Hi Ray,

This is handled by GenFw. For ELF-based toolchains, this is done as part of the conversion [1]. For others, a “GenFw post-processing” step takes care of it [2]. Though you are right, this is not obvious and external tools may forget this step (but still produce valid XIP-alike PEs). Consequently, I guess I’ll recommend against my former suggestion to check FileAlign == SectAlign and to instead just check the actual section info [3].

While this looks safe for now, GenFv would be a much more logical place for XIP conversion. This way, everything is XIP and when page-aligning all images, the flash storage quickly runs out of space (at least without compression). That GenFv has no logic to grow image files also kept me from implementing a new 2-section approach to XIP where metadata and sections are stored separately, such that the header metadata doesn’t need to be section-aligned.

(Completely irrelevant to this discussion, but while we’re at it, the flat storage hierarchy also makes memory protection for XIP a pain, as there will be FFS metadata inbetween 4K-aligned (or maybe even more in the future?) images, thus virtually always yielding padding. If all images were stored consecutively and the FFS metadata rather pointed to their locations, a lot if padding could be avoided. Though this would need some analysis as to how much you actually save, as adding an offset variable will obviously grow the FFS overhead. It would also be nice to somehow encode the offset implicitly, where the first one is explicitly provided and the rest is just adding up the size of the previous one, but that might screw over some existing parsers.)

Best regards,
Marvin

[1] https://github.com/tianocore/edk2/blob/d8e5d35ede7158ccbb9abf600e65b9aa6e043f74/BaseTools/Source/C/GenFw/Elf64Convert.c#L1297

[2] https://github.com/tianocore/edk2/blob/d8e5d35ede7158ccbb9abf600e65b9aa6e043f74/BaseTools/Source/C/GenFw/GenFw.c#L2088

[3] https://github.com/acidanthera/audk/blob/d9bb10ae3b73134eb434b309cb0db3fa4282a838/MdePkg/Library/BasePeCoffLib2/PeCoffLoad.c#L134

On 31. May 2023, at 09:14, Ni, Ray <ray.ni@intel.com> wrote:



When a PE has a global large variable, there could be a .bss section whose actual size is 0 or very small but the eventual size when loading to memory will be larger.

Can XIP work with this section? @Liu, Zhiguang brought this question when discussing with me offline😊

 

Thanks,
Ray

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Marvin Häuser
Sent: Tuesday, May 30, 2023 6:25 PM
To: Ard Biesheuvel <ardb@kernel.org>
Cc: edk2-devel-groups-io <devel@edk2.groups.io>; Ni, Ray <ray.ni@intel.com>
Subject: Re: [edk2-devel] [RFC PATCH 08/11] MdeModulePkg/DxeIpl: Relocate and remap XIP capable DXE drivers

 

 

On 30. May 2023, at 12:02, Ard Biesheuvel <ardb@kernel.org> wrote:

 

On Tue, 30 May 2023 at 11:53, Marvin Häuser <mhaeuser@posteo.de> wrote:




On 30. May 2023, at 11:48, Ard Biesheuvel <ardb@kernel.org> wrote:

On Tue, 30 May 2023 at 11:47, Ard Biesheuvel <ardb@kernel.org> wrote:


On Tue, 30 May 2023 at 11:42, Marvin Häuser <mhaeuser@posteo.de> wrote:


I took a *very brief* look at the entire series now. Is this just to apply permissions before CpuDxe is loaded


Yes.


Well, actually, the first part of the series gets rid of some
pointless memory copies, which is an improvement in itself.


Sorry, I didn't mean the series, I meant the choice to handle things in DxeIpl over DxeCore in particular.

Is there even a non-FOSS producer of the CpuArch protocol? To my understanding, all (common) Intel platforms use the one in UefiCpuPkg. ARM and friends feel a lot less proprietary to begin with, but I could be wrong. We were quite successful so far with just merging CpuArch into DxeCore and setting it up quite early, but of course not at an industry-wide scale. :)


What about the dependencies of CpuArch protocol? On ARM, this is the
GIC driver (for the interrupt controller), which has its own platform
specific dependencies.

 

Hmm, was that for the exception handler? I forgot that was in CpuDxe too, I specifically meant the memory permission related things, sorry!




So this is not tractable in general, and the only options we have (imo) are

- add memory permission attribute handling to DxeCore directly (via a
library with arch specific implementations)

 

Yes, this.



- add a way to dispatch the CpuDxe *and its dependencies* without the
need to manipulate memory permissions

 

That would be awful and I'd prefer your current solution over this.




Clumping everything together into DxeCore does not appear to me as a
sustainable approach for this.