From nobody Sat Feb  7 08:43:50 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+100094+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100094+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1676301533; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bhqaNxJfiZN2cGGfQHxjVsX7k8/SOwwWmw+f4KeXoo8RL0dBzPXq3hpThXFIFNmxuQyjFQqesOu3hv4DtlHgn+IKcpqyoTV3e3oO2hinvxJJx8+c+wq2AVobuWCJNqIUelyCOVCumtaEw2YQJYJV2tkHiWzc/22jYwBIClGl0AA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1676301533;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=8czoa0S6vESLDShedik7LVYcOhOL50FpV4kUZRnvVRQ=;
	b=H6JPu/nDJFSfgsU1PlmZPIgNUWlqJesYwaWTh/hJCOufJWSt4QNXFSa8blZUBk0ynfCp+2CjtoeMiPrcXqNWV2q5xWlajjp2KMc/PLsjAf8EQP4gTPW+3X7w6PZ+zjKdeh7wFgmVf88XnMsZ6EeXLDUMnzjVopG+dqOklXO5kWU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100094+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1676301533238573.5437101335036;
 Mon, 13 Feb 2023 07:18:53 -0800 (PST)
Return-Path: <bounce+27952+100094+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id OtrDYY1788612x63YqRVkQxT;
 Mon, 13 Feb 2023 07:18:52 -0800
X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by mx.groups.io with SMTP id smtpd.web10.16816.1676301531989068889
 for <devel@edk2.groups.io>;
 Mon, 13 Feb 2023 07:18:52 -0800
X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id 49167B8125E;
	Mon, 13 Feb 2023 15:18:50 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F967C433A1;
	Mon, 13 Feb 2023 15:18:46 +0000 (UTC)
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Matthew Garrett <mjg59@srcf.ucam.org>,
	Peter Jones <pjones@redhat.com>,
	Kees Cook <keescook@chromium.org>
Subject: [edk2-devel] [RFC 07/13] MdeModulePkg/DxeCore: Permit preliminary CPU
 arch fallback
Date: Mon, 13 Feb 2023 16:18:04 +0100
Message-Id: <20230213151810.2301480-8-ardb@kernel.org>
In-Reply-To: <20230213151810.2301480-1-ardb@kernel.org>
References: <20230213151810.2301480-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
X-Gm-Message-State: 0eaQHZz5jmKzvhaG4J7ack77x1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1676301532;
 bh=gFdxG7Ff8vTDE50nMj4o+GJ7Z4SU5O9H5FpkNYbflkw=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=gykqXcIwnFxWVfc+tFgLcZKJw+139sF9NmDPy1xDUFZwjlqT5581amG1NroYZ2fCcrF
 5P2OaOSetGuAHdFhFz//SOD+C1J9XbA23H4Y05WRT+R0OgqgIRxqkB7wmd2ZBNDMzbMjt
 2aanQGepYMSeSv2oXwFZlnHl6k57CEAf3E8=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1676301533656100006
Content-Type: text/plain; charset="utf-8"

Store the address of the SetMemoryAttributes() member of the CPU arch
protocol in a global variable, and invoke it via this variable. This
by itself should have not result in functional changes, but it permits
platforms to provide an preliminary implementation of this member at
link time, allowing the DXE core to enforce strict memory permissions
even before dispatching the CPU arch protocol driver itself.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C=
ore/Dxe/Misc/MemoryProtection.c
index 854651556de4..c29985ad3116 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -66,6 +66,8 @@ extern LIST_ENTRY  mGcdMemorySpaceMap;
=20
 STATIC LIST_ENTRY  mProtectedImageRecordList;
=20
+EFI_CPU_SET_MEMORY_ATTRIBUTES  gCpuSetMemoryAttributes;
+
 /**
   Sort code section in image record, based upon CodeSegmentBase from low t=
o high.
=20
@@ -224,8 +226,8 @@ SetUefiImageMemoryAttributes (
=20
   DEBUG ((DEBUG_INFO, "SetUefiImageMemoryAttributes - 0x%016lx - 0x%016lx =
(0x%016lx)\n", BaseAddress, Length, FinalAttributes));
=20
-  ASSERT (gCpu !=3D NULL);
-  gCpu->SetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes);
+  ASSERT (gCpuSetMemoryAttributes !=3D NULL);
+  gCpuSetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes);
 }
=20
 /**
@@ -408,7 +410,7 @@ ProtectUefiImage (
   DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage));
   DEBUG ((DEBUG_INFO, "  - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(=
UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));
=20
-  if (gCpu =3D=3D NULL) {
+  if (gCpuSetMemoryAttributes =3D=3D NULL) {
     return;
   }
=20
@@ -995,6 +997,8 @@ MemoryProtectionCpuArchProtocolNotify (
     goto Done;
   }
=20
+  gCpuSetMemoryAttributes =3D gCpu->SetMemoryAttributes;
+
   //
   // Apply the memory protection policy on non-BScode/RTcode regions.
   //
@@ -1278,7 +1282,7 @@ ApplyMemoryProtectionPolicy (
   // permission attributes, and it is the job of the driver that installs =
this
   // protocol to set the permissions on existing allocations.
   //
-  if (gCpu =3D=3D NULL) {
+  if (gCpuSetMemoryAttributes =3D=3D NULL) {
     return EFI_SUCCESS;
   }
=20
@@ -1318,5 +1322,5 @@ ApplyMemoryProtectionPolicy (
   //
   NewAttributes =3D GetPermissionAttributeForMemoryType (NewType);
=20
-  return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes);
+  return gCpuSetMemoryAttributes (gCpu, Memory, Length, NewAttributes);
 }
--=20
2.39.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100094): https://edk2.groups.io/g/devel/message/100094
Mute This Topic: https://groups.io/mt/96937485/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-