This series makes the prerequisite modifications to the ARM version of
the CpuDxe driver so we can enable PE/COFF image and NX memory protection
for ARM platforms, including ArmVirtPkg (#4)

Patch #1 refactors CpuSetMemoryAttributes() so it no longer splits section
mappings into page mappings unnecessarily.

Patch #2 removes some unnecessary cache/TLB maintenance, which becomes very
costly when CpuSetMemoryAttributes() is used in anger as is the case with
memory protections enabled.

Patch #3 wires up the EFI_MEMORY_RO/EFI_MEMORY_XP attributes, which were
ignored before.

Patch #4 enables the protection features for ArmVirtPkg platforms when
built for 32-bit ARM.

Changes since v1:
- trigger full TLB flush when UpdatePageEntries() results in a section split
- Make cache maintenance of the remapped regions conditional on whether the
  memory type changed. This prevents an inadvertent cache clean/invalidate by
  VA of the entire RAM area when the NX attribute is applied to it.
- remove DEBUG_INFO attribute from SetMemoryAttributes DEBUG output
- add Laszlo's R-b to #4

Ard Biesheuvel (4):
  ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily
  ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance
  ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes()
  ArmVirtPkg: enable PE/COFF image and memory protection for ARM
    platforms

 ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 250 ++++++++++----------
 ArmVirtPkg/ArmVirt.dsc.inc      |   9 +-
 2 files changed, 135 insertions(+), 124 deletions(-)

-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel