From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by mx.groups.io with SMTP id smtpd.web11.12044.1678973255308033981 for ; Thu, 16 Mar 2023 06:27:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=JwxK/OLb; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: quicinc.com, ip: 205.220.180.131, mailfrom: quic_llindhol@quicinc.com) Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32GBOlEs014549; Thu, 16 Mar 2023 13:27:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=qcppdkim1; bh=SpOLikD4LXKPQrjFbwK9Y00agSuV2ujOpuvmsxo60hE=; b=JwxK/OLbAGb+O4BM7nFH7nIH32XoCqmow6IDAe5l+AcmlrzZ1R69p4BM6QAhS0DTm1BL LAcQuIvmIwo+h5wL0DBNIi3kWrGudCWOm2GwyFIr2g+kITtMvGyb/gQP2zuvjUyE2evO J/9xlPpfdKICUL1xlD49NzzC8mDJ9eSUg2d2cCljJtmixPNNk0oDz2Vg7O1t9MtIDt+f mueltYhh9aVHfMX+nmBTRIr4x1S2N5IW5ERzbCMO3Nfgki+kkbzXS+dQUJj8iRKpMEur Y0EPwiygADt4D4qlWxCa9vyoBKvKM4FXQUsmVTgy1un/7DLMWKVvO+aO7KsldIxKPSmD 9Q== Received: from nasanppmta04.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3pbpy39xga-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Mar 2023 13:27:25 +0000 Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.45.79.139]) by NASANPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 32GDROkx006474 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Mar 2023 13:27:24 GMT Received: from qc-i7.hemma.eciton.net (10.80.80.8) by nasanex01c.na.qualcomm.com (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Thu, 16 Mar 2023 06:27:21 -0700 Date: Thu, 16 Mar 2023 13:27:18 +0000 From: "Leif Lindholm" To: , CC: Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Sami Mujawar , Taylor Beebe Subject: Re: [edk2-devel] [PATCH v5 21/38] ArmPkg: Implement ArmSetMemoryOverrideLib Message-ID: References: <20230313171714.3866151-1-ardb@kernel.org> <20230313171714.3866151-22-ardb@kernel.org> MIME-Version: 1.0 In-Reply-To: <20230313171714.3866151-22-ardb@kernel.org> X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01c.na.qualcomm.com (10.45.79.139) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: KDpjOWYp1-gqOasAS6buV7gN7HDvDLBI X-Proofpoint-GUID: KDpjOWYp1-gqOasAS6buV7gN7HDvDLBI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-16_08,2023-03-16_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxlogscore=942 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 phishscore=0 suspectscore=0 bulkscore=0 lowpriorityscore=0 mlxscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303150002 definitions=main-2303160109 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline On Mon, Mar 13, 2023 at 18:16:57 +0100, Ard Biesheuvel wrote: > Implement the ARM version of a NULL class library that can be overlaid > on top of the DXE core to equip it right from its launch with an > implementation of the CPU arch protocol member that sets type and > permission attributes on memory regions. > > This bridges the gap between dispatch of DXE core and dispatch of the > DXE driver that implements the CPU arch protocol, removing the need to > rely on memory mappings that are writable and executable at the same > time. > > Signed-off-by: Ard Biesheuvel > --- > ArmPkg/ArmPkg.dsc | 1 + > ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c | 78 ++++++++++++++++++++ > ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf | 28 +++++++ > 3 files changed, 107 insertions(+) > > diff --git a/ArmPkg/ArmPkg.dsc b/ArmPkg/ArmPkg.dsc > index 3fb95d1951a9..43eb0f4f463e 100644 > --- a/ArmPkg/ArmPkg.dsc > +++ b/ArmPkg/ArmPkg.dsc > @@ -119,6 +119,7 @@ [Components.common] > ArmPkg/Library/ArmPsciResetSystemLib/ArmPsciResetSystemLib.inf > ArmPkg/Library/ArmExceptionLib/ArmExceptionLib.inf > ArmPkg/Library/ArmExceptionLib/ArmRelocateExceptionLib.inf > + ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf > > ArmPkg/Drivers/CpuDxe/CpuDxe.inf > ArmPkg/Drivers/CpuPei/CpuPei.inf > diff --git a/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c > new file mode 100644 > index 000000000000..866dbbdaa7d5 > --- /dev/null > +++ b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c > @@ -0,0 +1,78 @@ > +/** @file > + Overlay implementation of DXE core gCpuSetMemoryAttributes for ARM. > + > + Copyright (c) 2023, Google LLC. All rights reserved. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#include > + > +#include > +#include > +#include > + > +extern EFI_CPU_SET_MEMORY_ATTRIBUTES gCpuSetMemoryAttributes; Could this declaration live in a global include? / Leif > + > +STATIC UINTN mRecursionLevel; > + > +/** > + Clone of CPU_ARCH_PROTOCOL::SetMemoryAttributes() which is made available to > + the DXE core by NULL library class resolution, so that it can manage page > + permissions right from the start. > + > + @param This CPU arch protocol pointer, should be NULL. > + @param BaseAddress Start address of the region. > + @param Length Size of the region, in bytes. > + @param Attributes Attributes to set on the region. > + > + @retval EFI_SUCCESS Operation completed successfully. > + @retval EFI_OUT_OF_RESOURCES Operation failed due to lack of memory. > + > +**/ > +STATIC > +EFI_STATUS > +EFIAPI > +EarlyArmSetMemoryAttributes ( > + IN EFI_CPU_ARCH_PROTOCOL *This, > + IN EFI_PHYSICAL_ADDRESS BaseAddress, > + IN UINT64 Length, > + IN UINT64 Attributes > + ) > +{ > + EFI_STATUS Status; > + > + // There are cases where the use of strict memory permissions may trigger > + // unbounded recursion in the page table code. This happens when setting > + // memory permissions results in a page table split and therefore a page > + // allocation, which could trigger a recursive invocation of this function. > + ASSERT (mRecursionLevel < 2); > + > + mRecursionLevel++; > + > + Status = ArmSetMemoryAttributes ( > + BaseAddress, > + Length, > + Attributes > + ); > + > + mRecursionLevel--; > + return Status; > +} > + > +/** > + Library constructor. > + > + @retval RETURN_SUCCESS Operation successful. > + > +**/ > +RETURN_STATUS > +EFIAPI > +ArmSetMemoryOverrideLibConstructor ( > + VOID > + ) > +{ > + gCpuSetMemoryAttributes = EarlyArmSetMemoryAttributes; > + > + return RETURN_SUCCESS; > +} > diff --git a/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf > new file mode 100644 > index 000000000000..2dc9d42d09bd > --- /dev/null > +++ b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf > @@ -0,0 +1,28 @@ > +## @file > +# Overlay implementation of DXE core gCpuSetMemoryAttributes for ARM. > +# > +# Copyright (c) 2023, Google LLC. All rights reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION = 1.29 > + BASE_NAME = ArmSetMemoryOverrideLib > + FILE_GUID = 849a43c0-6ad9-428e-8a5a-e090f7853bd3 > + MODULE_TYPE = BASE > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = NULL|DXE_CORE > + CONSTRUCTOR = ArmSetMemoryOverrideLibConstructor > + > +[Sources.common] > + ArmSetMemoryOverrideLib.c > + > +[Packages] > + ArmPkg/ArmPkg.dec > + MdePkg/MdePkg.dec > + > +[LibraryClasses] > + ArmMmuLib > + DebugLib > -- > 2.39.2 > > > > > >