From nobody Sun Feb  8 10:33:55 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+99804+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+99804+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1675879111; cv=none;
	d=zohomail.com; s=zohoarc;
	b=OwIhH5thB4NO7nop8lkuil9yGHaWviVCn8o7p5r0hc7GH5Ysv+XU48BKbOwBziazrcUr6P0hiHCTknb+q94qQ/hr9tbr7cQynOkAJMzfvSlhN195Mpe7eDYyO0dU3HSJ2RZAJoy4Nd/9aODe8G5cCB2Gl8Z419l8gDEzMBskNhM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1675879111;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=qiUl5lP1OWrLMk6YcPGBBVFAbXDunhzLSGYqPE69Mjw=;
	b=inxGrG7ZebrTMt685odc6wT4drXT6Wy2UDhh+VxYE1w3feRvvzhfh965OePzqclDik+htlL7NguoCBvKTuRPu+bzVV/kgZgPUrShQ6ad2vF15RWGW1lcnabvV/tpmFR/VA9qQOE5oCWKuTOBWmT6gbuBlehPVPnEOjgTQ9GAr4Q=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+99804+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 167587911184922.915601793412748;
 Wed, 8 Feb 2023 09:58:31 -0800 (PST)
Return-Path: <bounce+27952+99804+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 2LrjYY1788612xQMAgLM11kE;
 Wed, 08 Feb 2023 09:58:31 -0800
X-Received: from dfw.source.kernel.org (dfw.source.kernel.org
 [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.5346.1675879110960255578
 for <devel@edk2.groups.io>;
 Wed, 08 Feb 2023 09:58:31 -0800
X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 69D0C61784;
	Wed,  8 Feb 2023 17:58:30 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id D3DDFC4339E;
	Wed,  8 Feb 2023 17:58:27 +0000 (UTC)
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	=?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>
Subject: [edk2-devel] [PATCH 3/3] MdeModulePkg/DxeCore: Unconditionally set
 memory protections
Date: Wed,  8 Feb 2023 18:58:12 +0100
Message-Id: <20230208175812.700129-4-ardb@kernel.org>
In-Reply-To: <20230208175812.700129-1-ardb@kernel.org>
References: <20230208175812.700129-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
X-Gm-Message-State: 9UhgpONuDiLcXdIRJXlTdrNJx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1675879111;
 bh=FlZF8GZvJm1QD7UXKt+pfa6EIXpnngYAoKbcQO6D97I=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=RwCzpEi8RBuLOLIt4WIIIUSONn17juskicNW0Dwgn4KDH5yqGKGXV+AFe0QHPrVW1iU
 LP8VSU1pdUPRz22Fvw8UFNrCyxVYW9Swkg8kXKtIMqr8AKmMtEfYBkXigFdnsJp6W+jb5
 dBx66Fjyq7jq325bQKWDEJcVdliIBKXAj20=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1675879113073100013
Content-Type: text/plain; charset="utf-8"

Instead of relying on a questionable heuristic that avoids calling into
the SetMemoryAttributes () DXE service when the old memory type and the
new one are subjected to the same NX memory protection policy, make this
call unconditionally. This avoids corner cases where memory region
attributes are out of sync with the policy, either due to the fact that
we are in the middle of ramping up the protections, or due to explicit
invocations of SetMemoryAttributes() by drivers.

This requires the architecture page table code to be able to deal with
this, in particular, it needs to be robust against potential recursion
due to NX policies being applied to newly allocated page tables.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 29 --------------------
 1 file changed, 29 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C=
ore/Dxe/Misc/MemoryProtection.c
index 36987843f142..503feb72b5d0 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -1263,9 +1263,7 @@ ApplyMemoryProtectionPolicy (
   IN  UINT64                Length
   )
 {
-  UINT64      OldAttributes;
   UINT64      NewAttributes;
-  EFI_STATUS  Status;
=20
   //
   // The policy configured in PcdDxeNxMemoryProtectionPolicy
@@ -1320,32 +1318,5 @@ ApplyMemoryProtectionPolicy (
   //
   NewAttributes =3D GetPermissionAttributeForMemoryType (NewType);
=20
-  if (OldType !=3D EfiMaxMemoryType) {
-    OldAttributes =3D GetPermissionAttributeForMemoryType (OldType);
-    if (!mAfterDxeNxMemoryProtectionInit &&
-        (OldAttributes =3D=3D NewAttributes)) {
-      return EFI_SUCCESS;
-    }
-
-    //
-    // If available, use the EFI memory attribute protocol to obtain
-    // the current attributes of the region. If the entire region is
-    // covered and the attributes match, we don't have to do anything.
-    //
-    if (mMemoryAttribute !=3D NULL) {
-      Status =3D mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute,
-                                                      Memory,
-                                                      Length,
-                                                      &OldAttributes
-                                                      );
-      if (!EFI_ERROR (Status) && (OldAttributes =3D=3D NewAttributes)) {
-        return EFI_SUCCESS;
-      }
-    }
-  } else if (NewAttributes =3D=3D 0) {
-    // newly added region of a type that does not require protection
-    return EFI_SUCCESS;
-  }
-
   return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes);
 }
--=20
2.39.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99804): https://edk2.groups.io/g/devel/message/99804
Mute This Topic: https://groups.io/mt/96835917/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-