From nobody Sun May 19 18:10:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99802+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99802+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675879107; cv=none; d=zohomail.com; s=zohoarc; b=S5yJ3pihOhAedfM4cMp/s6da/FRGy+Vg9Snx+brUwaEa4qCZF2taGbDOf/bgZigFphERS4Blt2OiudgHQxGIozYr7zexQ7Dtkrlx8iT9TMNL8/WsjuLppVbDWU6EsqFTdiVt2gL0YApBXVTDufl4jobRck2joydTHvLE2vwrRjA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675879107; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=t81ksS4gErY2ijheHXcAtT3pgGh7PhsG7psg2O7cbLo=; b=OEhmTP4wOih/pPM/MCF5yZJsIrwKR1I7Qdcg44rhriR3++rwZUJBOgmzX3na4PXWzzvkb1s7KMtGK/q4uGvnJVMf+G1tb2CtD9YNwa4c0+5T3sw4bbTHZ7UqoNsuPbTiWJe528F5Nds56uXMopteKwv47INS2cGUmplu03xKJZU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99802+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167587910716115.731567477933822; Wed, 8 Feb 2023 09:58:27 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id uTN6YY1788612xfm48cKvQFy; Wed, 08 Feb 2023 09:58:26 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.5341.1675879105782325376 for ; Wed, 08 Feb 2023 09:58:25 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2F6FF6171A; Wed, 8 Feb 2023 17:58:25 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C355C4339B; Wed, 8 Feb 2023 17:58:22 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [PATCH 1/3] ArmPkg/ArmMmuLib: Avoid splitting block entries if possible Date: Wed, 8 Feb 2023 18:58:10 +0100 Message-Id: <20230208175812.700129-2-ardb@kernel.org> In-Reply-To: <20230208175812.700129-1-ardb@kernel.org> References: <20230208175812.700129-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: EsfRxBxM95pybuK58PHnbk0ox1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675879106; bh=vTs1/irI0+JfFmVNcY/qjNeJW5Xz2aeP3BrHyR0p+jo=; h=Cc:Date:From:Reply-To:Subject:To; b=UZe6RGU4hOskSsppLs3LMZ4tfyipy+rUoRgF2lUY7p9uffeDpD6pEX4+sRNfJO4HhyE 365E0GniVK9GVu0dLHqw810cpoVAxLgDFOXNPV+dQw04SWSlsCo4ObOsxKCO+LQN8X/WO l+uotN3LDuE7HaZDAaNLhvZsUGB3jfoakPU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675879109086100007 Content-Type: text/plain; charset="utf-8" Currently, the AArch64 MMU page table logic will break down any block entry that overlaps with the region being mapped, even if the block entry in question is using the same attributes as the new region. This means that creating a non-executable mapping inside a region that is already mapped non-executable at a coarser granularity may trigger a call to AllocatePages (), which may recurse back into the page table code to update the attributes on the newly allocated page tables. Let's avoid this, by preserving the block entry if it already covers the region being mapped with the correct attributes. Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index 1cf8dc090012..28191938aeb1 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -251,6 +251,15 @@ UpdateRegionMappingRecursive ( ASSERT (Level < 3); =20 if (!IsTableEntry (*Entry, Level)) { + // + // If the region we are trying to map is already covered by a block + // entry with the right attributes, don't bother splitting it up. + // + if (IsBlockEntry (*Entry, Level) && + ((*Entry & TT_ATTRIBUTES_MASK & ~AttributeClearMask) =3D=3D At= tributeSetMask)) { + continue; + } + // // No table entry exists yet, so we need to allocate a page table // for the next level. --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99802): https://edk2.groups.io/g/devel/message/99802 Mute This Topic: https://groups.io/mt/96835913/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 18:10:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99803+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99803+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675879109; cv=none; d=zohomail.com; s=zohoarc; b=QoPPa+t8aLkq16H4VLGthozBj9vfnp5u+AnQzktsVYmSKDDoLZ/OeaxwMuUvWl0K28HocrX6uB+aIRY4QLylrslHqOPrcaeUHP/jkI02PvGOLOBpwg2ifex9Q9c2hf5bgk2p8Of5OjFPub2w7xq2cU5WPgfX+opu+w5kHVX/xrs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675879109; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=+XJj75zz1Fk6WyKbYMFhpDiMVKbgsXU89uhmwTH3/YU=; b=gA62A0wj7SAlBwpL4SXQQVc/1IzQnZaUypvEhAmo1/ZHdsEwFSuGW/+1MNpFtJtmZaSY++oqj4J3WlcBqstA36dRPHhEAlQXvmQe7DkiY8O4TzrkIp5Amjot9ogs8ilZyVOjuJQvskeQmN1d8UM4pmOP0QipLpwoJFb3eMDNKx0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99803+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675879109539751.1631897247393; Wed, 8 Feb 2023 09:58:29 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id ss4wYY1788612xPVLPFJnzvB; Wed, 08 Feb 2023 09:58:29 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.5435.1675879108545179638 for ; Wed, 08 Feb 2023 09:58:28 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 044C86173C; Wed, 8 Feb 2023 17:58:28 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0E684C433D2; Wed, 8 Feb 2023 17:58:24 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [PATCH 2/3] ArmPkg/CpuDxe: Perform preliminary NX remap of free memory Date: Wed, 8 Feb 2023 18:58:11 +0100 Message-Id: <20230208175812.700129-3-ardb@kernel.org> In-Reply-To: <20230208175812.700129-1-ardb@kernel.org> References: <20230208175812.700129-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: j5KxyfAf4UTd23xFtMc8GcmMx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675879109; bh=JmMeFtuYG3ZVOMLjltIA0eQIg843yN3w4K6kmZ7LtkE=; h=Cc:Date:From:Reply-To:Subject:To; b=buH6PR3pCBtKcgKRZWT/U9njDzFYnfq6LSF0S7qeCCh3hXKoZFle2nxyvZGiIVNR7oW XR0m9uNhvnznoIcdCWGf9wjCyoHhtvUCWv/GzteIpAFLItBW9gVTKwS3Cer7C2tRewv0c FLk0jRywmqthCMgO8jKxgG7ELX9uGgFXK08= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675879111080100009 Content-Type: text/plain; charset="utf-8" The DXE core implementation of PcdDxeNxMemoryProtectionPolicy already contains an assertion that EfiConventionalMemory and EfiBootServicesData are subjected to the same policy when it comes to the use of NX permissions. The reason for this is that we may otherwise end up with unbounded recursion in the page table code, given that allocating a page table would then involve a permission attribute change, and this could result in the need for a block entry to be split, which would trigger the allocation of a page table recursively. For the same reason, a shortcut exists in ApplyMemoryProtectionPolicy() where, instead of setting the memory attributes unconditionally, we compare the NX policies and avoid touching the page tables if they are the same for the old and the new memory types. Without this shortcut, we may end up in a situation where, as the CPU arch protocol DXE driver is ramping up, the same unbounded recursion is triggered, due to the fact that the NX policy for EfiConventionalMemory has not been applied yet. To break this cycle, let's remap all EfiConventionalMemory regions according to the NX policy for EfiBootServicesData before exposing the CPU arch protocol to the DXE core and other drivers. This ensures that creating EfiBootServicesData allocations does not result in memory attribute changes, and therefore no recursion. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/CpuDxe.c | 77 ++++++++++++++++++++ ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 2 + 2 files changed, 79 insertions(+) diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c index d04958e79e52..83fd6fd4e476 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c @@ -11,6 +11,8 @@ =20 #include =20 +#include + BOOLEAN mIsFlushingGCD; =20 /** @@ -227,6 +229,69 @@ InitializeDma ( CpuArchProtocol->DmaBufferAlignment =3D ArmCacheWritebackGranule (); } =20 +STATIC +VOID +RemapUnusedMemoryNx ( + VOID + ) +{ + UINT64 TestBit; + UINTN MemoryMapSize; + UINTN MapKey; + UINTN DescriptorSize; + UINT32 DescriptorVersion; + EFI_MEMORY_DESCRIPTOR *MemoryMap; + EFI_MEMORY_DESCRIPTOR *MemoryMapEntry; + EFI_MEMORY_DESCRIPTOR *MemoryMapEnd; + EFI_STATUS Status; + + TestBit =3D LShiftU64 (1, EfiBootServicesData); + if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & TestBit) =3D=3D 0) { + return; + } + + MemoryMapSize =3D 0; + MemoryMap =3D NULL; + + Status =3D gBS->GetMemoryMap ( + &MemoryMapSize, + MemoryMap, + &MapKey, + &DescriptorSize, + &DescriptorVersion + ); + ASSERT (Status =3D=3D EFI_BUFFER_TOO_SMALL); + do { + MemoryMap =3D (EFI_MEMORY_DESCRIPTOR *)AllocatePool (MemoryMapSize); + ASSERT (MemoryMap !=3D NULL); + Status =3D gBS->GetMemoryMap ( + &MemoryMapSize, + MemoryMap, + &MapKey, + &DescriptorSize, + &DescriptorVersion + ); + if (EFI_ERROR (Status)) { + FreePool (MemoryMap); + } + } while (Status =3D=3D EFI_BUFFER_TOO_SMALL); + + ASSERT_EFI_ERROR (Status); + + MemoryMapEntry =3D MemoryMap; + MemoryMapEnd =3D (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + Memory= MapSize); + while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) { + if (MemoryMapEntry->Type =3D=3D EfiConventionalMemory) { + ArmSetMemoryRegionNoExec ( + MemoryMapEntry->PhysicalStart, + EFI_PAGES_TO_SIZE (MemoryMapEntry->NumberOfPages) + ); + } + + MemoryMapEntry =3D NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorS= ize); + } +} + EFI_STATUS CpuDxeInitialize ( IN EFI_HANDLE ImageHandle, @@ -240,6 +305,18 @@ CpuDxeInitialize ( =20 InitializeDma (&mCpu); =20 + // + // Once we install the CPU arch protocol, the DXE core's memory + // protection routines will invoke them to manage the permissions of page + // allocations as they are created. Given that this includes pages + // allocated for page tables by this driver, we must ensure that unused + // memory is mapped with the same permissions as boot services data + // regions. Otherwise, we may end up with unbounded recursion, due to the + // fact that updating permissions on a newly allocated page table may tr= igger + // a block entry split, which triggers a page table allocation, etc etc + // + RemapUnusedMemoryNx (); + Status =3D gBS->InstallMultipleProtocolInterfaces ( &mCpuHandle, &gEfiCpuArchProtocolGuid, diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDx= e.inf index e732e21cb94a..8fd0f4133088 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf @@ -48,6 +48,7 @@ [LibraryClasses] DefaultExceptionHandlerLib DxeServicesTableLib HobLib + MemoryAllocationLib PeCoffGetEntryPointLib UefiDriverEntryPoint UefiLib @@ -64,6 +65,7 @@ [Guids] =20 [Pcd.common] gArmTokenSpaceGuid.PcdVFPEnabled + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy =20 [FeaturePcd.common] gArmTokenSpaceGuid.PcdDebuggerExceptionSupport --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99803): https://edk2.groups.io/g/devel/message/99803 Mute This Topic: https://groups.io/mt/96835915/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 18:10:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99804+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99804+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675879111; cv=none; d=zohomail.com; s=zohoarc; b=OwIhH5thB4NO7nop8lkuil9yGHaWviVCn8o7p5r0hc7GH5Ysv+XU48BKbOwBziazrcUr6P0hiHCTknb+q94qQ/hr9tbr7cQynOkAJMzfvSlhN195Mpe7eDYyO0dU3HSJ2RZAJoy4Nd/9aODe8G5cCB2Gl8Z419l8gDEzMBskNhM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675879111; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qiUl5lP1OWrLMk6YcPGBBVFAbXDunhzLSGYqPE69Mjw=; b=inxGrG7ZebrTMt685odc6wT4drXT6Wy2UDhh+VxYE1w3feRvvzhfh965OePzqclDik+htlL7NguoCBvKTuRPu+bzVV/kgZgPUrShQ6ad2vF15RWGW1lcnabvV/tpmFR/VA9qQOE5oCWKuTOBWmT6gbuBlehPVPnEOjgTQ9GAr4Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99804+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167587911184922.915601793412748; Wed, 8 Feb 2023 09:58:31 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 2LrjYY1788612xQMAgLM11kE; Wed, 08 Feb 2023 09:58:31 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.5346.1675879110960255578 for ; Wed, 08 Feb 2023 09:58:31 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 69D0C61784; Wed, 8 Feb 2023 17:58:30 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id D3DDFC4339E; Wed, 8 Feb 2023 17:58:27 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [PATCH 3/3] MdeModulePkg/DxeCore: Unconditionally set memory protections Date: Wed, 8 Feb 2023 18:58:12 +0100 Message-Id: <20230208175812.700129-4-ardb@kernel.org> In-Reply-To: <20230208175812.700129-1-ardb@kernel.org> References: <20230208175812.700129-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 9UhgpONuDiLcXdIRJXlTdrNJx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675879111; bh=FlZF8GZvJm1QD7UXKt+pfa6EIXpnngYAoKbcQO6D97I=; h=Cc:Date:From:Reply-To:Subject:To; b=RwCzpEi8RBuLOLIt4WIIIUSONn17juskicNW0Dwgn4KDH5yqGKGXV+AFe0QHPrVW1iU LP8VSU1pdUPRz22Fvw8UFNrCyxVYW9Swkg8kXKtIMqr8AKmMtEfYBkXigFdnsJp6W+jb5 dBx66Fjyq7jq325bQKWDEJcVdliIBKXAj20= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675879113073100013 Content-Type: text/plain; charset="utf-8" Instead of relying on a questionable heuristic that avoids calling into the SetMemoryAttributes () DXE service when the old memory type and the new one are subjected to the same NX memory protection policy, make this call unconditionally. This avoids corner cases where memory region attributes are out of sync with the policy, either due to the fact that we are in the middle of ramping up the protections, or due to explicit invocations of SetMemoryAttributes() by drivers. This requires the architecture page table code to be able to deal with this, in particular, it needs to be robust against potential recursion due to NX policies being applied to newly allocated page tables. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 29 -------------------- 1 file changed, 29 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 36987843f142..503feb72b5d0 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -1263,9 +1263,7 @@ ApplyMemoryProtectionPolicy ( IN UINT64 Length ) { - UINT64 OldAttributes; UINT64 NewAttributes; - EFI_STATUS Status; =20 // // The policy configured in PcdDxeNxMemoryProtectionPolicy @@ -1320,32 +1318,5 @@ ApplyMemoryProtectionPolicy ( // NewAttributes =3D GetPermissionAttributeForMemoryType (NewType); =20 - if (OldType !=3D EfiMaxMemoryType) { - OldAttributes =3D GetPermissionAttributeForMemoryType (OldType); - if (!mAfterDxeNxMemoryProtectionInit && - (OldAttributes =3D=3D NewAttributes)) { - return EFI_SUCCESS; - } - - // - // If available, use the EFI memory attribute protocol to obtain - // the current attributes of the region. If the entire region is - // covered and the attributes match, we don't have to do anything. - // - if (mMemoryAttribute !=3D NULL) { - Status =3D mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute, - Memory, - Length, - &OldAttributes - ); - if (!EFI_ERROR (Status) && (OldAttributes =3D=3D NewAttributes)) { - return EFI_SUCCESS; - } - } - } else if (NewAttributes =3D=3D 0) { - // newly added region of a type that does not require protection - return EFI_SUCCESS; - } - return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes); } --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99804): https://edk2.groups.io/g/devel/message/99804 Mute This Topic: https://groups.io/mt/96835917/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-