From: Will Deacon <will.deacon-5wv7dgnIgG8@public.gmane.org>
To: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Cc: "linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org"
<linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org>,
"linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Mark Rutland <Mark.Rutland-5wv7dgnIgG8@public.gmane.org>,
"msalter-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org"
<msalter-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"leif.lindholm-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org"
<leif.lindholm-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Catalin Marinas <Catalin.Marinas-5wv7dgnIgG8@public.gmane.org>
Subject: Re: [PATCH v2] arm64/efi: base UEFI mapping permissions on region attributes
Date: Thu, 27 Aug 2015 10:32:28 +0100 [thread overview]
Message-ID: <20150827093228.GA23520@arm.com> (raw)
In-Reply-To: <1440595802-20359-1-git-send-email-ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Hi Ard,
On Wed, Aug 26, 2015 at 02:30:02PM +0100, Ard Biesheuvel wrote:
> Currently, we infer the UEFI memory region mapping permissions
> from the memory region type (i.e., runtime services code are
> mapped RWX and runtime services data mapped RW-). This appears to
> work fine but is not entirely UEFI spec compliant. So instead, use
> the designated permission attributes to decide how these regions
> should be mapped.
>
> Since UEFIv2.5 introduces a new EFI_MEMORY_RO permission attribute,
> and redefines EFI_MEMORY_WP as a cacheability attribute, use only
> the former as a read-only attribute. For setting the PXN bit, the
> corresponding EFI_MEMORY_XP attribute is used.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> ---
> Changes since v1:
> - rewrote page size and alignment check to be more legible
> - use code that is STRICT_MM_TYPECHECKS compliant
>
> Example output of a recent Tianocore build on FVP Foundation model
> is attached below.
>
> arch/arm64/kernel/efi.c | 37 +++++++++++++-------
> 1 file changed, 24 insertions(+), 13 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c
> index ab21e0d58278..c8d587f46f3e 100644
> --- a/arch/arm64/kernel/efi.c
> +++ b/arch/arm64/kernel/efi.c
> @@ -235,7 +235,7 @@ static bool __init efi_virtmap_init(void)
>
> for_each_efi_memory_desc(&memmap, md) {
> u64 paddr, npages, size;
> - pgprot_t prot;
> + pteval_t prot_val;
>
> if (!(md->attribute & EFI_MEMORY_RUNTIME))
> continue;
> @@ -247,22 +247,33 @@ static bool __init efi_virtmap_init(void)
> memrange_efi_to_native(&paddr, &npages);
> size = npages << PAGE_SHIFT;
>
> - pr_info(" EFI remap 0x%016llx => %p\n",
> - md->phys_addr, (void *)md->virt_addr);
> + if (!is_normal_ram(md))
> + prot_val = PROT_DEVICE_nGnRE;
> + else
> + prot_val = pgprot_val(PAGE_KERNEL_EXEC);
>
> /*
> - * Only regions of type EFI_RUNTIME_SERVICES_CODE need to be
> - * executable, everything else can be mapped with the XN bits
> - * set.
> + * On 64 KB granule kernels, only use strict permissions when
> + * the region does not share a 64 KB page frame with another
> + * region at either end.
> */
> - if (!is_normal_ram(md))
> - prot = __pgprot(PROT_DEVICE_nGnRE);
> - else if (md->type == EFI_RUNTIME_SERVICES_CODE)
> - prot = PAGE_KERNEL_EXEC;
> - else
> - prot = PAGE_KERNEL;
> + if (PAGE_SIZE == EFI_PAGE_SIZE ||
> + (PAGE_ALIGNED(md->virt_addr) &&
> + PAGE_ALIGNED(md->phys_addr + md->num_pages * EFI_PAGE_SIZE))) {
Why do you use virt_addr instead of phys_addr for the base check?
Will
WARNING: multiple messages have this Message-ID (diff)
From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2] arm64/efi: base UEFI mapping permissions on region attributes
Date: Thu, 27 Aug 2015 10:32:28 +0100 [thread overview]
Message-ID: <20150827093228.GA23520@arm.com> (raw)
In-Reply-To: <1440595802-20359-1-git-send-email-ard.biesheuvel@linaro.org>
Hi Ard,
On Wed, Aug 26, 2015 at 02:30:02PM +0100, Ard Biesheuvel wrote:
> Currently, we infer the UEFI memory region mapping permissions
> from the memory region type (i.e., runtime services code are
> mapped RWX and runtime services data mapped RW-). This appears to
> work fine but is not entirely UEFI spec compliant. So instead, use
> the designated permission attributes to decide how these regions
> should be mapped.
>
> Since UEFIv2.5 introduces a new EFI_MEMORY_RO permission attribute,
> and redefines EFI_MEMORY_WP as a cacheability attribute, use only
> the former as a read-only attribute. For setting the PXN bit, the
> corresponding EFI_MEMORY_XP attribute is used.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> Changes since v1:
> - rewrote page size and alignment check to be more legible
> - use code that is STRICT_MM_TYPECHECKS compliant
>
> Example output of a recent Tianocore build on FVP Foundation model
> is attached below.
>
> arch/arm64/kernel/efi.c | 37 +++++++++++++-------
> 1 file changed, 24 insertions(+), 13 deletions(-)
>
> diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c
> index ab21e0d58278..c8d587f46f3e 100644
> --- a/arch/arm64/kernel/efi.c
> +++ b/arch/arm64/kernel/efi.c
> @@ -235,7 +235,7 @@ static bool __init efi_virtmap_init(void)
>
> for_each_efi_memory_desc(&memmap, md) {
> u64 paddr, npages, size;
> - pgprot_t prot;
> + pteval_t prot_val;
>
> if (!(md->attribute & EFI_MEMORY_RUNTIME))
> continue;
> @@ -247,22 +247,33 @@ static bool __init efi_virtmap_init(void)
> memrange_efi_to_native(&paddr, &npages);
> size = npages << PAGE_SHIFT;
>
> - pr_info(" EFI remap 0x%016llx => %p\n",
> - md->phys_addr, (void *)md->virt_addr);
> + if (!is_normal_ram(md))
> + prot_val = PROT_DEVICE_nGnRE;
> + else
> + prot_val = pgprot_val(PAGE_KERNEL_EXEC);
>
> /*
> - * Only regions of type EFI_RUNTIME_SERVICES_CODE need to be
> - * executable, everything else can be mapped with the XN bits
> - * set.
> + * On 64 KB granule kernels, only use strict permissions when
> + * the region does not share a 64 KB page frame with another
> + * region at either end.
> */
> - if (!is_normal_ram(md))
> - prot = __pgprot(PROT_DEVICE_nGnRE);
> - else if (md->type == EFI_RUNTIME_SERVICES_CODE)
> - prot = PAGE_KERNEL_EXEC;
> - else
> - prot = PAGE_KERNEL;
> + if (PAGE_SIZE == EFI_PAGE_SIZE ||
> + (PAGE_ALIGNED(md->virt_addr) &&
> + PAGE_ALIGNED(md->phys_addr + md->num_pages * EFI_PAGE_SIZE))) {
Why do you use virt_addr instead of phys_addr for the base check?
Will
next prev parent reply other threads:[~2015-08-27 9:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-26 13:30 [PATCH v2] arm64/efi: base UEFI mapping permissions on region attributes Ard Biesheuvel
2015-08-26 13:30 ` Ard Biesheuvel
[not found] ` <1440595802-20359-1-git-send-email-ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2015-08-27 9:32 ` Will Deacon [this message]
2015-08-27 9:32 ` Will Deacon
[not found] ` <20150827093228.GA23520-5wv7dgnIgG8@public.gmane.org>
2015-08-27 20:33 ` Ard Biesheuvel
2015-08-27 20:33 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150827093228.GA23520@arm.com \
--to=will.deacon-5wv7dgnigg8@public.gmane.org \
--cc=Catalin.Marinas-5wv7dgnIgG8@public.gmane.org \
--cc=Mark.Rutland-5wv7dgnIgG8@public.gmane.org \
--cc=ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=leif.lindholm-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=msalter-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.