From nobody Sat Nov 2 12:34:35 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1488821548105991.8253434424032; Mon, 6 Mar 2017 09:32:28 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6AC3A8032F; Mon, 6 Mar 2017 09:32:25 -0800 (PST) Received: from mail-wr0-x22d.google.com (mail-wr0-x22d.google.com [IPv6:2a00:1450:400c:c0c::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C71A180318 for ; Mon, 6 Mar 2017 09:32:23 -0800 (PST) Received: by mail-wr0-x22d.google.com with SMTP id u108so121802025wrb.3 for ; Mon, 06 Mar 2017 09:32:23 -0800 (PST) Received: from ards-macbook-pro.c.hoisthospitality.com ([109.74.48.129]) by smtp.gmail.com with ESMTPSA id 136sm15704335wmg.12.2017.03.06.09.32.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Mar 2017 09:32:21 -0800 (PST) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=q7OImrWIYdjfIYo4orz1uf8yUoVXiJM1zpG5BraKCuA=; b=Tor9GAPZlXd/8LOy4vwE316zg3Qtqo7wq8gMlkWKrnbs8kqsJmXD5WgOCcXQ/zFnRs qgp61C1ubR96sGugGu10UGQrvony/1J+X+ziBVc+Xev62UbFYBQ+xtcThkGrLDMwHEF5 OW5Z/XITxsprLpC7wNH1XDeitZJkvrPgfh7i4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=q7OImrWIYdjfIYo4orz1uf8yUoVXiJM1zpG5BraKCuA=; b=LEoLlgupmXkg4cZEHskLp3lDwqtzAfQgexJtYsSvV/SkTj/PuP/q5WJfcTVa3DNS1i DPgLUtX2umVlbXKCeGwVi6naDNbntTqISst57SsyvVwbL6Vn2ZViGMZunaCQuzrcvJm1 qQMVNXOEkQCnYvaOPj8v5oMI0OV3+cAeezKEAHI1ewU8q5Lt7+lqKbQzonVBcd8e3gQF kPoMAnjdlovdq5LzDp7B6zyZhdsTcBj3kGL0HyOaD2o7tSsym72pvjtmSMZMF5WF78IH DKUBhw5WHPi8vHdgcNSx//elO7UELMo/zVuhJRvl0Zg3iZLzXdUxyl9/uyylu3QNs218 X0Jg== X-Gm-Message-State: AMke39kmZpR8MWXMLsQsXca6vWeYOr/zFOdZ6mdX6bp9FOaGUc9v16LWQdLlrXeU7A09RW6Y X-Received: by 10.223.133.182 with SMTP id 51mr16394947wrt.39.1488821542173; Mon, 06 Mar 2017 09:32:22 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org Date: Mon, 6 Mar 2017 18:32:12 +0100 Message-Id: <1488821535-14795-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH v3 1/4] ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Currently, any range passed to CpuArchProtocol::SetMemoryAttributes is fully broken down into page mappings if the start or the size of the region happens to be misaliged relative to the section size of 1 MB. This is going to result in memory being wasted on second level page tables when we enable strict memory permissions, given that we remap the entire RAM space non-executable (modulo the code bits) when the CpuArchProtocol is installed. So refactor the code to iterate over the range in a way that ensures that all naturally aligned section sized subregions are not broken up. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 51 +++++++++++++++++--- 1 file changed, 43 insertions(+), 8 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mm= u.c index 89e429925ba9..16d6fcef9f1c 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -679,6 +679,11 @@ SetMemoryAttributes ( ) { EFI_STATUS Status; + UINT64 ChunkLength; + + if (Length =3D=3D 0) { + return EFI_SUCCESS; + } =20 // // Ignore invocations that only modify permission bits @@ -687,14 +692,44 @@ SetMemoryAttributes ( return EFI_SUCCESS; } =20 - if(((BaseAddress & 0xFFFFF) =3D=3D 0) && ((Length & 0xFFFFF) =3D=3D 0)) { - // Is the base and length a multiple of 1 MB? - DEBUG ((EFI_D_PAGE, "SetMemoryAttributes(): MMU section 0x%x length 0x= %x to %lx\n", (UINTN)BaseAddress, (UINTN)Length, Attributes)); - Status =3D UpdateSectionEntries (BaseAddress, Length, Attributes, Virt= ualMask); - } else { - // Base and/or length is not a multiple of 1 MB - DEBUG ((EFI_D_PAGE, "SetMemoryAttributes(): MMU page 0x%x length 0x%x = to %lx\n", (UINTN)BaseAddress, (UINTN)Length, Attributes)); - Status =3D UpdatePageEntries (BaseAddress, Length, Attributes, Virtual= Mask); + while (Length > 0) { + if ((BaseAddress % TT_DESCRIPTOR_SECTION_SIZE =3D=3D 0) && + Length >=3D TT_DESCRIPTOR_SECTION_SIZE) { + + ChunkLength =3D Length - Length % TT_DESCRIPTOR_SECTION_SIZE; + + DEBUG ((DEBUG_PAGE, + "SetMemoryAttributes(): MMU section 0x%lx length 0x%lx to %lx\n", + BaseAddress, ChunkLength, Attributes)); + + Status =3D UpdateSectionEntries (BaseAddress, ChunkLength, Attribute= s, + VirtualMask); + } else { + + // + // Process page by page until the next section boundary, but only if + // we have more than a section's worth of area to deal with after th= at. + // + ChunkLength =3D TT_DESCRIPTOR_SECTION_SIZE - + (BaseAddress % TT_DESCRIPTOR_SECTION_SIZE); + if (ChunkLength + TT_DESCRIPTOR_SECTION_SIZE > Length) { + ChunkLength =3D Length; + } + + DEBUG ((DEBUG_PAGE, + "SetMemoryAttributes(): MMU page 0x%lx length 0x%lx to %lx\n", + BaseAddress, ChunkLength, Attributes)); + + Status =3D UpdatePageEntries (BaseAddress, ChunkLength, Attributes, + VirtualMask); + } + + if (EFI_ERROR (Status)) { + break; + } + + BaseAddress +=3D ChunkLength; + Length -=3D ChunkLength; } =20 // Flush d-cache so descriptors make it back to uncached memory for subs= equent table walks --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 12:34:35 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1488821550473883.5322218813071; Mon, 6 Mar 2017 09:32:30 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A1BBA80334; Mon, 6 Mar 2017 09:32:26 -0800 (PST) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D485B80333 for ; Mon, 6 Mar 2017 09:32:25 -0800 (PST) Received: by mail-wm0-x234.google.com with SMTP id v186so70021591wmd.0 for ; Mon, 06 Mar 2017 09:32:25 -0800 (PST) Received: from ards-macbook-pro.c.hoisthospitality.com ([109.74.48.129]) by smtp.gmail.com with ESMTPSA id 136sm15704335wmg.12.2017.03.06.09.32.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Mar 2017 09:32:23 -0800 (PST) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=UFWiLAV8wcx3/Kz+vgcKAFPYoFIQNmFtdLkftb8aSss=; b=RIiPhcieE/u/Du8t/yNyVm5p9Ixba5zsXuLCEazgswg/J8Mm3tOE/Ghqqczu+Rr4MB JFNeGfblIpOHecLkQ8TI8NTmMENv8yG3/KJm6FsbA5In9XXAlQqq2CUtmcxGuG5pf08Q qLcmpfcIJAqYUv5aNlKRBliyk/nRD9FWyNFwA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UFWiLAV8wcx3/Kz+vgcKAFPYoFIQNmFtdLkftb8aSss=; b=p13cCpTMFFhUBxKzxz9MPfwDLuAsE/rOC98LqdDM0RBLcAFTU7Ur8H+Rk+bBrQUZcU RMNYh+TcSjJHtKj/5Y166nhnm20obbGaEgvSQ1yu36GzYs15ABbvf0+JQtAn1Y+u9vQs 9pjZV7ON9U572Swzb3WvTzMp3ReKUqdNmUWk3X7VthMnZv6+B1ZhhrK4MbG9O0vfj06K UZ3dkE2VMxi7tRkW7QoNhGNE/OM4X8I+hVZCSha27XV24ySsx/WdzD5dWcmPrPSBtU+N MVZmyPboZBkxnRFY5y5QqApCC9RDNjAZKwH9CNUDh5pYcRocfDHZR/i4aVoHbO6/fq6r U9+w== X-Gm-Message-State: AMke39lFz/z5W8GR1MChrb/zRZIW7bNx6s2WIgkokR3ee9Oa0HdGEJmolsKYAAlbLxhfzVvv X-Received: by 10.28.65.65 with SMTP id o62mr13504140wma.14.1488821544395; Mon, 06 Mar 2017 09:32:24 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org Date: Mon, 6 Mar 2017 18:32:13 +0100 Message-Id: <1488821535-14795-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH v3 2/4] ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Page and section entries in the page tables are updated using the helper ArmUpdateTranslationTableEntry(), which cleans the page table entry to the PoC, and invalidates the TLB entry covering the page described by the entry being updated. Since we may be updating section entries, we might be leaving stale TLB entries at this point (for all pages in the section except the first one), which will be invalidated wholesale at the end of SetMemoryAttributes(). At that point, all caches are cleaned *and* invalidated as well. This cache maintenance is costly and unnecessary. The TLB maintenance is only necessary if we updated any section entries, since any page by page entries that have been updated will have been invalidated individually by ArmUpdateTranslationTableEntry(). So drop the clean/invalidate of the caches, and only perform the full TLB flush if UpdateSectionEntries() was called, or if sections were split by UpdatePageEntries(). Finally, make the cache maintenance on the remapped regions themselves conditional on whether any memory type attributes were modified. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 60 +++++++++++--------- 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mm= u.c index 16d6fcef9f1c..a2993cf16a35 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -347,10 +347,11 @@ SyncCacheConfig ( =20 EFI_STATUS UpdatePageEntries ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length, - IN UINT64 Attributes, - IN EFI_PHYSICAL_ADDRESS VirtualMask + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 Attributes, + IN EFI_PHYSICAL_ADDRESS VirtualMask, + OUT BOOLEAN *FlushTlbs OPTIONAL ) { EFI_STATUS Status; @@ -446,6 +447,9 @@ UpdatePageEntries ( =20 // Re-read descriptor Descriptor =3D FirstLevelTable[FirstLevelIdx]; + if (FlushTlbs !=3D NULL) { + *FlushTlbs =3D TRUE; + } } =20 // Obtain page table base address @@ -471,15 +475,16 @@ UpdatePageEntries ( =20 if (CurrentPageTableEntry !=3D PageTableEntry) { Mva =3D (VOID *)(UINTN)((((UINTN)FirstLevelIdx) << TT_DESCRIPTOR_SEC= TION_BASE_SHIFT) + (PageTableIndex << TT_DESCRIPTOR_PAGE_BASE_SHIFT)); - if ((CurrentPageTableEntry & TT_DESCRIPTOR_PAGE_CACHEABLE_MASK) =3D= =3D TT_DESCRIPTOR_PAGE_CACHEABLE_MASK) { - // The current section mapping is cacheable so Clean/Invalidate th= e MVA of the page - // Note assumes switch(Attributes), not ARMv7 possibilities - WriteBackInvalidateDataCacheRange (Mva, TT_DESCRIPTOR_PAGE_SIZE); - } =20 // Only need to update if we are changing the entry PageTable[PageTableIndex] =3D PageTableEntry; ArmUpdateTranslationTableEntry ((VOID *)&PageTable[PageTableIndex], = Mva); + + // Clean/invalidate the cache for this page, but only + // if we are modifying the memory type attributes + if (((CurrentPageTableEntry ^ PageTableEntry) & TT_DESCRIPTOR_PAGE_C= ACHE_POLICY_MASK) !=3D 0) { + WriteBackInvalidateDataCacheRange (Mva, TT_DESCRIPTOR_PAGE_SIZE); + } } =20 Status =3D EFI_SUCCESS; @@ -581,7 +586,12 @@ UpdateSectionEntries ( // has this descriptor already been coverted to pages? if (TT_DESCRIPTOR_SECTION_TYPE_IS_PAGE_TABLE(CurrentDescriptor)) { // forward this 1MB range to page table function instead - Status =3D UpdatePageEntries ((FirstLevelIdx + i) << TT_DESCRIPTOR_S= ECTION_BASE_SHIFT, TT_DESCRIPTOR_SECTION_SIZE, Attributes, VirtualMask); + Status =3D UpdatePageEntries ( + (FirstLevelIdx + i) << TT_DESCRIPTOR_SECTION_BASE_SHIFT, + TT_DESCRIPTOR_SECTION_SIZE, + Attributes, + VirtualMask, + NULL); } else { // still a section entry =20 @@ -596,15 +606,16 @@ UpdateSectionEntries ( =20 if (CurrentDescriptor !=3D Descriptor) { Mva =3D (VOID *)(UINTN)(((UINTN)FirstLevelTable) << TT_DESCRIPTOR_= SECTION_BASE_SHIFT); - if ((CurrentDescriptor & TT_DESCRIPTOR_SECTION_CACHEABLE_MASK) =3D= =3D TT_DESCRIPTOR_SECTION_CACHEABLE_MASK) { - // The current section mapping is cacheable so Clean/Invalidate = the MVA of the section - // Note assumes switch(Attributes), not ARMv7 possabilities - WriteBackInvalidateDataCacheRange (Mva, SIZE_1MB); - } =20 // Only need to update if we are changing the descriptor FirstLevelTable[FirstLevelIdx + i] =3D Descriptor; ArmUpdateTranslationTableEntry ((VOID *)&FirstLevelTable[FirstLeve= lIdx + i], Mva); + + // Clean/invalidate the cache for this section, but only + // if we are modifying the memory type attributes + if (((CurrentDescriptor ^ Descriptor) & TT_DESCRIPTOR_SECTION_CACH= E_POLICY_MASK) !=3D 0) { + WriteBackInvalidateDataCacheRange (Mva, SIZE_1MB); + } } =20 Status =3D EFI_SUCCESS; @@ -680,6 +691,7 @@ SetMemoryAttributes ( { EFI_STATUS Status; UINT64 ChunkLength; + BOOLEAN FlushTlbs; =20 if (Length =3D=3D 0) { return EFI_SUCCESS; @@ -692,6 +704,7 @@ SetMemoryAttributes ( return EFI_SUCCESS; } =20 + FlushTlbs =3D FALSE; while (Length > 0) { if ((BaseAddress % TT_DESCRIPTOR_SECTION_SIZE =3D=3D 0) && Length >=3D TT_DESCRIPTOR_SECTION_SIZE) { @@ -704,6 +717,8 @@ SetMemoryAttributes ( =20 Status =3D UpdateSectionEntries (BaseAddress, ChunkLength, Attribute= s, VirtualMask); + + FlushTlbs =3D TRUE; } else { =20 // @@ -721,7 +736,7 @@ SetMemoryAttributes ( BaseAddress, ChunkLength, Attributes)); =20 Status =3D UpdatePageEntries (BaseAddress, ChunkLength, Attributes, - VirtualMask); + VirtualMask, &FlushTlbs); } =20 if (EFI_ERROR (Status)) { @@ -732,16 +747,9 @@ SetMemoryAttributes ( Length -=3D ChunkLength; } =20 - // Flush d-cache so descriptors make it back to uncached memory for subs= equent table walks - // flush and invalidate pages - //TODO: Do we really need to invalidate the caches everytime we change t= he memory attributes ? - ArmCleanInvalidateDataCache (); - - ArmInvalidateInstructionCache (); - - // Invalidate all TLB entries so changes are synced - ArmInvalidateTlb (); - + if (FlushTlbs) { + ArmInvalidateTlb (); + } return Status; } =20 --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 12:34:35 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1488821552183447.9436161731029; Mon, 6 Mar 2017 09:32:32 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D26508032E; Mon, 6 Mar 2017 09:32:29 -0800 (PST) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B05138032B for ; Mon, 6 Mar 2017 09:32:28 -0800 (PST) Received: by mail-wm0-x22f.google.com with SMTP id v186so70022605wmd.0 for ; Mon, 06 Mar 2017 09:32:28 -0800 (PST) Received: from ards-macbook-pro.c.hoisthospitality.com ([109.74.48.129]) by smtp.gmail.com with ESMTPSA id 136sm15704335wmg.12.2017.03.06.09.32.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Mar 2017 09:32:26 -0800 (PST) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3UR+Rrzng3KpHgT/YQ9RaMZOW9xJl68q1HYUq2t/fO8=; b=CV6ybr3uWQFaLIAgb9cAO7w+wELNruOl1a23MOycbwUgpOtrKLKbj+zy5TVyop/O2X QivLQadk+kA+4EWUuXQAjvF3yw4CrWy1iH6EySSubwvR3v3GJymRd1cZJk4l8o9i95qm axVvN0FLnBjiXqhpTUgwVOgjom5DeSiqVToKg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3UR+Rrzng3KpHgT/YQ9RaMZOW9xJl68q1HYUq2t/fO8=; b=oS+MS6kShWqthQBEeERMRulqZAGtNnX0Rj8QmK6V97cWxu21iYKyf1rebw2wYPhTlp uePsY5KRwVZHxEZoTrJ3WovpKRy0C4HoTEnt/0uaaoak7OHTMLrDf0OaXGPXQn9r803N 3KIx7iS/RbVNBY7rb2aEDDXVvoUP/Fx8L9lnldiU2c1/yEq/wM1wnOTvRXY7JCI40Wcu RaNErmmPfvw+bZeEs0955rIgScQZBuP6BtdsNoCsSD2p3YhhzUfw6AoQnVk2dxYWZow5 ypObajFRRGazAly2cjst5NYAom5OJ4jgM8ovi229rtH9899+2zogOgok3BUqzIotodZH /OQg== X-Gm-Message-State: AMke39lcc0//bpp1fojy5g+6HBT1yZbm9D6IDPPxJS1g5hp8u0b0kx7tEhtNw/d0g+yiDHJ7 X-Received: by 10.28.93.68 with SMTP id r65mr15360834wmb.133.1488821547189; Mon, 06 Mar 2017 09:32:27 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org Date: Mon, 6 Mar 2017 18:32:14 +0100 Message-Id: <1488821535-14795-4-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH v3 3/4] ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes() X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Enable the use of strict memory permissions on ARM by processing the EFI_MEMORY_RO and EFI_MEMORY_XP rather than ignoring them. As before, calls to CpuArchProtocol::SetMemoryAttributes that only set RO/XP bits will preserve the cacheability attributes. Permissions attributes are not preserved when setting the memory type only: the way the memory permission attributes are defined does not allows for that, and so this situation does not deviate from other architectures. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 178 ++++++++++---------- 1 file changed, 86 insertions(+), 92 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mm= u.c index a2993cf16a35..d3c307f48317 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -19,6 +19,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R EXPRESS OR IMPLIED. #include #include "CpuDxe.h" =20 +#define CACHE_ATTRIBUTE_MASK (EFI_MEMORY_UC | \ + EFI_MEMORY_WC | \ + EFI_MEMORY_WT | \ + EFI_MEMORY_WB | \ + EFI_MEMORY_UCE | \ + EFI_MEMORY_WP) + // First Level Descriptors typedef UINT32 ARM_FIRST_LEVEL_DESCRIPTOR; =20 @@ -374,50 +381,48 @@ UpdatePageEntries ( =20 // EntryMask: bitmask of values to change (1 =3D change this value, 0 = =3D leave alone) // EntryValue: values at bit positions specified by EntryMask - EntryMask =3D TT_DESCRIPTOR_PAGE_TYPE_MASK; - EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE; - // Although the PI spec is unclear on this the GCD guarantees that only - // one Attribute bit is set at a time, so we can safely use a switch sta= tement - switch (Attributes) { - case EFI_MEMORY_UC: - // modify cacheability attributes - EntryMask |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; - // map to strongly ordered - EntryValue |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_STRONGLY_ORDERED; //= TEX[2:0] =3D 0, C=3D0, B=3D0 - break; - - case EFI_MEMORY_WC: - // modify cacheability attributes - EntryMask |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; - // map to normal non-cachable - EntryValue |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_NON_CACHEABLE; // TE= X [2:0]=3D 001 =3D 0x2, B=3D0, C=3D0 - break; - - case EFI_MEMORY_WT: - // modify cacheability attributes - EntryMask |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; - // write through with no-allocate - EntryValue |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_THROUGH_NO_ALL= OC; // TEX [2:0] =3D 0, C=3D1, B=3D0 - break; - - case EFI_MEMORY_WB: - // modify cacheability attributes - EntryMask |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; - // write back (with allocate) - EntryValue |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_BACK_ALLOC; //= TEX [2:0] =3D 001, C=3D1, B=3D1 - break; + EntryMask =3D TT_DESCRIPTOR_PAGE_TYPE_MASK | TT_DESCRIPTOR_PAGE_AP_MASK; + if ((Attributes & EFI_MEMORY_XP) !=3D 0) { + EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE_XN; + } else { + EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE; + } =20 - case EFI_MEMORY_WP: - case EFI_MEMORY_XP: - case EFI_MEMORY_UCE: - // cannot be implemented UEFI definition unclear for ARM - // Cause a page fault if these ranges are accessed. - EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_FAULT; - DEBUG ((EFI_D_PAGE, "SetMemoryAttributes(): setting page %lx with un= supported attribute %x will page fault on access\n", BaseAddress, Attribute= s)); - break; + // Although the PI spec is unclear on this, the GCD guarantees that only + // one Attribute bit is set at a time, so the order of the conditionals = below + // is irrelevant. If no memory attribute is specified, we preserve whate= ver + // memory type is set in the page tables, and update the permission attr= ibutes + // only. + if (Attributes & EFI_MEMORY_UC) { + // modify cacheability attributes + EntryMask |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; + // map to strongly ordered + EntryValue |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_STRONGLY_ORDERED; // T= EX[2:0] =3D 0, C=3D0, B=3D0 + } else if (Attributes & EFI_MEMORY_WC) { + // modify cacheability attributes + EntryMask |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; + // map to normal non-cachable + EntryValue |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_NON_CACHEABLE; // TEX = [2:0]=3D 001 =3D 0x2, B=3D0, C=3D0 + } else if (Attributes & EFI_MEMORY_WT) { + // modify cacheability attributes + EntryMask |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; + // write through with no-allocate + EntryValue |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_THROUGH_NO_ALLOC= ; // TEX [2:0] =3D 0, C=3D1, B=3D0 + } else if (Attributes & EFI_MEMORY_WB) { + // modify cacheability attributes + EntryMask |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; + // write back (with allocate) + EntryValue |=3D TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_BACK_ALLOC; // T= EX [2:0] =3D 001, C=3D1, B=3D1 + } else if (Attributes & CACHE_ATTRIBUTE_MASK) { + // catch unsupported memory type attributes + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } =20 - default: - return EFI_UNSUPPORTED; + if ((Attributes & EFI_MEMORY_RO) !=3D 0) { + EntryValue |=3D TT_DESCRIPTOR_PAGE_AP_RO_RO; + } else { + EntryValue |=3D TT_DESCRIPTOR_PAGE_AP_RW_RW; } =20 // Obtain page table base @@ -520,53 +525,49 @@ UpdateSectionEntries ( // EntryValue: values at bit positions specified by EntryMask =20 // Make sure we handle a section range that is unmapped - EntryMask =3D TT_DESCRIPTOR_SECTION_TYPE_MASK; + EntryMask =3D TT_DESCRIPTOR_SECTION_TYPE_MASK | TT_DESCRIPTOR_SECTION_XN= _MASK | + TT_DESCRIPTOR_SECTION_AP_MASK; EntryValue =3D TT_DESCRIPTOR_SECTION_TYPE_SECTION; =20 - // Although the PI spec is unclear on this the GCD guarantees that only - // one Attribute bit is set at a time, so we can safely use a switch sta= tement - switch(Attributes) { - case EFI_MEMORY_UC: - // modify cacheability attributes - EntryMask |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; - // map to strongly ordered - EntryValue |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_STRONGLY_ORDERED;= // TEX[2:0] =3D 0, C=3D0, B=3D0 - break; - - case EFI_MEMORY_WC: - // modify cacheability attributes - EntryMask |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; - // map to normal non-cachable - EntryValue |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_NON_CACHEABLE; //= TEX [2:0]=3D 001 =3D 0x2, B=3D0, C=3D0 - break; - - case EFI_MEMORY_WT: - // modify cacheability attributes - EntryMask |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; - // write through with no-allocate - EntryValue |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_WRITE_THROUGH_NO_= ALLOC; // TEX [2:0] =3D 0, C=3D1, B=3D0 - break; - - case EFI_MEMORY_WB: - // modify cacheability attributes - EntryMask |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; - // write back (with allocate) - EntryValue |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_WRITE_BACK_ALLOC;= // TEX [2:0] =3D 001, C=3D1, B=3D1 - break; - - case EFI_MEMORY_WP: - case EFI_MEMORY_XP: - case EFI_MEMORY_RP: - case EFI_MEMORY_UCE: - // cannot be implemented UEFI definition unclear for ARM - // Cause a page fault if these ranges are accessed. - EntryValue =3D TT_DESCRIPTOR_SECTION_TYPE_FAULT; - DEBUG ((EFI_D_PAGE, "SetMemoryAttributes(): setting section %lx with= unsupported attribute %x will page fault on access\n", BaseAddress, Attrib= utes)); - break; + // Although the PI spec is unclear on this, the GCD guarantees that only + // one Attribute bit is set at a time, so the order of the conditionals = below + // is irrelevant. If no memory attribute is specified, we preserve whate= ver + // memory type is set in the page tables, and update the permission attr= ibutes + // only. + if (Attributes & EFI_MEMORY_UC) { + // modify cacheability attributes + EntryMask |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; + // map to strongly ordered + EntryValue |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_STRONGLY_ORDERED; /= / TEX[2:0] =3D 0, C=3D0, B=3D0 + } else if (Attributes & EFI_MEMORY_WC) { + // modify cacheability attributes + EntryMask |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; + // map to normal non-cachable + EntryValue |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_NON_CACHEABLE; // T= EX [2:0]=3D 001 =3D 0x2, B=3D0, C=3D0 + } else if (Attributes & EFI_MEMORY_WT) { + // modify cacheability attributes + EntryMask |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; + // write through with no-allocate + EntryValue |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_WRITE_THROUGH_NO_AL= LOC; // TEX [2:0] =3D 0, C=3D1, B=3D0 + } else if (Attributes & EFI_MEMORY_WB) { + // modify cacheability attributes + EntryMask |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; + // write back (with allocate) + EntryValue |=3D TT_DESCRIPTOR_SECTION_CACHE_POLICY_WRITE_BACK_ALLOC; /= / TEX [2:0] =3D 001, C=3D1, B=3D1 + } else if (Attributes & CACHE_ATTRIBUTE_MASK) { + // catch unsupported memory type attributes + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } =20 + if (Attributes & EFI_MEMORY_RO) { + EntryValue |=3D TT_DESCRIPTOR_SECTION_AP_RO_RO; + } else { + EntryValue |=3D TT_DESCRIPTOR_SECTION_AP_RW_RW; + } =20 - default: - return EFI_UNSUPPORTED; + if (Attributes & EFI_MEMORY_XP) { + EntryValue |=3D TT_DESCRIPTOR_SECTION_XN_MASK; } =20 // obtain page table base @@ -697,13 +698,6 @@ SetMemoryAttributes ( return EFI_SUCCESS; } =20 - // - // Ignore invocations that only modify permission bits - // - if ((Attributes & EFI_MEMORY_CACHETYPE_MASK) =3D=3D 0) { - return EFI_SUCCESS; - } - FlushTlbs =3D FALSE; while (Length > 0) { if ((BaseAddress % TT_DESCRIPTOR_SECTION_SIZE =3D=3D 0) && --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat Nov 2 12:34:35 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1488821555242888.579885601996; Mon, 6 Mar 2017 09:32:35 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 13CE880339; Mon, 6 Mar 2017 09:32:34 -0800 (PST) Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B8E0480338 for ; Mon, 6 Mar 2017 09:32:32 -0800 (PST) Received: by mail-wm0-x233.google.com with SMTP id t193so70842451wmt.1 for ; Mon, 06 Mar 2017 09:32:32 -0800 (PST) Received: from ards-macbook-pro.c.hoisthospitality.com ([109.74.48.129]) by smtp.gmail.com with ESMTPSA id 136sm15704335wmg.12.2017.03.06.09.32.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Mar 2017 09:32:30 -0800 (PST) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lDUYVgE3a8FHzQLzU7xRWE2USka51gLWZbeM4GzwwK8=; b=E+8iKOfft+AxM8qtexuofxQXN6kWRmW9x9IoBPM9yUAJz2FYn2OZXKkBEn5b/t/ov9 n9lfu5kMf/QLsx7bdwkQAtq4qjqvSI5ur8+mt8V/RvLnXoDdZFH+F6A4oOg51BERdgKs ZaKjOeCqsEOQ7GHhqIlBaKEY2WqAAVlWoWflA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lDUYVgE3a8FHzQLzU7xRWE2USka51gLWZbeM4GzwwK8=; b=CN8OHM3HcZzqSLMXWA6X5DF+JkhE/MCSKcd1/50Y3LmdPAsc6ho0ueq6wjr1d45MVQ b5npiMCfhqM+YULbMC+o3nG/jdYA7839aBrLJGvxs6AK2C/NSiXg861ONPJBo/d3HeV3 0ovGXvmwxtl5LJkkhHprmEnrBWPSv1WgkYSOxOD38FtGRIuEIEs7RwYJhjAr2P90vFbc sFvumQMFVXXJqSCCqCXhzCUKczkIY5khcXjzKcTvAsz0ZEm+7fEKZrS5idMTfnhtyjEo pVOWHFKQ4zWPzaSEYx99hu15s6+fRXqdvE+jg5w1mBoN8jikd9MqYzIUT+4hXEnAzl68 vvWA== X-Gm-Message-State: AMke39nTGfNthttibt0bh+1V+cptq9yeyu+AOpMnQUzIzn3TUTX8b9hQSxaGLuglPb1CXnBg X-Received: by 10.28.13.80 with SMTP id 77mr13338551wmn.88.1488821551375; Mon, 06 Mar 2017 09:32:31 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org Date: Mon, 6 Mar 2017 18:32:15 +0100 Message-Id: <1488821535-14795-5-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488821535-14795-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH v3 4/4] ArmVirtPkg: enable PE/COFF image and memory protection for ARM platforms X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Like for AARCH64, enable PE/COFF image and NX memory protection for all 32-bit ARM virt platforms. Note that this does not [yet] protect EfiLoaderData regions, due to compatibility issues with GRUB. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- ArmVirtPkg/ArmVirt.dsc.inc | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index a91b27f13cf2..acfb71d3ff6c 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -18,7 +18,7 @@ [Defines] DEFINE TTY_TERMINAL =3D FALSE =20 [BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVE= R,BuildOptions.common.EDKII.UEFI_APPLICATION] - GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x1000 + GCC:*_*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000 =20 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS =3D -z common-page-size=3D0x1000 @@ -373,10 +373,6 @@ [PcdsFixedAtBuild.common] gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x80, 0x6d, 0x91, 0x7d= , 0xb1, 0x5b, 0x8c, 0x45, 0xa4, 0x8f, 0xe2, 0x5f, 0xdd, 0x51, 0xef, 0x94} !endif =20 -[PcdsFixedAtBuild.ARM] - gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 - -[PcdsFixedAtBuild.AARCH64] # # Enable strict image permissions for all images. (This applies # only to images that were built with >=3D 4 KB section alignment.) @@ -390,6 +386,9 @@ [PcdsFixedAtBuild.AARCH64] # gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC0000000= 00007FD1 =20 +[PcdsFixedAtBuild.ARM] + gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 + [Components.common] # # Networking stack --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel