public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: "Tian, Feng" <feng.tian@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
	Leif Lindholm <leif.lindholm@linaro.org>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	"Fan, Jeff" <jeff.fan@intel.com>,
	"Zeng, Star" <star.zeng@intel.com>
Subject: Re: [PATCH V3 0/4] DXE Memory Protection
Date: Thu, 9 Feb 2017 15:27:35 +0000	[thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8EC023@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <CAKv+Gu8je9nimevNp2oAte1-sXx+kJiMTV5pKH_-cwCqgOCumA@mail.gmail.com>

1)       That is great. I appreciate your quick response and help.
I will drop my patch for ARM 2/4, and wait for yours.


2)       For ImageEnd alignment issue, I agree with you.
I plan to round up with:
ImageRecord->ImageSize = ALIGN_VALUE(LoadedImage->ImageSize, SectionAlignment);
before SetUefiImageProtectionAttributes (ImageRecord, Protect);

I will update it at V4.

Thank you
Yao Jiewen


From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ard Biesheuvel
Sent: Thursday, February 9, 2017 6:56 AM
To: Yao, Jiewen <jiewen.yao@intel.com>
Cc: Tian, Feng <feng.tian@intel.com>; edk2-devel@lists.01.org; Leif Lindholm <leif.lindholm@linaro.org>; Kinney, Michael D <michael.d.kinney@intel.com>; Fan, Jeff <jeff.fan@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [edk2] [PATCH V3 0/4] DXE Memory Protection

On 9 February 2017 at 14:08, Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> wrote:
> For X86 CPU, the memory protection attribute goes to page table, the cache
> attribute goes to MTRR register.
>
> Those are 2 difference resource, and can be set separately.
>
>
>
> The high level pseudo code is below:
>
> =======================
>
> CacheAttribute = Attribute & CACHE_ATTRIBUTE_MASK
>
> MemoryProtectionAttribute = Attribute & MEMORY_PROTECTION_ATTRIBUTE_MASK
>
> If (CacheAttribute != 0) {
>
>      SetCacheAttribute(CacheAttribute)
>
> }
>
> SetMemoryProtectionAttribute(MemoryProtectionAttribute)
>
> =======================
>
>
>
> NOTE: we need compare CacheAttribute == 0, because the cache attribute is an
> individual mask. 0x1 means UN_CACHE, 0x8 means WRITE_BACK. 0 is meaningless.
>
> We do not compare MemoryProtectionAttribute == 0, because 0 is a valid
> memory protection attribute, which means to disable protection.
>
>
>
> Before GCD sync, the DxeCore does not know the cache attribute, so that it
> can only set memory attribute. The CPU driver only modifies page table based
> upon MemoryProtectionAttribute and keep cache attribute untouched.
>

OK, I think we should be able to work around this, although it is not
pretty. I will send it out as a separate patch.

I do have one other question though: would it be possible to round up
the end of the image to page size in this code? (in
SetUefiImageProtectionAttributes()) Otherwise, we may end up calling
SetMemoryAttributes() with a length that is not page aligned, which
hits an EFI_UNSUPPORTED on ARM. Given that the PE/COFF loader always
allocates full pages, we know the space after the image is not used,
so it is possible (and even more secure!) to clear the exec bit on it.

"""
  //
  // Last DATA
  //
  ASSERT (CurrentBase <= ImageEnd);
  if (CurrentBase < ImageEnd) {
    //
    // DATA
    //
    if (Protect) {
      Attribute = EFI_MEMORY_XP;
    } else {
      Attribute = 0;
    }
    SetUefiImageMemoryAttributes (
      CurrentBase,
      ImageEnd - CurrentBase,
      Attribute
      );
  }
"""
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
https://lists.01.org/mailman/listinfo/edk2-devel


  reply	other threads:[~2017-02-09 15:27 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-09  7:20 [PATCH V3 0/4] DXE Memory Protection Jiewen Yao
2017-02-09  7:20 ` [PATCH V3 1/4] UefiCpuPkg/CpuDxe: Add memory attribute setting Jiewen Yao
2017-02-09  7:20 ` [PATCH V3 2/4] ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage Jiewen Yao
2017-02-09  7:20 ` [PATCH V3 3/4] MdeModulePkg/dec: add PcdImageProtectionPolicy Jiewen Yao
2017-02-09  7:20 ` [PATCH V3 4/4] MdeModulePkg/DxeCore: Add UEFI image protection Jiewen Yao
2017-02-09  7:43 ` [PATCH V3 0/4] DXE Memory Protection Yao, Jiewen
2017-02-09  8:49   ` Ard Biesheuvel
2017-02-09  9:09     ` Ard Biesheuvel
2017-02-09  9:22       ` Ard Biesheuvel
2017-02-09 13:19         ` Yao, Jiewen
2017-02-09 13:51           ` Ard Biesheuvel
2017-02-09 14:08             ` Yao, Jiewen
2017-02-09 14:55               ` Ard Biesheuvel
2017-02-09 15:27                 ` Yao, Jiewen [this message]
2017-02-09 15:28                   ` Ard Biesheuvel
2017-02-09 16:21                     ` Ard Biesheuvel
2017-02-09 16:29                       ` Yao, Jiewen
2017-02-09 16:30                         ` Ard Biesheuvel
2017-02-09 16:48                           ` Ard Biesheuvel
2017-02-10  2:26                             ` Yao, Jiewen
2017-02-10  6:34                               ` Ard Biesheuvel
2017-02-10  6:41                                 ` Ard Biesheuvel
2017-02-10 11:32                                   ` Yao, Jiewen
2017-02-10 11:42                                     ` Ard Biesheuvel
2017-02-10 12:59                                       ` Yao, Jiewen
2017-02-10 14:16                                         ` Ard Biesheuvel
2017-02-09 14:23 ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503A8EC023@shsmsx102.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox