From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.4421.1685430938390368181 for ; Tue, 30 May 2023 00:15:38 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=FLJCVSAu; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: ray.ni@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685430938; x=1716966938; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=vCnFFT04Se3kUirJ+paxz0Esu3LzJxVj8k3QWsVXu4w=; b=FLJCVSAuhzpe+nvOLacgNDWYR++fr8CqUhhSyMBFsplg609jLpiUzHqW 6P6Ht1R+gQrUPX/c6nDOiIScMT8y3+aVunahnh4jzbufXvrVpSXCQhqua Epc7L0mKdfmH6VKoO4ceKk87cDbAfs3PyzPXMDWj1dHVx6l6fL2ePLdHx nyWwJFtYdb7Gw72o32orYy0SGBReCLXDKLE5IPNJs7IGIpcecAPw8kkBQ hPYMuWmDUJjshi+SCH+v8NoBxb+/yRj1CykBxqTdL0tmoygWToxtpQOYZ udU5t5E049wFsTD34fH8ZMHM81/wOscsAog1hCNb7ErsG8gjDj7q+GRPi Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="420595849" X-IronPort-AV: E=Sophos;i="6.00,203,1681196400"; d="scan'208";a="420595849" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 00:15:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="953008994" X-IronPort-AV: E=Sophos;i="6.00,203,1681196400"; d="scan'208";a="953008994" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga006.fm.intel.com with ESMTP; 30 May 2023 00:15:33 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 30 May 2023 00:15:32 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Tue, 30 May 2023 00:15:32 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.168) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Tue, 30 May 2023 00:15:32 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cGABI4qGIUsDGi8e4KENaLTWi40XNoajY8XprDIJQCzwpxKTQTPbhJEDmc82VjlFojiFq1SiclnvJk8a4U7k8cdLToT6pKGZ+qj7jwYa+ilHDdoJ+9kFB1mW+jmCh3YVWYrvsVfBjOTD/PXZMrCyODTE/m2kutNgSl9Hmvh447Kgukc6mzSFGR4+No1D7w7qL68/9/3PtBRnhb92zP1ps3PYfGCZOweNBRhDCmzsXyQ/UOX4jeh7BQzygBw82zcQQk8wnvNz+DjoA5iOyCY0VnrVDQS6C32FFjocb4eBL+OqW8mc16cNY3KKuXJtxe2DvE3nRis4F4hBVcvcou3lQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=smfi3ftuV/hvsZWB5hh8x6lHlZ0YV1hdEtnR12CcFD4=; b=Tyvx/DjW6zhh+nlSwuUdyNXg2c7DhGC08pk9bmxVrU9DZF4/N0z+0/WwD80MvVkg/Yo/PxOMMK4PfdWwKOvBcFi04c7ZBv+3KgbJBo64+08Ogk4SIjFk30HxrBpSYPjYkgRoFl1okQPj2qSS+pjKoBynVXLVN4ln5CSPWD70JgMheXTWJtsw0fiCvE4LCsZ/YOe91KMVv159Qn7/rkLqXhpmV931kx2jsRj2LP3y2Siy0xE5hk3QeQYbp2awzxYaLLiQsAxCwRgnOpV0nn6ZDOtR6vonRd8QX9vfazs/Qt4bb3TAqsEUhfHM22gu9k1w8Bg9j1pzRHILWjMzLfHx/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by DS7PR11MB6222.namprd11.prod.outlook.com (2603:10b6:8:99::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.23; Tue, 30 May 2023 07:15:25 +0000 Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::892b:b8e6:bab7:635d]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::892b:b8e6:bab7:635d%5]) with mapi id 15.20.6433.018; Tue, 30 May 2023 07:15:25 +0000 From: "Ni, Ray" To: Ard Biesheuvel , "devel@edk2.groups.io" CC: "Yao, Jiewen" , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , "Bi, Dandan" , "Gao, Liming" , "Kinney, Michael D" , Leif Lindholm , Sunil V L , "Warkentin, Andrei" Subject: Re: [RFC PATCH 05/10] MdeModulePkg: Define memory attribute PPI Thread-Topic: [RFC PATCH 05/10] MdeModulePkg: Define memory attribute PPI Thread-Index: AQHZjxWlHob9PT2NkUGSKmYyuvRK5K9yagxA Date: Tue, 30 May 2023 07:15:24 +0000 Message-ID: References: <20230525143041.1172989-1-ardb@kernel.org> <20230525143041.1172989-6-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-6-ardb@kernel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|DS7PR11MB6222:EE_ x-ms-office365-filtering-correlation-id: 6138f793-2f4f-424a-d39c-08db60dda334 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: PS6r6F9/DyLsjgMU+3bREUMzw04GpGOiHnf+zDYKmxicMT7OlCliolQbIOhFiiC+hzGbzLQGKmxKs4aHQ89pqUt798qthzLqZEuh2kyWm9PBv3siENL1mAQ4H/J4adrb+wPDyrJu9nS3JaxVEgVx5XASG+oU9j8lpe9hJt8nVzzLHXNrRMh82t80AuEE3lNCZ1Ma54Wv8nCMNQ0Dcjf4IjN9IlFx6knGdst8ZNZhDvaZRQsWD488MxLwWhSNhZsTd8miVXjS7ilaXwxx8wmG1Mg9T095aU4//kP6zWWNPQSigvvInj+T3WErOB3czHVrvPRRpHBBB4CbtiYFg/mo9kyUJmIyukf4U4hxVu3JEP9tbGv0U5/OXKUslw0BTQlQ6f9F+dT22vidCUj4C4D0xAWdTewpZEAFTz/Ob2TpW1Rtmb8+HcD6BQ/bE+x7KfinIIa9PVqHJankdIslbTu88edyBKHpICwwzYc3bPt98IRF5Ur1CDXIGc0DJmT8/+x4Qk/f42XogSMCdouHX/I7etHpFds56BlJDGyemWtTVPCtai4EQokR2PPjIiwMuMS13EQ85WqOEdFh/l7oDQBtgKjvqbTEb9X7pIirOdAv3JJh7+dK/kdWptCaqnfl8pwK x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN6PR11MB8244.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(366004)(39860400002)(136003)(396003)(376002)(346002)(451199021)(26005)(7696005)(53546011)(9686003)(71200400001)(6506007)(33656002)(2906002)(316002)(186003)(55016003)(5660300002)(107886003)(52536014)(41300700001)(8676002)(8936002)(478600001)(82960400001)(122000001)(38100700002)(19627235002)(54906003)(4326008)(86362001)(76116006)(110136005)(66946007)(38070700005)(66476007)(66556008)(66446008)(64756008)(83380400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?GNHmV4ABzBe9zfYc0p1fNQ1X/Rw/PzMCHstT2KZnz+aOI1wlI4OB+n2KDZPq?= =?us-ascii?Q?VFbvbpbaSwjtCarTdB0EOlCmrcLIRZE/pumU/2xywfaFYYVj+FzqgxP3I4h0?= =?us-ascii?Q?ml6OOVT6BhAHY4ij0RXAM61/CkC/g2KlSkn9J+MXQ03SKpTl+uB7YcQpao32?= =?us-ascii?Q?57tHHrHQAPOa/CNHd2EAWsatR5DaY9UNeNjnyXaJAAt8I13lSNTls8AWZjJe?= =?us-ascii?Q?I32SemiLodXhTzBhwkNSmrKM0YQzNGiOIfwBi9m5i5tv506JQGb7xJvA5ecg?= =?us-ascii?Q?/bv4EdPCshmrgx8ZEeZA16Z0K3NcuiW14EAJ3xQCruGmJroKwWmqeD6ud8fd?= =?us-ascii?Q?XCPBEJ02GAwqwe++qWeYEY3FSEvG2h/DUaLMC+95YtMPPUjFkEXCtbx6ZHCj?= =?us-ascii?Q?DfPyZFBUKdwUjfH3pW2/ywnsOxzpFWdMjTx1iwP3wa36ji3YQIvhKbbE++Q5?= =?us-ascii?Q?ziJEq3Gkzs5BsC1dqgNVKURBPhd81qWVeweinZsEWjE8p5OjezS33eMODWVy?= =?us-ascii?Q?P0W1371DgzOaCXkhq+WJ1+Y3l9Vjyr+fxBKIDmTM3aJ5A6i0B1I/y/GJJyi9?= =?us-ascii?Q?LUF83CdULC5zBrYr4b7z0jnf7TjhKQBdBPaW3U7HHfKBShzGMDcoVa1KYF9b?= =?us-ascii?Q?VZX0agI3WOoM0e77wEehor62Awkb25fCH7XxAD4T+c7N/3IKaz9kARjmyTUD?= =?us-ascii?Q?Ydv+DBifHopUWjEN+BGHGwl7eeZTNUvWt5M/oAFGXzS2HIyngN+qDEbpBKzR?= =?us-ascii?Q?hPKURgptdvGetSssa/5uVfzkuM7uT9I4siyhpYw2Es1tNtwBC2Q1kkmrsuGz?= =?us-ascii?Q?vJWAxEMkLigirmZPSuUx83a2sCXQXPvrhpfFroH6Irza6savV8QPw2q7SO46?= =?us-ascii?Q?UlUAYJf+zNNx3Q0b+rFQ/X1p5bb+QtTG1X8/I/I3N+diUx1CvE2Xt0LrwXoB?= =?us-ascii?Q?5ywiGJcH/ygEEdhTN6rdhvno/5L8Sdk0e3j8t9CDdzz+fCmyxIzmd8kiWvUD?= =?us-ascii?Q?cEkc35meG+HUSlxwrdTp55O7uGY39ma0MIIUmxd+4uyCHJXB6lxlIHFqZWHD?= =?us-ascii?Q?inUdegCkrEBSX7tJf/7lvYURGimeQgz6IVpGswJAMi3JJ55xaYfstBg18KcK?= =?us-ascii?Q?4Wvgcj1WVKB/tWj3yqr9nGCbA6F6bWYUDAUrzCe+hsYwT83PI2NXmWKp9cRR?= =?us-ascii?Q?ye2JvbsEm8ilFb6mrEC/6rImfhyFmIbK7o1oabw2oS/1b4BXeDl60u+Iu0l4?= =?us-ascii?Q?/w8b1Zy0QgeXeL8TEU5w3unCf/LlZaPIE0zbqI9g3Pvjx84WCC48v6PPBc9Q?= =?us-ascii?Q?YSrkCaw7ocwU7VKMgIAuR4wbjNLOgcLa5BeWGyMC6QNwia68J6kXNuk9ipww?= =?us-ascii?Q?zGwmb0q/fIkWdUleu4x13/FqdKt7QMHaROnxe9+W3F8AE3TC+qa7HDW6mZBQ?= =?us-ascii?Q?iECS5/BMsw4+xZFd2BNr3KlyeGcRRPOQAXRA719BIBFIOmN2c9QZ6kWg0yGQ?= =?us-ascii?Q?ZNhIwFWUyMR1K53XnNgsV0Bz/wjL957JGOBu2FPpD7dDNkcrJPP2WVHFoVM0?= =?us-ascii?Q?lZhKNVm3jUzUoBE/c/I=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6138f793-2f4f-424a-d39c-08db60dda334 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2023 07:15:24.5052 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xeYqK1W81wpSkAQrUJSBv7GrpLHpT8nuv+iQkqo9lT7MXm1gkuW/sJbEGaqUbCrbJLVHtP2EFkZo2WvNg44z8A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB6222 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable 1.=20 The PPI interface supports to set and clear any attributes with single invo= cation. That's much better than the existing UEFI protocol prototype which requires= caller to call the interfaces twice to set and clear some attributes. So far I see two patterns for attributes setting: *. The patten in this patch: SetMask/ClearMask *. The pattern I used in PageTableLib: Attribute/Mask. I think from caller side, they provide the same capabilities. The difference is SetMask/ClearMask expects callers to not set the same BIT= in both SetMask/ClearMask. (I thought there would be similar existing interfaces as pattern 2. But I d= idn't find any now.) Do you mind to align to pattern #2? 2. When a memory region is marked from not-present to present, PageTableLib ex= pects caller to supply all memory attributes (including RW, NX, etc.) as the lib = implementation doesn't want to carry any default attributes.. Do you think the MemoryAttribute PPI should expect the same to caller? Thanks, Ray > -----Original Message----- > From: Ard Biesheuvel > Sent: Thursday, May 25, 2023 10:31 PM > To: devel@edk2.groups.io > Cc: Ard Biesheuvel ; Ni, Ray ; Yao, Ji= ewen > ; Gerd Hoffmann ; Taylor Beebe > ; Oliver Smith-Denny ; Bi, Dandan > ; Gao, Liming ; Kinney, > Michael D ; Leif Lindholm > ; Sunil V L ; Warken= tin, > Andrei > Subject: [RFC PATCH 05/10] MdeModulePkg: Define memory attribute PPI >=20 > Define a PPI interface that may be used by the PEI core or other PEIMs > to manage permissions on memory ranges. This is primarily intended for > restricting permissions to what is actually needed for correct execution > by the code in question, and for limiting the use of memory mappings > that are both writable and executable at the same time. >=20 > Signed-off-by: Ard Biesheuvel > --- > MdeModulePkg/Include/Ppi/MemoryAttribute.h | 78 ++++++++++++++++++++ > MdeModulePkg/MdeModulePkg.dec | 3 + > 2 files changed, 81 insertions(+) >=20 > diff --git a/MdeModulePkg/Include/Ppi/MemoryAttribute.h > b/MdeModulePkg/Include/Ppi/MemoryAttribute.h > new file mode 100644 > index 0000000000000000..5ff31185ab4183f8 > --- /dev/null > +++ b/MdeModulePkg/Include/Ppi/MemoryAttribute.h > @@ -0,0 +1,78 @@ > +/** @file >=20 > + >=20 > +Copyright (c) 2023, Google LLC. All rights reserved.
>=20 > + >=20 > +SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > + >=20 > +**/ >=20 > + >=20 > +#ifndef EDKII_MEMORY_ATTRIBUTE_PPI_H_ >=20 > +#define EDKII_MEMORY_ATTRIBUTE_PPI_H_ >=20 > + >=20 > +#include >=20 > + >=20 > +/// >=20 > +/// Global ID for the EDKII_MEMORY_ATTRIBUTE_PPI. >=20 > +/// >=20 > +#define EDKII_MEMORY_ATTRIBUTE_PPI_GUID \ >=20 > + { \ >=20 > + 0x1be840de, 0x2d92, 0x41ec, { 0xb6, 0xd3, 0x19, 0x64, 0x13, 0x50, 0x= 51, > 0xfb } \ >=20 > + } >=20 > + >=20 > +/// >=20 > +/// Forward declaration for the EDKII_MEMORY_ATTRIBUTE_PPI. >=20 > +/// >=20 > +typedef struct _EDKII_MEMORY_ATTRIBUTE_PPI > EDKII_MEMORY_ATTRIBUTE_PPI; >=20 > + >=20 > +/** >=20 > + Set the requested memory permission attributes on a region of memory. >=20 > + >=20 > + BaseAddress and Length must be aligned to EFI_PAGE_SIZE. >=20 > + >=20 > + Both SetMask and ClearMask may contain any combination of > EFI_MEMORY_RP, >=20 > + EFI_MEMORY_RO and EFI_MEMORY_XP, with the following restrictions: >=20 > + - each constant may appear in either SetMask or ClearMask, but not in = both; >=20 > + - SetMask or ClearMask may be 0x0, but not both. >=20 > + >=20 > + @param[in] This The protocol instance pointer. >=20 > + @param[in] BaseAddress The physical address that is the start add= ress of >=20 > + a memory region. >=20 > + @param[in] Length The size in bytes of the memory region. >=20 > + @param[in] SetMask Mask of memory attributes to set. >=20 > + @param[in] ClearMask Mask of memory attributes to clear. >=20 > + >=20 > + @retval EFI_SUCCESS The attributes were set for the memory r= egion. >=20 > + @retval EFI_INVALID_PARAMETER Length is zero. >=20 > + Invalid combination of SetMask and Clear= Mask. >=20 > + BaseAddress or Length is not suitably al= igned. >=20 > + @retval EFI_UNSUPPORTED The processor does not support one or mo= re >=20 > + bytes of the memory resource range speci= fied >=20 > + by BaseAddress and Length. >=20 > + The bit mask of attributes is not suppor= ted for >=20 > + the memory resource range specified by >=20 > + BaseAddress and Length. >=20 > + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied > due to >=20 > + lack of system resources. >=20 > + >=20 > +**/ >=20 > +typedef >=20 > +EFI_STATUS >=20 > +(EFIAPI *EDKII_MEMORY_ATTRIBUTE_SET_PERMISSIONS)( >=20 > + IN EDKII_MEMORY_ATTRIBUTE_PPI *This, >=20 > + IN EFI_PHYSICAL_ADDRESS BaseAddress, >=20 > + IN UINT64 Length, >=20 > + IN UINT64 SetMask, >=20 > + IN UINT64 ClearMask >=20 > + ); >=20 > + >=20 > +/// >=20 > +/// This PPI contains a set of services to manage memory permission attr= ibutes. >=20 > +/// >=20 > +struct _EDKII_MEMORY_ATTRIBUTE_PPI { >=20 > + EDKII_MEMORY_ATTRIBUTE_SET_PERMISSIONS SetPermissions; >=20 > +}; >=20 > + >=20 > +extern EFI_GUID gEdkiiMemoryAttributePpiGuid; >=20 > + >=20 > +#endif >=20 > + >=20 > diff --git a/MdeModulePkg/MdeModulePkg.dec > b/MdeModulePkg/MdeModulePkg.dec > index 95dd077e19b3a901..d65dae18aa81e569 100644 > --- a/MdeModulePkg/MdeModulePkg.dec > +++ b/MdeModulePkg/MdeModulePkg.dec > @@ -528,6 +528,9 @@ [Ppis] > gEdkiiPeiCapsuleOnDiskPpiGuid =3D { 0x71a9ea61, 0x5a35, 0x= 4a5d, { 0xac, > 0xef, 0x9c, 0xf8, 0x6d, 0x6d, 0x67, 0xe0 } } >=20 > gEdkiiPeiBootInCapsuleOnDiskModePpiGuid =3D { 0xb08a11e4, 0xe2b7, 0x= 4b75, > { 0xb5, 0x15, 0xaf, 0x61, 0x6, 0x68, 0xbf, 0xd1 } } >=20 >=20 >=20 > + ## Include/Ppi/MemoryAttribute.h >=20 > + gEdkiiMemoryAttributePpiGuid =3D { 0x1be840de, 0x2d92, 0x= 41ec, { 0xb6, > 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51, 0xfb } } >=20 > + >=20 > [Protocols] >=20 > ## Load File protocol provides capability to load and unload EFI image= into > memory and execute it. >=20 > # Include/Protocol/LoadPe32Image.h >=20 > -- > 2.39.2