From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+115532+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id AAFB5AC19FE
	for <rebecca@openfw.io>; Thu, 15 Feb 2024 19:01:15 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=rR3GKthK7eCedzl8msLtcqhEZWWs1Kv9T/1NNOVeUiU=;
 c=relaxed/simple; d=groups.io;
 h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1708023674; v=1;
 b=IqEka6USkfEmwA+WLobopcONoS9F9zXi7jpJ83Tk05U5uqzF4XdojB/wyg6UQIJ67zqNb9A1
 ySk+Iw2lNp6D815WsHFkXRgv1aZVuhdF1IB/b25QPvXFrSHHIn3ZlaT0nSt0qSoX8NJFOIGbwKG
 3D+ST83paRXndpkOZ/fMVWcA=
X-Received: by 127.0.0.2 with SMTP id UhFiYY7687511x2fBsAXOJf8; Thu, 15 Feb 2024 11:01:14 -0800
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web11.836.1708023673486592632
 for <devel@edk2.groups.io>;
 Thu, 15 Feb 2024 11:01:13 -0800
X-Received: from [10.137.194.171] (unknown [131.107.160.171])
	by linux.microsoft.com (Postfix) with ESMTPSA id C66DD207F21C;
	Thu, 15 Feb 2024 11:01:12 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C66DD207F21C
Message-ID: <7ca4cab0-ce59-4b7e-b549-3c6adb8a256f@linux.microsoft.com>
Date: Thu, 15 Feb 2024 11:01:12 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [edk2-devel][PATCH v1 1/1] MdeModulePkg: DxeCore: Don't Guard Large Runtime Granularity Allocations
To: Ard Biesheuvel <ardb@kernel.org>
Cc: devel@edk2.groups.io, Leif Lindholm <quic_llindhol@quicinc.com>,
 Sami Mujawar <sami.mujawar@arm.com>, Liming Gao <gaoliming@byosoft.com.cn>
References: <20240215003412.30983-1-osde@linux.microsoft.com>
 <CAMj1kXGPkDPK1b=07yquRRiXJ0C4kEVqMGbGWe05ThQBMco4jg@mail.gmail.com>
 <7f65d4af-898e-437f-b31c-52156c6a696c@linux.microsoft.com>
 <CAMj1kXEc3c7fwnWeYCPSDqVoQ8RFR=v8F4HVd3bpH_-WQmeSmw@mail.gmail.com>
From: "Oliver Smith-Denny" <osde@linux.microsoft.com>
In-Reply-To: <CAMj1kXEc3c7fwnWeYCPSDqVoQ8RFR=v8F4HVd3bpH_-WQmeSmw@mail.gmail.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,osde@linux.microsoft.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: lkLqviHA9r5jjPHDwjv1V1Qxx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=IqEka6US;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

On 2/15/2024 9:21 AM, Ard Biesheuvel wrote:
> Of the two options you presented in this paragraph, I prefer the one
> where the allocation presented to the caller may not be aligned, but
> the region plus guards is.
>=20
> But disabling it entirely for these regions is still perfectly fine
> with me, especially if the remove ACPI reclaim memory from the set.
> Heap guard is a hardening feature, and if the implementation is too
> complex to reason about comfortably, I don't think we can confidently
> rely on it.
>=20
> And as far as the OS is concerned: with the MAT, the runtime DXEs are
> mapped in a way where the read-only regions are interleaved with the
> read-write regions, and the holes in between are not mapped at all (at
> least on Linux). IOW, there is some implicit guarding going on
> already.
>=20

Looking back at the UEFI spec (section 2.3.6), I see this:

"If a 64KiB physical page contains any 4KiB page with any of the
following types listed below, then all 4KiB pages in the 64KiB page
must use identical ARM Memory Page Attributes" where the following
types are what you listed in the last email.

Then there is a further statement:

"Mixed attribute mappings within a larger page are not allowed."

So this would seem to indicate that pushing the guard pages inside
of the 64KiB would break the spec. Now, I think it could be hidden
and still meet the intent of the spec, which would be that the OS
gets consistent memory attributes reported, but still, the way the
spec is written this would seem to be a violation.

I'll send out a v2 with the type change.

Thanks,
Oliver


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115532): https://edk2.groups.io/g/devel/message/115532
Mute This Topic: https://groups.io/mt/104364784/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-