From nobody Sat Nov 2 12:17:10 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1488290198980237.09981826882654; Tue, 28 Feb 2017 05:56:38 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 7784881F56; Tue, 28 Feb 2017 05:56:36 -0800 (PST) Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D514881F45 for ; Tue, 28 Feb 2017 05:56:34 -0800 (PST) Received: by mail-wr0-x234.google.com with SMTP id l37so9347103wrc.1 for ; Tue, 28 Feb 2017 05:56:34 -0800 (PST) Received: from localhost.localdomain ([105.149.201.216]) by smtp.gmail.com with ESMTPSA id 186sm18600511wmw.24.2017.02.28.05.56.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 28 Feb 2017 05:56:32 -0800 (PST) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=0ggdoV7gNWxG4E+fQOHNQNyOYF6mdE68G2e3Cw1M9BA=; b=bET4gWoK3lMCNd3Wf9QlWblwokjEy5qqBDZ/FZc/VDtSxBwF6N5cd3TKUWCQUmJ6ZD k9wn+EDAOudD4e1thWKeoYKp0ZpDtamYcwxa2q9t0zAErc40Z58ZmwnCi3zx94YWxV0v N26chdEhJgzQMXLkkugp3fJwMW9KW2GcfnDOw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=0ggdoV7gNWxG4E+fQOHNQNyOYF6mdE68G2e3Cw1M9BA=; b=EG3W8v06xZQMN8yrjZ2w2yattjclChuDqzEJUvcBaDDSzVTGBpuwvY1cCJmy0Ft42f +/8RJiDEUx+2zIa4rhsSS01w5epSv8BoOSjZbC8UWbCKC9xDkKEAVIOT4HCyB9qvry5E Nlrz4VUTKw7myZGuU9zcizJUVNmTivY1fRVG28MVLpuf6CwlrX5C7VY9binZVgDXFPze ScNQZcr+UUuL+Vc1N0GDUnTVPSyXWqmO6agNWTCibWfWzjWqPfYWi6c45/oh7y5uRqpH ZHXnzj3aGDn7ElFwZaIIWpRxbsXT1EWQ/wGxzh7QM0S+mOH6RFVeiHpoxE8ULyMF+42a PHew== X-Gm-Message-State: AMke39lcjvHAcI6yo6DcfxTwA1o+j9Z96wIp/RRkzYZtYM7lqfP22RQykqClgjpyLZvVLuZ7 X-Received: by 10.223.152.83 with SMTP id v77mr2472183wrb.109.1488290193414; Tue, 28 Feb 2017 05:56:33 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, lersek@redhat.com Date: Tue, 28 Feb 2017 13:56:09 +0000 Message-Id: <1488290169-10701-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [edk2] [PATCH] ArmVirtPkg/HighMemDxe: preserve non-exec permissions on newly added regions X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Using DxeServices::SetMemorySpaceAttributes to set cacheability attributes has the side effect of stripping permission attributes, given that those are bits in the same bitfield, and so setting the Attributes argument to EFI_MEMORY_WB implies not setting EFI_MEMORY_XP or EFI_MEMORY_RO attributes. In fact, the situation is even worse, given that the descriptor returned by DxeServices::GetMemorySpaceDescriptor does not reflect the permission attributes that may have been set by the preceding call to DxeServices::AddMemorySpace if PcdDxeNxMemoryProtectionPolicy has been configured to map EfiConventionalMemory with non-executable permissions. Note that this applies equally to the non-executable stack and to PE/COFF sections that may have been mapped with R-X or RW- permissions. This is due to the ambiguity in the meaning of the EFI_MEMORY_RO/EFI_MEMORY_XP attributes when used in the GCD memory map, i.e., between signifying that an underlying RAM region has the controls to be configures as read-only or non-executable, and signifying that the contents of a certain UEFI memory region allow them to be mapped with certain restricted permissions. So let's check the policy in PcdDxeNxMemoryProtectionPolicy directly, and set the EFI_MEMORY_XP attribute if appropriate for EfiConventionalMemory regions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- ArmVirtPkg/HighMemDxe/HighMemDxe.c | 18 ++++++++++++++++-- ArmVirtPkg/HighMemDxe/HighMemDxe.inf | 1 + 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/HighMemDxe/HighMemDxe.c b/ArmVirtPkg/HighMemDxe/Hig= hMemDxe.c index 22f738279b20..853660437cb0 100644 --- a/ArmVirtPkg/HighMemDxe/HighMemDxe.c +++ b/ArmVirtPkg/HighMemDxe/HighMemDxe.c @@ -37,6 +37,7 @@ InitializeHighMemDxe ( UINTN AddressCells, SizeCells; UINT64 CurBase; UINT64 CurSize; + UINT64 Attributes; =20 Status =3D gBS->LocateProtocol (&gFdtClientProtocolGuid, NULL, (VOID **)&FdtClient); @@ -77,8 +78,21 @@ InitializeHighMemDxe ( continue; } =20 - Status =3D gDS->SetMemorySpaceAttributes (CurBase, CurSize, - EFI_MEMORY_WB); + // + // Take care not to strip any permission attributes that will have= been + // set by DxeCore on the region we just added if a strict permissi= on + // policy is in effect for EfiConventionalMemory regions. + // Unfortunately, we cannot interrogate the GCD memory space map f= or + // those permissions, since they are not recorded there (for histo= rical + // reasons), so check the policy directly. + // + Attributes =3D EFI_MEMORY_WB; + if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & + (1UL << (UINT32)EfiConventionalMemory)) !=3D 0) { + Attributes |=3D EFI_MEMORY_XP; + } + + Status =3D gDS->SetMemorySpaceAttributes (CurBase, CurSize, Attrib= utes); =20 if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, diff --git a/ArmVirtPkg/HighMemDxe/HighMemDxe.inf b/ArmVirtPkg/HighMemDxe/H= ighMemDxe.inf index 3661cfd8c80c..89c743ebe058 100644 --- a/ArmVirtPkg/HighMemDxe/HighMemDxe.inf +++ b/ArmVirtPkg/HighMemDxe/HighMemDxe.inf @@ -45,6 +45,7 @@ [Protocols] =20 [Pcd] gArmTokenSpaceGuid.PcdSystemMemoryBase + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy =20 [Depex] gEfiCpuArchProtocolGuid AND gFdtClientProtocolGuid --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel