public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v2 0/4] ArmPkg, ArmVirtpkg ARM: enable strict memory protection
@ 2017-03-02 10:36 Ard Biesheuvel
  2017-03-02 10:36 ` [PATCH v2 1/4] ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily Ard Biesheuvel
                   ` (3 more replies)
  0 siblings, 4 replies; 13+ messages in thread
From: Ard Biesheuvel @ 2017-03-02 10:36 UTC (permalink / raw)
  To: edk2-devel, leif.lindholm, lersek; +Cc: Ard Biesheuvel

This series makes the prerequisite modifications to the ARM version of
the CpuDxe driver so we can enable PE/COFF image and NX memory protection
for ARM platforms, including ArmVirtPkg (#4)

Patch #1 refactors CpuSetMemoryAttributes() so it no longer splits section
mappings into page mappings unnecessarily.

Patch #2 removes some unnecessary cache/TLB maintenance, which becomes very
costly when CpuSetMemoryAttributes() is used in anger as is the case with
memory protections enabled.

Patch #3 wires up the EFI_MEMORY_RO/EFI_MEMORY_XP attributes, which were
ignored before.

Patch #4 enables the protection features for ArmVirtPkg platforms when
built for 32-bit ARM.

Changes since v1:
- trigger full TLB flush when UpdatePageEntries() results in a section split
- Make cache maintenance of the remapped regions conditional on whether the
  memory type changed. This prevents an inadvertent cache clean/invalidate by
  VA of the entire RAM area when the NX attribute is applied to it.
- remove DEBUG_INFO attribute from SetMemoryAttributes DEBUG output
- add Laszlo's R-b to #4

Ard Biesheuvel (4):
  ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily
  ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance
  ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes()
  ArmVirtPkg: enable PE/COFF image and memory protection for ARM
    platforms

 ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 250 ++++++++++----------
 ArmVirtPkg/ArmVirt.dsc.inc      |   9 +-
 2 files changed, 135 insertions(+), 124 deletions(-)

-- 
2.7.4



^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, other threads:[~2017-03-06 16:40 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-02 10:36 [PATCH v2 0/4] ArmPkg, ArmVirtpkg ARM: enable strict memory protection Ard Biesheuvel
2017-03-02 10:36 ` [PATCH v2 1/4] ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily Ard Biesheuvel
2017-03-06 14:12   ` Leif Lindholm
2017-03-06 14:55     ` Ard Biesheuvel
2017-03-06 16:24       ` Leif Lindholm
2017-03-02 10:36 ` [PATCH v2 2/4] ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance Ard Biesheuvel
2017-03-06 14:27   ` Leif Lindholm
2017-03-06 15:06     ` Ard Biesheuvel
2017-03-02 10:36 ` [PATCH v2 3/4] ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes() Ard Biesheuvel
2017-03-06 14:48   ` Leif Lindholm
2017-03-06 15:11     ` Ard Biesheuvel
2017-03-06 16:40       ` Leif Lindholm
2017-03-02 10:36 ` [PATCH v2 4/4] ArmVirtPkg: enable PE/COFF image and memory protection for ARM platforms Ard Biesheuvel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox