From nobody Mon Feb 9 03:13:06 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99705+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99705+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675722082; cv=none; d=zohomail.com; s=zohoarc; b=h8T8P28jQTu33scYA6YvPqZ/LWwi7TBpRvgbHuvgRfdyv21tBpxtEHaVJ/x6pemVrZSBmIfHpTlQuVdSWGlSdyO5/7l7iUEzXXq1BOktB0gzjGY1h7HffGpyDB/NcJcGYdb8zfXIVvxXXvTQfk8MauL0rbzw/vghNYetWKcvKdA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675722082; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=yAGxb2nMNO7WACPZh29nDwo/wz3UXS09RWSibsrhApc=; b=F7XjV4/TMu4Db/6nfXpE0phpxS1TAGTkDwejtu+N3tnihs/VBqyCg4wxxXy3HdEWIIQwZ0TTifoeAkCsFc5/3DpwlGhoZug1OaJmoulv2hyHOXB701tV80+28C6LS8R9rIiZIPNMRyXzGdfo2HdwUkMNu+x71AFDoO0vruUbCV0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99705+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675722082681615.3840021241421; Mon, 6 Feb 2023 14:21:22 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id m6A9YY1788612x8AjkWrJeTL; Mon, 06 Feb 2023 14:21:22 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.68453.1675722081932082835 for ; Mon, 06 Feb 2023 14:21:22 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 729A261047; Mon, 6 Feb 2023 22:21:21 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id B106FC433A1; Mon, 6 Feb 2023 22:21:18 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [NOT FOR MERGE v3 5/5] MdeModulePkg/DxeCore: add DEBUG code for memory attribute handling Date: Mon, 6 Feb 2023 23:21:00 +0100 Message-Id: <20230206222100.411169-6-ardb@kernel.org> In-Reply-To: <20230206222100.411169-1-ardb@kernel.org> References: <20230206222100.411169-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: mRsOrkFfQYDEHrw4RFaw4GIgx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675722082; bh=Vm/T+t/cqU8JsuiXFiy25GO4HaBBcKaUT9AsjUYyu8g=; h=Cc:Date:From:Reply-To:Subject:To; b=sv/qVI1n5kJyb6GiataFtUgbg6ky4pAQk8aStSr1pYrNgPWym8fqkXledvhJDPRdiLO BlZ7C9SPJ7IZJPLg+LHdgsEEVESow1ZKFhtlJGgspuJbkugz2kJBKKLKMXUGd4elqmPGY cr1JZhPw6wsfVuMgXPVTKy5LDoXFZcBxhp8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675722084456100018 Content-Type: text/plain; charset="utf-8" NOT FOR MERGE Add some DEBUG code to double check that the memory attributes have been modified as expected by the code that manages read-only and/or non-exec permissions for page allocations and loaded images. --- MdeModulePkg/Core/Dxe/DxeMain.inf | 1 + MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 79 +++++++++++++++++++- 2 files changed, 77 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeM= ain.inf index 35d5bf0dee6f..87caff8289ee 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.inf +++ b/MdeModulePkg/Core/Dxe/DxeMain.inf @@ -154,6 +154,7 @@ [Protocols] gEfiHiiPackageListProtocolGuid ## SOMETIMES_PRODUCES gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES gEdkiiPeCoffImageEmulatorProtocolGuid ## SOMETIMES_CONSUMES + gEfiMemoryAttributeProtocolGuid ## SOMETIMES_CONSUMES =20 # Arch Protocols gEfiBdsArchProtocolGuid ## CONSUMES diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index b89ab046fa73..18b5a1d2b69d 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include =20 #include +#include #include =20 #include "DxeMain.h" @@ -66,6 +67,8 @@ extern LIST_ENTRY mGcdMemorySpaceMap; =20 STATIC LIST_ENTRY mProtectedImageRecordList; =20 +EFI_MEMORY_ATTRIBUTE_PROTOCOL *mMemoryAttribute; + /** Sort code section in image record, based upon CodeSegmentBase from low t= o high. =20 @@ -226,6 +229,33 @@ SetUefiImageMemoryAttributes ( =20 ASSERT (gCpu !=3D NULL); gCpu->SetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes); + + DEBUG_CODE_BEGIN (); + + UINT64 OldAttributes; + EFI_STATUS Status; + + if (mMemoryAttribute !=3D NULL) { + Status =3D mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute, + BaseAddress, + Length, + &OldAttributes + ); + ASSERT_EFI_ERROR (Status); + + FinalAttributes &=3D EFI_MEMORY_ATTRIBUTE_MASK; + if (FinalAttributes !=3D OldAttributes) { + DEBUG ((DEBUG_WARN, + "%a: Expected 0x%llx for new attributes, actual 0x%llx\n", + __FUNCTION__, + FinalAttributes, + OldAttributes + )); + ASSERT (FALSE); + } + } + + DEBUG_CODE_END (); } =20 /** @@ -995,6 +1025,16 @@ MemoryProtectionCpuArchProtocolNotify ( goto Done; } =20 + DEBUG_CODE_BEGIN (); + // + // Grab a reference to the EFI memory attributes table if it exists + // + CoreLocateProtocol (&gEfiMemoryAttributeProtocolGuid, + NULL, + (VOID **)&mMemoryAttribute + ); + DEBUG_CODE_END (); + // // Apply the memory protection policy on non-BScode/RTcode regions. // @@ -1246,8 +1286,9 @@ ApplyMemoryProtectionPolicy ( IN UINT64 Length ) { - UINT64 OldAttributes; - UINT64 NewAttributes; + UINT64 OldAttributes; + UINT64 NewAttributes; + EFI_STATUS Status; =20 // // The policy configured in PcdDxeNxMemoryProtectionPolicy @@ -1313,5 +1354,37 @@ ApplyMemoryProtectionPolicy ( return EFI_SUCCESS; } =20 - return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes); + Status =3D gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttribute= s); + if (EFI_ERROR (Status)) { + return Status; + } + + DEBUG_CODE_BEGIN (); + + // + // If available, use the EFI memory attribute protocol to double + // check that the entire region has the expected attributes. + // + if (mMemoryAttribute !=3D NULL) { + Status =3D mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute, + Memory, + Length, + &OldAttributes + ); + ASSERT_EFI_ERROR (Status); + + if (OldAttributes !=3D NewAttributes) { + DEBUG ((DEBUG_WARN, + "%a: Expected 0x%llx for new attributes, actual 0x%llx\n", + __FUNCTION__, + NewAttributes, + OldAttributes + )); + ASSERT (FALSE); + } + } + + DEBUG_CODE_END (); + + return EFI_SUCCESS; } --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99705): https://edk2.groups.io/g/devel/message/99705 Mute This Topic: https://groups.io/mt/96795082/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-