From nobody Fri May 17 10:34:12 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+112027+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+112027+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1701683542; cv=none;
	d=zohomail.com; s=zohoarc;
	b=aImZ9l/qxNP71AlRXX77VWdLa5CzhnjbjZMwdunex8sN5lyN9avqQCDBgWObFF+cwMvLwS8KcvAgQBjGcjcRzAC6Hp1eowS26W4J0xn77IDkk4Gx29UYqRBz277X6/IEPtWKvdQiWK/OZKtXc4ph+x+H2r/+CaMq1OKAx/NPvoo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1701683542;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:Sender:Subject:Subject:To:To:Message-Id;
	bh=tOtyALOVrweEscSwvau2t/DtMZsaF9ZAsU6PlAwmHWk=;
	b=e+Bu90iTbwqCQjglI2zQ76oDkH8q84fKwCSUeqszGxuXE7JAOoz2xNgsQc7ytVgYic/Mb74zC3Si+qOCYTNtLfaTCWVyzjcgol+SPcLp/PzFCFhH4HE/4ZJV7ok1W7no81ZbTgmZt9qeMvBl6lpMJ8dwFtgcJs1ze+byItwCJhk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+112027+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1701683542836444.5772856537793;
 Mon, 4 Dec 2023 01:52:22 -0800 (PST)
Return-Path: <bounce+27952+112027+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=0bjYZx18TrhP+SMYIxrZVtppXRrreD8h3cUDAgvIdns=;
 c=relaxed/simple; d=groups.io;
 h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1701683542; v=1;
 b=NMrfRpVSSJm4QK1M7izevKgJ8YOP4adtzfoSLjFIiIxBC+k5V82ro56qOdEi609gbVjtp5eF
 4QBA77TGKrFb/QCv/MYcl/eqj3ek851WF8dKlxKGoNQODpfsD/lFTvs63shVoUkkSPTjj8ldj47
 7bu5UngjWRYkPrj2Wd1WI9tE=
X-Received: by 127.0.0.2 with SMTP id IFE1YY1788612xFhfhDiUL1y;
 Mon, 04 Dec 2023 01:52:22 -0800
X-Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com
 [209.85.221.73])
 by mx.groups.io with SMTP id smtpd.web10.66026.1701683541555855108
 for <devel@edk2.groups.io>;
 Mon, 04 Dec 2023 01:52:21 -0800
X-Received: by mail-wr1-f73.google.com with SMTP id
 ffacd0b85a97d-33342edbd15so799229f8f.0
        for <devel@edk2.groups.io>; Mon, 04 Dec 2023 01:52:21 -0800 (PST)
X-Gm-Message-State: cKJfVDgCF16Ime0hLpfkxhUPx1787277AA=
X-Google-Smtp-Source: 
 AGHT+IGFrFXYXOK91PCoSGajHtj66/ydKnu3T8BICs1SYnxjD1FAc0fvSG4/+KvD/FKJAMAspMC2hjk/
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a5d:4e46:0:b0:333:4926:fb93 with SMTP id
 r6-20020a5d4e46000000b003334926fb93mr19417wrt.7.1701683539410; Mon, 04 Dec
 2023 01:52:19 -0800 (PST)
Date: Mon,  4 Dec 2023 10:52:15 +0100
Mime-Version: 1.0
Message-ID: <20231204095215.1053032-1-ardb@google.com>
Subject: [edk2-devel] [PATCH] ArmVirtPkg: Allow EFI memory attributes protocol
 to be disabled
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
 "=?UTF-8?q?L=E1szl=F3=20=C9rsek?=" <lersek@redhat.com>,
	Gerd Hoffmann <kraxel@redhat.com>, Oliver Steffen <osteffen@redhat.com>,
	Alexander Graf <graf@amazon.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1701683545704100001
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Shim's PE loader uses the EFI memory attributes protocol in a way that
results in an immediate crash when invoking the loaded image unless the
base and size of its executable segment are both aligned to 4k.

If this is not the case, it will strip the executable permissions from
the memory allocation, but fail to add them back for the executable
region, resulting in non-executable code. Unfortunately, the PE loader
does not even bother invoking the protocol in this case (as it notices
the misalignment), making it very hard for system firmware to work
around this by attempting to infer the intent of the caller.

So let's introduce a QEMU command line option to indicate that the
protocol should not be exposed at all.

  -fw_cfg opt/org.tianocore/DisableMemAttrProtocol,string=3Dy

Cc: L=EF=BF=BDszl=EF=BF=BD =EF=BF=BDrsek <lersek@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Alexander Graf <graf@amazon.com>
Link: https://gitlab.com/qemu-project/qemu/-/issues/1990
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf |  2 +
 ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c               | 56 =
++++++++++++++++++++
 2 files changed, 58 insertions(+)

diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL=
ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i=
nf
index 997eb1a4429f..facd81a5d036 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -46,6 +46,7 @@ [LibraryClasses]
   PcdLib

   PlatformBmPrintScLib

   QemuBootOrderLib

+  QemuFwCfgSimpleParserLib

   QemuLoadImageLib

   ReportStatusCodeLib

   TpmPlatformHierarchyLib

@@ -73,5 +74,6 @@ [Guids]
 [Protocols]

   gEfiFirmwareVolume2ProtocolGuid

   gEfiGraphicsOutputProtocolGuid

+  gEfiMemoryAttributeProtocolGuid

   gEfiPciRootBridgeIoProtocolGuid

   gVirtioDeviceProtocolGuid

diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVi=
rtPkg/Library/PlatformBootManagerLib/PlatformBm.c
index 85c01351b09d..e17899100e4a 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
@@ -16,6 +16,7 @@
 #include <Library/PcdLib.h>

 #include <Library/PlatformBmPrintScLib.h>

 #include <Library/QemuBootOrderLib.h>

+#include <Library/QemuFwCfgSimpleParserLib.h>

 #include <Library/TpmPlatformHierarchyLib.h>

 #include <Library/UefiBootManagerLib.h>

 #include <Protocol/DevicePath.h>

@@ -1111,6 +1112,49 @@ PlatformBootManagerBeforeConsole (
   FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtio=
Serial);

 }

=20

+/**

+  Uninstall the EFI memory attribute protocol if it exists.

+**/

+STATIC

+VOID

+UninstallEfiMemoryAttributesProtocol (

+  VOID

+  )

+{

+  EFI_STATUS  Status;

+  EFI_HANDLE  Handle;

+  UINTN       Size;

+  VOID        *MemoryAttributeProtocol;

+

+  Size   =3D sizeof (Handle);

+  Status =3D gBS->LocateHandle (

+                  ByProtocol,

+                  &gEfiMemoryAttributeProtocolGuid,

+                  NULL,

+                  &Size,

+                  &Handle

+                  );

+

+  if (EFI_ERROR (Status)) {

+    ASSERT (Status =3D=3D EFI_NOT_FOUND);

+    return;

+  }

+

+  Status =3D gBS->HandleProtocol (

+                  Handle,

+                  &gEfiMemoryAttributeProtocolGuid,

+                  &MemoryAttributeProtocol

+                  );

+  ASSERT_EFI_ERROR (Status);

+

+  Status =3D gBS->UninstallProtocolInterface (

+                  Handle,

+                  &gEfiMemoryAttributeProtocolGuid,

+                  MemoryAttributeProtocol

+                  );

+  ASSERT_EFI_ERROR (Status);

+}

+

 /**

   Do the platform specific action after the console is ready

   Possible things that can be done in PlatformBootManagerAfterConsole:

@@ -1129,12 +1173,24 @@ PlatformBootManagerAfterConsole (
   )

 {

   RETURN_STATUS  Status;

+  BOOLEAN        FwCfgBool;

=20

   //

   // Show the splash screen.

   //

   BootLogoEnableLogo ();

=20

+  //

+  // Work around shim's terminally broken use of the EFI memory attributes

+  // protocol, by just uninstalling it when requested on the QEMU command =
line.

+  //

+  Status =3D QemuFwCfgParseBool (

+             "opt/org.tianocore/DisableMemAttrProtocol",

+             &FwCfgBool);

+  if (!RETURN_ERROR (Status) && FwCfgBool) {

+    UninstallEfiMemoryAttributesProtocol ();

+  }

+

   //

   // Process QEMU's -kernel command line option. The kernel booted this way

   // will receive ACPI tables: in PlatformBootManagerBeforeConsole(), we

--
2.43.0.rc2.451.g8631bc7472-goog



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112027): https://edk2.groups.io/g/devel/message/112027
Mute This Topic: https://groups.io/mt/102967690/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-