Topics

回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too


gaoliming
 

Meg:
What real problem do you meet with? What purpose is for this change? And, I also include UEFI Arch Rothman.

Rothman:
Can you help clarify what OS (Windows or Linux) behavior is expected for UEFI SP and CRYPTO memory attribute?

Thanks
Liming

-----邮件原件-----
发件人: bounce+27952+65683+4905953+8761045@groups.io
<bounce+27952+65683+4905953+8761045@groups.io> 代表 Malgorzata
Kukiello
发送时间: 2020年9月28日 23:39
收件人: devel@edk2.groups.io; gaoliming@...
抄送: Kinney, Michael D <michael.d.kinney@...>; Wang, Jian J
<jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Bi, Dandan
<dandan.bi@...>; Liu, Zhiguang <zhiguang.liu@...>; 'Oleksiy
Yakovlev' <oleksiyy@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>
主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding
page-access caps from OSes hides SP and CRYPTO caps too

Liming,
As for mktme there is a change commited:
https://patchwork.kernel.org/patch/10935909/
As for SP I can't find anything specific.
Thanks
Meg

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
Sent: Friday, September 25, 2020 10:55 AM
To: devel@edk2.groups.io; Kukiello, Malgorzata <jacek.kukiello@...>
Cc: Kinney, Michael D <michael.d.kinney@...>; Wang, Jian J
<jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Bi, Dandan
<dandan.bi@...>; Liu, Zhiguang <zhiguang.liu@...>; 'Oleksiy
Yakovlev' <oleksiyy@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>
Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for
hiding page-access caps from OSes hides SP and CRYPTO caps too

Malgorzata:
How do know OS (Windows or Linux) behavior for SP and CRYPTO attribute?
Is there the public document to describe this behavior?

Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+65566+4905953+8761045@groups.io
<bounce+27952+65566+4905953+8761045@groups.io> 代表 Malgorzata
Kukiello
发送时间: 2020年9月24日 18:22
收件人: devel@edk2.groups.io
抄送: Malgorzata Kukiello <jacek.kukiello@...>; Michael D Kinney
<michael.d.kinney@...>; Jian J Wang <jian.j.wang@...>; Hao
A Wu <hao.a.wu@...>; Dandan Bi <dandan.bi@...>; Liming Gao
<gaoliming@...>; Zhiguang Liu <zhiguang.liu@...>;
Oleksiy Yakovlev <oleksiyy@...>; Ard Biesheuvel
<ard.biesheuvel@...>
主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding
page-access caps from OSes hides SP and CRYPTO caps too

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982

The workaround in the UEFI memmap construction, near the end of the
function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c]
should
not clear the SP and CRYPTO bits, because OSes do (apparently)
correctly interpret SP and CRYPTO as capabilities, and not as
currently set attributes (upon which the OSes should set their page
tables). For this reason, the SP and CRYPTO bits should be separated
from the bitmask that we use for hiding the page-access attributes, in
the workaround

Signed-off-by: Malgorzata Kukiello <jacek.kukiello@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Dandan Bi <dandan.bi@...>
Cc: Liming Gao <gaoliming@...>
Cc: Zhiguang Liu <zhiguang.liu@...>
Cc: Oleksiy Yakovlev <oleksiyy@...>
Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@...>

MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------
MdePkg/Include/Uefi/UefiSpec.h | 3 ++-
2 files changed, 8 insertions(+), 7 deletions(-)
---------------------------------------------------------------------
Intel Technology Poland sp. z o.o.
ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII
Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP
957-07-52-316
| Kapita zakadowy 200.000 PLN.
Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata
i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej
wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie;
jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). If you are not the intended
recipient,
please contact the sender and delete all copies; any review or
distribution by
others is strictly prohibited.












---------------------------------------------------------------------
Intel Technology Poland sp. z o.o.
ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia
Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 |
Kapita zakadowy 200.000 PLN.
Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe
zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci,
prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek
przegldanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). If you are not the intended recipient, please
contact the sender and delete all copies; any review or distribution by others is
strictly prohibited.