From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail04.groups.io (mail04.groups.io [45.79.224.9]) by spool.mail.gandi.net (Postfix) with ESMTPS id B009ED811A4 for ; Wed, 17 Apr 2024 13:40:03 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=B8Ao3i6xA6KhL41UqM4gE4CvZV/7c03ZqqrDXiE/48g=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713361201; v=1; b=3ZF0DlYZfV5dLHzmJssbtU1PKYY2rxba/xuqZlT8kw0nmXHwtKHDX7E4xODFcr3sh/4rG573 ThluPp+JtH1WHPLUZ6A5kyAkbkD3vj7NoYiFXB8SbFxyeU7RDMJ3XIspEoxKP2y1hem7FhQF90k ZYoSdHNs2dQmDDp5zQj/L4N7RKpqtUgZJJ/5O5Uq9QHMPyakFzlAUh4fBUDjQDEkviHBu/6cD4m 8Q3i/AKGw2KuozstqtO7PrtVIqY2JRH+skeF7N0vSsKiL8BxB/nn+rJHwHZG0vHNW5aEb+wbrTT 9eRqZD1cuW3N1h8BRKyHZPpIhOIgIsquWmtiWdwzWVoBg== X-Received: by 127.0.0.2 with SMTP id iozkYY7687511xCeefKguT8n; Wed, 17 Apr 2024 06:40:01 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web10.13148.1713361201017894668 for ; Wed, 17 Apr 2024 06:40:01 -0700 X-Received: from [10.137.194.171] (unknown [131.107.159.43]) by linux.microsoft.com (Postfix) with ESMTPSA id 84F5A20FD4B8; Wed, 17 Apr 2024 06:40:00 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 84F5A20FD4B8 Message-ID: Date: Wed, 17 Apr 2024 06:40:00 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v1] MdeModulePkg: Fixup MAT Attributes After Splitting EFI Memory Map To: devel@edk2.groups.io, ardb@kernel.org, taylor.d.beebe@gmail.com Cc: Liming Gao References: <20240417022836.1593-1-taylor.d.beebe@gmail.com> From: "Oliver Smith-Denny" In-Reply-To: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 17 Apr 2024 06:40:01 -0700 Resent-From: osde@linux.microsoft.com Reply-To: devel@edk2.groups.io,osde@linux.microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: NmMblKrSozPZWBmxS5W2LDqvx7686176AA= Content-Language: en-CA Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=3ZF0DlYZ; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.9 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none) Hi Ard, On 4/16/2024 11:38 PM, Ard Biesheuvel wrote: >=20 > For entries where we lack such additional metadata, I don't think we > can make assumptions based on the type beyond mapping data and MMIO > regions XP. We have no idea how those EfiRuntimeServicesCode regions > may be used, and currently, the spec permits RWX semantics for those > if no restrictions are specified. >=20 > The spec suggests that omitting an entry from the MAT is the same as > listing it with RO|XP cleared. How RO|XP from the original entry > should be interpreted wrt to the MAT is unspecified. So I think the > only thing we can do at this point is preserve the entry if it has > RO|XP set, or just drop it otherwise. I do agree that it is probably safer to exclude the sub-region from the MAT entirely. However, from my reading of the spec, it is unclear to me whether it envisions that. From section 4.6.4 of UEFI spec 2.10: "The Memory Attributes Table may define multiple entries to describe sub-regions that comprise a single entry returned by GetMemoryMap() however the sub-regions must total to completely describe the larger region and may not cross boundaries between entries reported by GetMemoryMap() . If a run-time region returned in GetMemoryMap() entry is not described within the Memory Attributes Table, this region is assumed to not be compatible with any memory protections." The unclear part to me here is "the sub-regions must total to completely describe the larger region." To me that says that in Taylor's case, where we have a memory map descriptor with attributes set for part of the region but not the whole region, that the spec envisions the MAT having either the whole region split into sub-regions or not including the MAT entry for this region. In this reading the final sentence would say that if an entire memory map entry is not described in the MAT, then it is assumed to be incompatible. A different reading would say what you are saying, that a sub-region can be dropped from the MAT (although it is hard to justify that with the language that says the sub-regions must total to completely describe the larger region). What are your thoughts here? Aside from this, I wonder if we can be more aspirational here. These EfiRuntimeServicesCode regions without attributes set are, if I am understanding correctly, from loaded images. The spec does call out that EfiRuntimeServicesCode is explicitly for code sections of loaded images. Can we just say outright that any memory of this type should be RO? I understand that existing drivers may attempt to break this, but from the core, I think this is reasonable to say, but would love to hear thoughts. >=20 > Note that the spec also mentions that the MAT must only contain > EfiRuntimeServicesCode or EfiRuntimeServicesData entries, and it looks > like this is not being enforced either. Agreed, this should be amended. Thanks, Oliver -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117920): https://edk2.groups.io/g/devel/message/117920 Mute This Topic: https://groups.io/mt/105570114/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-