This patch adds a simple non-driver protection domain sample to serve
as an example for defining other non-driver protection domains. It
simply performs a ping-pong test of protection domain switching
latency during boot, including optional accesses to a private metadata
region, and prints out the results.
This patch extends the protection domain framework with a third plugin
that is a hybrid of the previous two. The hardware task switching
mechanism has a strictly-defined format for TSS data structures that
causes more space to be consumed than would otherwise be required.
This patch defines a smaller data structure that is allocated for each
protection domain, only requiring 32 bytes instead of 128 bytes. It
uses the same multi-segment memory layout as the TSS-based plugin and
leaves paging disabled. However, it uses a similar mechanism as the
paging plugin to perform system call dispatches and returns.
For additional information, please refer to cpu/x86/mm/README.md.
This patch extends the protection domain framework with an additional
plugin to use Task-State Segment (TSS) structures to offload much of
the work of switching protection domains to the CPU. This can save
space compared to paging, since paging requires two 4KiB page tables
and one 32-byte page table plus one whole-system TSS and an additional
32-byte data structure for each protection domain, whereas the
approach implemented by this patch just requires a 128-byte data
structure for each protection domain. Only a small number of
protection domains will typically be used, so
n * 128 < 8328 + (n * 32).
For additional information, please refer to cpu/x86/mm/README.md.
GCC 6 is introducing named address spaces for the FS and GS segments
[1]. LLVM Clang also provides address spaces for the FS and GS
segments [2]. This patch also adds support to the multi-segment X86
memory management subsystem for using these features instead of inline
assembly blocks, which enables type checking to detect some address
space mismatches.
[1] https://gcc.gnu.org/onlinedocs/gcc/Named-Address-Spaces.html
[2] http://llvm.org/releases/3.3/tools/clang/docs/LanguageExtensions.html#target-specific-extensions
This patch implements a simple, lightweight form of protection domains
using a pluggable framework. Currently, the following plugin is
available:
- Flat memory model with paging.
The overall goal of a protection domain implementation within this
framework is to define a set of resources that should be accessible to
each protection domain and to prevent that protection domain from
accessing other resources. The details of each implementation of
protection domains may differ substantially, but they should all be
guided by the principle of least privilege. However, that idealized
principle is balanced against the practical objectives of limiting the
number of relatively time-consuming context switches and minimizing
changes to existing code.
For additional information, please refer to cpu/x86/mm/README.md.
This patch also causes the C compiler to be used as the default linker
and assembler.
The UEFI GenFw program inserts headers ahead of the code in the UEFI
binary. The linker script adjusts the starting address of the .text
section to account for that. This prevents the symbols from being
perturbed. This patch accounts for a recent change in the size of the
headers added by the GenFw program.
This patch configures Isolated Memory Regions (IMRs) to block DMA to
code and data regions that do not contain any data that needs to be
DMA-accessible.
This patch adds an example program to print out information about the
configuration of the Intel Quark X1000 SoC Isolated Memory Regions
(IMRs), the Host System Management Mode Controls register, and the
Host Memory I/O Boundary register.
The Intel Quark X1000 SoC includes support for Isolated Memory Regions
(IMRs), which are specified using range registers and associated
control registers that are accessible via the message bus. This patch
adds a driver for accessing those registers.
The Intel Quark X1000 SoC includes a message bus that is accessible
via PCI configuration registers. It communicates to various SoC
components such as the Isolated Memory Region (IMR) registers and the
Remote Management Unit. This patch adds a driver for accessing the
message bus.