From nobody Sat Feb  7 08:43:53 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+100095+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100095+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1676301534; cv=none;
	d=zohomail.com; s=zohoarc;
	b=jzcx2kPjyN+kU52/bspONFFGMb7tAPe2eQKB5kN9WwKBEHxnmbYWtKUE1x8N2yXz6cLB8I+dzbQVG+EWJJJR1568bGFBM5OObZxVRBkqOdENVQyGpbSvmvT3WXyFXzyg+9rOcujqsAblk66F+FO27F5GGH7/9w8AVKO8usoTYqA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1676301534;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=tjpfOo7V3h/Y7I8rLAwfly8LQF4OD9CIH+2xvOY4HUw=;
	b=gRZ0zpM2rJdq2w0L3Oer8otP4PFQnY9yf+gqx8cZ+NqDcfB4cRgOJKsAPBuS8dB8GRdta1XlnKMTQCxQmcYcjgyfgx1sV6gOMoLxe4ouzw27q1zPflGrCuH36n1Yodxv9MvuNKufrcdXBIptpbhwy1nDXggLsvWtYU49pEFJK3g=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100095+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1676301534357149.60422470941273;
 Mon, 13 Feb 2023 07:18:54 -0800 (PST)
Return-Path: <bounce+27952+100095+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id LtuFYY1788612xTW4nC9NV6T;
 Mon, 13 Feb 2023 07:18:54 -0800
X-Received: from dfw.source.kernel.org (dfw.source.kernel.org
 [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.16817.1676301533108320915
 for <devel@edk2.groups.io>;
 Mon, 13 Feb 2023 07:18:53 -0800
X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 8CCBD61019;
	Mon, 13 Feb 2023 15:18:52 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5A2DDC4339E;
	Mon, 13 Feb 2023 15:18:49 +0000 (UTC)
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Matthew Garrett <mjg59@srcf.ucam.org>,
	Peter Jones <pjones@redhat.com>,
	Kees Cook <keescook@chromium.org>
Subject: [edk2-devel] [RFC 08/13] ArmPkg: Implement ArmSetMemoryOverrideLib
Date: Mon, 13 Feb 2023 16:18:05 +0100
Message-Id: <20230213151810.2301480-9-ardb@kernel.org>
In-Reply-To: <20230213151810.2301480-1-ardb@kernel.org>
References: <20230213151810.2301480-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
X-Gm-Message-State: k6Jq17Qq14VjKNOZmnJBBgm6x1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1676301534;
 bh=PFcr76lOJLGuIjEWkTlFEaqUxGRPwagU6IbeEL/Nk7g=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=IzDoTQq/b9XoUFVv100KjyH57T3W7iYdwtkGE5iDW0e+GF2nJmf0ZyXOJeZibsyCEq8
 p6z7NsYKS9qjo+YiNFjXkbPG43QzEma5V6FU1FDqtkra4LBM/Aeq8Ltcw8MSaWXk1mUg0
 t9gvhLRsCY2liXH4M5aYU2V1H9Jp9mIfO3Q=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1676301535747100009
Content-Type: text/plain; charset="utf-8"

Implement the ARM version of a NULL class library that can be overlaid
on top of the DXE core to equip it right from its launch with an
implementation of the CPU arch protocol member that sets type and
permission attributes on memory regions.

This bridges the gap between dispatch of DXE core and dispatch of the
DXE driver that implements the CPU arch protocol, removing the need to
rely on memory mappings that are writable and executable at the same
time.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c   | 56 ++=
++++++++++++++++++
 ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf | 25 ++=
+++++++
 2 files changed, 81 insertions(+)

diff --git a/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib=
.c b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c
new file mode 100644
index 000000000000..d2a9bc96be35
--- /dev/null
+++ b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c
@@ -0,0 +1,56 @@
+/** @file
+  Copyright (c) 2023, Google LLC. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <PiDxe.h>
+
+#include <Library/ArmMmuLib.h>
+#include <Library/DebugLib.h>
+#include <Protocol/Cpu.h>
+
+extern EFI_CPU_SET_MEMORY_ATTRIBUTES  gCpuSetMemoryAttributes;
+
+STATIC UINTN  mRecursionLevel;
+
+STATIC
+EFI_STATUS
+EFIAPI
+EarlyArmSetMemoryAttributes (
+  IN  EFI_CPU_ARCH_PROTOCOL  *This,
+  IN  EFI_PHYSICAL_ADDRESS   BaseAddress,
+  IN  UINT64                 Length,
+  IN  UINT64                 Attributes
+  )
+{
+  EFI_STATUS  Status;
+
+  // There are cases where the use of strict memory permissions may trigger
+  // unbounded recursion in the page table code. This happens when setting
+  // memory permissions results in a page table split and therefore a page
+  // allocation, which could trigger a recursive invocation of this functi=
on.
+  ASSERT (mRecursionLevel < 2);
+
+  mRecursionLevel++;
+
+  Status =3D ArmSetMemoryAttributes (
+             BaseAddress,
+             Length,
+             Attributes
+             );
+
+  mRecursionLevel--;
+  return Status;
+}
+
+RETURN_STATUS
+EFIAPI
+ArmSetMemoryOverrideLibConstructor (
+  VOID
+  )
+{
+  gCpuSetMemoryAttributes =3D EarlyArmSetMemoryAttributes;
+
+  return RETURN_SUCCESS;
+}
diff --git a/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib=
.inf b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf
new file mode 100644
index 000000000000..f07da3dd2d15
--- /dev/null
+++ b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf
@@ -0,0 +1,25 @@
+#/** @file
+#  Copyright (c) 2023, Google LLC. All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#**/
+
+[Defines]
+  INF_VERSION                    =3D 1.29
+  BASE_NAME                      =3D ArmSetMemoryOverrideLib
+  FILE_GUID                      =3D 849a43c0-6ad9-428e-8a5a-e090f7853bd3
+  MODULE_TYPE                    =3D BASE
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D NULL|DXE_CORE
+  CONSTRUCTOR                    =3D ArmSetMemoryOverrideLibConstructor
+
+[Sources.common]
+  ArmSetMemoryOverrideLib.c
+
+[Packages]
+  ArmPkg/ArmPkg.dec
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  ArmMmuLib
+  DebugLib
--=20
2.39.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100095): https://edk2.groups.io/g/devel/message/100095
Mute This Topic: https://groups.io/mt/96937487/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-