From nobody Mon May 6 08:43:37 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490088283532962.3400196600663; Tue, 21 Mar 2017 02:24:43 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6430280475; Tue, 21 Mar 2017 02:24:42 -0700 (PDT) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 433AD80472 for ; Tue, 21 Mar 2017 02:24:40 -0700 (PDT) Received: by mail-wm0-x229.google.com with SMTP id n11so7443651wma.1 for ; Tue, 21 Mar 2017 02:24:40 -0700 (PDT) Received: from localhost.localdomain (188.16.90.92.rev.sfr.net. [92.90.16.188]) by smtp.gmail.com with ESMTPSA id k139sm16841848wmg.11.2017.03.21.02.24.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 21 Mar 2017 02:24:38 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=G1ru3a02UErN9ToSWVxb6gdp0NfAoNtIL58PTxzVyvo=; b=dOwQ3aKuNuB8jXl9X370Tui3NSx9JUJYLFmC4KQ1+/PMrwouzDn+9xTOeie6TXtfxr wWuvok9Ak3Jw7Na82S+0pTObLrwWZ54n1IkX013hM/A1kchfzyTRkgZiYCfji0vwvGlr TpgNnKQurtV1m+Jt2/2ocw7CUPOiHyHQ3AgYw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=G1ru3a02UErN9ToSWVxb6gdp0NfAoNtIL58PTxzVyvo=; b=Xyc601Ns8DclHVa3yMU/HwORtp4IR2WAK3CBWG/S2CtlApr9a8bBDeYsyV6ZhjQsGo hRiK4C69AM70SkudXTLSeDFJgGCl884mdZMk0pZYTJi+Jp2tHGxMyhz4Eh/x5RDhj9GI aZHfhjcIE795BOYreWCLSwyKSdfPR/4ko92obKvIsjUGGpM10nmTl6+RuKknQvOgdLRm QBOb5ziLV0GH/8Z7Pxu00js+HrJEZI+unI/Yzgo/lwgXZHijtRNAV84mEwENpPZGdHYo 1WZnnDaMHg/wtS3AZP87qJ3lXRZhhOV9eAQgXxisQ5DmIG2eew82G2DQCzJPQQgntV9o liog== X-Gm-Message-State: AFeK/H2rvCyI/LGjPZSz8jKw0K+tr6y8cuX/zpLzA6EiwbJ40QXug8+pxk0bp3JoINC6RCoy X-Received: by 10.28.132.20 with SMTP id g20mr1828493wmd.68.1490088278794; Tue, 21 Mar 2017 02:24:38 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org, lersek@redhat.com Date: Tue, 21 Mar 2017 09:23:28 +0000 Message-Id: <1490088209-8564-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1490088209-8564-1-git-send-email-ard.biesheuvel@linaro.org> References: <1490088209-8564-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH 1/2] ArmVirtPkg/HighMemDxe: use CPU arch protocol to apply memprotect policy X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: sigmaepsilon92@gmail.com, Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Instead of invoking gDS->SetMemorySpaceAttributes to set the EFI_MEMORY_XP attribute on newly added regions, which is guaranteed to fail if the same attribute was not declared as a capability of the region when it as added, invoke the CPU arch protocol directly to set the EFI_MEMORY_XP attribute if our memory protection policy demands it. Reported-by: Michael Zimmermann Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- ArmVirtPkg/HighMemDxe/HighMemDxe.c | 31 +++++++++++++++----- ArmVirtPkg/HighMemDxe/HighMemDxe.inf | 1 + 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/ArmVirtPkg/HighMemDxe/HighMemDxe.c b/ArmVirtPkg/HighMemDxe/Hig= hMemDxe.c index f70978f6414f..4e41120deff3 100644 --- a/ArmVirtPkg/HighMemDxe/HighMemDxe.c +++ b/ArmVirtPkg/HighMemDxe/HighMemDxe.c @@ -20,6 +20,7 @@ #include #include =20 +#include #include =20 EFI_STATUS @@ -30,6 +31,7 @@ InitializeHighMemDxe ( ) { FDT_CLIENT_PROTOCOL *FdtClient; + EFI_CPU_ARCH_PROTOCOL *Cpu; EFI_STATUS Status, FindNodeStatus; INT32 Node; CONST UINT32 *Reg; @@ -43,6 +45,10 @@ InitializeHighMemDxe ( (VOID **)&FdtClient); ASSERT_EFI_ERROR (Status); =20 + Status =3D gBS->LocateProtocol (&gEfiCpuArchProtocolGuid, NULL, + (VOID **)&Cpu); + ASSERT_EFI_ERROR (Status); + // // Check for memory node and add the memory spaces except the lowest one // @@ -78,13 +84,24 @@ InitializeHighMemDxe ( continue; } =20 + Status =3D gDS->SetMemorySpaceAttributes (CurBase, CurSize, + EFI_MEMORY_WB); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_WARN, + "%a: gDS->SetMemorySpaceAttributes() failed on region 0x%lx - = 0x%lx (%r)\n", + __FUNCTION__, CurBase, CurBase + CurSize - 1, Status)); + } + + // + // Due to the ambiguous nature of the RO/XP GCD memory space attri= butes, + // it is impossible to add a memory space with the XP attribute in= a way + // that does not result in the XP attribute being set on *all* UEFI + // memory map entries that are carved from it, including code regi= ons + // that require executable permissions. // - // Take care not to strip any permission attributes that will have= been - // set by DxeCore on the region we just added if a strict permissi= on - // policy is in effect for EfiConventionalMemory regions. - // Unfortunately, we cannot interrogate the GCD memory space map f= or - // those permissions, since they are not recorded there (for histo= rical - // reasons), so check the policy directly. + // So instead, we never set the RO/XP attributes in the GCD memory= space + // capabilities or attribute fields, and apply any protections dir= ectly + // on the page table mappings by going through the cpu arch protoc= ol. // Attributes =3D EFI_MEMORY_WB; if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & @@ -92,7 +109,7 @@ InitializeHighMemDxe ( Attributes |=3D EFI_MEMORY_XP; } =20 - Status =3D gDS->SetMemorySpaceAttributes (CurBase, CurSize, Attrib= utes); + Status =3D Cpu->SetMemoryAttributes (Cpu, CurBase, CurSize, Attrib= utes); =20 if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, diff --git a/ArmVirtPkg/HighMemDxe/HighMemDxe.inf b/ArmVirtPkg/HighMemDxe/H= ighMemDxe.inf index 89c743ebe058..ac1761974f52 100644 --- a/ArmVirtPkg/HighMemDxe/HighMemDxe.inf +++ b/ArmVirtPkg/HighMemDxe/HighMemDxe.inf @@ -41,6 +41,7 @@ [LibraryClasses] UefiDriverEntryPoint =20 [Protocols] + gEfiCpuArchProtocolGuid ## CONSUMES gFdtClientProtocolGuid ## CONSUMES =20 [Pcd] --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Mon May 6 08:43:37 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490088288673365.76333279915536; Tue, 21 Mar 2017 02:24:48 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 8F0B080487; Tue, 21 Mar 2017 02:24:47 -0700 (PDT) Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3A35780472 for ; Tue, 21 Mar 2017 02:24:45 -0700 (PDT) Received: by mail-wm0-x22c.google.com with SMTP id t189so7617382wmt.1 for ; Tue, 21 Mar 2017 02:24:45 -0700 (PDT) Received: from localhost.localdomain (188.16.90.92.rev.sfr.net. [92.90.16.188]) by smtp.gmail.com with ESMTPSA id k139sm16841848wmg.11.2017.03.21.02.24.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 21 Mar 2017 02:24:43 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5LZrsFgN1nMzgqcRBoMpaINCPwGTnp/r1Pn1I3TNf6U=; b=D9I3rERBBZXFzM6bQuqWkdAJ94PFelffNQDR4LaVevVfy/ljZUdZWFpwUHl1wvnQ8s knsKvb/RDmXW+rCyH5ZzxP5iZWB5q1r0YlJwc32UCgks02qLSt4Wa7213PFvYprU4wI1 eswusWjVq6FsNu512pGy8uPP89k6HdgQRgIpc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5LZrsFgN1nMzgqcRBoMpaINCPwGTnp/r1Pn1I3TNf6U=; b=scn5k44N2Ac4+h6YDCwsuGzs+jfiN/yOUcOG3JhgB9u9fD9qD5n/1TiG2MQ0MqR6LC 7X8L+atb6HfbjYhewZXkNct+1yghDCm9jqpHSPOLmPC/d4CAuJT6DqgCr0qNWPfvsX8B Nfhu4+X6BqlnFiXXyQTpq/xL+cGFy4uVSPC/WBjDOATvtwErzC5q9uXhNy8SyF2XHm60 p8Jy9MrTAFIxLEaaTCXbg8IOoHZaHW7ej4OxYYuuKssFcEoo1jOyvcqbZmbRxdjJlPQx m/INLO6Kk6IRutUaQuXUof0FgJwFM0PyBX2w1RKRIVAMTEm9x+UmIJcCIbPEPsKRABqh BxZw== X-Gm-Message-State: AFeK/H0ZJvTBrz2POu1DFZXPZbt/b5FVOqUBVsUw4EtQqHfueHLOxjpr0EQZB8t/UJ41W/9+ X-Received: by 10.28.212.79 with SMTP id l76mr1729396wmg.6.1490088283854; Tue, 21 Mar 2017 02:24:43 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org, lersek@redhat.com Date: Tue, 21 Mar 2017 09:23:29 +0000 Message-Id: <1490088209-8564-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1490088209-8564-1-git-send-email-ard.biesheuvel@linaro.org> References: <1490088209-8564-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH 2/2] ArmVirtPkg/HighMemDxe: check new regions against GCD memory space map X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: sigmaepsilon92@gmail.com, Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Instead of looking at the PCD gArmTokenSpaceGuid.PcdSystemMemoryBase to decide which DT node covers the memory we are already using, query the GCD memory space map, which is the authoritative source for this kind of information This fixes a problem observed by Michael on platforms where this PCD is of the 'Patchable' type, which means updates to its value do not propagate to other modules. Reported-by: Michael Zimmermann Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- ArmVirtPkg/HighMemDxe/HighMemDxe.c | 30 +++++++++++++------- ArmVirtPkg/HighMemDxe/HighMemDxe.inf | 1 - 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/ArmVirtPkg/HighMemDxe/HighMemDxe.c b/ArmVirtPkg/HighMemDxe/Hig= hMemDxe.c index 4e41120deff3..aa3f5f6d8956 100644 --- a/ArmVirtPkg/HighMemDxe/HighMemDxe.c +++ b/ArmVirtPkg/HighMemDxe/HighMemDxe.c @@ -30,16 +30,17 @@ InitializeHighMemDxe ( IN EFI_SYSTEM_TABLE *SystemTable ) { - FDT_CLIENT_PROTOCOL *FdtClient; - EFI_CPU_ARCH_PROTOCOL *Cpu; - EFI_STATUS Status, FindNodeStatus; - INT32 Node; - CONST UINT32 *Reg; - UINT32 RegSize; - UINTN AddressCells, SizeCells; - UINT64 CurBase; - UINT64 CurSize; - UINT64 Attributes; + FDT_CLIENT_PROTOCOL *FdtClient; + EFI_CPU_ARCH_PROTOCOL *Cpu; + EFI_STATUS Status, FindNodeStatus; + INT32 Node; + CONST UINT32 *Reg; + UINT32 RegSize; + UINTN AddressCells, SizeCells; + UINT64 CurBase; + UINT64 CurSize; + UINT64 Attributes; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; =20 Status =3D gBS->LocateProtocol (&gFdtClientProtocolGuid, NULL, (VOID **)&FdtClient); @@ -73,7 +74,14 @@ InitializeHighMemDxe ( } RegSize -=3D (AddressCells + SizeCells) * sizeof (UINT32); =20 - if (PcdGet64 (PcdSystemMemoryBase) !=3D CurBase) { + Status =3D gDS->GetMemorySpaceDescriptor (CurBase, &GcdDescriptor); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_WARN, + "%a: Region 0x%lx - 0x%lx not found in the GCD memory space map\= n", + __FUNCTION__, CurBase, CurBase + CurSize - 1)); + continue; + } + if (GcdDescriptor.GcdMemoryType =3D=3D EfiGcdMemoryTypeNonExistent) { Status =3D gDS->AddMemorySpace (EfiGcdMemoryTypeSystemMemory, CurB= ase, CurSize, EFI_MEMORY_WB); =20 diff --git a/ArmVirtPkg/HighMemDxe/HighMemDxe.inf b/ArmVirtPkg/HighMemDxe/H= ighMemDxe.inf index ac1761974f52..a7072e38d09d 100644 --- a/ArmVirtPkg/HighMemDxe/HighMemDxe.inf +++ b/ArmVirtPkg/HighMemDxe/HighMemDxe.inf @@ -45,7 +45,6 @@ [Protocols] gFdtClientProtocolGuid ## CONSUMES =20 [Pcd] - gArmTokenSpaceGuid.PcdSystemMemoryBase gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy =20 [Depex] --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel