That is *not* a good reason for using self modifying code. If the CSR >> register number is known at build time, it should be emitted into the >> binary at build time in one way or another. >>=20 >>> I know that .c or .h files in MdePkg shouldn't depend on a single compi= ler feature, so I can't use the GNU AT&T style inline ASM function(AT&T sty= le inline supports input parameters being immedite value, use "i" option). = In this case, I think using SMC can handle this, that is use register trans= fer the CSR registers selection, and dynamically modify CSR instructions du= ring execution phase with reference to transfer register value, this way is= depend on the .text section or target memory is executable and writable. >>>=20 >>> The problem of immediate values can only be handled by preprocessing st= age or using SMC, otherwise I can only write a lot of similar functions and= use `switch case` to call them. This method will cause the program size to= expand a lot. >>>=20 >>> So, I think I have following choice: >>>=20 >>> Choice 1: >>>=20 >>> Use AT&T style inline function, and create a file named: CsrOperationGc= c.c, and other future compiler feature-dependent files will be named: CsrOp= erationClang.c, CsrOperationXlang.c and so on. >>>=20 >> If the only currently supported compiler (GCC?) has a syntax that >> permits emitting this as inline asm, it is perfectly fine to use this >> in your implementation. Once other compiler support is introduced, we >> can think about how to address the difference, but I suspect that >> Clang will just work with the GCC notation. >>=20 >>=20 >>=20 >>=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107766): https://edk2.groups.io/g/devel/message/107766 Mute This Topic: https://groups.io/mt/100751724/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562= 12/xyzzy [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --Apple-Mail=_CFA3CF69-3442-4A08-9D92-2C5C7EC890E8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Chao,

From a q= uick google it looks like CSR* is used to access banks of registers that re= late to things like performance counters and debug infrastructure and the n= umber of banks of these register sets is likely implementation defined. See= ms like we could introduce some Fixed At Build PCD values that define the m= aximum number of elements in a given bank. 

I= f we are forced to use assembler it might be possible to write some macros = that used the fixed at build values to only generate functions for banks th= at are needed for a given build. Then I think it becomes an exercise in dea= d code stripping the assembler. Most compilers generate assembler that cont= ains functions that can be stripped as long as those functions follow certa= in rules.

As a side note it would be good for us t= o have an FAQ/Wiki entry for the dead code stripping rules for the various = flavors of assembler. I know the Apple assembler has a unique take on this.=  

Thanks,

Andrew Fish=

On Aug 15, 2023, at 1:54 AM, Ch= ao Li <lichao@loongson.cn> wrote:

=20 =20

Hi Ard,

Ok, I see, thanks for you suggestion.<= /font>


Thanks,
Chao
=E5=9C=A8 2023/8/15 16:28, Ard Biesheuve= l =E5=86=99=E9=81=93:
On Tue, 15 Aug 2023 at 10:20, =
Chao Li <lichao@loongson.cn> wrote:

Hi Andrew,

Yes, you are right, I also think that SMC is a bit flawed in terms of secur=
ity, but can we use some security mechanism to protect the SMC, like encryp=
tion and decryption? Sorry, I'm not consider mature enough about SMC securi=
ty.

I can tell you real problem, there are some CSR instructions in LoongArch64=
 that can only accept immediate value, for example: `csrrd $a0, 0x1`, the 0=
x1 is the selection of CSR register number, it can't use the registers to s=
elect. This operation should be in the MdePkg base library.


That is *not* a good reason fo=
r using self modifying code. If the CSR
register number is known at build time, it should be emitted into the
binary at build time in one way or another.


I know that .c or .h files i=
n MdePkg shouldn't depend on a single compiler feature, so I can't use the =
GNU AT&T style inline ASM function(AT&T style inline supports input=
 parameters being immedite value, use "i" option). In this case, I think us=
ing SMC can handle this, that is use register transfer the CSR registers se=
lection, and dynamically modify CSR instructions during execution phase wit=
h reference to transfer register value, this way is depend on the .text sec=
tion or target memory is executable and writable.

The problem of immediate values can only be handled by preprocessing stage =
or using SMC, otherwise I can only write a lot of similar functions and use=
 `switch case` to call them. This method will cause the program size to exp=
and a lot.

So, I think I have following choice:

Choice 1:

Use AT&T style inline function, and create a file named: CsrOperationGc=
c.c, and other future compiler feature-dependent files will be named: CsrOp=
erationClang.c, CsrOperationXlang.c and so on.


If the only currently supporte=
d compiler (GCC?) has a syntax that
permits emitting this as inline asm, it is perfectly fine to use this
in your implementation. Once other compiler support is introduced, we
can think about how to address the difference, but I suspect that
Clang will just work with the GCC notation.

_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#107766) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--Apple-Mail=_CFA3CF69-3442-4A08-9D92-2C5C7EC890E8--