From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id AAFB5AC19FE for ; Thu, 15 Feb 2024 19:01:15 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=rR3GKthK7eCedzl8msLtcqhEZWWs1Kv9T/1NNOVeUiU=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1708023674; v=1; b=IqEka6USkfEmwA+WLobopcONoS9F9zXi7jpJ83Tk05U5uqzF4XdojB/wyg6UQIJ67zqNb9A1 ySk+Iw2lNp6D815WsHFkXRgv1aZVuhdF1IB/b25QPvXFrSHHIn3ZlaT0nSt0qSoX8NJFOIGbwKG 3D+ST83paRXndpkOZ/fMVWcA= X-Received: by 127.0.0.2 with SMTP id UhFiYY7687511x2fBsAXOJf8; Thu, 15 Feb 2024 11:01:14 -0800 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.836.1708023673486592632 for ; Thu, 15 Feb 2024 11:01:13 -0800 X-Received: from [10.137.194.171] (unknown [131.107.160.171]) by linux.microsoft.com (Postfix) with ESMTPSA id C66DD207F21C; Thu, 15 Feb 2024 11:01:12 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C66DD207F21C Message-ID: <7ca4cab0-ce59-4b7e-b549-3c6adb8a256f@linux.microsoft.com> Date: Thu, 15 Feb 2024 11:01:12 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel][PATCH v1 1/1] MdeModulePkg: DxeCore: Don't Guard Large Runtime Granularity Allocations To: Ard Biesheuvel Cc: devel@edk2.groups.io, Leif Lindholm , Sami Mujawar , Liming Gao References: <20240215003412.30983-1-osde@linux.microsoft.com> <7f65d4af-898e-437f-b31c-52156c6a696c@linux.microsoft.com> From: "Oliver Smith-Denny" In-Reply-To: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,osde@linux.microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: lkLqviHA9r5jjPHDwjv1V1Qxx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=IqEka6US; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On 2/15/2024 9:21 AM, Ard Biesheuvel wrote: > Of the two options you presented in this paragraph, I prefer the one > where the allocation presented to the caller may not be aligned, but > the region plus guards is. >=20 > But disabling it entirely for these regions is still perfectly fine > with me, especially if the remove ACPI reclaim memory from the set. > Heap guard is a hardening feature, and if the implementation is too > complex to reason about comfortably, I don't think we can confidently > rely on it. >=20 > And as far as the OS is concerned: with the MAT, the runtime DXEs are > mapped in a way where the read-only regions are interleaved with the > read-write regions, and the holes in between are not mapped at all (at > least on Linux). IOW, there is some implicit guarding going on > already. >=20 Looking back at the UEFI spec (section 2.3.6), I see this: "If a 64KiB physical page contains any 4KiB page with any of the following types listed below, then all 4KiB pages in the 64KiB page must use identical ARM Memory Page Attributes" where the following types are what you listed in the last email. Then there is a further statement: "Mixed attribute mappings within a larger page are not allowed." So this would seem to indicate that pushing the guard pages inside of the 64KiB would break the spec. Now, I think it could be hidden and still meet the intent of the spec, which would be that the OS gets consistent memory attributes reported, but still, the way the spec is written this would seem to be a violation. I'll send out a v2 with the type change. Thanks, Oliver -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115532): https://edk2.groups.io/g/devel/message/115532 Mute This Topic: https://groups.io/mt/104364784/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-