From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7ADAF81F60 for ; Thu, 9 Feb 2017 08:48:27 -0800 (PST) Received: by mail-it0-x22f.google.com with SMTP id k200so41219816itb.1 for ; Thu, 09 Feb 2017 08:48:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Kl/VYVmApIq35v0lc6/VY04PwGftSqEyw54Skrv+9JQ=; b=Qv72uTqvbXlbfwgO6jI2YV+oVutPvxNMFXSCAGaR5mDcCcGpID0Xc1AE/H6InJBTpV Dj93EIlMbYtoXC707pUDEt5EHROmzqxY5U9xdB76/UDj/ibAIJsx4qVrb1PiMxdpTBvq QQv1C87WQh2Ax6DvdaruANSN4wGsAlCuGSJ+U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Kl/VYVmApIq35v0lc6/VY04PwGftSqEyw54Skrv+9JQ=; b=niyPeuxtJ3PuKwE3woctKU2Hw+s/gUlHHCYS19ouwDCM/ek8M3L9Lys3Gk9BkSZE+r LL7bTbM/i7C9peWA2lQCMuQczIIjdsb96eGfnGNVe9wgFNQzZuSiES01mDxWHRvm5Umy X8HMUvn8/En0GvuTM5oOzMw8QaDt/NEnvgOLS9OUkSrUUxCwjSkiv2HAvfacWhbAbpE6 Fv+MCRtDdCyAGugiafWt6fm5Q3EYqY33QLFoCPsIeLlwDoLXppsytP9Q2gy5G5gW0W5c Q4hOlbSa9M4vq3wrKDI6XwljWHllpUkiYMAPGnmDgIJW1h3QyioATEFxSx3gOehWa5K2 +1Hw== X-Gm-Message-State: AMke39lCYCBfwUYEm88zK1FHyS+SvhFxKgbPo4g7OOk9U0R4E8nOUAtUB09qkQomdbrbDZZG3iLkGMGxbMUSQfhW X-Received: by 10.36.74.67 with SMTP id k64mr4027673itb.37.1486658906862; Thu, 09 Feb 2017 08:48:26 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.144.139 with HTTP; Thu, 9 Feb 2017 08:48:26 -0800 (PST) In-Reply-To: References: <1486624832-15736-1-git-send-email-jiewen.yao@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EBD52@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EBEC3@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EBF20@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EC023@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EC093@shsmsx102.ccr.corp.intel.com> From: Ard Biesheuvel Date: Thu, 9 Feb 2017 16:48:26 +0000 Message-ID: To: "Yao, Jiewen" Cc: "Tian, Feng" , "edk2-devel@lists.01.org" , Leif Lindholm , "Kinney, Michael D" , "Fan, Jeff" , "Zeng, Star" Subject: Re: [PATCH V3 0/4] DXE Memory Protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 16:48:27 -0000 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 9 February 2017 at 16:30, Ard Biesheuvel wro= te: > On 9 February 2017 at 16:29, Yao, Jiewen wrote: >> Very good point. >> >> Can ARCH64 set 4K paging for 64K aligned runtime memory? >> > > UEFI always uses 4 KB, but the OS may use 64 KB, so to create the > virtual address map it needs the runtime regions to be 64 KB aligned. > >> >> >> If yes, how about we use >> >> =E2=80=9CImageRecord->ImageSize =3D ALIGN_VALUE(LoadedImage->ImageSize, >> EFI_PAGE_SIZE);=E2=80=9D >> > Another question: did you try SetVirtualAddressMap()? It looks like we need to lift read-only permissions to allow the runtime PE/COFF relocation to apply the fixups