From: "Ni, Ray" <ray.ni@intel.com>
To: Ard Biesheuvel <ardb@kernel.org>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Taylor Beebe <t@taylorbeebe.com>,
Oliver Smith-Denny <osd@smith-denny.com>,
"Bi, Dandan" <dandan.bi@intel.com>,
"Gao, Liming" <gaoliming@byosoft.com.cn>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
Leif Lindholm <quic_llindhol@quicinc.com>,
Sunil V L <sunilvl@ventanamicro.com>,
"Warkentin, Andrei" <andrei.warkentin@intel.com>
Subject: Re: [RFC PATCH 05/10] MdeModulePkg: Define memory attribute PPI
Date: Tue, 30 May 2023 07:15:24 +0000 [thread overview]
Message-ID: <MN6PR11MB82440E79DC3E4DF7E125542A8C4B9@MN6PR11MB8244.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20230525143041.1172989-6-ardb@kernel.org>
1.
The PPI interface supports to set and clear any attributes with single invocation.
That's much better than the existing UEFI protocol prototype which requires caller to call the interfaces
twice to set and clear some attributes.
So far I see two patterns for attributes setting:
*. The patten in this patch: SetMask/ClearMask
*. The pattern I used in PageTableLib: Attribute/Mask.
I think from caller side, they provide the same capabilities.
The difference is SetMask/ClearMask expects callers to not set the same BIT in both
SetMask/ClearMask.
(I thought there would be similar existing interfaces as pattern 2. But I didn't find any now.)
Do you mind to align to pattern #2?
2.
When a memory region is marked from not-present to present, PageTableLib expects
caller to supply all memory attributes (including RW, NX, etc.) as the lib implementation doesn't
want to carry any default attributes..
Do you think the MemoryAttribute PPI should expect the same to caller?
Thanks,
Ray
> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Thursday, May 25, 2023 10:31 PM
> To: devel@edk2.groups.io
> Cc: Ard Biesheuvel <ardb@kernel.org>; Ni, Ray <ray.ni@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Taylor Beebe
> <t@taylorbeebe.com>; Oliver Smith-Denny <osd@smith-denny.com>; Bi, Dandan
> <dandan.bi@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Leif Lindholm
> <quic_llindhol@quicinc.com>; Sunil V L <sunilvl@ventanamicro.com>; Warkentin,
> Andrei <andrei.warkentin@intel.com>
> Subject: [RFC PATCH 05/10] MdeModulePkg: Define memory attribute PPI
>
> Define a PPI interface that may be used by the PEI core or other PEIMs
> to manage permissions on memory ranges. This is primarily intended for
> restricting permissions to what is actually needed for correct execution
> by the code in question, and for limiting the use of memory mappings
> that are both writable and executable at the same time.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> MdeModulePkg/Include/Ppi/MemoryAttribute.h | 78 ++++++++++++++++++++
> MdeModulePkg/MdeModulePkg.dec | 3 +
> 2 files changed, 81 insertions(+)
>
> diff --git a/MdeModulePkg/Include/Ppi/MemoryAttribute.h
> b/MdeModulePkg/Include/Ppi/MemoryAttribute.h
> new file mode 100644
> index 0000000000000000..5ff31185ab4183f8
> --- /dev/null
> +++ b/MdeModulePkg/Include/Ppi/MemoryAttribute.h
> @@ -0,0 +1,78 @@
> +/** @file
>
> +
>
> +Copyright (c) 2023, Google LLC. All rights reserved.<BR>
>
> +
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef EDKII_MEMORY_ATTRIBUTE_PPI_H_
>
> +#define EDKII_MEMORY_ATTRIBUTE_PPI_H_
>
> +
>
> +#include <Uefi/UefiSpec.h>
>
> +
>
> +///
>
> +/// Global ID for the EDKII_MEMORY_ATTRIBUTE_PPI.
>
> +///
>
> +#define EDKII_MEMORY_ATTRIBUTE_PPI_GUID \
>
> + { \
>
> + 0x1be840de, 0x2d92, 0x41ec, { 0xb6, 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51,
> 0xfb } \
>
> + }
>
> +
>
> +///
>
> +/// Forward declaration for the EDKII_MEMORY_ATTRIBUTE_PPI.
>
> +///
>
> +typedef struct _EDKII_MEMORY_ATTRIBUTE_PPI
> EDKII_MEMORY_ATTRIBUTE_PPI;
>
> +
>
> +/**
>
> + Set the requested memory permission attributes on a region of memory.
>
> +
>
> + BaseAddress and Length must be aligned to EFI_PAGE_SIZE.
>
> +
>
> + Both SetMask and ClearMask may contain any combination of
> EFI_MEMORY_RP,
>
> + EFI_MEMORY_RO and EFI_MEMORY_XP, with the following restrictions:
>
> + - each constant may appear in either SetMask or ClearMask, but not in both;
>
> + - SetMask or ClearMask may be 0x0, but not both.
>
> +
>
> + @param[in] This The protocol instance pointer.
>
> + @param[in] BaseAddress The physical address that is the start address of
>
> + a memory region.
>
> + @param[in] Length The size in bytes of the memory region.
>
> + @param[in] SetMask Mask of memory attributes to set.
>
> + @param[in] ClearMask Mask of memory attributes to clear.
>
> +
>
> + @retval EFI_SUCCESS The attributes were set for the memory region.
>
> + @retval EFI_INVALID_PARAMETER Length is zero.
>
> + Invalid combination of SetMask and ClearMask.
>
> + BaseAddress or Length is not suitably aligned.
>
> + @retval EFI_UNSUPPORTED The processor does not support one or more
>
> + bytes of the memory resource range specified
>
> + by BaseAddress and Length.
>
> + The bit mask of attributes is not supported for
>
> + the memory resource range specified by
>
> + BaseAddress and Length.
>
> + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied
> due to
>
> + lack of system resources.
>
> +
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_MEMORY_ATTRIBUTE_SET_PERMISSIONS)(
>
> + IN EDKII_MEMORY_ATTRIBUTE_PPI *This,
>
> + IN EFI_PHYSICAL_ADDRESS BaseAddress,
>
> + IN UINT64 Length,
>
> + IN UINT64 SetMask,
>
> + IN UINT64 ClearMask
>
> + );
>
> +
>
> +///
>
> +/// This PPI contains a set of services to manage memory permission attributes.
>
> +///
>
> +struct _EDKII_MEMORY_ATTRIBUTE_PPI {
>
> + EDKII_MEMORY_ATTRIBUTE_SET_PERMISSIONS SetPermissions;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiMemoryAttributePpiGuid;
>
> +
>
> +#endif
>
> +
>
> diff --git a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec
> index 95dd077e19b3a901..d65dae18aa81e569 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -528,6 +528,9 @@ [Ppis]
> gEdkiiPeiCapsuleOnDiskPpiGuid = { 0x71a9ea61, 0x5a35, 0x4a5d, { 0xac,
> 0xef, 0x9c, 0xf8, 0x6d, 0x6d, 0x67, 0xe0 } }
>
> gEdkiiPeiBootInCapsuleOnDiskModePpiGuid = { 0xb08a11e4, 0xe2b7, 0x4b75,
> { 0xb5, 0x15, 0xaf, 0x61, 0x6, 0x68, 0xbf, 0xd1 } }
>
>
>
> + ## Include/Ppi/MemoryAttribute.h
>
> + gEdkiiMemoryAttributePpiGuid = { 0x1be840de, 0x2d92, 0x41ec, { 0xb6,
> 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51, 0xfb } }
>
> +
>
> [Protocols]
>
> ## Load File protocol provides capability to load and unload EFI image into
> memory and execute it.
>
> # Include/Protocol/LoadPe32Image.h
>
> --
> 2.39.2
next prev parent reply other threads:[~2023-05-30 7:15 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-25 14:30 [RFC PATCH 00/10] Add PPI to manage PEI phase memory attributes Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 01/10] ArmPkg/ArmMmuLib: Extend API to manage memory permissions better Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 02/10] ArmPkg/CpuDxe: Simplify memory attributes protocol implementation Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 03/10] ArmPkg/CpuPei: Drop bogus DEPEX on PEI permanent memory Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 04/10] OvmfPkg/RiscVVirt: Remove unimplemented NxForStack configuration Ard Biesheuvel
2023-05-29 12:50 ` Sunil V L
2023-05-25 14:30 ` [RFC PATCH 05/10] MdeModulePkg: Define memory attribute PPI Ard Biesheuvel
2023-05-30 7:15 ` Ni, Ray [this message]
2023-05-30 7:32 ` Ard Biesheuvel
2023-05-31 7:33 ` Ni, Ray
2023-05-31 7:53 ` Ard Biesheuvel
2023-05-31 8:56 ` [edk2-devel] " Ni, Ray
2023-05-31 9:24 ` Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 06/10] ArmPkg/CpuPei: Implement the memory attributes PPI Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 07/10] MdeModulePkg/PeiCore: Apply restricted permissions in image loader Ard Biesheuvel
2023-05-25 17:21 ` [edk2-devel] " Oliver Smith-Denny
2023-05-25 21:29 ` Ard Biesheuvel
2023-05-30 16:51 ` Oliver Smith-Denny
2023-05-30 20:51 ` Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 08/10] MdeModulePkg/DxeIpl: Merge EBC, RISCV64 and LOONGARCH code Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX Ard Biesheuvel
2023-05-30 7:19 ` Ni, Ray
2023-05-30 10:25 ` duntan
2023-05-30 12:51 ` Ard Biesheuvel
2023-05-31 7:22 ` Gerd Hoffmann
2023-05-31 1:29 ` Ni, Ray
2023-05-31 19:03 ` [edk2-devel] " Lendacky, Thomas
2023-05-31 21:01 ` Ard Biesheuvel
2023-05-25 14:30 ` [RFC PATCH 10/10] MdeModulePkg/DxeIpl ARM AARCH64: Switch to generic handoff code Ard Biesheuvel
2023-05-25 17:20 ` [edk2-devel] [RFC PATCH 00/10] Add PPI to manage PEI phase memory attributes Oliver Smith-Denny
2023-05-25 21:43 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN6PR11MB82440E79DC3E4DF7E125542A8C4B9@MN6PR11MB8244.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox