From: "Oliver Smith-Denny" <osde@linux.microsoft.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: devel@edk2.groups.io, Leif Lindholm <quic_llindhol@quicinc.com>,
Sami Mujawar <sami.mujawar@arm.com>,
Liming Gao <gaoliming@byosoft.com.cn>
Subject: Re: [edk2-devel][PATCH v1 1/1] MdeModulePkg: DxeCore: Don't Guard Large Runtime Granularity Allocations
Date: Thu, 15 Feb 2024 11:01:12 -0800 [thread overview]
Message-ID: <7ca4cab0-ce59-4b7e-b549-3c6adb8a256f@linux.microsoft.com> (raw)
In-Reply-To: <CAMj1kXEc3c7fwnWeYCPSDqVoQ8RFR=v8F4HVd3bpH_-WQmeSmw@mail.gmail.com>
On 2/15/2024 9:21 AM, Ard Biesheuvel wrote:
> Of the two options you presented in this paragraph, I prefer the one
> where the allocation presented to the caller may not be aligned, but
> the region plus guards is.
>
> But disabling it entirely for these regions is still perfectly fine
> with me, especially if the remove ACPI reclaim memory from the set.
> Heap guard is a hardening feature, and if the implementation is too
> complex to reason about comfortably, I don't think we can confidently
> rely on it.
>
> And as far as the OS is concerned: with the MAT, the runtime DXEs are
> mapped in a way where the read-only regions are interleaved with the
> read-write regions, and the holes in between are not mapped at all (at
> least on Linux). IOW, there is some implicit guarding going on
> already.
>
Looking back at the UEFI spec (section 2.3.6), I see this:
"If a 64KiB physical page contains any 4KiB page with any of the
following types listed below, then all 4KiB pages in the 64KiB page
must use identical ARM Memory Page Attributes" where the following
types are what you listed in the last email.
Then there is a further statement:
"Mixed attribute mappings within a larger page are not allowed."
So this would seem to indicate that pushing the guard pages inside
of the 64KiB would break the spec. Now, I think it could be hidden
and still meet the intent of the spec, which would be that the OS
gets consistent memory attributes reported, but still, the way the
spec is written this would seem to be a violation.
I'll send out a v2 with the type change.
Thanks,
Oliver
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115532): https://edk2.groups.io/g/devel/message/115532
Mute This Topic: https://groups.io/mt/104364784/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-02-15 19:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-15 0:34 [edk2-devel][PATCH v1 1/1] MdeModulePkg: DxeCore: Don't Guard Large Runtime Granularity Allocations Oliver Smith-Denny
2024-02-15 7:50 ` Ard Biesheuvel
2024-02-15 17:08 ` Oliver Smith-Denny
2024-02-15 17:21 ` Ard Biesheuvel
2024-02-15 19:01 ` Oliver Smith-Denny [this message]
2024-02-15 19:55 ` Oliver Smith-Denny
2024-02-15 22:17 ` Ard Biesheuvel
2024-02-15 22:39 ` Oliver Smith-Denny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7ca4cab0-ce59-4b7e-b549-3c6adb8a256f@linux.microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox