From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101105+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101105+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727858; cv=none; d=zohomail.com; s=zohoarc; b=ZUCqYNjCy+y3yOSm/ftNWVZK1ourfFnj3Mqg382qk2Wu4VuUcVMUU2JD1vJ40jhKax5AuqdePwqG2zNpGVQ5jGwafAptDGJGTOBLch5z1Ltk07mTaUVkjDNP234gNvyE1l6MFkWz94w3WpzjGgjxwAybqgKWI+JX4qcPhUCbEc0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727858; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=6k6ElCEmwrJvTvTNLJ9vheXusXNU+YgK6wuUbhzPbP0=; b=FQhY5DQVoIH2PPNtbCT9eJR76uH/wOaMM10uRduyzstTmkBoCGkZlwnpd6+FmQugfuEy0cAdZG7IT/lEuDr1gi1rnV9DoBh7j40MWE4fLoNzLHJdHYhETboAnEnfAta0FUnxkkPbF2WMIlUzimxjDEqLuDrx9rEmjdzANPITZvg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101105+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727858487754.6997758423153; Mon, 13 Mar 2023 10:17:38 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id RmOUYY1788612xH5SWlWeZFc; Mon, 13 Mar 2023 10:17:37 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25777.1678727857304579150 for ; Mon, 13 Mar 2023 10:17:37 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BCCC06141D; Mon, 13 Mar 2023 17:17:36 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id F1621C4339C; Mon, 13 Mar 2023 17:17:33 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 01/38] ArmPkg/ArmMmuLib ARM: Remove half baked large page support Date: Mon, 13 Mar 2023 18:16:37 +0100 Message-Id: <20230313171714.3866151-2-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: bQrq8jHu18C5ozB31cyYmJUTx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727857; bh=0fOAlivm2pM6ARg2LaqRUvRxVgDm3FAYG8LOr+fcYeg=; h=Cc:Date:From:Reply-To:Subject:To; b=psNtvs8BjSQbzRE29ltB/VKlbx/hoFISG+H0mRCUmPoXx8dppjNm9iO2mLQ5aRGxQts S7hC0g2r6vQIDDGREKVT2XCPMy24iB9F/Retojpk9POKO60VCJAzkb8RRw80kBcxXAoIx FVMy9vbpZxPBp+48y4a34B//GHUgstu1f5w= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727859959100005 Content-Type: text/plain; charset="utf-8" Large page support on 32-bit ARM is essentially a glorified contiguous bit where 16 consecutive entries describing a contiguous range with the same attributes are presented in a way that permits the TLB to cache its translation with a single entry. This was never wired up completely, and does not add a lot of value in EFI, where the page granularity is 4k and we expect to be able to set RO and XP permissions on individual pages. Given that large page support complicates the handling of the XN bit at the page level (which is in a different place depending on whether the page is small or large), let's just rip it out. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 8 ++--- ArmPkg/Include/Chipset/ArmV7Mmu.h | 38 ++++++-------------- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c | 7 ++-- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c | 2 +- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 2 +- 5 files changed, 19 insertions(+), 38 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mm= u.c index 2daf47ba6fe5..ea856f5cdd26 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -165,7 +165,7 @@ SyncCacheConfigPage ( =20 // Convert SectionAttributes into PageAttributes NextPageAttributes =3D - TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY (*NextSectionAttributes, 0)= | + TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY (*NextSectionAttributes) | TT_DESCRIPTOR_CONVERT_TO_PAGE_AP (*NextSectionAttributes); =20 // obtain page table base @@ -212,7 +212,7 @@ SyncCacheConfigPage ( =20 // Convert back PageAttributes into SectionAttributes *NextSectionAttributes =3D - TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (NextPageAttributes, 0) | + TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (NextPageAttributes) | TT_DESCRIPTOR_CONVERT_TO_SECTION_AP (NextPageAttributes); =20 return EFI_SUCCESS; @@ -399,7 +399,7 @@ GetMemoryRegionPage ( UINT32 PageDescriptor; =20 // Convert the section attributes into page attributes - PageAttributes =3D ConvertSectionAttributesToPageAttributes (*RegionAttr= ibutes, 0); + PageAttributes =3D ConvertSectionAttributesToPageAttributes (*RegionAttr= ibutes); =20 // Calculate index into first level translation table for start of modif= ication TableIndex =3D ((*BaseAddress) & TT_DESCRIPTOR_PAGE_INDEX_MASK) >> TT_D= ESCRIPTOR_PAGE_BASE_SHIFT; @@ -479,7 +479,7 @@ GetMemoryRegion ( ASSERT (PageTableIndex < TRANSLATION_TABLE_PAGE_COUNT); =20 PageAttributes =3D PageTable[PageTableIndex] & TT_DESCRIPTOR_PAGE_A= TTRIBUTE_MASK; - *RegionAttributes =3D TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (P= ageAttributes, 0) | + *RegionAttributes =3D TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (P= ageAttributes) | TT_DESCRIPTOR_CONVERT_TO_SECTION_AP (PageAttribute= s); } =20 diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b/ArmPkg/Include/Chipset/Arm= V7Mmu.h index db99527d6efa..7501ebfdf97f 100644 --- a/ArmPkg/Include/Chipset/ArmV7Mmu.h +++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h @@ -98,9 +98,8 @@ #define TT_DESCRIPTOR_PAGE_AP_RO_NO ((1UL << 9) | (1UL << 4)) #define TT_DESCRIPTOR_PAGE_AP_RO_RO ((1UL << 9) | (3UL << 4)) =20 -#define TT_DESCRIPTOR_SECTION_XN_MASK (0x1UL << 4) -#define TT_DESCRIPTOR_PAGE_XN_MASK (0x1UL << 0) -#define TT_DESCRIPTOR_LARGEPAGE_XN_MASK (0x1UL << 15) +#define TT_DESCRIPTOR_SECTION_XN_MASK (0x1UL << 4) +#define TT_DESCRIPTOR_PAGE_XN_MASK (0x1UL << 0) =20 #define TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK ((3UL <= < 12) | (1UL << 3) | (1UL << 2)) #define TT_DESCRIPTOR_SECTION_CACHEABLE_MASK (1UL <<= 3) @@ -124,30 +123,14 @@ #define TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_BACK_ALLOC ((1UL << 6= ) | (1UL << 3) | (1UL << 2)) #define TT_DESCRIPTOR_PAGE_CACHE_POLICY_NON_SHAREABLE_DEVICE ((2UL << 6= ) | (0UL << 3) | (0UL << 2)) =20 -#define TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_MASK ((3UL= << 12) | (1UL << 3) | (1UL << 2)) -#define TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_STRONGLY_ORDERED ((0UL= << 12) | (0UL << 3) | (0UL << 2)) -#define TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_SHAREABLE_DEVICE ((0UL= << 12) | (0UL << 3) | (1UL << 2)) -#define TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_WRITE_THROUGH_NO_ALLOC ((0UL= << 12) | (1UL << 3) | (0UL << 2)) -#define TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_WRITE_BACK_NO_ALLOC ((0UL= << 12) | (1UL << 3) | (1UL << 2)) -#define TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_NON_CACHEABLE ((1UL= << 12) | (0UL << 3) | (0UL << 2)) -#define TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_WRITE_BACK_ALLOC ((1UL= << 12) | (1UL << 3) | (1UL << 2)) -#define TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_NON_SHAREABLE_DEVICE ((2UL= << 12) | (0UL << 3) | (0UL << 2)) +#define TT_DESCRIPTOR_CONVERT_TO_PAGE_AP(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_AP_MASK) >> 6) & TT_DESCRIPTOR_PAGE_AP_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_PAGE_NG(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_NG_MASK) >> 6) & TT_DESCRIPTOR_PAGE_NG_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_PAGE_S(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_S_MASK) >> 6) & TT_DESCRIPTOR_PAGE_S_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_PAGE_XN(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_XN_MASK) >> 4) & TT_DESCRIPTOR_PAGE_XN_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY(Desc) ((((Desc) & (0x3= << 12)) >> 6) | (Desc & (0x3 << 2))) =20 -#define TT_DESCRIPTOR_CONVERT_TO_PAGE_AP(Desc) (((= (Desc) & TT_DESCRIPTOR_SECTION_AP_MASK) >> 6) & TT_DESCRIPTOR_PAGE_AP_MASK) -#define TT_DESCRIPTOR_CONVERT_TO_PAGE_NG(Desc) (((= (Desc) & TT_DESCRIPTOR_SECTION_NG_MASK) >> 6) & TT_DESCRIPTOR_PAGE_NG_MASK) -#define TT_DESCRIPTOR_CONVERT_TO_PAGE_S(Desc) (((= (Desc) & TT_DESCRIPTOR_SECTION_S_MASK) >> 6) & TT_DESCRIPTOR_PAGE_S_MASK) -#define TT_DESCRIPTOR_CONVERT_TO_PAGE_XN(Desc, IsLargePage) ((I= sLargePage)?\ - ((((De= sc) & TT_DESCRIPTOR_SECTION_XN_MASK) << 11) & TT_DESCRIPTOR_LARGEPAGE_XN_MA= SK): \ - ((((De= sc) & TT_DESCRIPTOR_SECTION_XN_MASK) >> 4) & TT_DESCRIPTOR_PAGE_XN_MASK)) -#define TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY(Desc, IsLargePage) (Is= LargePage? \ - (((Des= c) & TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK) & TT_DESCRIPTOR_LARGEPAGE_CAC= HE_POLICY_MASK): \ - (((((D= esc) & (0x3 << 12)) >> 6) | (Desc & (0x3 << 2))))) - -#define TT_DESCRIPTOR_CONVERT_TO_SECTION_AP(Desc) ((((Desc) & TT_DESCRIPT= OR_PAGE_AP_MASK) << 6) & TT_DESCRIPTOR_SECTION_AP_MASK) - -#define TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY(Desc, IsLargePage) = (IsLargePage? \ - (((Des= c) & TT_DESCRIPTOR_LARGEPAGE_CACHE_POLICY_MASK) & TT_DESCRIPTOR_SECTION_CAC= HE_POLICY_MASK): \ - (((((D= esc) & (0x3 << 6)) << 6) | (Desc & (0x3 << 2))))) +#define TT_DESCRIPTOR_CONVERT_TO_SECTION_AP(Desc) ((((Desc) & T= T_DESCRIPTOR_PAGE_AP_MASK) << 6) & TT_DESCRIPTOR_SECTION_AP_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY(Desc) ((((Desc) & (= 0x3 << 6)) << 6) | (Desc & (0x3 << 2))) =20 #define TT_DESCRIPTOR_SECTION_ATTRIBUTE_MASK (TT_DESCRIPTOR_SECTION_NS_MA= SK | TT_DESCRIPTOR_SECTION_NG_MASK | \ TT_DESCRIPTOR= _SECTION_S_MASK | TT_DESCRIPTOR_SECTION_AP_MASK | \ @@ -230,8 +213,7 @@ typedef UINT32 ARM_PAGE_TABLE_ENTRY; =20 UINT32 ConvertSectionAttributesToPageAttributes ( - IN UINT32 SectionAttributes, - IN BOOLEAN IsLargePage + IN UINT32 SectionAttributes ); =20 #endif // ARMV7_MMU_H_ diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c b/ArmPkg/Libra= ry/ArmMmuLib/Arm/ArmMmuLibConvert.c index bee8ad7028d3..6e2f08a7ce15 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c @@ -15,16 +15,15 @@ =20 UINT32 ConvertSectionAttributesToPageAttributes ( - IN UINT32 SectionAttributes, - IN BOOLEAN IsLargePage + IN UINT32 SectionAttributes ) { UINT32 PageAttributes; =20 PageAttributes =3D 0; - PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY (SectionA= ttributes, IsLargePage); + PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY (SectionA= ttributes); PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_AP (SectionAttributes); - PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_XN (SectionAttributes,= IsLargePage); + PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_XN (SectionAttributes); PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_NG (SectionAttributes); PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_S (SectionAttributes); =20 diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c b/ArmPkg/Library/= ArmMmuLib/Arm/ArmMmuLibCore.c index 9e304ea05e63..28cc9b2fe058 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c @@ -145,7 +145,7 @@ PopulateLevel2PageTable ( ); =20 // Translate the Section Descriptor into Page Descriptor - SectionDescriptor =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE | ConvertSectionA= ttributesToPageAttributes (*SectionEntry, FALSE); + SectionDescriptor =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE | ConvertSectionA= ttributesToPageAttributes (*SectionEntry); =20 BaseSectionAddress =3D TT_DESCRIPTOR_SECTION_BASE_ADDRESS (*SectionE= ntry); =20 diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index b402197ade99..9ca00c976d5f 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -53,7 +53,7 @@ ConvertSectionToPages ( =20 // Get section attributes and convert to page attributes SectionDescriptor =3D FirstLevelTable[FirstLevelIdx]; - PageDescriptor =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE | ConvertSectionAttri= butesToPageAttributes (SectionDescriptor, FALSE); + PageDescriptor =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE | ConvertSectionAttri= butesToPageAttributes (SectionDescriptor); =20 // Allocate a page table for the 4KB entries (we use up a full page even= though we only need 1KB) PageTable =3D (volatile ARM_PAGE_TABLE_ENTRY *)AllocatePages (1); --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101105): https://edk2.groups.io/g/devel/message/101105 Mute This Topic: https://groups.io/mt/97585982/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101107+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101107+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727863; cv=none; d=zohomail.com; s=zohoarc; b=J/RIDlykff/h27TaRVC0P0y310bFcah50yfKkdvqL+xJ0n7mZ3AsyW2eBJx0hiSy+CSbmdkohhhehr48JQqDDPkPkbpzbQEeFb3OAzp5nrtQJNJYyV4OvOwHXzQZ0IRVLWky2hQ84ut5Cuzrtu2tuwxltzPdG4QkgwZPDaPH/4M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727863; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=9ZEh/yODSHboWGeuic6LHFTOTYwWEGN2o/vWSGYTwWA=; b=L6Etz1bKZJdic3KgEOsk7YmAFuYDbIiUwPBdzHkiKfcEqZ9Q+YuwX8UYBkvfWtfyaYxitI7XfGft7hrvNPnEwk42WtyLAXr4HdSMDB4cfnZrZxZs36rb9A8/esk7OFkJRHW5T5pEHLdM6HaSxP2q1fZKuhXEWPkQFlRxFajMwL0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101107+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727863720760.7127741678406; Mon, 13 Mar 2023 10:17:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id SflnYY1788612xwhIj92zyMJ; Mon, 13 Mar 2023 10:17:43 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25779.1678727862374666252 for ; Mon, 13 Mar 2023 10:17:42 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 12C32B811B8; Mon, 13 Mar 2023 17:17:40 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9BED9C433A0; Mon, 13 Mar 2023 17:17:36 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 02/38] ArmPkg/ArmMmuLib ARM: Split off XN page descriptor bit from type field Date: Mon, 13 Mar 2023 18:16:38 +0100 Message-Id: <20230313171714.3866151-3-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: ljUp4enMUJ52TD4wKyGxSdY0x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727863; bh=nibtCUBPZs9iRp9VTKeX9wFcSTppYkKh4z99/IQiLz8=; h=Cc:Date:From:Reply-To:Subject:To; b=JSqT/DFv+wrt57MCTJclkTKwOa3AoBwFi0WGMmxwhK+Fcmwzl3Rsdo0w48ehL6/8NNc x9QvNbndzT9vAyx2N1s9xkb0xF+U5cN4gveaQz+xTMfZL8Uc6l2E1054xhighhKIhY/yi Q5MpIJpzBoYhGuzH8wIliXTbCfSK2deVHGA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727863952100004 Content-Type: text/plain; charset="utf-8" With large page support out of the picture, we can treat bits 1 and 0 of the page descriptor as individual valid and XN bits, instead of treating XN as a page type. Doing so aligns the handling of the attribute with the section descriptor layout, as well as the XN handling on AArch64, and this is beneficial for maintainability. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Include/Chipset/ArmV7Mmu.h | 8 +++----- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 12 ++++++------ 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b/ArmPkg/Include/Chipset/Arm= V7Mmu.h index 7501ebfdf97f..6a2584ceb303 100644 --- a/ArmPkg/Include/Chipset/ArmV7Mmu.h +++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h @@ -54,11 +54,9 @@ #define TT_DESCRIPTOR_SECTION_TYPE_IS_PAGE_TABLE(Desc) (((Desc) & 3UL) = =3D=3D TT_DESCRIPTOR_SECTION_TYPE_PAGE_TABLE) =20 // Translation table descriptor types -#define TT_DESCRIPTOR_PAGE_TYPE_MASK (3UL << 0) -#define TT_DESCRIPTOR_PAGE_TYPE_FAULT (0UL << 0) -#define TT_DESCRIPTOR_PAGE_TYPE_PAGE (2UL << 0) -#define TT_DESCRIPTOR_PAGE_TYPE_PAGE_XN (3UL << 0) -#define TT_DESCRIPTOR_PAGE_TYPE_LARGEPAGE (1UL << 0) +#define TT_DESCRIPTOR_PAGE_TYPE_MASK (1UL << 1) +#define TT_DESCRIPTOR_PAGE_TYPE_FAULT (0UL << 1) +#define TT_DESCRIPTOR_PAGE_TYPE_PAGE (1UL << 1) =20 // Section descriptor definitions #define TT_DESCRIPTOR_SECTION_SIZE (0x00100000) diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index 9ca00c976d5f..12d0f4c30f8e 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -104,12 +104,8 @@ UpdatePageEntries ( =20 // EntryMask: bitmask of values to change (1 =3D change this value, 0 = =3D leave alone) // EntryValue: values at bit positions specified by EntryMask - EntryMask =3D TT_DESCRIPTOR_PAGE_TYPE_MASK | TT_DESCRIPTOR_PAGE_AP_MASK; - if ((Attributes & EFI_MEMORY_XP) !=3D 0) { - EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE_XN; - } else { - EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE; - } + EntryMask =3D TT_DESCRIPTOR_PAGE_TYPE_MASK | TT_DESCRIPTOR_PAGE_AP_MASK = | TT_DESCRIPTOR_PAGE_XN_MASK; + EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE; =20 // Although the PI spec is unclear on this, the GCD guarantees that only // one Attribute bit is set at a time, so the order of the conditionals = below @@ -148,6 +144,10 @@ UpdatePageEntries ( EntryValue |=3D TT_DESCRIPTOR_PAGE_AP_RW_RW; } =20 + if ((Attributes & EFI_MEMORY_XP) !=3D 0) { + EntryValue |=3D TT_DESCRIPTOR_PAGE_XN_MASK; + } + // Obtain page table base FirstLevelTable =3D (ARM_FIRST_LEVEL_DESCRIPTOR *)ArmGetTTBR0BaseAddress= (); =20 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101107): https://edk2.groups.io/g/devel/message/101107 Mute This Topic: https://groups.io/mt/97585984/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101106+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101106+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727863; cv=none; d=zohomail.com; s=zohoarc; b=WpzBOzHyOrQdOCDjDnNlP4GRKgdj4kssdyTFTh7yYwO9aDdSZkDJO4pvvjp0Q7ltoz58Ha+puYmkWWbyVAhrioreAGzbe1L2gyLkkUjxQMTO8p9YlvHKlIh4zG7KHFM5So3PmyYjc7CY2ypHXURv8/97Y2H/n0oNNBZYnGBE5fM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727863; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=WtKOxNX6JIWy3x/ALEV3eQPuCRThCkFZYWx1Z6Vfn2A=; b=OtN74Fd7oUHIIosleEF4G3bQpjjMhf7ElCvBWbYFTRU/lPjkOW64pVk5CJpQ1jXEQgtPGoEJm7/sI5WfwRN3HEA2g7+qh8lyAOlpRqixh/reodzzo1yx+p3vZOg2ukXsR7ci795D3nICwnfFsbtuZYYpU4nEuTyMl1ZWz/xoJjM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101106+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727863255412.2122454856128; Mon, 13 Mar 2023 10:17:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id yd41YY1788612xX1Kbd1Re7H; Mon, 13 Mar 2023 10:17:42 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26466.1678727862241630309 for ; Mon, 13 Mar 2023 10:17:42 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A49696142D; Mon, 13 Mar 2023 17:17:41 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42D4EC433A4; Mon, 13 Mar 2023 17:17:39 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 03/38] ArmPkg/CpuDxe ARM: Fix page-to-section attribute conversion Date: Mon, 13 Mar 2023 18:16:39 +0100 Message-Id: <20230313171714.3866151-4-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: V8uMWKxfD7Z0kP1pJL8TxSKGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727862; bh=e/w5Qrt6xymZWbWwS+dYD8e+hLNN97t7ym4baUpR0V8=; h=Cc:Date:From:Reply-To:Subject:To; b=hIx4idkjxXAZgw4Htv+DGMqRsK0CchJII8tCtOWher2KV8vSsrixasxWS9kADYDVsWu Lv6jd2pbYXlPHgV2CVrHGDcIVnRPUt6S5jErUpY2hRDxa4mL0xpdvAaLB9K5TVIDMCN2R 2h+Ef6uNmw1RTmRqqfd6yfO6IkrrwJtUOGI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727863942100002 Content-Type: text/plain; charset="utf-8" The section-to-page attribute conversion takes the shareability and execute-never attributes into account, whereas the page-to-section counterpart does not. The result is that GetMemoryRegionPage () -which takes a section attribute argument (via *RegionAttributes) that is ostensibly based on the first page in the range, but differs from the actual page attributes when converted back- may return with a RegionLength of zero. This is incorrect, and confuses code that scans a region by calling GetMemoryRegion () in sequence. So fix the conversion, and ASSERT () on a non-zero region length. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 3 +++ ArmPkg/Include/Chipset/ArmV7Mmu.h | 2 ++ 2 files changed, 5 insertions(+) diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mm= u.c index ea856f5cdd26..8eb1f71395f5 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -480,6 +480,8 @@ GetMemoryRegion ( =20 PageAttributes =3D PageTable[PageTableIndex] & TT_DESCRIPTOR_PAGE_A= TTRIBUTE_MASK; *RegionAttributes =3D TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (P= ageAttributes) | + TT_DESCRIPTOR_CONVERT_TO_SECTION_S (PageAttributes= ) | + TT_DESCRIPTOR_CONVERT_TO_SECTION_XN (PageAttribute= s) | TT_DESCRIPTOR_CONVERT_TO_SECTION_AP (PageAttribute= s); } =20 @@ -494,6 +496,7 @@ GetMemoryRegion ( =20 // Scan the page table to find the end of the region. Status =3D GetMemoryRegionPage (PageTable, BaseAddress, RegionLength= , RegionAttributes); + ASSERT (*RegionLength > 0); =20 // If we have found the end of the region (Status =3D=3D EFI_SUCCESS= ) then we exit the for-loop if (Status =3D=3D EFI_SUCCESS) { diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b/ArmPkg/Include/Chipset/Arm= V7Mmu.h index 6a2584ceb303..e0219747df86 100644 --- a/ArmPkg/Include/Chipset/ArmV7Mmu.h +++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h @@ -128,6 +128,8 @@ #define TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY(Desc) ((((Desc) & (0x3= << 12)) >> 6) | (Desc & (0x3 << 2))) =20 #define TT_DESCRIPTOR_CONVERT_TO_SECTION_AP(Desc) ((((Desc) & T= T_DESCRIPTOR_PAGE_AP_MASK) << 6) & TT_DESCRIPTOR_SECTION_AP_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_SECTION_S(Desc) ((((Desc) & T= T_DESCRIPTOR_PAGE_S_MASK) << 6) & TT_DESCRIPTOR_SECTION_S_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_SECTION_XN(Desc) ((((Desc) & T= T_DESCRIPTOR_PAGE_XN_MASK) << 4) & TT_DESCRIPTOR_SECTION_XN_MASK) #define TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY(Desc) ((((Desc) & (= 0x3 << 6)) << 6) | (Desc & (0x3 << 2))) =20 #define TT_DESCRIPTOR_SECTION_ATTRIBUTE_MASK (TT_DESCRIPTOR_SECTION_NS_MA= SK | TT_DESCRIPTOR_SECTION_NG_MASK | \ --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101106): https://edk2.groups.io/g/devel/message/101106 Mute This Topic: https://groups.io/mt/97585983/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101108+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101108+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727865; cv=none; d=zohomail.com; s=zohoarc; b=H4gkH9vx/bW+bX1X3NPPy/K8TYfeNE4nGH9+57mhHVQqtR786idAPYdRwVQAtTN6M7Ir9Ih4M4558B5o26XoiLIzHLFK8tV0tS0z1DhP8g9og9mqCiMC581daI72aiBsNKu4w2ibnOzJVZIwYttEAn1n1whPZ6Q1kDAD/TcAhAc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727865; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=c/RIZ9RHZyJHjGN0RTdg6CWhY2hHQbhrKrv3okSovyI=; b=jftz1hmwtpbELvwh1C5EfnjNg7l7I7eL8CmSZFkYSh0G2jPY8Urg+A4bLzKNVGSSQA9oBmU3M52kcO5d6aUc0yujRsHdnNcjlQEa5EM7ZkPT6ZrWfYM46Cq0u7gqJNCAdpNUUBkiL2OzVIvZciOb8KgwA58PtSP9kdj33QKCZxc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101108+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727865945749.3697101941933; Mon, 13 Mar 2023 10:17:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8DTJYY1788612xQqDjuZif6q; Mon, 13 Mar 2023 10:17:45 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25782.1678727864999019556 for ; Mon, 13 Mar 2023 10:17:45 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 74A066145C; Mon, 13 Mar 2023 17:17:44 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id E172AC433EF; Mon, 13 Mar 2023 17:17:41 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 04/38] ArmPkg/ArmMmuLib ARM: Isolate the access flag from AP mask Date: Mon, 13 Mar 2023 18:16:40 +0100 Message-Id: <20230313171714.3866151-5-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: IY5kvSsmhDRfoNdaEhDvtRTpx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727865; bh=i8kXR25bs1dvy6KOkgSzRy8e+aC/PrMn9UBAuBzGtpY=; h=Cc:Date:From:Reply-To:Subject:To; b=YkEUxw+DFAU2f5AE2FBcfsSpWMhQn5YfN0Jpsvt2IQQf304HUffCTQHv4tu//WYzJkA QfWCJNkD6bZpA0zSPJTknWvaa5qOl8zGgH28BZjuGmMJTZc/1bp+DSPyL/xS9TsMwVfCg 1MjfMgc5uFzOl6TLSJ+ua2SfNY2Nr0xC0YQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727867926100001 Content-Type: text/plain; charset="utf-8" Split the ARM permission fields in the short descriptors into an access flag and AP[2:1] as per the recommendation in the ARM ARM. This makes the access flag available separately, which allows us to implement EFI_MEMORY_RP memory analogous to how it will be implemented for AArch64. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 47 ++++++++++---------- ArmPkg/Include/Chipset/ArmV7Mmu.h | 40 +++++++++++------ ArmPkg/Library/ArmLib/Arm/ArmV7Support.S | 2 + ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c | 1 + ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 12 ++++- 5 files changed, 63 insertions(+), 39 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mm= u.c index 8eb1f71395f5..07faab8216ec 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -50,30 +50,27 @@ SectionToGcdAttributes ( =20 // determine protection attributes switch (SectionAttributes & TT_DESCRIPTOR_SECTION_AP_MASK) { - case TT_DESCRIPTOR_SECTION_AP_NO_NO: // no read, no write - // *GcdAttributes |=3D EFI_MEMORY_RO | EFI_MEMORY_RP; - break; - - case TT_DESCRIPTOR_SECTION_AP_RW_NO: + case TT_DESCRIPTOR_SECTION_AP_NO_RW: case TT_DESCRIPTOR_SECTION_AP_RW_RW: // normal read/write access, do not add additional attributes break; =20 // read only cases map to write-protect - case TT_DESCRIPTOR_SECTION_AP_RO_NO: + case TT_DESCRIPTOR_SECTION_AP_NO_RO: case TT_DESCRIPTOR_SECTION_AP_RO_RO: *GcdAttributes |=3D EFI_MEMORY_RO; break; - - default: - return EFI_UNSUPPORTED; } =20 // now process eXectue Never attribute - if ((SectionAttributes & TT_DESCRIPTOR_SECTION_XN_MASK) !=3D 0 ) { + if ((SectionAttributes & TT_DESCRIPTOR_SECTION_XN_MASK) !=3D 0) { *GcdAttributes |=3D EFI_MEMORY_XP; } =20 + if ((SectionAttributes & TT_DESCRIPTOR_SECTION_AF) =3D=3D 0) { + *GcdAttributes |=3D EFI_MEMORY_RP; + } + return EFI_SUCCESS; } =20 @@ -114,30 +111,27 @@ PageToGcdAttributes ( =20 // determine protection attributes switch (PageAttributes & TT_DESCRIPTOR_PAGE_AP_MASK) { - case TT_DESCRIPTOR_PAGE_AP_NO_NO: // no read, no write - // *GcdAttributes |=3D EFI_MEMORY_RO | EFI_MEMORY_RP; - break; - - case TT_DESCRIPTOR_PAGE_AP_RW_NO: + case TT_DESCRIPTOR_PAGE_AP_NO_RW: case TT_DESCRIPTOR_PAGE_AP_RW_RW: // normal read/write access, do not add additional attributes break; =20 // read only cases map to write-protect - case TT_DESCRIPTOR_PAGE_AP_RO_NO: + case TT_DESCRIPTOR_PAGE_AP_NO_RO: case TT_DESCRIPTOR_PAGE_AP_RO_RO: *GcdAttributes |=3D EFI_MEMORY_RO; break; - - default: - return EFI_UNSUPPORTED; } =20 // now process eXectue Never attribute - if ((PageAttributes & TT_DESCRIPTOR_PAGE_XN_MASK) !=3D 0 ) { + if ((PageAttributes & TT_DESCRIPTOR_PAGE_XN_MASK) !=3D 0) { *GcdAttributes |=3D EFI_MEMORY_XP; } =20 + if ((PageAttributes & TT_DESCRIPTOR_PAGE_AF) =3D=3D 0) { + *GcdAttributes |=3D EFI_MEMORY_RP; + } + return EFI_SUCCESS; } =20 @@ -166,6 +160,7 @@ SyncCacheConfigPage ( // Convert SectionAttributes into PageAttributes NextPageAttributes =3D TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY (*NextSectionAttributes) | + TT_DESCRIPTOR_CONVERT_TO_PAGE_AF (*NextSectionAttributes) | TT_DESCRIPTOR_CONVERT_TO_PAGE_AP (*NextSectionAttributes); =20 // obtain page table base @@ -174,7 +169,7 @@ SyncCacheConfigPage ( for (i =3D 0; i < TRANSLATION_TABLE_PAGE_COUNT; i++) { if ((SecondLevelTable[i] & TT_DESCRIPTOR_PAGE_TYPE_MASK) =3D=3D TT_DES= CRIPTOR_PAGE_TYPE_PAGE) { // extract attributes (cacheability and permissions) - PageAttributes =3D SecondLevelTable[i] & (TT_DESCRIPTOR_PAGE_CACHE_P= OLICY_MASK | TT_DESCRIPTOR_PAGE_AP_MASK); + PageAttributes =3D SecondLevelTable[i] & (TT_DESCRIPTOR_PAGE_CACHE_P= OLICY_MASK | TT_DESCRIPTOR_PAGE_AP_MASK | TT_DESCRIPTOR_PAGE_AF); =20 if (NextPageAttributes =3D=3D 0) { // start on a new region @@ -213,6 +208,7 @@ SyncCacheConfigPage ( // Convert back PageAttributes into SectionAttributes *NextSectionAttributes =3D TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (NextPageAttributes) | + TT_DESCRIPTOR_CONVERT_TO_SECTION_AF (NextPageAttributes) | TT_DESCRIPTOR_CONVERT_TO_SECTION_AP (NextPageAttributes); =20 return EFI_SUCCESS; @@ -256,14 +252,14 @@ SyncCacheConfig ( FirstLevelTable =3D (ARM_FIRST_LEVEL_DESCRIPTOR *)(ArmGetTTBR0BaseAddres= s ()); =20 // Get the first region - NextSectionAttributes =3D FirstLevelTable[0] & (TT_DESCRIPTOR_SECTION_CA= CHE_POLICY_MASK | TT_DESCRIPTOR_SECTION_AP_MASK); + NextSectionAttributes =3D FirstLevelTable[0] & (TT_DESCRIPTOR_SECTION_CA= CHE_POLICY_MASK | TT_DESCRIPTOR_SECTION_AP_MASK | TT_DESCRIPTOR_SECTION_AF); =20 // iterate through each 1MB descriptor NextRegionBase =3D NextRegionLength =3D 0; for (i =3D 0; i < TRANSLATION_TABLE_SECTION_COUNT; i++) { if ((FirstLevelTable[i] & TT_DESCRIPTOR_SECTION_TYPE_MASK) =3D=3D TT_D= ESCRIPTOR_SECTION_TYPE_SECTION) { // extract attributes (cacheability and permissions) - SectionAttributes =3D FirstLevelTable[i] & (TT_DESCRIPTOR_SECTION_CA= CHE_POLICY_MASK | TT_DESCRIPTOR_SECTION_AP_MASK); + SectionAttributes =3D FirstLevelTable[i] & (TT_DESCRIPTOR_SECTION_CA= CHE_POLICY_MASK | TT_DESCRIPTOR_SECTION_AP_MASK | TT_DESCRIPTOR_SECTION_AF); =20 if (NextSectionAttributes =3D=3D 0) { // start on a new region @@ -383,6 +379,10 @@ EfiAttributeToArmAttribute ( ArmAttributes |=3D TT_DESCRIPTOR_SECTION_XN_MASK; } =20 + if ((EfiAttributes & EFI_MEMORY_RP) =3D=3D 0) { + ArmAttributes |=3D TT_DESCRIPTOR_SECTION_AF; + } + return ArmAttributes; } =20 @@ -482,6 +482,7 @@ GetMemoryRegion ( *RegionAttributes =3D TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (P= ageAttributes) | TT_DESCRIPTOR_CONVERT_TO_SECTION_S (PageAttributes= ) | TT_DESCRIPTOR_CONVERT_TO_SECTION_XN (PageAttribute= s) | + TT_DESCRIPTOR_CONVERT_TO_SECTION_AF (PageAttribute= s) | TT_DESCRIPTOR_CONVERT_TO_SECTION_AP (PageAttribute= s); } =20 diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b/ArmPkg/Include/Chipset/Arm= V7Mmu.h index e0219747df86..da4f3160f8ff 100644 --- a/ArmPkg/Include/Chipset/ArmV7Mmu.h +++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h @@ -80,21 +80,21 @@ #define TT_DESCRIPTOR_PAGE_S_NOT_SHARED (0UL << 10) #define TT_DESCRIPTOR_PAGE_S_SHARED (1UL << 10) =20 -#define TT_DESCRIPTOR_SECTION_AP_MASK ((1UL << 15) | (3UL << 10)) -#define TT_DESCRIPTOR_SECTION_AP_NO_NO ((0UL << 15) | (0UL << 10)) -#define TT_DESCRIPTOR_SECTION_AP_RW_NO ((0UL << 15) | (1UL << 10)) -#define TT_DESCRIPTOR_SECTION_AP_RW_RO ((0UL << 15) | (2UL << 10)) -#define TT_DESCRIPTOR_SECTION_AP_RW_RW ((0UL << 15) | (3UL << 10)) -#define TT_DESCRIPTOR_SECTION_AP_RO_NO ((1UL << 15) | (1UL << 10)) -#define TT_DESCRIPTOR_SECTION_AP_RO_RO ((1UL << 15) | (3UL << 10)) +#define TT_DESCRIPTOR_SECTION_AP_MASK ((1UL << 15) | (1UL << 11)) +#define TT_DESCRIPTOR_SECTION_AP_NO_RW ((0UL << 15) | (0UL << 11)) +#define TT_DESCRIPTOR_SECTION_AP_RW_RW ((0UL << 15) | (1UL << 11)) +#define TT_DESCRIPTOR_SECTION_AP_NO_RO ((1UL << 15) | (0UL << 11)) +#define TT_DESCRIPTOR_SECTION_AP_RO_RO ((1UL << 15) | (1UL << 11)) =20 -#define TT_DESCRIPTOR_PAGE_AP_MASK ((1UL << 9) | (3UL << 4)) -#define TT_DESCRIPTOR_PAGE_AP_NO_NO ((0UL << 9) | (0UL << 4)) -#define TT_DESCRIPTOR_PAGE_AP_RW_NO ((0UL << 9) | (1UL << 4)) -#define TT_DESCRIPTOR_PAGE_AP_RW_RO ((0UL << 9) | (2UL << 4)) -#define TT_DESCRIPTOR_PAGE_AP_RW_RW ((0UL << 9) | (3UL << 4)) -#define TT_DESCRIPTOR_PAGE_AP_RO_NO ((1UL << 9) | (1UL << 4)) -#define TT_DESCRIPTOR_PAGE_AP_RO_RO ((1UL << 9) | (3UL << 4)) +#define TT_DESCRIPTOR_SECTION_AF (1UL << 10) + +#define TT_DESCRIPTOR_PAGE_AP_MASK ((1UL << 9) | (1UL << 5)) +#define TT_DESCRIPTOR_PAGE_AP_NO_RW ((0UL << 9) | (0UL << 5)) +#define TT_DESCRIPTOR_PAGE_AP_RW_RW ((0UL << 9) | (1UL << 5)) +#define TT_DESCRIPTOR_PAGE_AP_NO_RO ((1UL << 9) | (0UL << 5)) +#define TT_DESCRIPTOR_PAGE_AP_RO_RO ((1UL << 9) | (1UL << 5)) + +#define TT_DESCRIPTOR_PAGE_AF (1UL << 4) =20 #define TT_DESCRIPTOR_SECTION_XN_MASK (0x1UL << 4) #define TT_DESCRIPTOR_PAGE_XN_MASK (0x1UL << 0) @@ -124,20 +124,24 @@ #define TT_DESCRIPTOR_CONVERT_TO_PAGE_AP(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_AP_MASK) >> 6) & TT_DESCRIPTOR_PAGE_AP_MASK) #define TT_DESCRIPTOR_CONVERT_TO_PAGE_NG(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_NG_MASK) >> 6) & TT_DESCRIPTOR_PAGE_NG_MASK) #define TT_DESCRIPTOR_CONVERT_TO_PAGE_S(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_S_MASK) >> 6) & TT_DESCRIPTOR_PAGE_S_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_PAGE_AF(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_AF) >> 6) & TT_DESCRIPTOR_PAGE_AF) #define TT_DESCRIPTOR_CONVERT_TO_PAGE_XN(Desc) ((((Desc) & TT_D= ESCRIPTOR_SECTION_XN_MASK) >> 4) & TT_DESCRIPTOR_PAGE_XN_MASK) #define TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY(Desc) ((((Desc) & (0x3= << 12)) >> 6) | (Desc & (0x3 << 2))) =20 #define TT_DESCRIPTOR_CONVERT_TO_SECTION_AP(Desc) ((((Desc) & T= T_DESCRIPTOR_PAGE_AP_MASK) << 6) & TT_DESCRIPTOR_SECTION_AP_MASK) #define TT_DESCRIPTOR_CONVERT_TO_SECTION_S(Desc) ((((Desc) & T= T_DESCRIPTOR_PAGE_S_MASK) << 6) & TT_DESCRIPTOR_SECTION_S_MASK) +#define TT_DESCRIPTOR_CONVERT_TO_SECTION_AF(Desc) ((((Desc) & T= T_DESCRIPTOR_PAGE_AF) << 6) & TT_DESCRIPTOR_SECTION_AF) #define TT_DESCRIPTOR_CONVERT_TO_SECTION_XN(Desc) ((((Desc) & T= T_DESCRIPTOR_PAGE_XN_MASK) << 4) & TT_DESCRIPTOR_SECTION_XN_MASK) #define TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY(Desc) ((((Desc) & (= 0x3 << 6)) << 6) | (Desc & (0x3 << 2))) =20 #define TT_DESCRIPTOR_SECTION_ATTRIBUTE_MASK (TT_DESCRIPTOR_SECTION_NS_MA= SK | TT_DESCRIPTOR_SECTION_NG_MASK | \ TT_DESCRIPTOR= _SECTION_S_MASK | TT_DESCRIPTOR_SECTION_AP_MASK | \ + TT_DESCRIPTOR= _SECTION_AF | \ TT_DESCRIPTOR= _SECTION_XN_MASK | TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK) =20 #define TT_DESCRIPTOR_PAGE_ATTRIBUTE_MASK (TT_DESCRIPTOR_PAGE_NG_MASK | T= T_DESCRIPTOR_PAGE_S_MASK | \ TT_DESCRIPTOR= _PAGE_AP_MASK | TT_DESCRIPTOR_PAGE_XN_MASK | \ + TT_DESCRIPTOR= _PAGE_AF | \ TT_DESCRIPTOR= _PAGE_CACHE_POLICY_MASK) =20 #define TT_DESCRIPTOR_SECTION_DOMAIN_MASK (0x0FUL << 5) @@ -159,6 +163,7 @@ TT_DESCRIPTOR_= SECTION_S_SHARED | \ TT_DESCRIPTOR_= SECTION_DOMAIN(0) | \ TT_DESCRIPTOR_= SECTION_AP_RW_RW | \ + TT_DESCRIPTOR_= SECTION_AF | \ TT_DESCRIPTOR_= SECTION_CACHE_POLICY_WRITE_BACK_ALLOC) #define TT_DESCRIPTOR_SECTION_WRITE_THROUGH(NonSecure) (TT_DESCRIPTOR_SEC= TION_TYPE_SECTION = | \ ((NonSecure) ?= TT_DESCRIPTOR_SECTION_NS : 0) | \ @@ -166,6 +171,7 @@ TT_DESCRIPTOR_= SECTION_S_SHARED | \ TT_DESCRIPTOR_= SECTION_DOMAIN(0) | \ TT_DESCRIPTOR_= SECTION_AP_RW_RW | \ + TT_DESCRIPTOR_= SECTION_AF | \ TT_DESCRIPTOR_= SECTION_CACHE_POLICY_WRITE_THROUGH_NO_ALLOC) #define TT_DESCRIPTOR_SECTION_DEVICE(NonSecure) (TT_DESCRIPTOR_SEC= TION_TYPE_SECTION = | \ ((NonSecure) ?= TT_DESCRIPTOR_SECTION_NS : 0) | \ @@ -174,6 +180,7 @@ TT_DESCRIPTOR_= SECTION_DOMAIN(0) | \ TT_DESCRIPTOR_= SECTION_AP_RW_RW | \ TT_DESCRIPTOR_= SECTION_XN_MASK | \ + TT_DESCRIPTOR_= SECTION_AF | \ TT_DESCRIPTOR_= SECTION_CACHE_POLICY_SHAREABLE_DEVICE) #define TT_DESCRIPTOR_SECTION_UNCACHED(NonSecure) (TT_DESCRIPTOR_SEC= TION_TYPE_SECTION = | \ ((NonSecure) ? = TT_DESCRIPTOR_SECTION_NS : 0) | \ @@ -181,28 +188,33 @@ TT_DESCRIPTOR_S= ECTION_S_NOT_SHARED | \ TT_DESCRIPTOR_S= ECTION_DOMAIN(0) | \ TT_DESCRIPTOR_S= ECTION_AP_RW_RW | \ + TT_DESCRIPTOR_= SECTION_AF | \ TT_DESCRIPTOR_S= ECTION_CACHE_POLICY_NON_CACHEABLE) =20 #define TT_DESCRIPTOR_PAGE_WRITE_BACK (TT_DESCRIPTOR_PAGE_TYPE_PAGE = | \ TT_DESCRIPTOR_PAGE= _NG_GLOBAL | \ TT_DESCRIPTOR_PAGE= _S_SHARED | \ TT_DESCRIPTOR_PAGE= _AP_RW_RW | \ + TT_DESCRIPTOR_PAGE= _AF | \ TT_DESCRIPTOR_PAGE= _CACHE_POLICY_WRITE_BACK_ALLOC) #define TT_DESCRIPTOR_PAGE_WRITE_THROUGH (TT_DESCRIPTOR_PAGE_TYPE_PAGE = | \ TT_DESCRIPTOR_PAGE= _NG_GLOBAL | \ TT_DESCRIPTOR_PAGE= _S_SHARED | \ TT_DESCRIPTOR_PAGE= _AP_RW_RW | \ + TT_DESCRIPTOR_PAGE= _AF | \ TT_DESCRIPTOR_PAGE= _CACHE_POLICY_WRITE_THROUGH_NO_ALLOC) #define TT_DESCRIPTOR_PAGE_DEVICE (TT_DESCRIPTOR_PAGE_TYPE_PAGE = | \ TT_DESCRIPTOR_PAGE= _NG_GLOBAL | \ TT_DESCRIPTOR_PAGE= _S_NOT_SHARED | \ TT_DESCRIPTOR_PAGE= _AP_RW_RW | \ + TT_DESCRIPTOR_PAGE= _AF | \ TT_DESCRIPTOR_PAGE= _XN_MASK | \ TT_DESCRIPTOR_PAGE= _CACHE_POLICY_SHAREABLE_DEVICE) #define TT_DESCRIPTOR_PAGE_UNCACHED (TT_DESCRIPTOR_PAGE_TYPE_PAGE = | \ TT_DESCRIPTOR_PAGE= _NG_GLOBAL | \ TT_DESCRIPTOR_PAGE= _S_NOT_SHARED | \ TT_DESCRIPTOR_PAGE= _AP_RW_RW | \ + TT_DESCRIPTOR_PAGE= _AF | \ TT_DESCRIPTOR_PAGE= _CACHE_POLICY_NON_CACHEABLE) =20 // First Level Descriptors diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Support.S b/ArmPkg/Library/ArmL= ib/Arm/ArmV7Support.S index 4925f6628e1e..1f396adffc11 100644 --- a/ArmPkg/Library/ArmLib/Arm/ArmV7Support.S +++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Support.S @@ -16,6 +16,7 @@ .set CTRL_C_BIT, (1 << 2) .set CTRL_B_BIT, (1 << 7) .set CTRL_I_BIT, (1 << 12) +.set CTRL_AFE_BIT,(1 << 29) =20 =20 ASM_FUNC(ArmInvalidateDataCacheEntryByMVA) @@ -64,6 +65,7 @@ ASM_FUNC(ArmInvalidateInstructionCache) ASM_FUNC(ArmEnableMmu) mrc p15,0,R0,c1,c0,0 orr R0,R0,#1 + orr R0,R0,#CTRL_AFE_BIT mcr p15,0,R0,c1,c0,0 dsb isb diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c b/ArmPkg/Libra= ry/ArmMmuLib/Arm/ArmMmuLibConvert.c index 6e2f08a7ce15..52dbfd714029 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c @@ -23,6 +23,7 @@ ConvertSectionAttributesToPageAttributes ( PageAttributes =3D 0; PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY (SectionA= ttributes); PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_AP (SectionAttributes); + PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_AF (SectionAttributes); PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_XN (SectionAttributes); PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_NG (SectionAttributes); PageAttributes |=3D TT_DESCRIPTOR_CONVERT_TO_PAGE_S (SectionAttributes); diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index 12d0f4c30f8e..484c67476619 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -104,7 +104,7 @@ UpdatePageEntries ( =20 // EntryMask: bitmask of values to change (1 =3D change this value, 0 = =3D leave alone) // EntryValue: values at bit positions specified by EntryMask - EntryMask =3D TT_DESCRIPTOR_PAGE_TYPE_MASK | TT_DESCRIPTOR_PAGE_AP_MASK = | TT_DESCRIPTOR_PAGE_XN_MASK; + EntryMask =3D TT_DESCRIPTOR_PAGE_TYPE_MASK | TT_DESCRIPTOR_PAGE_AP_MASK = | TT_DESCRIPTOR_PAGE_XN_MASK | TT_DESCRIPTOR_PAGE_AF; EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE; =20 // Although the PI spec is unclear on this, the GCD guarantees that only @@ -138,6 +138,10 @@ UpdatePageEntries ( return EFI_UNSUPPORTED; } =20 + if ((Attributes & EFI_MEMORY_RP) =3D=3D 0) { + EntryValue |=3D TT_DESCRIPTOR_PAGE_AF; + } + if ((Attributes & EFI_MEMORY_RO) !=3D 0) { EntryValue |=3D TT_DESCRIPTOR_PAGE_AP_RO_RO; } else { @@ -237,7 +241,7 @@ UpdateSectionEntries ( =20 // Make sure we handle a section range that is unmapped EntryMask =3D TT_DESCRIPTOR_SECTION_TYPE_MASK | TT_DESCRIPTOR_SECTION_XN= _MASK | - TT_DESCRIPTOR_SECTION_AP_MASK; + TT_DESCRIPTOR_SECTION_AP_MASK | TT_DESCRIPTOR_SECTION_AF; EntryValue =3D TT_DESCRIPTOR_SECTION_TYPE_SECTION; =20 // Although the PI spec is unclear on this, the GCD guarantees that only @@ -281,6 +285,10 @@ UpdateSectionEntries ( EntryValue |=3D TT_DESCRIPTOR_SECTION_XN_MASK; } =20 + if ((Attributes & EFI_MEMORY_RP) =3D=3D 0) { + EntryValue |=3D TT_DESCRIPTOR_SECTION_AF; + } + // obtain page table base FirstLevelTable =3D (ARM_FIRST_LEVEL_DESCRIPTOR *)ArmGetTTBR0BaseAddress= (); =20 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101108): https://edk2.groups.io/g/devel/message/101108 Mute This Topic: https://groups.io/mt/97585985/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101109+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101109+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727868; cv=none; d=zohomail.com; s=zohoarc; b=ks3mEJ2mCHPtxn874om3cRFNnaaVM4tdsBXrv1zZH+emN/NbfpXl4x8205jzoCOa8vk8C0CCentzNIvK873B/k7f9oNetRj7Z6ZQYjqTrhW10tsa9wgsNAxTY5NqKjObsKwyCiHPT3U3xd+c5jAJzb6A29sCm2f4rnDxx/taZQM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727868; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Y1106IsFjUKnM1W/jxxZ2l23Vq3+TW0ZghFLFnhzBlw=; b=fwFef2MzskLH1PcWy5txYJuhcNxppMn8SGD7tZ8HovCcByhUVjZnLGGjd+vyOJElfi800/4WwSdPN1kXOxtAc/kA8MR8tPxhXD/AdxMaC6E9S4puQAYMcx5ZlEyoiZA8NgUsUCkrWgv+imd+5wcc79DPb/7XP442cDHho7x6R7A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101109+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727868910430.30669357548277; Mon, 13 Mar 2023 10:17:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id UweJYY1788612xNUYCsACBrC; Mon, 13 Mar 2023 10:17:48 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25783.1678727867619257181 for ; Mon, 13 Mar 2023 10:17:47 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1B3B96141D; Mon, 13 Mar 2023 17:17:47 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id B1F0DC4339B; Mon, 13 Mar 2023 17:17:44 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 05/38] ArmPkg/ArmMmuLib ARM: Clear individual permission bits Date: Mon, 13 Mar 2023 18:16:41 +0100 Message-Id: <20230313171714.3866151-6-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: JuVWhAMCnHAks0FynJ48EkOvx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727868; bh=++NsB1EhZ5YQkcLPLdd08XOU3RgmKGmL7RidFboOFvY=; h=Cc:Date:From:Reply-To:Subject:To; b=D4/7PmpZwXibDZjBkPIshFVwY24jelnj5qNt6VgWMxrao+SUC1GJJUYvDRx2Y9ZZ5Do TzI7efws7bISxZqiRgSTFPLludjd0YSPtnWVJZotDYMfS2hLKC8D0aBeBctnVkqfZqxw2 ZFme7uxo5J33O80N0ChYiz4kJWHXD/jJXuo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727869951100005 Content-Type: text/plain; charset="utf-8" Currently, the MMU code that is supposed to clear the RO or XP attributes from a region just clears both unconditionally. This approximates the desired behavior to some extent, but it does mean that setting the RO bit first on a code region, and then clearing the XP bit results both RO and XP being cleared, and we end up with writable code, and avoiding that is the point of all these protections. Once we introduce RP support, this will only get worse, so let's fix this up, by reshuffling the attribute update code to take the entry mask from the caller, and use the mask to preserve other attributes when clearing RO or XP. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 94 +++++++++++++++++--- 1 file changed, 81 insertions(+), 13 deletions(-) diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index 484c67476619..23f613f5dbb0 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -81,12 +81,12 @@ UpdatePageEntries ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, IN UINT64 Attributes, + IN UINT32 EntryMask, OUT BOOLEAN *FlushTlbs OPTIONAL ) { EFI_STATUS Status; UINT32 EntryValue; - UINT32 EntryMask; UINT32 FirstLevelIdx; UINT32 Offset; UINT32 NumPageEntries; @@ -104,7 +104,6 @@ UpdatePageEntries ( =20 // EntryMask: bitmask of values to change (1 =3D change this value, 0 = =3D leave alone) // EntryValue: values at bit positions specified by EntryMask - EntryMask =3D TT_DESCRIPTOR_PAGE_TYPE_MASK | TT_DESCRIPTOR_PAGE_AP_MASK = | TT_DESCRIPTOR_PAGE_XN_MASK | TT_DESCRIPTOR_PAGE_AF; EntryValue =3D TT_DESCRIPTOR_PAGE_TYPE_PAGE; =20 // Although the PI spec is unclear on this, the GCD guarantees that only @@ -220,11 +219,11 @@ EFI_STATUS UpdateSectionEntries ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, - IN UINT64 Attributes + IN UINT64 Attributes, + IN UINT32 EntryMask ) { EFI_STATUS Status; - UINT32 EntryMask; UINT32 EntryValue; UINT32 FirstLevelIdx; UINT32 NumSections; @@ -240,8 +239,6 @@ UpdateSectionEntries ( // EntryValue: values at bit positions specified by EntryMask =20 // Make sure we handle a section range that is unmapped - EntryMask =3D TT_DESCRIPTOR_SECTION_TYPE_MASK | TT_DESCRIPTOR_SECTION_XN= _MASK | - TT_DESCRIPTOR_SECTION_AP_MASK | TT_DESCRIPTOR_SECTION_AF; EntryValue =3D TT_DESCRIPTOR_SECTION_TYPE_SECTION; =20 // Although the PI spec is unclear on this, the GCD guarantees that only @@ -310,6 +307,7 @@ UpdateSectionEntries ( (FirstLevelIdx + i) << TT_DESCRIPTOR_SECTION_BASE_SHIFT, TT_DESCRIPTOR_SECTION_SIZE, Attributes, + ConvertSectionAttributesToPageAttributes (EntryMask), NULL ); } else { @@ -340,11 +338,26 @@ UpdateSectionEntries ( return Status; } =20 +/** + Update the permission or memory type attributes on a range of memory. + + @param BaseAddress The start of the region. + @param Length The size of the region. + @param Attributes A mask of EFI_MEMORY_xx constants. + @param SectionMask A mask of short descriptor section attribu= tes + describing which descriptor bits to update. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +STATIC EFI_STATUS -ArmSetMemoryAttributes ( +SetMemoryAttributes ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, - IN UINT64 Attributes + IN UINT64 Attributes, + IN UINT32 SectionMask ) { EFI_STATUS Status; @@ -375,7 +388,12 @@ ArmSetMemoryAttributes ( Attributes )); =20 - Status =3D UpdateSectionEntries (BaseAddress, ChunkLength, Attribute= s); + Status =3D UpdateSectionEntries ( + BaseAddress, + ChunkLength, + Attributes, + SectionMask + ); =20 FlushTlbs =3D TRUE; } else { @@ -401,6 +419,7 @@ ArmSetMemoryAttributes ( BaseAddress, ChunkLength, Attributes, + ConvertSectionAttributesToPageAttributes (SectionMask), &FlushTlbs ); } @@ -420,13 +439,47 @@ ArmSetMemoryAttributes ( return Status; } =20 +/** + Update the permission or memory type attributes on a range of memory. + + @param BaseAddress The start of the region. + @param Length The size of the region. + @param Attributes A mask of EFI_MEMORY_xx constants. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmSetMemoryAttributes ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 Attributes + ) +{ + return SetMemoryAttributes ( + BaseAddress, + Length, + Attributes, + TT_DESCRIPTOR_SECTION_TYPE_MASK | + TT_DESCRIPTOR_SECTION_XN_MASK | + TT_DESCRIPTOR_SECTION_AP_MASK | + TT_DESCRIPTOR_SECTION_AF + ); +} + EFI_STATUS ArmSetMemoryRegionNoExec ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length ) { - return ArmSetMemoryAttributes (BaseAddress, Length, EFI_MEMORY_XP); + return SetMemoryAttributes ( + BaseAddress, + Length, + EFI_MEMORY_XP, + TT_DESCRIPTOR_SECTION_XN_MASK + ); } =20 EFI_STATUS @@ -435,7 +488,12 @@ ArmClearMemoryRegionNoExec ( IN UINT64 Length ) { - return ArmSetMemoryAttributes (BaseAddress, Length, __EFI_MEMORY_RWX); + return SetMemoryAttributes ( + BaseAddress, + Length, + 0, + TT_DESCRIPTOR_SECTION_XN_MASK + ); } =20 EFI_STATUS @@ -444,7 +502,12 @@ ArmSetMemoryRegionReadOnly ( IN UINT64 Length ) { - return ArmSetMemoryAttributes (BaseAddress, Length, EFI_MEMORY_RO); + return SetMemoryAttributes ( + BaseAddress, + Length, + EFI_MEMORY_RO, + TT_DESCRIPTOR_SECTION_AP_MASK + ); } =20 EFI_STATUS @@ -453,5 +516,10 @@ ArmClearMemoryRegionReadOnly ( IN UINT64 Length ) { - return ArmSetMemoryAttributes (BaseAddress, Length, __EFI_MEMORY_RWX); + return SetMemoryAttributes ( + BaseAddress, + Length, + 0, + TT_DESCRIPTOR_SECTION_AP_MASK + ); } --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101109): https://edk2.groups.io/g/devel/message/101109 Mute This Topic: https://groups.io/mt/97585987/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101110+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101110+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727871; cv=none; d=zohomail.com; s=zohoarc; b=NOEAT2H8FTTAzIg4BfaL64/2T2oT/DyMC88KPD7swhet4D12ym0uSz3wL8qPgGW5zi8KesksQF/X03EQxSpDXm3AIIzio+42Q1HPhfEPsZiz7iejWJ7Zktw5qtqZ7kZK8GLCrGyN/ENOUB1FkD46jolLnRATTqxJzsnsrpElJHc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727871; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=x3htzRHQiGd0bnBhBHH1mRTP0jViV5i9KmVdQDWpMJ0=; b=liW9+FNQ19Johe8OLzXF1ocSptrr+KWHQ6R3UyHGLyMd2A2T1j+/4zmxRRM8gdTGTiRli1B2zLQs5Xyuh7RxmYtt+z3BOv6Smb2meppYKb3VNFjnlsIEL/1ZXR3SCqtMdQ27KN+OSx/xNfFbKlJNGIPHlxpiKMj3F0HgOmzSexU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101110+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727871291957.7559875124965; Mon, 13 Mar 2023 10:17:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wZnEYY1788612xu9zpku1i7M; Mon, 13 Mar 2023 10:17:50 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25785.1678727870193444924 for ; Mon, 13 Mar 2023 10:17:50 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B6CAF61450; Mon, 13 Mar 2023 17:17:49 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 58B06C4339B; Mon, 13 Mar 2023 17:17:47 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 06/38] ArmPkg/ArmMmuLib: Implement EFI_MEMORY_RP using access flag Date: Mon, 13 Mar 2023 18:16:42 +0100 Message-Id: <20230313171714.3866151-7-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: fsA52MEtiX5UZYrVZlCM5BwLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727870; bh=5R8N7sliKsXS7Op2fP0UdeDI5gvcLwZQujK7qmm+A8c=; h=Cc:Date:From:Reply-To:Subject:To; b=t6OYN2tog+O3yzTad2CXoZO7hVrE6c5PStTP2Y/mpkNStpiwC/0zPT3ytPDNR8TgpG1 51IMzxy0qHhL3wIwVcQtrFAN5Yu0ltE9BZkQlzJYwHFWEMH3Ky0kQco4ieut7mzduNuLG Bwemr4mukNlMfIIiBQfqLin30JNs8lOeH9g= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727871988100010 Content-Type: text/plain; charset="utf-8" Implement support for read-protected memory by wiring it up to the access flag in the page table descriptor. The resulting mapping is implicitly non-writable and non-executable as well, but this is good enough for implementing this attribute, as we never rely on write or execute permissions without read permissions. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 8 ++- ArmPkg/Include/Library/ArmMmuLib.h | 34 ++++++++++++ ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 58 +++++++++++++++++++- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 48 ++++++++++++++++ 4 files changed, 144 insertions(+), 4 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c b/ArmPkg/Drivers/CpuDxe/AA= rch64/Mmu.c index 8bb33046e707..8bda11f08a30 100644 --- a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c @@ -64,6 +64,10 @@ PageAttributeToGcdAttribute ( } =20 // Determine protection attributes + if ((PageAttributes & TT_AF) =3D=3D 0) { + GcdAttributes |=3D EFI_MEMORY_RP; + } + if (((PageAttributes & TT_AP_MASK) =3D=3D TT_AP_NO_RO) || ((PageAttributes & TT_AP_MASK) =3D=3D TT_AP_RO_RO)) { @@ -301,7 +305,9 @@ EfiAttributeToArmAttribute ( } =20 // Set the access flag to match the block attributes - ArmAttributes |=3D TT_AF; + if ((EfiAttributes & EFI_MEMORY_RP) =3D=3D 0) { + ArmAttributes |=3D TT_AF; + } =20 // Determine protection attributes if ((EfiAttributes & EFI_MEMORY_RO) !=3D 0) { diff --git a/ArmPkg/Include/Library/ArmMmuLib.h b/ArmPkg/Include/Library/Ar= mMmuLib.h index b745e2230e7e..4cf59a1e376b 100644 --- a/ArmPkg/Include/Library/ArmMmuLib.h +++ b/ArmPkg/Include/Library/ArmMmuLib.h @@ -21,6 +21,40 @@ ArmConfigureMmu ( OUT UINTN *TranslationTableSize OPTIONAL ); =20 +/** + Convert a region of memory to read-protected, by clearing the access fla= g. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +EFIAPI +ArmSetMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ); + +/** + Convert a region of memory to read-enabled, by setting the access flag. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +EFIAPI +ArmClearMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ); + EFI_STATUS EFIAPI ArmSetMemoryRegionNoExec ( diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index 764c7d362e2e..6d21a2e41dd1 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -438,7 +438,11 @@ GcdAttributeToPageAttribute ( PageAttributes |=3D TT_AP_NO_RO; } =20 - return PageAttributes | TT_AF; + if ((GcdAttributes & EFI_MEMORY_RP) =3D=3D 0) { + PageAttributes |=3D TT_AF; + } + + return PageAttributes; } =20 EFI_STATUS @@ -459,9 +463,9 @@ ArmSetMemoryAttributes ( // No memory type was set in Attributes, so we are going to update the // permissions only. // - PageAttributes &=3D TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK; + PageAttributes &=3D TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK | TT_AF; PageAttributeMask =3D ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AP_MASK | - TT_PXN_MASK | TT_XN_MASK); + TT_PXN_MASK | TT_XN_MASK | TT_AF); } =20 return UpdateRegionMapping ( @@ -534,6 +538,54 @@ ArmClearMemoryRegionNoExec ( ); } =20 +/** + Convert a region of memory to read-protected, by clearing the access fla= g. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmSetMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ) +{ + return SetMemoryRegionAttribute ( + BaseAddress, + Length, + 0, + ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AF) + ); +} + +/** + Convert a region of memory to read-enabled, by setting the access flag. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmClearMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ) +{ + return SetMemoryRegionAttribute ( + BaseAddress, + Length, + TT_AF, + ~TT_ADDRESS_MASK_BLOCK_ENTRY + ); +} + EFI_STATUS ArmSetMemoryRegionReadOnly ( IN EFI_PHYSICAL_ADDRESS BaseAddress, diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index 23f613f5dbb0..247cf87bf3d3 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -523,3 +523,51 @@ ArmClearMemoryRegionReadOnly ( TT_DESCRIPTOR_SECTION_AP_MASK ); } + +/** + Convert a region of memory to read-protected, by clearing the access fla= g. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmSetMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ) +{ + return SetMemoryAttributes ( + BaseAddress, + Length, + EFI_MEMORY_RP, + TT_DESCRIPTOR_SECTION_AF + ); +} + +/** + Convert a region of memory to read-enabled, by setting the access flag. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmClearMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ) +{ + return SetMemoryAttributes ( + BaseAddress, + Length, + 0, + TT_DESCRIPTOR_SECTION_AF + ); +} --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101110): https://edk2.groups.io/g/devel/message/101110 Mute This Topic: https://groups.io/mt/97585988/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101111+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101111+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727874; cv=none; d=zohomail.com; s=zohoarc; b=IbInXck663sjLnAkSkf7K+LfIxIZkGzae5HwXu5ZyyZf9Wwx054lXHLXQmQd7zsVXmQZOSFYk27IG60ydA2ibTF4Ex+qKBNHpPtyMy8TgMKAfOHCxwfxStocsxYK89yMw7fnbnGKOLPn79CILGaUq5zpMD7S151iCuG9wawVi8E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727874; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Bn+BOQ7iIyupk+JkWHQrVgO3NBN350i+JqKv7BJAMAQ=; b=FzlKMdqaYHwlxqMZYSeDL5FkS/jINyLcrguwOmUYe9WT0OqHfSZtZM7bC7bU3C6hAmwiWfgP2OgZqFRHPrVHPRar1YyNlIdSZDKnBpLNv4nGwiAhBh600+aH4aRuU/UUbKtOzvSE4cdaRA/e0lDWaqvNlIURMW5H73L7ykBX1Lk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101111+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727874480570.8092821593937; Mon, 13 Mar 2023 10:17:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id iSp6YY1788612xbBsXbH5H0p; Mon, 13 Mar 2023 10:17:53 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25788.1678727873274967081 for ; Mon, 13 Mar 2023 10:17:53 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CAA106142D; Mon, 13 Mar 2023 17:17:52 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id F3E4FC433D2; Mon, 13 Mar 2023 17:17:49 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 07/38] ArmVirtPkg: Enable stack guard Date: Mon, 13 Mar 2023 18:16:43 +0100 Message-Id: <20230313171714.3866151-8-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: kXKkoq8xUPK9EXmMxEghf3fvx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727873; bh=eFGUm+MRTMkAeWe5sgj5YhQDVz08u41YVbQgYWxRayY=; h=Cc:Date:From:Reply-To:Subject:To; b=QTLcoT7JTQUZzVB89W5VwAZJl4XvIWmd0zA0I9rFL5HC7mWt3fiFp4Vatjkn5EkuWzS SciY4lQKwAx5UAHP+Y9mn/g8v87Eo9SrrY1hHRn+uRfLu6HZQPWe4Y12MGfw6CaFxoBEd CfITEL8Q0rLsJW7picxJewdQo4g+lz62Iwo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727875946100002 Content-Type: text/plain; charset="utf-8" Enable the stack guard in ArmVirtPkg builds, so that stack overflows are caught as they occur, rather than when they happen to hit a read-only memory region. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmVirtPkg/ArmVirt.dsc.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 74d98e6314c4..5b18184be263 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -363,6 +363,8 @@ [PcdsFixedAtBuild.common] # gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC0000000= 00007FD5 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE + [Components.common] # # Ramdisk support --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101111): https://edk2.groups.io/g/devel/message/101111 Mute This Topic: https://groups.io/mt/97585989/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101112+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101112+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727879; cv=none; d=zohomail.com; s=zohoarc; b=GuutItP4ClQsayijpa9G65yldJKKeZiEJp9CwsX1ltC+YfqfnFM1IAlOld4sr+bESl0cuFmaleVI4+1RKcA+la4e5JJyqw+h3Zsa0PzIft7yiRL+vlEe2IqjM6RJBdDCr6i0VDdbDNNCxFAveYt0cSFxuUmUCidLsAPPatEJbLY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727879; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=O/bze0/9pIY/KoC68sGm2crQ5LvJaYZWRBIehmS1Bkk=; b=j4AgIQmh1Ls3yfM3CeP3XiAVpQKsfxg2KMJ1U5PtU90aENZ9GBNEmpzNyhclEyql0wzG3Ou241ksd0s5H2DTwnwW4to0PGEETE0XEG3B1ym+LXqpo/6MXGcVR8sM/JAAKEF0HMp2JBRh0dfd+Z04pLbPV6/dugvz6cFwyDTJjUQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101112+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727879144372.1975313704687; Mon, 13 Mar 2023 10:17:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id PISrYY1788612xZWlRYYucfW; Mon, 13 Mar 2023 10:17:58 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web11.26473.1678727877734257378 for ; Mon, 13 Mar 2023 10:17:58 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 25897B811B1; Mon, 13 Mar 2023 17:17:56 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9BD37C433A1; Mon, 13 Mar 2023 17:17:52 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 08/38] ArmPkg/ArmMmuLib: Avoid splitting block entries if possible Date: Mon, 13 Mar 2023 18:16:44 +0100 Message-Id: <20230313171714.3866151-9-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: ct11LemkpYLnXnw7qkZIjz6lx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727878; bh=rBvqlEdpYfCGmcjUooIGeKIPjxJQe9xN7Y0AO8wSl+A=; h=Cc:Date:From:Reply-To:Subject:To; b=BaPyAbqo7xum+E7f4c6lNFGphrC4XbUE1jvFxKQvaw1JoUnsQSswmsm12W+XeRcgbFj vLyco4dL6HRpz7UOyyddkaJolM5UiD2zRWzlAR7/jZasymS0RRX3tbu19jnFvI6mAxmmM 7toiiYVIJNgyIC0tjp7dnH3rvSydTLjH6qc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727879987100001 Content-Type: text/plain; charset="utf-8" Currently, the ARM MMU page table logic will break down any block entry that overlaps with the region being mapped, even if the block entry in question is using the same attributes as the new region. This means that creating a non-executable mapping inside a region that is already mapped non-executable at a coarser granularity may trigger a call to AllocatePages (), which may recurse back into the page table code to update the attributes on the newly allocated page tables. Let's avoid this, by preserving the block entry if it already covers the region being mapped with the correct attributes. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 10 ++++++++++ ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index 6d21a2e41dd1..1ce200c43c72 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -251,6 +251,16 @@ UpdateRegionMappingRecursive ( ASSERT (Level < 3); =20 if (!IsTableEntry (*Entry, Level)) { + // + // If the region we are trying to map is already covered by a block + // entry with the right attributes, don't bother splitting it up. + // + if (IsBlockEntry (*Entry, Level) && + ((*Entry & TT_ATTRIBUTES_MASK & ~AttributeClearMask) =3D=3D At= tributeSetMask)) + { + continue; + } + // // No table entry exists yet, so we need to allocate a page table // for the next level. diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index 247cf87bf3d3..299d38ad07e8 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -170,6 +170,17 @@ UpdatePageEntries ( =20 // Does this descriptor need to be converted from section entry to 4K = pages? if (!TT_DESCRIPTOR_SECTION_TYPE_IS_PAGE_TABLE (Descriptor)) { + // + // If the section mapping covers the requested region with the expec= ted + // attributes, splitting it is unnecessary, and should be avoided as= it + // may result in unbounded recursion when using a strict NX policy. + // + if ((EntryValue & ~TT_DESCRIPTOR_PAGE_TYPE_MASK & EntryMask) =3D=3D + (ConvertSectionAttributesToPageAttributes (Descriptor) & EntryMa= sk)) + { + continue; + } + Status =3D ConvertSectionToPages (FirstLevelIdx << TT_DESCRIPTOR_SEC= TION_BASE_SHIFT); if (EFI_ERROR (Status)) { // Exit for loop --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101112): https://edk2.groups.io/g/devel/message/101112 Mute This Topic: https://groups.io/mt/97585995/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101113+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101113+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727879; cv=none; d=zohomail.com; s=zohoarc; b=HGMOVxMOaeDkBJgObFWzQbhBEkTSpVSmg+y/CN0UzG0GbjyhH9H3OuR1+OZu/ndeIxEzyrlBs98V+sRizAgoISmtrOwLpyuN9uXmj7FDzOXwwi7BxgssR4hV8tYgNt5p8zeOvA56MN3vIzoVZIRYnwYxEVOtoA+Jy+ZucDzVQIU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727879; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=F92tUrYEB4ktFeodProyVEV+WipirqXaIo9D2+BdElo=; b=Yup8p2bv+pQTc9uS5XnbfG+1YY5UIiqR+cJwG/iFhUZvkItaRItvHUgYL3Z/1ceERa9TWh1hGjvJYg6lweyVJiW1l4lHL15wFKlJSBrOHYQlUF5pXTP7Li8LYAx74upiKPcktFtQcSzwunH0KOVj6HuPR6ol1RmsnKaQYft2hYg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101113+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727879909275.5211780932858; Mon, 13 Mar 2023 10:17:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id iJ6EYY1788612x2H3Q2NuP5n; Mon, 13 Mar 2023 10:17:59 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25793.1678727878561396798 for ; Mon, 13 Mar 2023 10:17:58 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0E33F61368; Mon, 13 Mar 2023 17:17:58 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 43BEDC4339C; Mon, 13 Mar 2023 17:17:55 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 09/38] ArmPkg/CpuDxe: Expose unified region-to-EFI attribute conversion Date: Mon, 13 Mar 2023 18:16:45 +0100 Message-Id: <20230313171714.3866151-10-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: D58a41zGhnwhb28dUtag2kaVx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727879; bh=jRLSNXQ9SaNn++aIYxoqyCIG0v5nZFhg9P+Y56FuuB8=; h=Cc:Date:From:Reply-To:Subject:To; b=soSJheE6+KGFdOS8RIlqe+W8zIy08Se6hPwVKYBlykXmKXl0arpafJf7Wo/WFFDlPmk Bq+tq1UwhGg3snYwyZVG4nIzrPrUsNFQEREv9rn3zlwLn0TJSyuX0KMMNU64cVoRmIpOe yfbvWVawHWBxk0DFsGNpuiliFK7o5FhwXHQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727881983100005 Content-Type: text/plain; charset="utf-8" In preparation for introducing an implementation of the EFI memory attributes protocol that is shared between ARM and AArch64, unify the existing code that converts a page table descriptor into a EFI_MEMORY_xxx bitfield, so it can be called from the generic code. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 17 +++++++++ ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 38 ++++++++++++++++++++ ArmPkg/Drivers/CpuDxe/CpuDxe.h | 14 ++++++++ 3 files changed, 69 insertions(+) diff --git a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c b/ArmPkg/Drivers/CpuDxe/AA= rch64/Mmu.c index 8bda11f08a30..4a416743fb8a 100644 --- a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c @@ -83,6 +83,23 @@ PageAttributeToGcdAttribute ( return GcdAttributes; } =20 +/** + Convert a arch specific set of page attributes into a mask + of EFI_MEMORY_xx constants. + + @param PageAttributes The set of page attributes. + + @retval The mask of EFI_MEMORY_xx constants. + +**/ +UINT64 +RegionAttributeToGcdAttribute ( + IN UINTN PageAttributes + ) +{ + return PageAttributeToGcdAttribute (PageAttributes); +} + STATIC UINT64 GetFirstPageAttribute ( diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mm= u.c index 07faab8216ec..8e0dd5d2aaca 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -13,6 +13,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include "CpuDxe.h" =20 +/** + Convert a set of ARM short descriptor section attributes into a mask + of EFI_MEMORY_xx constants. + + @param SectionAttributes The set of page attributes. + @param GcdAttributes Pointer to the return value. + +**/ +STATIC EFI_STATUS SectionToGcdAttributes ( IN UINT32 SectionAttributes, @@ -74,6 +83,35 @@ SectionToGcdAttributes ( return EFI_SUCCESS; } =20 +/** + Convert a arch specific set of page attributes into a mask + of EFI_MEMORY_xx constants. + + @param PageAttributes The set of page attributes. + + @retval The mask of EFI_MEMORY_xx constants. + +**/ +UINT64 +RegionAttributeToGcdAttribute ( + IN UINTN PageAttributes + ) +{ + UINT64 Result; + + SectionToGcdAttributes (PageAttributes, &Result); + return Result; +} + +/** + Convert a set of ARM short descriptor page attributes into a mask + of EFI_MEMORY_xx constants. + + @param PageAttributes The set of page attributes. + @param GcdAttributes Pointer to the return value. + +**/ +STATIC EFI_STATUS PageToGcdAttributes ( IN UINT32 PageAttributes, diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.h b/ArmPkg/Drivers/CpuDxe/CpuDxe.h index ff672390ce51..8cb105dcc841 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.h +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.h @@ -126,4 +126,18 @@ SetGcdMemorySpaceAttributes ( IN UINT64 Attributes ); =20 +/** + Convert a arch specific set of page attributes into a mask + of EFI_MEMORY_xx constants. + + @param PageAttributes The set of page attributes. + + @retval The mask of EFI_MEMORY_xx constants. + +**/ +UINT64 +RegionAttributeToGcdAttribute ( + IN UINTN PageAttributes + ); + #endif // CPU_DXE_H_ --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101113): https://edk2.groups.io/g/devel/message/101113 Mute This Topic: https://groups.io/mt/97585996/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101114+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101114+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727884; cv=none; d=zohomail.com; s=zohoarc; b=W6EYS+lKAtiNHqYLLKlg7AVYsO957my7gPn0qY6RSFXRl1xZL3ifP5+3BaMLU/8+UYZTTp7UxG53jHcRCVRvM4uYQDb/jo0igZZN/v3whLe4qWttrG62iBRP0eYN+SPU0vHD0oMcbxywIJvoKWKPw4PnIfWVRzEE/2IuB6zQlEA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727884; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qRvLnzLtf83NeUbjSruLMyngZKi1krHizRUfSDqISSo=; b=BnadF+pBRURgx1R5pKr7Z+IqacCkW+aGL3rHrvhqyrsfWLzEMoywfsCPEhYBdyupoMHRCnKgoOZxy8NmDw2MgF571HHLdkXQzBEtbS2gPH877tJzHeyYf3JIV7/Dq3xuyNK3C/v1iDRAaUVLvpEGz07DhEvcua8PyPdRpEDM62k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101114+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727884818206.81983491223718; Mon, 13 Mar 2023 10:18:04 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id oQ8qYY1788612x8bUyvKCf8v; Mon, 13 Mar 2023 10:18:04 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25799.1678727882956396972 for ; Mon, 13 Mar 2023 10:18:03 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5DF1DB811C2; Mon, 13 Mar 2023 17:18:01 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF034C4339B; Mon, 13 Mar 2023 17:17:57 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 10/38] MdePkg: Add Memory Attribute Protocol definition Date: Mon, 13 Mar 2023 18:16:46 +0100 Message-Id: <20230313171714.3866151-11-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: HZx9JMx6UwsRe9uKZ6ot8jljx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727884; bh=WqoBuzDbc7xhUgcIrb5uLdo9gBHh91tsZEKLHeAuLX4=; h=Cc:Date:From:Reply-To:Subject:To; b=h9AGz/c9diPbUhoHIP0gcR08V31sU6VYGActh877lWwjX4s4Ufupuo9NRBOBbyYW081 Zv5mJxF44kz2z9E4TRFmRuyk3pTeEzNsKRRbcZZs987qaGLM/3U1kvuxJ8kFxLj3540NE odc1B+6s65QQNbaRxTQhhaPb6+oXRuY5P18= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727886022100003 Content-Type: text/plain; charset="utf-8" Add the Memory Attribute Protocol definition, which was adopted and included in version 2.10 of the UEFI specification. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3519 Signed-off-by: Ard Biesheuvel Reviewed-by: Liming Gao Reviewed-by: Leif Lindholm --- MdePkg/Include/Protocol/MemoryAttribute.h | 142 ++++++++++++++++++++ MdePkg/MdePkg.dec | 3 + 2 files changed, 145 insertions(+) diff --git a/MdePkg/Include/Protocol/MemoryAttribute.h b/MdePkg/Include/Pro= tocol/MemoryAttribute.h new file mode 100644 index 000000000000..5c6b7badb589 --- /dev/null +++ b/MdePkg/Include/Protocol/MemoryAttribute.h @@ -0,0 +1,142 @@ +/** @file + + EFI Memory Attribute Protocol provides retrieval and update service + for memory attributes in EFI environment. + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ Copyright (c) 2023, Google LLC. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef EFI_MEMORY_ATTRIBUTE_H_ +#define EFI_MEMORY_ATTRIBUTE_H_ + +#define EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID \ + { \ + 0xf4560cf6, 0x40ec, 0x4b4a, { 0xa1, 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1= , 0x89 } \ + } + +typedef struct _EFI_MEMORY_ATTRIBUTE_PROTOCOL EFI_MEMORY_ATTRIBUTE_PROTOCO= L; + +/** + This function set given attributes of the memory region specified by + BaseAddress and Length. + + The valid Attributes is EFI_MEMORY_RP, EFI_MEMORY_XP, and EFI_MEMORY_RO. + + @param This The EFI_MEMORY_ATTRIBUTE_PROTOCOL instance. + @param BaseAddress The physical address that is the start address= of + a memory region. + @param Length The size in bytes of the memory region. + @param Attributes The bit mask of attributes to set for the memo= ry + region. + + @retval EFI_SUCCESS The attributes were set for the memory reg= ion. + @retval EFI_INVALID_PARAMETER Length is zero. + Attributes specified an illegal combinatio= n of + attributes that cannot be set together. + @retval EFI_UNSUPPORTED The processor does not support one or more + bytes of the memory resource range specifi= ed + by BaseAddress and Length. + The bit mask of attributes is not supporte= d for + the memory resource range specified by + BaseAddress and Length. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. + @retval EFI_ACCESS_DENIED Attributes for the requested memory region= are + controlled by system firmware and cannot be + updated via the protocol. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SET_MEMORY_ATTRIBUTES)( + IN EFI_MEMORY_ATTRIBUTE_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 Attributes + ); + +/** + This function clears given attributes of the memory region specified by + BaseAddress and Length. + + The valid Attributes is EFI_MEMORY_RP, EFI_MEMORY_XP, and EFI_MEMORY_RO. + + @param This The EFI_MEMORY_ATTRIBUTE_PROTOCOL instance. + @param BaseAddress The physical address that is the start address= of + a memory region. + @param Length The size in bytes of the memory region. + @param Attributes The bit mask of attributes to clear for the me= mory + region. + + @retval EFI_SUCCESS The attributes were cleared for the memory= region. + @retval EFI_INVALID_PARAMETER Length is zero. + Attributes specified an illegal combinatio= n of + attributes that cannot be cleared together. + @retval EFI_UNSUPPORTED The processor does not support one or more + bytes of the memory resource range specifi= ed + by BaseAddress and Length. + The bit mask of attributes is not supporte= d for + the memory resource range specified by + BaseAddress and Length. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. + @retval EFI_ACCESS_DENIED Attributes for the requested memory region= are + controlled by system firmware and cannot be + updated via the protocol. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_CLEAR_MEMORY_ATTRIBUTES)( + IN EFI_MEMORY_ATTRIBUTE_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 Attributes + ); + +/** + This function retrieves the attributes of the memory region specified by + BaseAddress and Length. If different attributes are got from different p= art + of the memory region, EFI_NO_MAPPING will be returned. + + @param This The EFI_MEMORY_ATTRIBUTE_PROTOCOL instance. + @param BaseAddress The physical address that is the start address= of + a memory region. + @param Length The size in bytes of the memory region. + @param Attributes Pointer to attributes returned. + + @retval EFI_SUCCESS The attributes got for the memory region. + @retval EFI_INVALID_PARAMETER Length is zero. + Attributes is NULL. + @retval EFI_NO_MAPPING Attributes are not consistent cross the me= mory + region. + @retval EFI_UNSUPPORTED The processor does not support one or more + bytes of the memory resource range specifi= ed + by BaseAddress and Length. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_GET_MEMORY_ATTRIBUTES)( + IN EFI_MEMORY_ATTRIBUTE_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + OUT UINT64 *Attributes + ); + +/// +/// EFI Memory Attribute Protocol provides services to retrieve or update +/// attribute of memory in the EFI environment. +/// +struct _EFI_MEMORY_ATTRIBUTE_PROTOCOL { + EFI_GET_MEMORY_ATTRIBUTES GetMemoryAttributes; + EFI_SET_MEMORY_ATTRIBUTES SetMemoryAttributes; + EFI_CLEAR_MEMORY_ATTRIBUTES ClearMemoryAttributes; +}; + +extern EFI_GUID gEfiMemoryAttributeProtocolGuid; + +#endif diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 80b655905314..2d643bede1d7 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -1922,6 +1922,9 @@ [Protocols] ## Include/Protocol/RedfishDiscover.h gEfiRedfishDiscoverProtocolGuid =3D { 0x5db12509, 0x4550, 0x4347, {= 0x96, 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} =20 + ## Include/Protocol/MemoryAttribute.h + gEfiMemoryAttributeProtocolGuid =3D { 0xf4560cf6, 0x40ec, 0x4b4a, { 0xa1= , 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1, 0x89 }} + # # Protocols defined in Shell2.0 # --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101114): https://edk2.groups.io/g/devel/message/101114 Mute This Topic: https://groups.io/mt/97586006/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101115+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101115+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727885; cv=none; d=zohomail.com; s=zohoarc; b=gzgYN49CQFvfhEqOQ5GhBoDfl1uosLt55OUdm6SaThdcVmmF7yilsEsz2TdTPvfQwfmmzunmPf5yOcG9J2y6Ro87GLH8BsEL1VfFn1Q13n36QQ9rDLlaWtZGRo/HyddPWnNdRV49qEjXPikSCqPxh3LwkCbRN0X1V5yUUaJUCG8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727885; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=zRqF4VQ0kgyZrHNIBWDkPNZlpn37hwWTgueCwk6JGBg=; b=AZiZGUx0kgrg7XSyosuO4YuUxoCLbEAIRIOzAeaGPZLOy/vn+j9DWc7gPfaTYL6iiJyY9oQinD7AWaA918/zmF7Xvwg+II+/e/UG9C3/W4DHZnZFJ/u+4WKn16QVI02OWEDMSRGEVoUS4Ro1WmDlJtddIs6zQgBi2oD6xdEQjl8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101115+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727885587537.5035038829104; Mon, 13 Mar 2023 10:18:05 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id NdFfYY1788612x8bWifiGVRy; Mon, 13 Mar 2023 10:18:05 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25800.1678727883957899492 for ; Mon, 13 Mar 2023 10:18:04 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4F0286141D; Mon, 13 Mar 2023 17:18:03 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 86EF0C433EF; Mon, 13 Mar 2023 17:18:00 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 11/38] ArmPkg/CpuDxe: Implement EFI memory attributes protocol Date: Mon, 13 Mar 2023 18:16:47 +0100 Message-Id: <20230313171714.3866151-12-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 7hcnyMptTJSkvsdYKPpW59x7x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727885; bh=ckcLxjmczsNdjdJ7f3PUldxrQv93kSE/DrX+qcDdgF0=; h=Cc:Date:From:Reply-To:Subject:To; b=ijtcDStD3x6aHaLP69kf3C3lttywUQkM8qz6qqlEeqVJ6GTXzHAbhVElA5PJU/rG/NH lQRkHzs1QNK1zgyiU8UGQX4gU9KyASjja6BmCazlrn+/uWNbOMJNcmXc6Uhx8wzpYqMm+ yuKkzI0BnnLCPqbopq0lUV6w9i1BG7xGCNc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727886011100001 Content-Type: text/plain; charset="utf-8" Expose the protocol introduced in v2.10 that permits the caller to manage mapping permissions in the page tables. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Drivers/CpuDxe/CpuDxe.c | 2 + ArmPkg/Drivers/CpuDxe/CpuDxe.h | 3 + ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 2 + ArmPkg/Drivers/CpuDxe/MemoryAttribute.c | 271 ++++++++++++++++++++ 4 files changed, 278 insertions(+) diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c index e6742f0a25fc..d04958e79e52 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c @@ -244,6 +244,8 @@ CpuDxeInitialize ( &mCpuHandle, &gEfiCpuArchProtocolGuid, &mCpu, + &gEfiMemoryAttributeProtocolGuid, + &mMemoryAttribute, NULL ); =20 diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.h b/ArmPkg/Drivers/CpuDxe/CpuDxe.h index 8cb105dcc841..ce2981361aca 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.h +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.h @@ -30,9 +30,12 @@ #include #include #include +#include =20 extern BOOLEAN mIsFlushingGCD; =20 +extern EFI_MEMORY_ATTRIBUTE_PROTOCOL mMemoryAttribute; + /** This function registers and enables the handler specified by InterruptHa= ndler for a processor interrupt or exception type specified by InterruptType. If InterruptHand= ler is NULL, then the diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDx= e.inf index 10792b393fc8..e732e21cb94a 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf @@ -23,6 +23,7 @@ [Sources.Common] CpuDxe.h CpuMmuCommon.c Exception.c + MemoryAttribute.c =20 [Sources.ARM] Arm/Mmu.c @@ -53,6 +54,7 @@ [LibraryClasses] =20 [Protocols] gEfiCpuArchProtocolGuid + gEfiMemoryAttributeProtocolGuid =20 [Guids] gEfiDebugImageInfoTableGuid diff --git a/ArmPkg/Drivers/CpuDxe/MemoryAttribute.c b/ArmPkg/Drivers/CpuDx= e/MemoryAttribute.c new file mode 100644 index 000000000000..b47464c0269e --- /dev/null +++ b/ArmPkg/Drivers/CpuDxe/MemoryAttribute.c @@ -0,0 +1,271 @@ +/** @file + + Copyright (c) 2023, Google LLC. All rights reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "CpuDxe.h" + +/** + This function retrieves the attributes of the memory region specified by + BaseAddress and Length. If different attributes are got from different p= art + of the memory region, EFI_NO_MAPPING will be returned. + + @param This The EFI_MEMORY_ATTRIBUTE_PROTOCOL instance. + @param BaseAddress The physical address that is the start address= of + a memory region. + @param Length The size in bytes of the memory region. + @param Attributes Pointer to attributes returned. + + @retval EFI_SUCCESS The attributes got for the memory region. + @retval EFI_INVALID_PARAMETER Length is zero. + Attributes is NULL. + @retval EFI_NO_MAPPING Attributes are not consistent cross the me= mory + region. + @retval EFI_UNSUPPORTED The processor does not support one or more + bytes of the memory resource range specifi= ed + by BaseAddress and Length. + +**/ +STATIC +EFI_STATUS +GetMemoryAttributes ( + IN EFI_MEMORY_ATTRIBUTE_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + OUT UINT64 *Attributes + ) +{ + UINTN RegionAddress; + UINTN RegionLength; + UINTN RegionAttributes; + UINTN Union; + UINTN Intersection; + EFI_STATUS Status; + + if ((Length =3D=3D 0) || (Attributes =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + DEBUG (( + DEBUG_VERBOSE, + "%a: BaseAddress =3D=3D 0x%lx, Length =3D=3D 0x%lx\n", + __FUNCTION__, + BaseAddress, + Length + )); + + Union =3D 0; + Intersection =3D MAX_UINTN; + + for (RegionAddress =3D (UINTN)BaseAddress; + RegionAddress < (UINTN)(BaseAddress + Length); + RegionAddress +=3D RegionLength) + { + Status =3D GetMemoryRegion ( + &RegionAddress, + &RegionLength, + &RegionAttributes + ); + + DEBUG (( + DEBUG_VERBOSE, + "%a: RegionAddress =3D=3D 0x%lx, RegionLength =3D=3D 0x%lx, RegionAt= tributes =3D=3D 0x%lx\n", + __FUNCTION__, + (UINT64)RegionAddress, + (UINT64)RegionLength, + (UINT64)RegionAttributes + )); + + if (EFI_ERROR (Status)) { + return EFI_NO_MAPPING; + } + + Union |=3D RegionAttributes; + Intersection &=3D RegionAttributes; + } + + DEBUG (( + DEBUG_VERBOSE, + "%a: Union =3D=3D %lx, Intersection =3D=3D %lx\n", + __FUNCTION__, + (UINT64)Union, + (UINT64)Intersection + )); + + if (Union !=3D Intersection) { + return EFI_NO_MAPPING; + } + + *Attributes =3D RegionAttributeToGcdAttribute (Union); + *Attributes &=3D EFI_MEMORY_RP | EFI_MEMORY_RO | EFI_MEMORY_XP; + return EFI_SUCCESS; +} + +/** + This function set given attributes of the memory region specified by + BaseAddress and Length. + + The valid Attributes is EFI_MEMORY_RP, EFI_MEMORY_XP, and EFI_MEMORY_RO. + + @param This The EFI_MEMORY_ATTRIBUTE_PROTOCOL instance. + @param BaseAddress The physical address that is the start address= of + a memory region. + @param Length The size in bytes of the memory region. + @param Attributes The bit mask of attributes to set for the memo= ry + region. + + @retval EFI_SUCCESS The attributes were set for the memory reg= ion. + @retval EFI_INVALID_PARAMETER Length is zero. + Attributes specified an illegal combinatio= n of + attributes that cannot be set together. + @retval EFI_UNSUPPORTED The processor does not support one or more + bytes of the memory resource range specifi= ed + by BaseAddress and Length. + The bit mask of attributes is not supporte= d for + the memory resource range specified by + BaseAddress and Length. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. + @retval EFI_ACCESS_DENIED Attributes for the requested memory region= are + controlled by system firmware and cannot be + updated via the protocol. + +**/ +STATIC +EFI_STATUS +SetMemoryAttributes ( + IN EFI_MEMORY_ATTRIBUTE_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 Attributes + ) +{ + EFI_STATUS Status; + + DEBUG (( + DEBUG_INFO, + "%a: BaseAddress =3D=3D 0x%lx, Length =3D=3D 0x%lx, Attributes =3D=3D = 0x%lx\n", + __FUNCTION__, + (UINTN)BaseAddress, + (UINTN)Length, + (UINTN)Attributes + )); + + if ((Length =3D=3D 0) || + ((Attributes & ~(EFI_MEMORY_RO | EFI_MEMORY_RP | EFI_MEMORY_XP)) != =3D 0)) + { + return EFI_INVALID_PARAMETER; + } + + if ((Attributes & EFI_MEMORY_RP) !=3D 0) { + Status =3D ArmSetMemoryRegionNoAccess (BaseAddress, Length); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + } + + if ((Attributes & EFI_MEMORY_RO) !=3D 0) { + Status =3D ArmSetMemoryRegionReadOnly (BaseAddress, Length); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + } + + if ((Attributes & EFI_MEMORY_XP) !=3D 0) { + Status =3D ArmSetMemoryRegionNoExec (BaseAddress, Length); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + } + + return EFI_SUCCESS; +} + +/** + This function clears given attributes of the memory region specified by + BaseAddress and Length. + + The valid Attributes is EFI_MEMORY_RP, EFI_MEMORY_XP, and EFI_MEMORY_RO. + + @param This The EFI_MEMORY_ATTRIBUTE_PROTOCOL instance. + @param BaseAddress The physical address that is the start address= of + a memory region. + @param Length The size in bytes of the memory region. + @param Attributes The bit mask of attributes to clear for the me= mory + region. + + @retval EFI_SUCCESS The attributes were cleared for the memory= region. + @retval EFI_INVALID_PARAMETER Length is zero. + Attributes specified an illegal combinatio= n of + attributes that cannot be cleared together. + @retval EFI_UNSUPPORTED The processor does not support one or more + bytes of the memory resource range specifi= ed + by BaseAddress and Length. + The bit mask of attributes is not supporte= d for + the memory resource range specified by + BaseAddress and Length. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. + @retval EFI_ACCESS_DENIED Attributes for the requested memory region= are + controlled by system firmware and cannot be + updated via the protocol. + +**/ +STATIC +EFI_STATUS +ClearMemoryAttributes ( + IN EFI_MEMORY_ATTRIBUTE_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 Attributes + ) +{ + EFI_STATUS Status; + + DEBUG (( + DEBUG_INFO, + "%a: BaseAddress =3D=3D 0x%lx, Length =3D=3D 0x%lx, Attributes =3D=3D = 0x%lx\n", + __FUNCTION__, + (UINTN)BaseAddress, + (UINTN)Length, + (UINTN)Attributes + )); + + if ((Length =3D=3D 0) || + ((Attributes & ~(EFI_MEMORY_RO | EFI_MEMORY_RP | EFI_MEMORY_XP)) != =3D 0)) + { + return EFI_INVALID_PARAMETER; + } + + if ((Attributes & EFI_MEMORY_RP) !=3D 0) { + Status =3D ArmClearMemoryRegionNoAccess (BaseAddress, Length); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + } + + if ((Attributes & EFI_MEMORY_RO) !=3D 0) { + Status =3D ArmClearMemoryRegionReadOnly (BaseAddress, Length); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + } + + if ((Attributes & EFI_MEMORY_XP) !=3D 0) { + Status =3D ArmClearMemoryRegionNoExec (BaseAddress, Length); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + } + + return EFI_SUCCESS; +} + +EFI_MEMORY_ATTRIBUTE_PROTOCOL mMemoryAttribute =3D { + GetMemoryAttributes, + SetMemoryAttributes, + ClearMemoryAttributes +}; --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101115): https://edk2.groups.io/g/devel/message/101115 Mute This Topic: https://groups.io/mt/97586007/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101116+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101116+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727887; cv=none; d=zohomail.com; s=zohoarc; b=bqmdxQhtuHDHGD8y4CjpcMc6EQOhkxK9a+nerPXa06v0WqliIN0dpeOQCxGs/pm5Ooz2nbF97e6/I6PwOzkNq3zSIJixh6jYqn+s7lqYTJUX6E/fZCWurSHZJ4s1RwhJ5IdZvaMgaYf5lBVeO4M6pzHh9eA+zXRxtdnUqSvyF68= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727887; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=aNm5BqEHxqLbSfenjbC6k9XoGGhMW8WQQlqRY9x3QtY=; b=BABxfdRulLfdjdZssrsHRIHdXTd6BjC1XSP6Dw7L5O7mnKJabbxsExdyLuKVs0F/Zy9ATpdy2X9JD/VP27Z4DdGmk5esD4enINimyvfNXFmFHT3iUEj9ARDFFzGJuxp8e7poagQD/sWs3cuAip9OXh7Qo5DgPIoS/eBnt2S2ees= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101116+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167872788757112.695551778220874; Mon, 13 Mar 2023 10:18:07 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id p0ONYY1788612xheS7mos5Kp; Mon, 13 Mar 2023 10:18:07 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25802.1678727886401728682 for ; Mon, 13 Mar 2023 10:18:06 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E94F961449; Mon, 13 Mar 2023 17:18:05 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2E258C4339C; Mon, 13 Mar 2023 17:18:03 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 12/38] ArmPkg/CpuDxe: Perform preliminary NX remap of free memory Date: Mon, 13 Mar 2023 18:16:48 +0100 Message-Id: <20230313171714.3866151-13-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: hsjIHHPnA1rEm8ZAaOp6i3UUx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727887; bh=CwJEfnMnzL01fVNGHA1jE1kvUtjqradPkIQSGZCIkAo=; h=Cc:Date:From:Reply-To:Subject:To; b=AUyQQ+Z99OlfIZyubsIzq8/tB5LRM29lhXG2RN3ctJrl3XWwWgdCCjfuR8z+iGA5oty A+bCs3IZ8wKR3RQOJoNY5WOj7VGHfRfrRmCDkE0AEDBod7FZcBqy6V730u0kaVDsLgnH2 027GRBjNrismj8C04WFqvHTlzZMpc+nT1no= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727888045100010 Content-Type: text/plain; charset="utf-8" The DXE core implementation of PcdDxeNxMemoryProtectionPolicy already contains an assertion that EfiConventionalMemory and EfiBootServicesData are subjected to the same policy when it comes to the use of NX permissions. The reason for this is that we may otherwise end up with unbounded recursion in the page table code, given that allocating a page table would then involve a permission attribute change, and this could result in the need for a block entry to be split, which would trigger the allocation of a page table recursively. For the same reason, a shortcut exists in ApplyMemoryProtectionPolicy() where, instead of setting the memory attributes unconditionally, we compare the NX policies and avoid touching the page tables if they are the same for the old and the new memory types. Without this shortcut, we may end up in a situation where, as the CPU arch protocol DXE driver is ramping up, the same unbounded recursion is triggered, due to the fact that the NX policy for EfiConventionalMemory has not been applied yet. To break this cycle, let's remap all EfiConventionalMemory regions according to the NX policy for EfiBootServicesData before exposing the CPU arch protocol to the DXE core and other drivers. This ensures that creating EfiBootServicesData allocations does not result in memory attribute changes, and therefore no recursion. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/ArmPkg.dec | 5 ++ ArmPkg/Drivers/CpuDxe/CpuDxe.c | 85 ++++++++++++++++++++ ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 3 + 3 files changed, 93 insertions(+) diff --git a/ArmPkg/ArmPkg.dec b/ArmPkg/ArmPkg.dec index f17ba913e6de..3f9f6bc3fd93 100644 --- a/ArmPkg/ArmPkg.dec +++ b/ArmPkg/ArmPkg.dec @@ -144,6 +144,11 @@ [PcdsFeatureFlag.common] # If PcdMonitorConduitHvc =3D TRUE, conduit =3D HVC gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x00000047 =20 + # Whether to remap all unused memory NX before installing the CPU arch + # protocol driver. This is needed on platforms that map all DRAM with RWX + # attributes initially, and can be disabled otherwise. + gArmTokenSpaceGuid.PcdRemapUnusedMemoryNx|TRUE|BOOLEAN|0x00000048 + [PcdsFeatureFlag.ARM] # Whether to map normal memory as non-shareable. FALSE is the safe choic= e, but # TRUE may be appropriate to fix performance problems if you don't care = about diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c index d04958e79e52..f820f3f62189 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c @@ -11,6 +11,8 @@ =20 #include =20 +#include + BOOLEAN mIsFlushingGCD; =20 /** @@ -227,6 +229,75 @@ InitializeDma ( CpuArchProtocol->DmaBufferAlignment =3D ArmCacheWritebackGranule (); } =20 +/** + Map all EfiConventionalMemory regions in the memory map with NX + attributes so that allocating or freeing EfiBootServicesData regions + does not result in changes to memory permission attributes. + +**/ +STATIC +VOID +RemapUnusedMemoryNx ( + VOID + ) +{ + UINT64 TestBit; + UINTN MemoryMapSize; + UINTN MapKey; + UINTN DescriptorSize; + UINT32 DescriptorVersion; + EFI_MEMORY_DESCRIPTOR *MemoryMap; + EFI_MEMORY_DESCRIPTOR *MemoryMapEntry; + EFI_MEMORY_DESCRIPTOR *MemoryMapEnd; + EFI_STATUS Status; + + TestBit =3D LShiftU64 (1, EfiBootServicesData); + if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & TestBit) =3D=3D 0) { + return; + } + + MemoryMapSize =3D 0; + MemoryMap =3D NULL; + + Status =3D gBS->GetMemoryMap ( + &MemoryMapSize, + MemoryMap, + &MapKey, + &DescriptorSize, + &DescriptorVersion + ); + ASSERT (Status =3D=3D EFI_BUFFER_TOO_SMALL); + do { + MemoryMap =3D (EFI_MEMORY_DESCRIPTOR *)AllocatePool (MemoryMapSize); + ASSERT (MemoryMap !=3D NULL); + Status =3D gBS->GetMemoryMap ( + &MemoryMapSize, + MemoryMap, + &MapKey, + &DescriptorSize, + &DescriptorVersion + ); + if (EFI_ERROR (Status)) { + FreePool (MemoryMap); + } + } while (Status =3D=3D EFI_BUFFER_TOO_SMALL); + + ASSERT_EFI_ERROR (Status); + + MemoryMapEntry =3D MemoryMap; + MemoryMapEnd =3D (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + Memory= MapSize); + while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) { + if (MemoryMapEntry->Type =3D=3D EfiConventionalMemory) { + ArmSetMemoryRegionNoExec ( + MemoryMapEntry->PhysicalStart, + EFI_PAGES_TO_SIZE (MemoryMapEntry->NumberOfPages) + ); + } + + MemoryMapEntry =3D NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorS= ize); + } +} + EFI_STATUS CpuDxeInitialize ( IN EFI_HANDLE ImageHandle, @@ -240,6 +311,20 @@ CpuDxeInitialize ( =20 InitializeDma (&mCpu); =20 + // + // Once we install the CPU arch protocol, the DXE core's memory + // protection routines will invoke them to manage the permissions of page + // allocations as they are created. Given that this includes pages + // allocated for page tables by this driver, we must ensure that unused + // memory is mapped with the same permissions as boot services data + // regions. Otherwise, we may end up with unbounded recursion, due to the + // fact that updating permissions on a newly allocated page table may tr= igger + // a block entry split, which triggers a page table allocation, etc etc + // + if (FeaturePcdGet (PcdRemapUnusedMemoryNx)) { + RemapUnusedMemoryNx (); + } + Status =3D gBS->InstallMultipleProtocolInterfaces ( &mCpuHandle, &gEfiCpuArchProtocolGuid, diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDx= e.inf index e732e21cb94a..7d8132200e64 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf @@ -48,6 +48,7 @@ [LibraryClasses] DefaultExceptionHandlerLib DxeServicesTableLib HobLib + MemoryAllocationLib PeCoffGetEntryPointLib UefiDriverEntryPoint UefiLib @@ -64,9 +65,11 @@ [Guids] =20 [Pcd.common] gArmTokenSpaceGuid.PcdVFPEnabled + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy =20 [FeaturePcd.common] gArmTokenSpaceGuid.PcdDebuggerExceptionSupport + gArmTokenSpaceGuid.PcdRemapUnusedMemoryNx =20 [Depex] gHardwareInterruptProtocolGuid OR gHardwareInterrupt2ProtocolGuid --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101116): https://edk2.groups.io/g/devel/message/101116 Mute This Topic: https://groups.io/mt/97586010/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101117+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101117+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727889; cv=none; d=zohomail.com; s=zohoarc; b=FvZwrNgIszbTcNDKt5in3Pm1vtCo44N0qyepwAIKRj8cK3YVFa/g2W1sj09ggyzfeFhJgiIUB33d6z0TWrZ5Csj+M3PzwCqZm3TJTibTQ6Jyot8y97epyT3Gzdp0Cf8Oa45r3Nq05AYO3iaw9kQAHHjIgk4BDvuS16DdV6MKRmU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727889; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qZ3lq3b48kWIMNxvCO37kJQGCJPgOwZu0f20TLfJNwU=; b=kMiMRlhIyMv/ZDnefyEOXJuvkvzHB2/R6RCYiHnfH5OOl62LBDFdkVs7vHqwvGJetrJAeVlKwLGAJR0yluuQQDXCpAWy4RVeXh11KkVC35bxa4ZK9ddtcGJKy3qakblzA+d4nLM8MpDnjPORzE3fz74yaBSfvAyU38G6gehk6UE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101117+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727889500362.5834023892688; Mon, 13 Mar 2023 10:18:09 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id OOX7YY1788612xiBXuPlJ20T; Mon, 13 Mar 2023 10:18:09 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25804.1678727888668004222 for ; Mon, 13 Mar 2023 10:18:08 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3263A6142D; Mon, 13 Mar 2023 17:18:08 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8462C4339B; Mon, 13 Mar 2023 17:18:05 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 13/38] MdeModulePkg/DxeCore: Unconditionally set memory protections Date: Mon, 13 Mar 2023 18:16:49 +0100 Message-Id: <20230313171714.3866151-14-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: eom7gYy1PqWeknXf3wsUZ5MMx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727889; bh=whyqaEPznCI8mFgoN6rj2JGCjuRt/fbQVaAl/zK0+I8=; h=Cc:Date:From:Reply-To:Subject:To; b=OLO97yrVPQlcjTEi5S+DIcW/UjXuLbXYsYI0lWYZebFfSrfipo+HLgi3ZGBfWNRcOzY +ao15TR9O7iWm5LlC+W0iEpKrgZBrreA0xIHyk1g47AXPnBRdjxfhE9A/X4tajDazhcce xZkuajz8CNAI4VNEUJhS0163gz33oS0arFw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727890053100014 Content-Type: text/plain; charset="utf-8" Instead of relying on a questionable heuristic that avoids calling into the SetMemoryAttributes () DXE service when the old memory type and the new one are subjected to the same NX memory protection policy, make this call unconditionally. This avoids corner cases where memory region attributes are out of sync with the policy, either due to the fact that we are in the middle of ramping up the protections, or due to explicit invocations of SetMemoryAttributes() by drivers. This requires the architecture page table code to be able to deal with this, in particular, it needs to be robust against potential recursion due to NX policies being applied to newly allocated page tables. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index b89ab046fa73..5a82eee80781 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -1246,7 +1246,6 @@ ApplyMemoryProtectionPolicy ( IN UINT64 Length ) { - UINT64 OldAttributes; UINT64 NewAttributes; =20 // @@ -1302,16 +1301,5 @@ ApplyMemoryProtectionPolicy ( // NewAttributes =3D GetPermissionAttributeForMemoryType (NewType); =20 - if (OldType !=3D EfiMaxMemoryType) { - OldAttributes =3D GetPermissionAttributeForMemoryType (OldType); - if (OldAttributes =3D=3D NewAttributes) { - // policy is the same between OldType and NewType - return EFI_SUCCESS; - } - } else if (NewAttributes =3D=3D 0) { - // newly added region of a type that does not require protection - return EFI_SUCCESS; - } - return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes); } --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101117): https://edk2.groups.io/g/devel/message/101117 Mute This Topic: https://groups.io/mt/97586011/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101118+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101118+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727893; cv=none; d=zohomail.com; s=zohoarc; b=aUQ2lSrKvy7ScPObkutomZmEtcabZ5MHxZkUaj/iP7NIvO6kOlFrf8KhcB7hzu2UHfkZEMj7VdVFxhStrnIYwGRScAG1OZsD4Zb/GXRlEUyxCKrRqq+UwchP90qJOll1/BY6uel4IIuCGPJzK3LwCPq0zcI21PGstaPQCD5l+0k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727893; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=VZi5YIn7TMevM25WepiPhQfu4Goc69giPtRYh1rKuq4=; b=PeUjh7SXnCo+uvnFl19BkB+WpdQkv3fkXNi8g/6QxMmepPwAFzR8BgScw5ivTSG9cdthIKPCsAGLV8zD45d09cMZffpOW0CowoAkiilRDbLeBx/msCV+27WPVGZPDN2HbBjqETICmiqoY1AjY2nhm+m0q+IjY56uLKz5fRQkxjE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101118+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727893560327.06371367306485; Mon, 13 Mar 2023 10:18:13 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 5Uu4YY1788612xAMW0bfUdJF; Mon, 13 Mar 2023 10:18:13 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26488.1678727892428838331 for ; Mon, 13 Mar 2023 10:18:12 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E182061456; Mon, 13 Mar 2023 17:18:11 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6F729C4339B; Mon, 13 Mar 2023 17:18:08 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 14/38] ArmPkg/Mmu: Remove handling of NONSECURE memory regions Date: Mon, 13 Mar 2023 18:16:50 +0100 Message-Id: <20230313171714.3866151-15-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: bo1nNIEbgxMNKE096ZQ11Zl9x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727893; bh=OjdEV4nUdrphr63UNAjVxMBp4nbkGWXmkRpeWnHO+BY=; h=Cc:Date:From:Reply-To:Subject:To; b=ntC0H2bXNgyxN47XhHLjY/NYE/CMaC4au36gGJ4SgBdFQvkVp33tfPGPdgr2faGap24 8bv2DgBCwlAdyXYjMbQ/fpcXVt57PmoWyXZesX89EtBYssBh6Tru1g5lGHI67XtqhM0wQ wehqOF6lNEAnyfF/9f4QbeetW51tWBYJoEc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727894224100001 Content-Type: text/plain; charset="utf-8" Non-secure memory is a distinction that only matters when executing code in the secure world that reasons about the secure vs non-secure address spaces. EDK2 was not designed for that, and the AArch64 version of the MMU handling library already treats them as identical, so let's just drop the ARM memory region types that mark memory as 'non-secure' explicitly. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Include/Chipset/ArmV7Mmu.h | 51 +++++++------------- ArmPkg/Include/Library/ArmLib.h | 11 ----- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 5 -- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c | 33 +++---------- 4 files changed, 24 insertions(+), 76 deletions(-) diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b/ArmPkg/Include/Chipset/Arm= V7Mmu.h index da4f3160f8ff..89b81e33d004 100644 --- a/ArmPkg/Include/Chipset/ArmV7Mmu.h +++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h @@ -157,39 +157,24 @@ #define TT_DESCRIPTOR_PAGE_BASE_ADDRESS(a) ((a) & TT_DESCRIPTOR_PAGE_BASE= _ADDRESS_MASK) #define TT_DESCRIPTOR_PAGE_BASE_SHIFT 12 =20 -#define TT_DESCRIPTOR_SECTION_WRITE_BACK(NonSecure) (TT_DESCRIPTOR_SEC= TION_TYPE_SECTION = | \ - ((NonSecure) ?= TT_DESCRIPTOR_SECTION_NS : 0) | \ - TT_DESCRIPTOR_= SECTION_NG_GLOBAL | \ - TT_DESCRIPTOR_= SECTION_S_SHARED | \ - TT_DESCRIPTOR_= SECTION_DOMAIN(0) | \ - TT_DESCRIPTOR_= SECTION_AP_RW_RW | \ - TT_DESCRIPTOR_= SECTION_AF | \ - TT_DESCRIPTOR_= SECTION_CACHE_POLICY_WRITE_BACK_ALLOC) -#define TT_DESCRIPTOR_SECTION_WRITE_THROUGH(NonSecure) (TT_DESCRIPTOR_SEC= TION_TYPE_SECTION = | \ - ((NonSecure) ?= TT_DESCRIPTOR_SECTION_NS : 0) | \ - TT_DESCRIPTOR_= SECTION_NG_GLOBAL | \ - TT_DESCRIPTOR_= SECTION_S_SHARED | \ - TT_DESCRIPTOR_= SECTION_DOMAIN(0) | \ - TT_DESCRIPTOR_= SECTION_AP_RW_RW | \ - TT_DESCRIPTOR_= SECTION_AF | \ - TT_DESCRIPTOR_= SECTION_CACHE_POLICY_WRITE_THROUGH_NO_ALLOC) -#define TT_DESCRIPTOR_SECTION_DEVICE(NonSecure) (TT_DESCRIPTOR_SEC= TION_TYPE_SECTION = | \ - ((NonSecure) ?= TT_DESCRIPTOR_SECTION_NS : 0) | \ - TT_DESCRIPTOR_= SECTION_NG_GLOBAL | \ - TT_DESCRIPTOR_= SECTION_S_NOT_SHARED | \ - TT_DESCRIPTOR_= SECTION_DOMAIN(0) | \ - TT_DESCRIPTOR_= SECTION_AP_RW_RW | \ - TT_DESCRIPTOR_= SECTION_XN_MASK | \ - TT_DESCRIPTOR_= SECTION_AF | \ - TT_DESCRIPTOR_= SECTION_CACHE_POLICY_SHAREABLE_DEVICE) -#define TT_DESCRIPTOR_SECTION_UNCACHED(NonSecure) (TT_DESCRIPTOR_SEC= TION_TYPE_SECTION = | \ - ((NonSecure) ? = TT_DESCRIPTOR_SECTION_NS : 0) | \ - TT_DESCRIPTOR_S= ECTION_NG_GLOBAL | \ - TT_DESCRIPTOR_S= ECTION_S_NOT_SHARED | \ - TT_DESCRIPTOR_S= ECTION_DOMAIN(0) | \ - TT_DESCRIPTOR_S= ECTION_AP_RW_RW | \ - TT_DESCRIPTOR_= SECTION_AF | \ - TT_DESCRIPTOR_S= ECTION_CACHE_POLICY_NON_CACHEABLE) +#define TT_DESCRIPTOR_SECTION_DEFAULT (TT_DESCRIPTOR_SECTION_TYPE_SECTION= | \ + TT_DESCRIPTOR_SECTION_NG_GLOBAL = | \ + TT_DESCRIPTOR_SECTION_S_SHARED = | \ + TT_DESCRIPTOR_SECTION_DOMAIN(0) = | \ + TT_DESCRIPTOR_SECTION_AP_RW_RW = | \ + TT_DESCRIPTOR_SECTION_AF) + +#define TT_DESCRIPTOR_SECTION_WRITE_BACK (TT_DESCRIPTOR_SECTION_DEFAULT |= \ + TT_DESCRIPTOR_SECTION_CACHE_POL= ICY_WRITE_BACK_ALLOC) + +#define TT_DESCRIPTOR_SECTION_WRITE_THROUGH (TT_DESCRIPTOR_SECTION_DEFAUL= T | \ + TT_DESCRIPTOR_SECTION_CACHE_= POLICY_WRITE_THROUGH_NO_ALLOC) + +#define TT_DESCRIPTOR_SECTION_DEVICE (TT_DESCRIPTOR_SECTION_DEFAULT | \ + TT_DESCRIPTOR_SECTION_CACHE_POLICY_= SHAREABLE_DEVICE) + +#define TT_DESCRIPTOR_SECTION_UNCACHED (TT_DESCRIPTOR_SECTION_DEFAULT | \ + TT_DESCRIPTOR_SECTION_CACHE_POLIC= Y_NON_CACHEABLE) =20 #define TT_DESCRIPTOR_PAGE_WRITE_BACK (TT_DESCRIPTOR_PAGE_TYPE_PAGE = | \ TT_DESCRIPTOR_PAGE= _NG_GLOBAL | \ diff --git a/ArmPkg/Include/Library/ArmLib.h b/ArmPkg/Include/Library/ArmLi= b.h index fa605f128bfd..a53f60d98852 100644 --- a/ArmPkg/Include/Library/ArmLib.h +++ b/ArmPkg/Include/Library/ArmLib.h @@ -25,29 +25,18 @@ EFI_MEMORY_WT | EFI_MEMORY_WB | \ EFI_MEMORY_UCE) =20 -/** - * The UEFI firmware must not use the ARM_MEMORY_REGION_ATTRIBUTE_NONSECUR= E_* attributes. - * - * The Non Secure memory attribute (ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_= *) should only - * be used in Secure World to distinguished Secure to Non-Secure memory. - */ typedef enum { ARM_MEMORY_REGION_ATTRIBUTE_UNCACHED_UNBUFFERED =3D 0, - ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_UNCACHED_UNBUFFERED, ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK, - ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_BACK, =20 // On some platforms, memory mapped flash region is designed as not supp= orting // shareable attribute, so WRITE_BACK_NONSHAREABLE is added for such spe= cial // need. // Do NOT use below two attributes if you are not sure. ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_NONSHAREABLE, - ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_BACK_NONSHAREABLE, =20 ARM_MEMORY_REGION_ATTRIBUTE_WRITE_THROUGH, - ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_THROUGH, ARM_MEMORY_REGION_ATTRIBUTE_DEVICE, - ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_DEVICE } ARM_MEMORY_REGION_ATTRIBUTES; =20 #define IS_ARM_MEMORY_REGION_ATTRIBUTES_SECURE(attr) ((UINT32)(attr) & 1) diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index 1ce200c43c72..ee4c5c995ce8 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -39,26 +39,21 @@ ArmMemoryAttributeToPageAttribute ( { switch (Attributes) { case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_NONSHAREABLE: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_BACK_NONSHAREABLE: return TT_ATTR_INDX_MEMORY_WRITE_BACK; =20 case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_BACK: return TT_ATTR_INDX_MEMORY_WRITE_BACK | TT_SH_INNER_SHAREABLE; =20 case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_THROUGH: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_THROUGH: return TT_ATTR_INDX_MEMORY_WRITE_THROUGH | TT_SH_INNER_SHAREABLE; =20 // Uncached and device mappings are treated as outer shareable by defa= ult, case ARM_MEMORY_REGION_ATTRIBUTE_UNCACHED_UNBUFFERED: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_UNCACHED_UNBUFFERED: return TT_ATTR_INDX_MEMORY_NON_CACHEABLE; =20 default: ASSERT (0); case ARM_MEMORY_REGION_ATTRIBUTE_DEVICE: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_DEVICE: if (ArmReadCurrentEL () =3D=3D AARCH64_EL2) { return TT_ATTR_INDX_DEVICE_MEMORY | TT_XN_MASK; } else { diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c b/ArmPkg/Library/= ArmMmuLib/Arm/ArmMmuLibCore.c index 28cc9b2fe058..154298357460 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c @@ -100,24 +100,19 @@ PopulateLevel2PageTable ( =20 switch (Attributes) { case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_BACK: PageAttributes =3D TT_DESCRIPTOR_PAGE_WRITE_BACK; break; case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_NONSHAREABLE: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_BACK_NONSHAREABLE: PageAttributes =3D TT_DESCRIPTOR_PAGE_WRITE_BACK; PageAttributes &=3D ~TT_DESCRIPTOR_PAGE_S_SHARED; break; case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_THROUGH: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_THROUGH: PageAttributes =3D TT_DESCRIPTOR_PAGE_WRITE_THROUGH; break; case ARM_MEMORY_REGION_ATTRIBUTE_DEVICE: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_DEVICE: PageAttributes =3D TT_DESCRIPTOR_PAGE_DEVICE; break; case ARM_MEMORY_REGION_ATTRIBUTE_UNCACHED_UNBUFFERED: - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_UNCACHED_UNBUFFERED: PageAttributes =3D TT_DESCRIPTOR_PAGE_UNCACHED; break; default: @@ -239,39 +234,23 @@ FillTranslationTable ( =20 switch (MemoryRegion->Attributes) { case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK: - Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK (0); + Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK; break; case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_NONSHAREABLE: - Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK (0); + Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK; Attributes &=3D ~TT_DESCRIPTOR_SECTION_S_SHARED; break; case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_THROUGH: - Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_THROUGH (0); + Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_THROUGH; break; case ARM_MEMORY_REGION_ATTRIBUTE_DEVICE: - Attributes =3D TT_DESCRIPTOR_SECTION_DEVICE (0); + Attributes =3D TT_DESCRIPTOR_SECTION_DEVICE; break; case ARM_MEMORY_REGION_ATTRIBUTE_UNCACHED_UNBUFFERED: - Attributes =3D TT_DESCRIPTOR_SECTION_UNCACHED (0); - break; - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_BACK: - Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK (1); - break; - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_BACK_NONSHAREABLE: - Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK (1); - Attributes &=3D ~TT_DESCRIPTOR_SECTION_S_SHARED; - break; - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_WRITE_THROUGH: - Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_THROUGH (1); - break; - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_DEVICE: - Attributes =3D TT_DESCRIPTOR_SECTION_DEVICE (1); - break; - case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_UNCACHED_UNBUFFERED: - Attributes =3D TT_DESCRIPTOR_SECTION_UNCACHED (1); + Attributes =3D TT_DESCRIPTOR_SECTION_UNCACHED; break; default: - Attributes =3D TT_DESCRIPTOR_SECTION_UNCACHED (0); + Attributes =3D TT_DESCRIPTOR_SECTION_UNCACHED; break; } =20 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101118): https://edk2.groups.io/g/devel/message/101118 Mute This Topic: https://groups.io/mt/97586013/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101119+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101119+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727895; cv=none; d=zohomail.com; s=zohoarc; b=JQlFup6YSQrUwJJXwyBizPwkpfgBd7euF48wBPNiGQHr8jYDVyBowYDE0CQQqmDrmc9QggDWVCKgdLwQv7cBG3Gno8T8a7rDFo6ZX8R9WwuQON1zuATm9Uljdsowzt5X8Tq4btvZX+lF+QqVED97bjdGpnaDTzSB9t708taj0SE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727895; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=YzPkuPSUQnFPu+uIbW8vYi+Fw0IV3PMBk6cs3A0tLwI=; b=F3ku+ySTGn1sLVx1wuVWKqDnySshZ8f1vw5/k9bj0lnZS1YipLXjTSah5ZVJODMqGrBo1KzdFUIiX/Io9xfp0K/uvXo68LV4hPuMWfCXcLmVGkqLLkteb6ES2QhPpQ21x9cEPSkcsZcTMgNE7nql37nZnslOkE/gTemLM8LnRyw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101119+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727895258495.90132068903256; Mon, 13 Mar 2023 10:18:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id sHqoYY1788612xJX1v5Beu7Y; Mon, 13 Mar 2023 10:18:14 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26489.1678727894322214383 for ; Mon, 13 Mar 2023 10:18:14 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D65CE61368; Mon, 13 Mar 2023 17:18:13 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 175EEC433A7; Mon, 13 Mar 2023 17:18:10 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 15/38] ArmPkg/ArmMmuLib: Introduce region types for RO/XP WB cached memory Date: Mon, 13 Mar 2023 18:16:51 +0100 Message-Id: <20230313171714.3866151-16-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: uOftCBaLjNtNoMGAnXJZXrBAx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727894; bh=FGrVH2MTpJgEpaR3NIZvxSEYk30zrFbi9EylXwemCVI=; h=Cc:Date:From:Reply-To:Subject:To; b=gJb/XVGHMULhVs/XacRkYaTxfK6K4PEqeMkeGyRVeepbuW1rY2wYBBbEdt6IVPQ+yoi FA2YOC13ng7RbXnCve9j+/x6IPz8nN8x1X2CpUVuKMhhbFqzhank4CLpLbxprB62qu0EK 9XtEbzgi4uz56v1h4syuvGQADtP+drdxHx4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727896124100005 Content-Type: text/plain; charset="utf-8" To prepare for the enablement of booting EFI with the SCTLR.WXN control enabled, which makes all writeable memory regions non-executable by default, introduce a memory type that we will use to describe the flash region that carries the SEC and PEIM modules that execute in place. Even if these are implicitly read-only due to the ROM nature, they need to be mapped with read-only attributes in the page tables to be able to execute from them. Also add the XP counterpart which will be used for all normal DRAM right at the outset. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Include/Library/ArmLib.h | 6 ++++ ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 30 ++++++++++++++++---- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c | 16 +++++++++++ 3 files changed, 46 insertions(+), 6 deletions(-) diff --git a/ArmPkg/Include/Library/ArmLib.h b/ArmPkg/Include/Library/ArmLi= b.h index a53f60d98852..fb1ae57b3522 100644 --- a/ArmPkg/Include/Library/ArmLib.h +++ b/ArmPkg/Include/Library/ArmLib.h @@ -35,6 +35,12 @@ typedef enum { // Do NOT use below two attributes if you are not sure. ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_NONSHAREABLE, =20 + // Special region types for memory that must be mapped with read-only or + // non-execute permissions from the very start, e.g., to support the use + // of the WXN virtual memory control. + ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_RO, + ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_XP, + ARM_MEMORY_REGION_ATTRIBUTE_WRITE_THROUGH, ARM_MEMORY_REGION_ATTRIBUTE_DEVICE, } ARM_MEMORY_REGION_ATTRIBUTES; diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index ee4c5c995ce8..419b3b028201 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -37,12 +37,34 @@ ArmMemoryAttributeToPageAttribute ( IN ARM_MEMORY_REGION_ATTRIBUTES Attributes ) { + UINT64 Permissions; + + switch (Attributes) { + case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_RO: + Permissions =3D TT_AP_NO_RO; + break; + + case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_XP: + case ARM_MEMORY_REGION_ATTRIBUTE_DEVICE: + if (ArmReadCurrentEL () =3D=3D AARCH64_EL2) { + Permissions =3D TT_XN_MASK; + } else { + Permissions =3D TT_UXN_MASK | TT_PXN_MASK; + } + break; + default: + Permissions =3D 0; + break; + } + switch (Attributes) { case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_NONSHAREABLE: return TT_ATTR_INDX_MEMORY_WRITE_BACK; =20 case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK: - return TT_ATTR_INDX_MEMORY_WRITE_BACK | TT_SH_INNER_SHAREABLE; + case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_RO: + case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_XP: + return TT_ATTR_INDX_MEMORY_WRITE_BACK | TT_SH_INNER_SHAREABLE | Perm= issions; =20 case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_THROUGH: return TT_ATTR_INDX_MEMORY_WRITE_THROUGH | TT_SH_INNER_SHAREABLE; @@ -54,11 +76,7 @@ ArmMemoryAttributeToPageAttribute ( default: ASSERT (0); case ARM_MEMORY_REGION_ATTRIBUTE_DEVICE: - if (ArmReadCurrentEL () =3D=3D AARCH64_EL2) { - return TT_ATTR_INDX_DEVICE_MEMORY | TT_XN_MASK; - } else { - return TT_ATTR_INDX_DEVICE_MEMORY | TT_UXN_MASK | TT_PXN_MASK; - } + return TT_ATTR_INDX_DEVICE_MEMORY | Permissions; } } =20 diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c b/ArmPkg/Library/= ArmMmuLib/Arm/ArmMmuLibCore.c index 154298357460..00c5f42cd91a 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c @@ -106,6 +106,14 @@ PopulateLevel2PageTable ( PageAttributes =3D TT_DESCRIPTOR_PAGE_WRITE_BACK; PageAttributes &=3D ~TT_DESCRIPTOR_PAGE_S_SHARED; break; + case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_RO: + PageAttributes =3D TT_DESCRIPTOR_PAGE_WRITE_BACK; + PageAttributes |=3D TT_DESCRIPTOR_PAGE_AP_NO_RO; + break; + case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_XP: + PageAttributes =3D TT_DESCRIPTOR_PAGE_WRITE_BACK; + PageAttributes |=3D TT_DESCRIPTOR_PAGE_XN_MASK; + break; case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_THROUGH: PageAttributes =3D TT_DESCRIPTOR_PAGE_WRITE_THROUGH; break; @@ -240,6 +248,14 @@ FillTranslationTable ( Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK; Attributes &=3D ~TT_DESCRIPTOR_SECTION_S_SHARED; break; + case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_RO: + Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK; + Attributes |=3D TT_DESCRIPTOR_SECTION_AP_NO_RO; + break; + case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK_XP: + Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_BACK; + Attributes |=3D TT_DESCRIPTOR_SECTION_XN_MASK; + break; case ARM_MEMORY_REGION_ATTRIBUTE_WRITE_THROUGH: Attributes =3D TT_DESCRIPTOR_SECTION_WRITE_THROUGH; break; --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101119): https://edk2.groups.io/g/devel/message/101119 Mute This Topic: https://groups.io/mt/97586015/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101120+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101120+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727898; cv=none; d=zohomail.com; s=zohoarc; b=i9hpZSIawme+N2YqElz7H6nh98B47CdWKGamJmqX6b2HygYW5gpHkVUrb0yPakDHwpCLdyu9qtWja2Tlp/hNfuDILzGwsPBpYo1JtgnV0wnNxnCsq7brjqzzgZiZak+FSF2cltc6+DHGY9esk3LKZfWB1SZx4PswA5yNNslsaQQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727898; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=EGm0+M8XX0LeMrcwfl1uHoYtbtts4QDe6lP1OBmo9nc=; b=VPwiMyjkedN/fKLnf7H1f94z4LL3PyzLE9fXLhZrOi1LIgIlBb+NsXguzd0dkYB8XoEkEOj98tp/eqaHuD/JRHVtWhp9yyCbgn3pI7rnXK2/YMZHAwTbkQHfmaGCIwXMsqy9nIF9d/7Vi7JYTxjSd1Bn5rSJyGsPhiGWR3+mjaI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101120+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727898174569.5944549593522; Mon, 13 Mar 2023 10:18:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id hwWeYY1788612x19C3S8DPou; Mon, 13 Mar 2023 10:18:17 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26492.1678727896978083534 for ; Mon, 13 Mar 2023 10:18:17 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7DEF161381; Mon, 13 Mar 2023 17:18:16 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id B2F2BC433A0; Mon, 13 Mar 2023 17:18:13 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 16/38] MdePkg/BasePeCoffLib: Add API to keep track of relocation range Date: Mon, 13 Mar 2023 18:16:52 +0100 Message-Id: <20230313171714.3866151-17-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: tjBm5nZrxZ0968o0wB7JLSlIx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727897; bh=WxyGHM2rYIa10NywHnJCOVvPkO8VCMear2y0VzP8gUs=; h=Cc:Date:From:Reply-To:Subject:To; b=hbotGIwvBURJh2exuQQhdkdxj5Bn3AtWofvMJyeM7UHL8I4HKIbm+7ZD7At7jOmUaK/ aeBP2yzKD5r+i4XQm13QZ2tDzgnQM+1hy91qzdK/wgOt9jC/kJRz4u3mtUjFdjfHGx7kl k5pgwwNwGcQBRSW3GvKcVUZ4waoMb6cl4LM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727900090100001 Content-Type: text/plain; charset="utf-8" Add a library call to obtain the start and end of the region covered by relocation fixups. This will be used in a future patch to limit the range of memory that needs to be remapped with read-write-execute permissions at ExitBootServices() time. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdePkg/Include/Library/PeCoffLib.h | 23 ++++++ MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 82 +++++++++++++++++++- 2 files changed, 104 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/Library/PeCoffLib.h b/MdePkg/Include/Library/Pe= CoffLib.h index b45879453785..df2f7f5e5961 100644 --- a/MdePkg/Include/Library/PeCoffLib.h +++ b/MdePkg/Include/Library/PeCoffLib.h @@ -382,4 +382,27 @@ PeCoffLoaderUnloadImage ( IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext ); =20 +/** + Retrieve the range subject to relocation fixups from the recorded fixup = data + of a runtime image + + @param ImageBase The base address of a PE/COFF image tha= t has been loaded + and relocated into system memory. + @param ImageSize The size, in bytes, of the PE/COFF imag= e. + @param RelocationData A pointer to the relocation data that w= as collected when the + PE/COFF image was relocated using PeCof= fLoaderRelocateImage(). + @param[out] RelocationRangeMin The start of the relocated range. + @param[out] RelocationRangeMax The end of the relocated range. + +**/ +VOID +EFIAPI +PeCoffLoaderGetRelocationRange ( + IN PHYSICAL_ADDRESS ImageBase, + IN UINTN ImageSize, + IN VOID *RelocationData, + OUT PHYSICAL_ADDRESS *RelocationRangeMin, + OUT PHYSICAL_ADDRESS *RelocationRangeMax + ); + #endif diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/Bas= ePeCoffLib/BasePeCoff.c index 97a8aaf8c73d..31e1f2035963 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c @@ -936,6 +936,8 @@ PeCoffLoaderRelocateImage ( PHYSICAL_ADDRESS BaseAddress; UINT32 NumberOfRvaAndSizes; UINT32 TeStrippedOffset; + PHYSICAL_ADDRESS *RelocRangeStart; + PHYSICAL_ADDRESS *RelocRangeEnd; =20 ASSERT (ImageContext !=3D NULL); =20 @@ -1043,6 +1045,21 @@ PeCoffLoaderRelocateImage ( // Run the relocation information and apply the fixups // FixupData =3D ImageContext->FixupData; + if (FixupData !=3D NULL) { + FixupData =3D ALIGN_POINTER (FixupData, sizeof (PHYSICAL_ADDRESS)); + + // + // Use the first two UINT64s in the fixup data to keep track of the = start + // and end of the region that is subject to relocation fixups. + // + RelocRangeStart =3D (PHYSICAL_ADDRESS *)FixupData; + RelocRangeEnd =3D RelocRangeStart + 1; + FixupData +=3D 2 * sizeof (PHYSICAL_ADDRESS); + + *RelocRangeStart =3D MAX_UINT64; + *RelocRangeEnd =3D 0; + } + while ((UINTN)RelocBase < (UINTN)RelocBaseEnd) { Reloc =3D (UINT16 *)((CHAR8 *)RelocBase + sizeof (EFI_IMAGE_BASE_REL= OCATION)); // @@ -1070,6 +1087,14 @@ PeCoffLoaderRelocateImage ( return RETURN_LOAD_ERROR; } =20 + // + // Capture this page in the recorded relocation range + // + if (FixupData !=3D NULL) { + *RelocRangeStart =3D MIN (*RelocRangeStart, (UINTN)FixupBase); + *RelocRangeEnd =3D MAX (*RelocRangeEnd, (UINTN)FixupBase + SIZE_= 4KB); + } + // // Run this relocation record // @@ -1470,6 +1495,9 @@ PeCoffLoaderLoadImage ( // ImageContext->FixupData =3D NULL; =20 + // Add two UINT64s at the start to carry the min/max of the relocated ra= nge + ImageContext->FixupDataSize +=3D 2 * sizeof (PHYSICAL_ADDRESS); + // // Load the Codeview information if present // @@ -1824,7 +1852,8 @@ PeCoffLoaderRelocateImageForRuntime ( // by code will not be fixed up, since that would set them back to // defaults. // - FixupData =3D RelocationData; + FixupData =3D ALIGN_POINTER (RelocationData, sizeof (PHYSICAL_ADDR= ESS)); + FixupData +=3D 2 * sizeof (PHYSICAL_ADDRESS); RelocBaseOrig =3D RelocBase; while ((UINTN)RelocBase < (UINTN)RelocBaseEnd) { // @@ -1994,3 +2023,54 @@ PeCoffLoaderUnloadImage ( PeCoffLoaderUnloadImageExtraAction (ImageContext); return RETURN_SUCCESS; } + +/** + Retrieve the range subject to relocation fixups from the recorded fixup = data + of a runtime image + + @param ImageBase The base address of a PE/COFF image tha= t has been loaded + and relocated into system memory. + @param ImageSize The size, in bytes, of the PE/COFF imag= e. + @param RelocationData A pointer to the relocation data that w= as collected when the + PE/COFF image was relocated using PeCof= fLoaderRelocateImage(). + @param[out] RelocationRangeMin The start of the relocated range. + @param[out] RelocationRangeMax The end of the relocated range. + +**/ +VOID +EFIAPI +PeCoffLoaderGetRelocationRange ( + IN PHYSICAL_ADDRESS ImageBase, + IN UINTN ImageSize, + IN VOID *RelocationData, + OUT PHYSICAL_ADDRESS *RelocationRangeMin, + OUT PHYSICAL_ADDRESS *RelocationRangeMax + ) +{ + PHYSICAL_ADDRESS *FixupData; + + if ((RelocationData =3D=3D NULL) || (ImageBase =3D=3D 0x0)) { + return; + } + + FixupData =3D ALIGN_POINTER (RelocationData, sizeof (PHYSICAL_ADDRESS)); + + if ((FixupData[0] =3D=3D MAX_UINT64) && (FixupData[1] =3D=3D 0)) { + // No fixups recorded + *RelocationRangeMin =3D ImageBase; + *RelocationRangeMax =3D ImageBase; + return; + } + + if ((FixupData[0] < ImageBase) || + (FixupData[1] > (ImageBase + ImageSize))) + { + ASSERT (FALSE); + *RelocationRangeMin =3D ImageBase; + *RelocationRangeMax =3D ImageBase + ImageSize; + return; + } + + *RelocationRangeMin =3D FixupData[0]; + *RelocationRangeMax =3D FixupData[1]; +} --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101120): https://edk2.groups.io/g/devel/message/101120 Mute This Topic: https://groups.io/mt/97586017/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101121+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101121+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727900; cv=none; d=zohomail.com; s=zohoarc; b=UQDq6szG0ocmwy2X0bxGVrfdV0nc+NOPpPqAX2LI/a43p18Q9pB3TIZNIexM61Yu1fIAW8+bx9spU22+F6zgEqltUvuYbP3AXUtWrRRQRYx7CTzft//5syGYSS/NsaXEyk35X05VPMxLUHecD3rZCLEUfczy8C4wt2dHbYUoEfk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727900; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=9KNKu+ob0p1FIHwVoMPGVoPyRQk/aPlWqtGY6aJqegM=; b=dxk5qI5XLdAcLxWy2lyjFryyMn4Cz9HRbjbxip+CjVDMrOLlEOgkdXPSJG/BxPF0M8LlThKubY+r7S/prkuub9wnXl/WpyIW9qXJqekUYyj51W+xq34x8SExJXZrPSV5XpinfYSIecxs0Q3PZDUtsJuAzWwnmMSuVA95GVn8QW4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101121+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727900206530.6829769745241; Mon, 13 Mar 2023 10:18:20 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id qQoPYY1788612xx27kJGFCEp; Mon, 13 Mar 2023 10:18:19 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25806.1678727899217729365 for ; Mon, 13 Mar 2023 10:18:19 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BB2AD6144F; Mon, 13 Mar 2023 17:18:18 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59695C4339E; Mon, 13 Mar 2023 17:18:16 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 17/38] MdeModulePkg/DxeIpl: Avoid shadowing IPL PEIM by default Date: Mon, 13 Mar 2023 18:16:53 +0100 Message-Id: <20230313171714.3866151-18-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: OT2koeWm8t0OWCGEYqLOtwYLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727899; bh=VOeFBSwfB7ucWdwipaHQHIfhW+4JoKb/+XOHAdWzLX0=; h=Cc:Date:From:Reply-To:Subject:To; b=esinNhj4AN4rMt79OLmVgjg+0RJh+oJwjVkBrPVuXORxvZxvN7TPddM/8Ce/vfXGm+W GycwAWBWHXAW5+AkrjviDNO8hADmAif2wrh157ipq1nGKEftGJ4VZvLxfSvw4HAxJedm2 ZtWNDgfFiWQnIlsJRFnvJVIO9Ps1LjbPFws= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727902145100005 Content-Type: text/plain; charset="utf-8" Currently, the DXE IPL relies on permanent memory being available, but does not DEPEX on the associated PPI. Instead, it registers for PEIM shadowing, and only proceeds when running shadowed, and this implies that permanent memory has been installed. While PEIM shadowing is typically good for performance, there are reasons why we might prefer to avoid it, e.g., when running under virtualization in a mode where the write protection of the ROM is an advantage from a safety PoV, and where the performance is identical. This is especially true when code executing from ordinary RAM needs some additional work to be executable, like when enabling WXN on ARM, which only permits execution from memory that is mapped read-only. So permit DXE IPL to run unshadowed, based on the existing PCD that decides whether or not shadowing is preferred. While making this behavior depend on this PCD is strictly redundant (as the IPL PEIM will be shadowed anyway, even if RegisterForShadow() is not called), let's test it anyway to avoid modifying the behavior on existing platforms. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +++- MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 24 +++++++++++--------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 052ea0ec1a6f..62821477d012 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -112,6 +112,9 @@ [FeaturePcd.X64] [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUMES =20 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot ## CONSUMES + [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##= SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##= CONSUMES @@ -128,7 +131,7 @@ [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES =20 [Depex] - gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid + gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid AND gEfiPeiMemor= yDiscoveredPpiGuid =20 # # [BootMode] diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c b/MdeModulePkg/Core/Dxe= IplPeim/DxeLoad.c index 2c19f1a507ba..228d39a618d3 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c @@ -77,18 +77,20 @@ PeimInitializeDxeIpl ( BootMode =3D GetBootModeHob (); =20 if (BootMode !=3D BOOT_ON_S3_RESUME) { - Status =3D PeiServicesRegisterForShadow (FileHandle); - if (Status =3D=3D EFI_SUCCESS) { - // - // EFI_SUCESS means it is the first time to call register for shadow. - // - return Status; - } + if (PcdGetBool (PcdShadowPeimOnBoot)) { + Status =3D PeiServicesRegisterForShadow (FileHandle); + if (Status =3D=3D EFI_SUCCESS) { + // + // EFI_SUCESS means it is the first time to call register for shad= ow. + // + return Status; + } =20 - // - // Ensure that DXE IPL is shadowed to permanent memory. - // - ASSERT (Status =3D=3D EFI_ALREADY_STARTED); + // + // Ensure that DXE IPL is shadowed to permanent memory. + // + ASSERT (Status =3D=3D EFI_ALREADY_STARTED); + } =20 // // DXE core load requires permanent memory. --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101121): https://edk2.groups.io/g/devel/message/101121 Mute This Topic: https://groups.io/mt/97586018/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101122+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101122+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727905; cv=none; d=zohomail.com; s=zohoarc; b=MMF8zBlp3Pk3RJpLdSGMRVAtiBo0Rim6r+CrsB6/NyJMs+1VPA9vXE1tzdZksA4ZCDPjlxEYYJQWlOIQ0HPf+IDmpq0hJnhTNdAeaDs/LmN2w2w9Tq4EmVnKwmGUuYPHXj7jbZ5IZzUndALPx1akO7C97qwZgMbXvceC96g26rs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727905; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=sAZHDxU7TIvFXETEFGlZAm6xSQjMWzUKlewPShaM6xY=; b=T+Bh7pRf2ohpHdVsb3cmFax6laln1yV7GGiH+52JAAn+pPVuDqhSzFTkhQLL9jtgvWEMliyqPlkY1KrlKZA+codLW2rbI2buNM62lY5AvTZMnbiv5/pte8gEKSpTNUUwLR0xD4dsF0f6H2emwB7BxjjjZI6dqMCipxGO/DPJzsQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101122+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727905045331.13861020774186; Mon, 13 Mar 2023 10:18:25 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id raKmYY1788612xEYh9ATxz0A; Mon, 13 Mar 2023 10:18:24 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25808.1678727903975659556 for ; Mon, 13 Mar 2023 10:18:24 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8250F6144D; Mon, 13 Mar 2023 17:18:23 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 02E8CC4339B; Mon, 13 Mar 2023 17:18:18 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 18/38] MdeModulePkg/DxeIpl AARCH64: Remap DXE core code section before launch Date: Mon, 13 Mar 2023 18:16:54 +0100 Message-Id: <20230313171714.3866151-19-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: Cr3OjyyyK3gM65OM0E13Awegx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727904; bh=RR1s7izGl/QmRn8Hb0/3f8JPMGGkLybobZrjqSGYBzw=; h=Cc:Date:From:Reply-To:Subject:To; b=PQ3ZeZLQhXJt6Dor1p71EvKbuv1wWPQH99qZPHSrRDniCxqadqitHLyxIjbr/T2ZJE5 m82vRBEsISBzwMVPEp8bXIcj52NKkE0GjeMJj/ZeyBDJvPcNU6chLD7nTeAh1kCEJBo1Q Icy6j/mgcu/DKfalDoYvXFQnk6iPdtzhnf8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727906134100002 Content-Type: text/plain; charset="utf-8" To permit the platform to adopt a stricter policy when it comes to memory protections, and map all memory XP by default, add the necessary handling to the DXE IPL PEIM to ensure that the DXE core code section is mapped executable before invoking the DXE core. It is up to the DXE core itself to manage the executable permissions on other DXE and UEFI drivers and applications that it dispatches. Note that this requires that the DXE IPL executes non-shadowed from a FV that is mapped executable. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c | 73 ++++++++++++++++++++ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 1 + 2 files changed, 74 insertions(+) diff --git a/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c b/MdeModulePkg/= Core/DxeIplPeim/Arm/DxeLoadFunc.c index f62b6dcb38a7..c57ffa87e30f 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c @@ -11,6 +11,73 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "DxeIpl.h" =20 #include +#include + +/** + Discover the code sections of the DXE core, and remap them read-only + and executable. + + @param DxeCoreEntryPoint The entrypoint of the DXE core executable. + @param HobList The list of HOBs passed to the DXE core from P= EI. +**/ +STATIC +VOID +RemapDxeCoreCodeReadOnly ( + IN EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint, + IN EFI_PEI_HOB_POINTERS HobList + ) +{ + EFI_PEI_HOB_POINTERS Hob; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + RETURN_STATUS Status; + EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; + EFI_IMAGE_SECTION_HEADER *Section; + UINTN Index; + + ImageContext.ImageRead =3D PeCoffLoaderImageReadFromMemory; + ImageContext.Handle =3D NULL; + + // + // Find the module HOB for the DXE core + // + for (Hob.Raw =3D HobList.Raw; !END_OF_HOB_LIST (Hob); Hob.Raw =3D GET_NE= XT_HOB (Hob)) { + if ((GET_HOB_TYPE (Hob) =3D=3D EFI_HOB_TYPE_MEMORY_ALLOCATION) && + (CompareGuid (&Hob.MemoryAllocation->AllocDescriptor.Name, &gEfiHo= bMemoryAllocModuleGuid)) && + (Hob.MemoryAllocationModule->EntryPoint =3D=3D DxeCoreEntryPoint)) + { + ImageContext.Handle =3D (VOID *)(UINTN)Hob.MemoryAllocation->AllocDe= scriptor.MemoryBaseAddress; + break; + } + } + + ASSERT (ImageContext.Handle !=3D NULL); + + Status =3D PeCoffLoaderGetImageInfo (&ImageContext); + ASSERT_RETURN_ERROR (Status); + + Hdr.Union =3D (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((UINT8 *)ImageContext.= Handle + + ImageContext.PeCoffHeade= rOffset); + ASSERT (Hdr.Pe32->Signature =3D=3D EFI_IMAGE_NT_SIGNATURE); + + Section =3D (EFI_IMAGE_SECTION_HEADER *)((UINT8 *)Hdr.Union + sizeof (UI= NT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + Hdr.Pe32->FileHeader.SizeOfOption= alHeader + ); + + for (Index =3D 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++= ) { + if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) !=3D 0) { + ArmSetMemoryRegionReadOnly ( + (UINTN)((UINT8 *)ImageContext.Handle + Section[Index].VirtualAddre= ss), + Section[Index].Misc.VirtualSize + ); + + ArmClearMemoryRegionNoExec ( + (UINTN)((UINT8 *)ImageContext.Handle + Section[Index].VirtualAddre= ss), + Section[Index].Misc.VirtualSize + ); + } + } +} =20 /** Transfers control to DxeCore. @@ -33,6 +100,12 @@ HandOffToDxeCore ( VOID *TopOfStack; EFI_STATUS Status; =20 + // + // DRAM may be mapped with non-executable permissions by default, so + // we'll need to map the DXE core code region executable explicitly. + // + RemapDxeCoreCodeReadOnly (DxeCoreEntryPoint, HobList); + // // Allocate 128KB for the Stack // diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 62821477d012..d85ca79dc0c3 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -82,6 +82,7 @@ [LibraryClasses] =20 [LibraryClasses.ARM, LibraryClasses.AARCH64] ArmMmuLib + PeCoffLib =20 [Ppis] gEfiDxeIplPpiGuid ## PRODUCES --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101122): https://edk2.groups.io/g/devel/message/101122 Mute This Topic: https://groups.io/mt/97586019/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101123+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101123+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727907; cv=none; d=zohomail.com; s=zohoarc; b=WLi5D2yaOhXZNp9jmtwSyEIMMr6wIB7idqKtDDo8TS3o+nX09BpxByz8sHFPdFBHtTIMIXpCCUailijKTLLj517XO+zcoNVdbtSBDv5DZCAsq6JOzAcXrRWvYby1ZrKYfrBR5muw/bm1yWBzBEqaXPRlitIEYDUJlNAqW7HlnBw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727907; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ySCXcE3+SCQFKWGvHJqmdn2cKwIKU67OlYCLyHqPLiE=; b=nzv/MtYiI++8fcXFjfmGhcEQ+uSq1mtiFvE0qD8A20e3UKnQ0VIvrY14iys903fL+qYxaay3E+O0QCtYi60BPWtjhOEjzy1vUobBfhaq/ickBaBnbJK5d75gi4Im5ry9RZh3luLWQTMb8yPW8wAOlFZBovyYd0EqKwiIiZMsgRI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101123+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727907026940.3216828989332; Mon, 13 Mar 2023 10:18:27 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id uRvgYY1788612xbTioVUIgEa; Mon, 13 Mar 2023 10:18:26 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25809.1678727905814613329 for ; Mon, 13 Mar 2023 10:18:26 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 28071B811C0; Mon, 13 Mar 2023 17:18:24 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9EE2AC433A0; Mon, 13 Mar 2023 17:18:21 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 19/38] MdeModulePkg/DxeCore: Reduce range of W+X remaps at EBS time Date: Mon, 13 Mar 2023 18:16:55 +0100 Message-Id: <20230313171714.3866151-20-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 0aIFwmkIzKA8KYVdcaMvD8Rdx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727906; bh=fjucUUTQnUPZ1ps3lOcdVVz/FXphEqcluQ2Brx5gSFQ=; h=Cc:Date:From:Reply-To:Subject:To; b=HGM7bte6w7n/0dbLE4wM7pk9SiYWAQQMyHad/PEPenZ26koE0zysHiMvViKh38e57yT cnPA4LIfh1lriA4VBatFTpONmDDc7xCwwHMmqD655uEkaC4M5pz0hvJmT3QZM9kVgoeQ1 j1rd8/+E5k0LlT6V1C5O8K8i+AWXGbwl76U= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727908186100006 Content-Type: text/plain; charset="utf-8" Instead of remapping all DXE runtime drivers with read-write-execute permissions entirely when ExitBootServices() is called, remap only the parts of those images that require writable access for applying relocation fixups at SetVirtualAddressMap() time. As illustrated below, this greatly reduces the footprint of those regions, which is important for safe execution. And given that the most important ISAs and toolchains split executable code from relocatable quantities, the remapped pages in question are generally not the ones that contain code as well. On a ArmVirtQemu build, the footprint of those RWX pages is shown below. As future work, we might investigate whether we can find a way to guarantee in general that images are built in a way where executable code and relocatable data never share a 4 KiB page, in which case we could apply EFI_MEMORY_XP permissions here instead of allowing RWX. Before: SetUefiImageMemoryAttributes - 0x0000000047600000 - 0x0000000000050000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x0000000044290000 - 0x0000000000050000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x0000000044230000 - 0x0000000000050000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x00000000441D0000 - 0x0000000000050000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x00000000440D0000 - 0x0000000000050000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x0000000043F90000 - 0x0000000000040000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x0000000043F40000 - 0x0000000000040000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x0000000043EF0000 - 0x0000000000040000 (0= x0000000000000008) After: SetUefiImageMemoryAttributes - 0x0000000047630000 - 0x0000000000001000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x00000000442C0000 - 0x0000000000001000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x0000000044260000 - 0x0000000000001000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x0000000044200000 - 0x0000000000001000 (0= x0000000000000008) SetUefiImageMemoryAttributes - 0x0000000044100000 - 0x0000000000001000 (0= x0000000000000008) Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 5a82eee80781..3e6f2b4e74cc 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -1060,6 +1060,8 @@ MemoryProtectionExitBootServicesCallback ( { EFI_RUNTIME_IMAGE_ENTRY *RuntimeImage; LIST_ENTRY *Link; + PHYSICAL_ADDRESS RelocationRangeStart; + PHYSICAL_ADDRESS RelocationRangeEnd; =20 // // We need remove the RT protection, because RT relocation need write co= de segment @@ -1073,7 +1075,22 @@ MemoryProtectionExitBootServicesCallback ( if (mImageProtectionPolicy !=3D 0) { for (Link =3D gRuntime->ImageHead.ForwardLink; Link !=3D &gRuntime->Im= ageHead; Link =3D Link->ForwardLink) { RuntimeImage =3D BASE_CR (Link, EFI_RUNTIME_IMAGE_ENTRY, Link); - SetUefiImageMemoryAttributes ((UINT64)(UINTN)RuntimeImage->ImageBase= , ALIGN_VALUE (RuntimeImage->ImageSize, EFI_PAGE_SIZE), 0); + + PeCoffLoaderGetRelocationRange ( + (PHYSICAL_ADDRESS)(UINTN)RuntimeImage->ImageBase, + (UINTN)ALIGN_VALUE (RuntimeImage->ImageSize, EFI_PAGE_SIZE), + RuntimeImage->RelocationData, + &RelocationRangeStart, + &RelocationRangeEnd + ); + + if (RelocationRangeEnd > RelocationRangeStart) { + SetUefiImageMemoryAttributes ( + RelocationRangeStart, + (UINTN)(RelocationRangeEnd - RelocationRangeStart), + 0 + ); + } } } } --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101123): https://edk2.groups.io/g/devel/message/101123 Mute This Topic: https://groups.io/mt/97586021/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101124+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101124+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727908; cv=none; d=zohomail.com; s=zohoarc; b=MknpnrsvBOv3xLMesM03dBSvDjNPoC5iZ/oGqt8CQmnBxBHvywRp7FdesNxNoKKL/836C3A6HH9uCVW4JVH/YtCor0xDzxk5XjMqhlla90ggsusJpqgW/Gk/Fb4mgQdVB9NB1+cYBkuTQ7Axbg4crH5kf2pbhIQxpeI87AcA6tQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727908; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=69NbtLUA8FQjdC/cXy2+oUzUw2PRLaSHKiQOGUAbtQA=; b=SwQcF9PAgkONRRhUaMeU+7EMOWwhIG5NNqrEXW1cBQM9q2H29vSG7xYW0Ast9GBJBMwvdTpLZMuK8cNOtFrDr7SHTy6ItmnzR4ABjB7GLGuq7SlbupdK5H8HSxo+Vmh1P9qzhMMRsgFzPw0EEUP5preTcdKIQbwaI8G4Qq00ImM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101124+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727908364422.2072183479306; Mon, 13 Mar 2023 10:18:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id PDSoYY1788612x9Cfwele25f; Mon, 13 Mar 2023 10:18:28 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26498.1678727907526273415 for ; Mon, 13 Mar 2023 10:18:27 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 12D9B61314; Mon, 13 Mar 2023 17:18:27 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 474EAC433EF; Mon, 13 Mar 2023 17:18:24 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 20/38] MdeModulePkg/DxeCore: Permit preliminary CPU arch fallback Date: Mon, 13 Mar 2023 18:16:56 +0100 Message-Id: <20230313171714.3866151-21-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 6yT0U5Iw53cahpxXJvAfJRnxx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727908; bh=iHvj5PWBQSChg8D9xMI1N0mphZPuqbs63b6rFrMSPu0=; h=Cc:Date:From:Reply-To:Subject:To; b=clVffIjqxgAmOVLyKRQPs5KWmnJQEfubAbjJ6Oc7jW+kqcCuF+u3n99HYx+tTDLWVOp SOO6bTvLrZHYuQx9i0nBo7PaBB8dFV8K4EgfOMqsDtdLvOvsQljrX4Q0pCP71cn9v/gHO KlHjztjisPDm/VbbDJM1Oow9y/kB/IwfsJE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727910169100009 Content-Type: text/plain; charset="utf-8" Store the address of the SetMemoryAttributes() member of the CPU arch protocol in a global variable, and invoke it via this variable. This by itself should have not result in functional changes, but it permits platforms to provide an preliminary implementation of this member at link time, allowing the DXE core to enforce strict memory permissions even before dispatching the CPU arch protocol driver itself. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 3e6f2b4e74cc..8df3e881c5c4 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -66,6 +66,8 @@ extern LIST_ENTRY mGcdMemorySpaceMap; =20 STATIC LIST_ENTRY mProtectedImageRecordList; =20 +EFI_CPU_SET_MEMORY_ATTRIBUTES gCpuSetMemoryAttributes; + /** Sort code section in image record, based upon CodeSegmentBase from low t= o high. =20 @@ -224,8 +226,8 @@ SetUefiImageMemoryAttributes ( =20 DEBUG ((DEBUG_INFO, "SetUefiImageMemoryAttributes - 0x%016lx - 0x%016lx = (0x%016lx)\n", BaseAddress, Length, FinalAttributes)); =20 - ASSERT (gCpu !=3D NULL); - gCpu->SetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes); + ASSERT (gCpuSetMemoryAttributes !=3D NULL); + gCpuSetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes); } =20 /** @@ -408,7 +410,7 @@ ProtectUefiImage ( DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage)); DEBUG ((DEBUG_INFO, " - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(= UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize)); =20 - if (gCpu =3D=3D NULL) { + if (gCpuSetMemoryAttributes =3D=3D NULL) { return; } =20 @@ -995,6 +997,8 @@ MemoryProtectionCpuArchProtocolNotify ( goto Done; } =20 + gCpuSetMemoryAttributes =3D gCpu->SetMemoryAttributes; + // // Apply the memory protection policy on non-BScode/RTcode regions. // @@ -1278,7 +1282,7 @@ ApplyMemoryProtectionPolicy ( // permission attributes, and it is the job of the driver that installs = this // protocol to set the permissions on existing allocations. // - if (gCpu =3D=3D NULL) { + if (gCpuSetMemoryAttributes =3D=3D NULL) { return EFI_SUCCESS; } =20 @@ -1318,5 +1322,5 @@ ApplyMemoryProtectionPolicy ( // NewAttributes =3D GetPermissionAttributeForMemoryType (NewType); =20 - return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes); + return gCpuSetMemoryAttributes (gCpu, Memory, Length, NewAttributes); } --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101124): https://edk2.groups.io/g/devel/message/101124 Mute This Topic: https://groups.io/mt/97586023/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101125+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101125+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727912; cv=none; d=zohomail.com; s=zohoarc; b=NWZUcQarBWV1cac3lCkXbH1TbSaVE9sUbbQxvXsBji3+T1TeUUW6o7cz0+qK9e6AbYmeHmYrnmdYJCrNPlyU/qQ7aZkVOUrMp3w+2yO3SyE1j/OYtdy8T7st28lIn4yX3D9tnoiiLEeDcsy0DlT7YrACjGZAw1pGXIX3w2Q3I6s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727912; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=6BTDZn4xYYQjJPb7A2Z0CV2wadgJjUEAZtN7iwYxYtQ=; b=Mf0HPBiP2jGw4z6txJzt+lMGxRyvoaFskUsoOXc/kkiuvOvcF6A+Pc+PnucpLf8qdIKuGHAvNRAwVS8PhR0Q8LmCAUyDaDH+6qmr/VjSpIVzQ5hJwUHgzXpJSiA9rDIF3g+7XzhfMVDEt520Ht/bdbxHeZPHGz9fCpExAgorZBY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101125+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727912166160.03124748887774; Mon, 13 Mar 2023 10:18:32 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id HoJ9YY1788612xjGjLtokqwG; Mon, 13 Mar 2023 10:18:31 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25813.1678727910867828690 for ; Mon, 13 Mar 2023 10:18:31 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 6BB1DB811B1; Mon, 13 Mar 2023 17:18:29 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id E379BC433D2; Mon, 13 Mar 2023 17:18:26 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 21/38] ArmPkg: Implement ArmSetMemoryOverrideLib Date: Mon, 13 Mar 2023 18:16:57 +0100 Message-Id: <20230313171714.3866151-22-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 4f4R2iZtFkwW1zGH6Sz0Ics3x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727911; bh=9+m2BNgPDueiLZ9OOrh3gnK/iIRnxzhBITXlboQHQdE=; h=Cc:Date:From:Reply-To:Subject:To; b=XD0YJQzBl4SCwvQtpVg2WKFyySvGU8ndhJaKMppdHbo8xduwwKo2IEov5pwuFuiv2R4 GB34NEBVRLufpHGvDcpHsdfAy6ljTSTdx77Gabm/uxcAUmsF+dvndvbyvPVjiwhG4w/VM +/CtTr+c2XofrnCeb4C8ne/oBiC/hCTc7y4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727914181100004 Content-Type: text/plain; charset="utf-8" Implement the ARM version of a NULL class library that can be overlaid on top of the DXE core to equip it right from its launch with an implementation of the CPU arch protocol member that sets type and permission attributes on memory regions. This bridges the gap between dispatch of DXE core and dispatch of the DXE driver that implements the CPU arch protocol, removing the need to rely on memory mappings that are writable and executable at the same time. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/ArmPkg.dsc | 1 + ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c | 78 ++= ++++++++++++++++++ ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf | 28 ++= +++++ 3 files changed, 107 insertions(+) diff --git a/ArmPkg/ArmPkg.dsc b/ArmPkg/ArmPkg.dsc index 3fb95d1951a9..43eb0f4f463e 100644 --- a/ArmPkg/ArmPkg.dsc +++ b/ArmPkg/ArmPkg.dsc @@ -119,6 +119,7 @@ [Components.common] ArmPkg/Library/ArmPsciResetSystemLib/ArmPsciResetSystemLib.inf ArmPkg/Library/ArmExceptionLib/ArmExceptionLib.inf ArmPkg/Library/ArmExceptionLib/ArmRelocateExceptionLib.inf + ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf =20 ArmPkg/Drivers/CpuDxe/CpuDxe.inf ArmPkg/Drivers/CpuPei/CpuPei.inf diff --git a/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib= .c b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c new file mode 100644 index 000000000000..866dbbdaa7d5 --- /dev/null +++ b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c @@ -0,0 +1,78 @@ +/** @file + Overlay implementation of DXE core gCpuSetMemoryAttributes for ARM. + + Copyright (c) 2023, Google LLC. All rights reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +#include +#include +#include + +extern EFI_CPU_SET_MEMORY_ATTRIBUTES gCpuSetMemoryAttributes; + +STATIC UINTN mRecursionLevel; + +/** + Clone of CPU_ARCH_PROTOCOL::SetMemoryAttributes() which is made availabl= e to + the DXE core by NULL library class resolution, so that it can manage page + permissions right from the start. + + @param This CPU arch protocol pointer, should be NULL. + @param BaseAddress Start address of the region. + @param Length Size of the region, in bytes. + @param Attributes Attributes to set on the region. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Operation failed due to lack of memory. + +**/ +STATIC +EFI_STATUS +EFIAPI +EarlyArmSetMemoryAttributes ( + IN EFI_CPU_ARCH_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 Attributes + ) +{ + EFI_STATUS Status; + + // There are cases where the use of strict memory permissions may trigger + // unbounded recursion in the page table code. This happens when setting + // memory permissions results in a page table split and therefore a page + // allocation, which could trigger a recursive invocation of this functi= on. + ASSERT (mRecursionLevel < 2); + + mRecursionLevel++; + + Status =3D ArmSetMemoryAttributes ( + BaseAddress, + Length, + Attributes + ); + + mRecursionLevel--; + return Status; +} + +/** + Library constructor. + + @retval RETURN_SUCCESS Operation successful. + +**/ +RETURN_STATUS +EFIAPI +ArmSetMemoryOverrideLibConstructor ( + VOID + ) +{ + gCpuSetMemoryAttributes =3D EarlyArmSetMemoryAttributes; + + return RETURN_SUCCESS; +} diff --git a/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib= .inf b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf new file mode 100644 index 000000000000..2dc9d42d09bd --- /dev/null +++ b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf @@ -0,0 +1,28 @@ +## @file +# Overlay implementation of DXE core gCpuSetMemoryAttributes for ARM. +# +# Copyright (c) 2023, Google LLC. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 1.29 + BASE_NAME =3D ArmSetMemoryOverrideLib + FILE_GUID =3D 849a43c0-6ad9-428e-8a5a-e090f7853bd3 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D NULL|DXE_CORE + CONSTRUCTOR =3D ArmSetMemoryOverrideLibConstructor + +[Sources.common] + ArmSetMemoryOverrideLib.c + +[Packages] + ArmPkg/ArmPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + ArmMmuLib + DebugLib --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101125): https://edk2.groups.io/g/devel/message/101125 Mute This Topic: https://groups.io/mt/97586026/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101126+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101126+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727913; cv=none; d=zohomail.com; s=zohoarc; b=nFtQVsGPBePcLUNtRac2zDK8swZgEYPyx2blVmuP/9XuFrVhDKL6J6UPEFlNgkhkDb+yjxDBys1WAstVJ1VOeX3sOYCKb76U5k+XOK9fhHZDeK4L9FZvZergfdRfXLMiuQCsoPXjJhP/NdvENC4Dh1J1McWy9FCrpbJF8q0rd5U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727913; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=HPiZa02AlQkgY+2dNwRWKVNkVsRs3zqwz/gIPgHCrbg=; b=kY2U6TNbhU2A+siVkK2e53V0/4fMjmNRCIF/fTd5vG0cKS0BnPqua0INYjWqEut+h4Ns0yigbJ1QbvYjhZz74QimgM/nLmUxp6FLkwkvY1y5MfXQxOQ51SDsw/KHSf2IX1oOXz0jhZwShaf9V44bz3pnHWWAA6KrKQqj1jUo/VA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101126+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727913681688.1528896226137; Mon, 13 Mar 2023 10:18:33 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id aHrSYY1788612xBuKC96cEEZ; Mon, 13 Mar 2023 10:18:33 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26499.1678727912836852482 for ; Mon, 13 Mar 2023 10:18:32 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5DFF861314; Mon, 13 Mar 2023 17:18:32 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8B26AC4339C; Mon, 13 Mar 2023 17:18:29 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 22/38] MdeModulePkg/PcdPeim: Permit unshadowed execution Date: Mon, 13 Mar 2023 18:16:58 +0100 Message-Id: <20230313171714.3866151-23-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: xNSgzGWfRIyxIWrxbgnGM5JFx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727913; bh=wCE8t3bK4NGiEbvk0O+irPF2SOE2o2Clzfo+ML9Ef9M=; h=Cc:Date:From:Reply-To:Subject:To; b=YljfILXtVW3hd6nOwH+KOzBVGVC/a4Osfq5zCsyfWIu2Je8w88oTECkcQ0maIGhXhqC F2tcCsYtRcSvLg40GIL03XCTOGqTTNFf2/5kTyQpH191X6CjuCJVb+G/1fJNPRO0jicYt ZaS47lQ6NXvEpLRETmG9J8LdtBgNk8vOCyI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727914156100001 Content-Type: text/plain; charset="utf-8" PEIM shadowing is optional, but the PCD PEIM does so explicitly, seemingly without a functional need. So make this behavior dependent on the existing PCD, which is generally (and by default) set to TRUE, whereas some systems (such as ARM virtual machines) may prefer to disable shadowing. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Universal/PCD/Pei/Pcd.c | 112 ++++++++++---------- MdeModulePkg/Universal/PCD/Pei/Pcd.inf | 1 + 2 files changed, 58 insertions(+), 55 deletions(-) diff --git a/MdeModulePkg/Universal/PCD/Pei/Pcd.c b/MdeModulePkg/Universal/= PCD/Pei/Pcd.c index c51ac96a32e3..632254f1c5fa 100644 --- a/MdeModulePkg/Universal/PCD/Pei/Pcd.c +++ b/MdeModulePkg/Universal/PCD/Pei/Pcd.c @@ -346,73 +346,75 @@ PcdPeimInit ( { EFI_STATUS Status; =20 - Status =3D PeiServicesRegisterForShadow (FileHandle); - if (Status =3D=3D EFI_ALREADY_STARTED) { - // - // This is now starting in memory, the second time starting. - // - EFI_PEI_PPI_DESCRIPTOR *OldPpiList; - EFI_PEI_PPI_DESCRIPTOR *OldPpiList2; - VOID *Ppi; - VOID *Ppi2; + if (PcdGetBool (PcdShadowPeimOnBoot)) { + Status =3D PeiServicesRegisterForShadow (FileHandle); + if (Status =3D=3D EFI_ALREADY_STARTED) { + // + // This is now starting in memory, the second time starting. + // + EFI_PEI_PPI_DESCRIPTOR *OldPpiList; + EFI_PEI_PPI_DESCRIPTOR *OldPpiList2; + VOID *Ppi; + VOID *Ppi2; =20 - OldPpiList =3D NULL; - Status =3D PeiServicesLocatePpi ( - &gPcdPpiGuid, - 0, - &OldPpiList, - &Ppi - ); - ASSERT_EFI_ERROR (Status); - - if (OldPpiList !=3D NULL) { - Status =3D PeiServicesReInstallPpi (OldPpiList, &mPpiList[0]); + OldPpiList =3D NULL; + Status =3D PeiServicesLocatePpi ( + &gPcdPpiGuid, + 0, + &OldPpiList, + &Ppi + ); ASSERT_EFI_ERROR (Status); - } =20 - OldPpiList2 =3D NULL; - Status =3D PeiServicesLocatePpi ( - &gGetPcdInfoPpiGuid, - 0, - &OldPpiList2, - &Ppi2 - ); - ASSERT_EFI_ERROR (Status); + if (OldPpiList !=3D NULL) { + Status =3D PeiServicesReInstallPpi (OldPpiList, &mPpiList[0]); + ASSERT_EFI_ERROR (Status); + } =20 - if (OldPpiList2 !=3D NULL) { - Status =3D PeiServicesReInstallPpi (OldPpiList2, &mPpiList2[0]); + OldPpiList2 =3D NULL; + Status =3D PeiServicesLocatePpi ( + &gGetPcdInfoPpiGuid, + 0, + &OldPpiList2, + &Ppi2 + ); ASSERT_EFI_ERROR (Status); - } =20 - OldPpiList =3D NULL; - Status =3D PeiServicesLocatePpi ( - &gEfiPeiPcdPpiGuid, - 0, - &OldPpiList, - &Ppi - ); - ASSERT_EFI_ERROR (Status); + if (OldPpiList2 !=3D NULL) { + Status =3D PeiServicesReInstallPpi (OldPpiList2, &mPpiList2[0]); + ASSERT_EFI_ERROR (Status); + } =20 - if (OldPpiList !=3D NULL) { - Status =3D PeiServicesReInstallPpi (OldPpiList, &mPpiList[1]); + OldPpiList =3D NULL; + Status =3D PeiServicesLocatePpi ( + &gEfiPeiPcdPpiGuid, + 0, + &OldPpiList, + &Ppi + ); ASSERT_EFI_ERROR (Status); - } =20 - OldPpiList2 =3D NULL; - Status =3D PeiServicesLocatePpi ( - &gEfiGetPcdInfoPpiGuid, - 0, - &OldPpiList2, - &Ppi2 - ); - ASSERT_EFI_ERROR (Status); + if (OldPpiList !=3D NULL) { + Status =3D PeiServicesReInstallPpi (OldPpiList, &mPpiList[1]); + ASSERT_EFI_ERROR (Status); + } =20 - if (OldPpiList2 !=3D NULL) { - Status =3D PeiServicesReInstallPpi (OldPpiList2, &mPpiList2[1]); + OldPpiList2 =3D NULL; + Status =3D PeiServicesLocatePpi ( + &gEfiGetPcdInfoPpiGuid, + 0, + &OldPpiList2, + &Ppi2 + ); ASSERT_EFI_ERROR (Status); - } =20 - return Status; + if (OldPpiList2 !=3D NULL) { + Status =3D PeiServicesReInstallPpi (OldPpiList2, &mPpiList2[1]); + ASSERT_EFI_ERROR (Status); + } + + return Status; + } } =20 BuildPcdDatabase (FileHandle); diff --git a/MdeModulePkg/Universal/PCD/Pei/Pcd.inf b/MdeModulePkg/Universa= l/PCD/Pei/Pcd.inf index 7152a7d53b7d..a820ace70ec2 100644 --- a/MdeModulePkg/Universal/PCD/Pei/Pcd.inf +++ b/MdeModulePkg/Universal/PCD/Pei/Pcd.inf @@ -343,6 +343,7 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdMaxPeiPcdCallBackNumberPerPcdEntry ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdNvStoreDefaultValueBuffer ## SOMETIMES= _CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdSetNvStoreDefaultId ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot ## CONSUMES =20 [Depex] TRUE --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101126): https://edk2.groups.io/g/devel/message/101126 Mute This Topic: https://groups.io/mt/97586027/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101127+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101127+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727919; cv=none; d=zohomail.com; s=zohoarc; b=FONHdRxU39qxNW6JbQzOWHT1W7MkiErAVC9pWvUsZm0+hTAnDpV6MD7BCyDiwstDK4r431kM75e7melw6mqcNwsgzX+s9d9eWEYXU8xszUbf56OMRmMUUmvbX33b4t3/EDYoCgDKJevr/ndr+FEPdC6XkGKWQJh371hoF26umlQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727919; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=TilzSGi8k6/Xy8GpxcUzQ61DMizFeBaIXrVeabf0t3s=; b=m7AF3vFjRKwG54fB//9Td63GM7WjZTWxclKpl03rS2PrABfxC8BNG0FsjtO/px/ZEiJYgCzBAYtTKZb8UFvzeqC4JgLOPYTuKPvfkmABAsRb2FLSaana1hDkFrL2kpsLhSb8ofmtKnSpgIyJi1h7j/pJ7+Ub9yvN3piqQ1GrAE0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101127+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727919952372.7798047984654; Mon, 13 Mar 2023 10:18:39 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8KF2YY1788612xpnsO3ahhyD; Mon, 13 Mar 2023 10:18:38 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25816.1678727917200574175 for ; Mon, 13 Mar 2023 10:18:37 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9700CB811C0; Mon, 13 Mar 2023 17:18:35 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 31DB0C4339B; Mon, 13 Mar 2023 17:18:32 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 23/38] EmbeddedPkg/PrePiLib AARCH64: Remap DXE core before execution Date: Mon, 13 Mar 2023 18:16:59 +0100 Message-Id: <20230313171714.3866151-24-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 1wOJaxbw6oksMdkGsJzROuJVx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727918; bh=0W/LgiunQ4+2yIh5CAfaE07HIBcHs58rHRYgrK7amrU=; h=Cc:Date:From:Reply-To:Subject:To; b=u3l/5zJnaqAHuMY2WLnF9dYRyBWfhWFm4NKG+gSuDS/ZsIMo2PxoeF8JV345j9IV2SK RqQESdqtBr47eoCSh5/4DGOy1SjL0sS4DRL3IA300njmlAeyEb4Ml9oTfnXTVmBxaFgxF TDI0yPh7Bi1OcEq4+dQKENJ2sJwzs4ED9Ak= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727920227100002 Content-Type: text/plain; charset="utf-8" Deal with DRAM memory potentially being mapped with non-executable permissions, by mapping the DXE core code sections explicitly before launch. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- EmbeddedPkg/Include/Library/PrePiLib.h | 16 ------ EmbeddedPkg/Library/PrePiLib/Arm/RemapDxeCore.c | 51 ++++++++++++++++++++ EmbeddedPkg/Library/PrePiLib/PrePi.h | 13 +++++ EmbeddedPkg/Library/PrePiLib/PrePiLib.c | 4 ++ EmbeddedPkg/Library/PrePiLib/PrePiLib.inf | 12 +++++ EmbeddedPkg/Library/PrePiLib/X86/RemapDxeCore.c | 23 +++++++++ 6 files changed, 103 insertions(+), 16 deletions(-) diff --git a/EmbeddedPkg/Include/Library/PrePiLib.h b/EmbeddedPkg/Include/L= ibrary/PrePiLib.h index 93a9115eac2d..14f2bbc38dae 100644 --- a/EmbeddedPkg/Include/Library/PrePiLib.h +++ b/EmbeddedPkg/Include/Library/PrePiLib.h @@ -758,22 +758,6 @@ AllocateAlignedPages ( IN UINTN Alignment ); =20 -EFI_STATUS -EFIAPI -LoadPeCoffImage ( - IN VOID *PeCoffImage, - OUT EFI_PHYSICAL_ADDRESS *ImageAddress, - OUT UINT64 *ImageSize, - OUT EFI_PHYSICAL_ADDRESS *EntryPoint - ); - -EFI_STATUS -EFIAPI -LoadDxeCoreFromFfsFile ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN UINTN StackSize - ); - EFI_STATUS EFIAPI LoadDxeCoreFromFv ( diff --git a/EmbeddedPkg/Library/PrePiLib/Arm/RemapDxeCore.c b/EmbeddedPkg/= Library/PrePiLib/Arm/RemapDxeCore.c new file mode 100644 index 000000000000..40d4ed9d77bd --- /dev/null +++ b/EmbeddedPkg/Library/PrePiLib/Arm/RemapDxeCore.c @@ -0,0 +1,51 @@ +/** @file + Copyright (c) 2023, Google LLC. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "PrePi.h" + +#include + +/** + Remap the code section of the DXE core with the read-only and executable + permissions. + + @param ImageContext The image context describing the loaded PE/COFF = image + +**/ +VOID +EFIAPI +RemapDxeCore ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext + ) +{ + EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; + EFI_IMAGE_SECTION_HEADER *Section; + UINTN Index; + + Hdr.Union =3D (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((UINT8 *)ImageContext-= >Handle + + ImageContext->PeCoffHead= erOffset); + ASSERT (Hdr.Pe32->Signature =3D=3D EFI_IMAGE_NT_SIGNATURE); + + Section =3D (EFI_IMAGE_SECTION_HEADER *)((UINT8 *)Hdr.Union + sizeof (UI= NT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + Hdr.Pe32->FileHeader.SizeOfOption= alHeader + ); + + for (Index =3D 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++= ) { + if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) !=3D 0) { + ArmSetMemoryRegionReadOnly ( + (UINTN)(ImageContext->ImageAddress + Section[Index].VirtualAddress= ), + Section[Index].Misc.VirtualSize + ); + + ArmClearMemoryRegionNoExec ( + (UINTN)(ImageContext->ImageAddress + Section[Index].VirtualAddress= ), + Section[Index].Misc.VirtualSize + ); + } + } +} diff --git a/EmbeddedPkg/Library/PrePiLib/PrePi.h b/EmbeddedPkg/Library/Pre= PiLib/PrePi.h index a00c946512f4..a0f8837d1d37 100644 --- a/EmbeddedPkg/Library/PrePiLib/PrePi.h +++ b/EmbeddedPkg/Library/PrePiLib/PrePi.h @@ -37,4 +37,17 @@ #define GET_GUID_HOB_DATA(GuidHob) ((VOID *) (((UINT8 *) &((GuidHob)= ->Name)) + sizeof (EFI_GUID))) #define GET_GUID_HOB_DATA_SIZE(GuidHob) (((GuidHob)->Header).HobLength - = sizeof (EFI_HOB_GUID_TYPE)) =20 +/** + Remap the code section of the DXE core with the read-only and executable + permissions. + + @param ImageContext The image context describing the loaded PE/COFF = image + +**/ +VOID +EFIAPI +RemapDxeCore ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext + ); + #endif diff --git a/EmbeddedPkg/Library/PrePiLib/PrePiLib.c b/EmbeddedPkg/Library/= PrePiLib/PrePiLib.c index 3cf866dab248..188ad5c518a8 100644 --- a/EmbeddedPkg/Library/PrePiLib/PrePiLib.c +++ b/EmbeddedPkg/Library/PrePiLib/PrePiLib.c @@ -54,6 +54,7 @@ AllocateCodePages ( return NULL; } =20 +STATIC EFI_STATUS EFIAPI LoadPeCoffImage ( @@ -105,6 +106,8 @@ LoadPeCoffImage ( // InvalidateInstructionCacheRange ((VOID *)(UINTN)*ImageAddress, (UINTN)*I= mageSize); =20 + RemapDxeCore (&ImageContext); + return Status; } =20 @@ -114,6 +117,7 @@ VOID IN VOID *HobStart ); =20 +STATIC EFI_STATUS EFIAPI LoadDxeCoreFromFfsFile ( diff --git a/EmbeddedPkg/Library/PrePiLib/PrePiLib.inf b/EmbeddedPkg/Librar= y/PrePiLib/PrePiLib.inf index 090bfe888f52..2df5928c51d5 100644 --- a/EmbeddedPkg/Library/PrePiLib/PrePiLib.inf +++ b/EmbeddedPkg/Library/PrePiLib/PrePiLib.inf @@ -31,11 +31,20 @@ [Sources.common] FwVol.c PrePiLib.c =20 +[Sources.X64, Sources.IA32] + X86/RemapDxeCore.c + +[Sources.AARCH64, Sources.ARM] + Arm/RemapDxeCore.c + [Packages] MdePkg/MdePkg.dec EmbeddedPkg/EmbeddedPkg.dec MdeModulePkg/MdeModulePkg.dec =20 +[Packages.ARM, Packages.AARCH64] + ArmPkg/ArmPkg.dec + [LibraryClasses] BaseLib DebugLib @@ -50,6 +59,9 @@ [LibraryClasses] PerformanceLib HobLib =20 +[LibraryClasses.ARM, LibraryClasses.AARCH64] + ArmMmuLib + [Guids] gEfiMemoryTypeInformationGuid =20 diff --git a/EmbeddedPkg/Library/PrePiLib/X86/RemapDxeCore.c b/EmbeddedPkg/= Library/PrePiLib/X86/RemapDxeCore.c new file mode 100644 index 000000000000..1899c050fdec --- /dev/null +++ b/EmbeddedPkg/Library/PrePiLib/X86/RemapDxeCore.c @@ -0,0 +1,23 @@ +/** @file + Copyright (c) 2023, Google LLC. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "PrePi.h" + +/** + Remap the code section of the DXE core with the read-only and executable + permissions. + + @param ImageContext The image context describing the loaded PE/COFF = image + +**/ +VOID +EFIAPI +RemapDxeCore ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext + ) +{ +} --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101127): https://edk2.groups.io/g/devel/message/101127 Mute This Topic: https://groups.io/mt/97586028/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101128+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101128+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727920; cv=none; d=zohomail.com; s=zohoarc; b=QzPQqG9vratf/E81yrL2RuRnkqF9Mqch+0NYzhTADpnamDaur8k/NOoFqfDV3Cd+p8DqVHJgXSEXOOuoqRgT5Uybjrs7NtK3JQM36Kvrbw6VK/Do+giXVUFR0KY5CmdeiNishpYMnklaKv4Zm596dk0qP5B/GHZcLH6izjglXXc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727920; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=3oEcE1lbTfewETFmcX5WHwdWvCG8XmXCAgMYe0hKvqw=; b=OS5Yw2MetWC7yclG/WFwFO91EWYlSY5mrGkxme+xX4C61qMhDFBopsK1ZlQbyqeNrHw+jSJ9mlES300lRGH4la/QSXAgbL28v4wajuuWI5TDCxN2phkFB2NZk38SHlRNSV4KMFEHJwUq1Tv/ibf9uyQWG5GVyZB8hJTZ1PgdEvU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101128+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167872792039094.20385332475928; Mon, 13 Mar 2023 10:18:40 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id B8rvYY1788612xVlAY0BWLBT; Mon, 13 Mar 2023 10:18:40 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26501.1678727918179369115 for ; Mon, 13 Mar 2023 10:18:38 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9613C61314; Mon, 13 Mar 2023 17:18:37 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id CE0D7C433A1; Mon, 13 Mar 2023 17:18:34 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 24/38] ArmVirtPkg/ArmVirtQemu: Use XP memory mappings by default Date: Mon, 13 Mar 2023 18:17:00 +0100 Message-Id: <20230313171714.3866151-25-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: eFNC9flHgpR9GfcHsvFcjWyUx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727920; bh=St2Rake0i1UJKEm4mi7biE+802AoSe2Rp8NQS0hYukQ=; h=Cc:Date:From:Reply-To:Subject:To; b=YZM1PZvQD7WAZ3c3l8kaIWfaeiYVh7uaetiD6vuqKiRETDJj7J9ongXpyXT/6fHuBpF h+LgkwgA3o/ZgOv5341pQjM4qqP2e4XwBLExSz/SW3oC20rGw17TlXosvPtoz/1H2Zvg/ nxB1mzBODT+jvMSHDW3WMjd+kD8OqHiBkeQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727922305100001 Content-Type: text/plain; charset="utf-8" Now that all the plumbing is in place, we can switch to a default policy of XP for all memory mappings straight out of reset. This reduces the risk of running with memory ranges mapped as both writable and executable at the same time. Note this this requires the overlay library to be added to the DXE core, as otherwise, it will not be able to dispatch the CPU arch protocol DXE driver (or any other DXE driver for that matter), as it would lack the ability to grant executable permissions to those executables. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmVirtPkg/ArmVirtQemu.dsc | 1 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 72a0cacab4a8..b9c244f16e04 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -372,6 +372,7 @@ [Components.common] # MdeModulePkg/Core/Dxe/DxeMain.inf { + NULL|ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.= inf NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32Gu= idedSectionExtractLib.inf DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf } diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index 3cb9120e4e10..c09755e6e1b9 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -278,6 +278,7 @@ [Components.common] # MdeModulePkg/Core/Dxe/DxeMain.inf { + NULL|ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.= inf NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32Gu= idedSectionExtractLib.inf DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf } diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c b/A= rmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c index 9cf43f06c073..aa083cec2082 100644 --- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c +++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c @@ -91,7 +91,7 @@ ArmVirtGetMemoryMap ( VirtualMemoryTable[0].PhysicalBase =3D PcdGet64 (PcdSystemMemoryBase); VirtualMemoryTable[0].VirtualBase =3D VirtualMemoryTable[0].PhysicalBas= e; VirtualMemoryTable[0].Length =3D *(UINT64 *)GET_GUID_HOB_DATA (Mem= orySizeHob); - VirtualMemoryTable[0].Attributes =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE= _BACK; + VirtualMemoryTable[0].Attributes =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE= _BACK_XP; =20 DEBUG (( DEBUG_INFO, --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101128): https://edk2.groups.io/g/devel/message/101128 Mute This Topic: https://groups.io/mt/97586029/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101129+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101129+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727921; cv=none; d=zohomail.com; s=zohoarc; b=MHfFyg2s7uYcdP5S4IEEVwCBEbQjpw3G9OgGZapcqN7kbbiUlNzduEVnnUkQlXBp3S83R8VFOIKYgKnVPy32SpnP3eq+qpV69elUixmLwydOqro7V3LTMI3rEOgOdH4X/Pgxkn0wmc5NDJIltu2incIalGJRtNlwZWmGaa/VLR8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727921; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=pJ6Fqpe2UX5/PmUbkyoO3YfHyafXn+EPrz4qL2h36WQ=; b=NrKZFSHlcy0Dx4DlzvdvYEod6MwNrN+nIjkfsKqQvCx51UsbVAfzIzcUbQVklRgs9vemT2BgdAGvUkYUJwYXP2tKDnnOFU/IKDGCmbgX0OPcZ9tze7i52bWv+kJ2YUc/sJ+YyK311CmznhOTKWZ+iAsH/g3YLGSVO51edwgGAmc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101129+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727921757475.5504512418978; Mon, 13 Mar 2023 10:18:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id b5M7YY1788612x2BCkGNJfZg; Mon, 13 Mar 2023 10:18:41 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26503.1678727920720546779 for ; Mon, 13 Mar 2023 10:18:40 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4365A6142D; Mon, 13 Mar 2023 17:18:40 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75EC5C4339C; Mon, 13 Mar 2023 17:18:37 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 25/38] ArmVirtPkg/ArmVirtQemu: Use PEI flavor of ArmMmuLib for all PEIMs Date: Mon, 13 Mar 2023 18:17:01 +0100 Message-Id: <20230313171714.3866151-26-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 2JfbJubiNJ6dzc1HpHw1ps2Qx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727921; bh=hX5+dKlmBcvOEztEf2tZ2p4ijsJpNddNAOvkvh2EFRs=; h=Cc:Date:From:Reply-To:Subject:To; b=SJesJXZfXr3/UDanJ8yA8Nz4CRe6qyMXLwQEG4fGlaWHBWkUijhWp5LAfSo8EhfcEiL l0zBVQUDfDyaq437nJNXEWmdGfFNEOHVeqursPIxT3y4CbBscx4OntMgNxSrBzRaNJJZ7 ppEwKMHmgq0K0gNVxcR88APIryxVO3tRLok= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727922310100002 Content-Type: text/plain; charset="utf-8" The PEI flavor of the ArmMmuLib will install a HOB that exposes its implementation of the special helper routine that is used to update live entries, so that other instantiations of ArmMmuLib can invoke it. This is needed to ensure that splitting page tables using break-before-make (BBM) does not unmap the code that is performing the split. However, the BASE variety of ArmMmuLib discovers the HOB and sets a global pointer to refer to it, which is not possible in PEIMs, and so all PEIMs must use the PEI variety of this library if one does. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmVirtPkg/ArmVirtQemu.dsc | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index b9c244f16e04..7f79a2b5fa6b 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -107,6 +107,9 @@ [LibraryClasses.common.PEIM] Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif =20 +[LibraryClasses.AARCH64.PEIM] + ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf + [LibraryClasses.common.DXE_DRIVER] ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf =20 @@ -333,12 +336,7 @@ [Components.common] ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf MdeModulePkg/Core/Pei/PeiMain.inf ArmPlatformPkg/PlatformPei/PlatformPeim.inf - ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf { - -!if $(ARCH) =3D=3D AARCH64 - ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf -!endif - } + ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf ArmPkg/Drivers/CpuPei/CpuPei.inf =20 !if $(TPM2_ENABLE) =3D=3D TRUE --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101129): https://edk2.groups.io/g/devel/message/101129 Mute This Topic: https://groups.io/mt/97586031/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101130+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101130+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727924; cv=none; d=zohomail.com; s=zohoarc; b=lObtxTmDWP5e+bFkJov6C3SMW1P1tYhHwZ0LxhHvBXK1XOYEAxJTmZEefsJ43WoQ3fJjQKN5+jNpGiLoPf1BqVBVpuiZpwronoDdwvIs7R/4Rdyg/pySJlHIVAD1BM8Ci6MdueXK5xaxaRBEd06l6DoAAXzwYinX3CDqskvlQ/I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727924; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=gC8OvTA6emvweCkBTGrJ3fnsgUAyOmn++c+QGGIycK0=; b=g6WnvTNblca/Tt70OxClcVpablfbH4fRymgHXZKKqerSa8oRiVIim27IkNplC1TMtNFYHyfPETsRjDxI84Kj/Ri+eM0hWbC6izjG/OCXYTOYUYXvJOhrj3RIqMtFcdLVUC4hKl/i19kAuY1lQWyxBfbuPIjZYe3JB3c1xLyFJtw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101130+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727924281261.9038144747668; Mon, 13 Mar 2023 10:18:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4cg0YY1788612xuFiRNrlkqC; Mon, 13 Mar 2023 10:18:43 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26504.1678727923351028535 for ; Mon, 13 Mar 2023 10:18:43 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DBD6361365; Mon, 13 Mar 2023 17:18:42 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1EFEBC433A0; Mon, 13 Mar 2023 17:18:39 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 26/38] ArmVirtPkg/ArmVirtQemu: Use read-only memory region type for code flash Date: Mon, 13 Mar 2023 18:17:02 +0100 Message-Id: <20230313171714.3866151-27-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 5RxZzO2X0v5M824bbItPmmmfx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727923; bh=6+aV8sLfMaNmny+lu2XP7aD8rGucuqYoSa+1M5SX/Nc=; h=Cc:Date:From:Reply-To:Subject:To; b=FLrgw4BEx5ubUY59Rrh6PmSPIxVzgp8xp+fNqHaAr6QcIFngMbKpAKrhOELzfO5yas1 AZ2VzLfkbGRKLs/HBJ1naLXtjkK/AjUB7CvOKWVn2SxiCQVW8TsqZ7CwJVnnYIr7Vg12T T78DpP7iSA5W46KG6CXtlstBsSCpcnNuMLE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727926336100002 Content-Type: text/plain; charset="utf-8" Map the code flash with read-only attributes so we can execute from it even under a memory protection regime that enables WXN, making all writable memory regions non-executable by default. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c b/A= rmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c index aa083cec2082..a5324b1e4eed 100644 --- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c +++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c @@ -115,7 +115,7 @@ ArmVirtGetMemoryMap ( VirtualMemoryTable[2].PhysicalBase =3D PcdGet64 (PcdFvBaseAddress); VirtualMemoryTable[2].VirtualBase =3D VirtualMemoryTable[2].PhysicalBas= e; VirtualMemoryTable[2].Length =3D FixedPcdGet32 (PcdFvSize); - VirtualMemoryTable[2].Attributes =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE= _BACK; + VirtualMemoryTable[2].Attributes =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE= _BACK_RO; =20 // End of Table ZeroMem (&VirtualMemoryTable[3], sizeof (ARM_MEMORY_REGION_DESCRIPTOR)); --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101130): https://edk2.groups.io/g/devel/message/101130 Mute This Topic: https://groups.io/mt/97586033/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101131+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101131+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727928; cv=none; d=zohomail.com; s=zohoarc; b=bfBMpt2NALzhqXyR4tS0xn6eMhUPefB33yD9jvMLGEGZUd3Tp7haaf0FkOzmeg4k9CKaG9EZrpgs94h8ktERRr7Nas9BkITSOKnOGkWEcAaMgZmgwUXm7pVhZUy0kRFcBViwg3y+O/0q2g/tLb1mt9/3BR6cZkSzPhw/PfYYdW4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727928; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=WwlCGHMne4BFrFM12zEO12vOA/YtkmgK3MvE9pzoU10=; b=Ghii6di3jGoc1vLhRumbnSiVtrwnoUM+M9yi1CzLtUMZCdPthxAuv8xNpmQvdHzF0wQq7yTd+NdrAC2hiiGHPcS1Wsy1pES1kv0nMD4qrwKGQVQyLdCpZ6L5UxRSY6v0lVw8mYkjOgyCPqGU+w1DfrdbaNmlbNreOgrvBbZG2ro= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101131+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167872792818720.42659734084316; Mon, 13 Mar 2023 10:18:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QhT4YY1788612x2Tss2gxnH0; Mon, 13 Mar 2023 10:18:47 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25818.1678727926852812568 for ; Mon, 13 Mar 2023 10:18:47 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 445F9B811AC; Mon, 13 Mar 2023 17:18:45 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id BBF93C433EF; Mon, 13 Mar 2023 17:18:42 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 27/38] BaseTools/GccBase AARCH64: Avoid page sharing between code and data Date: Mon, 13 Mar 2023 18:17:03 +0100 Message-Id: <20230313171714.3866151-28-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: vdHDJ92SvPT0MntbzdLxkXgax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727927; bh=wyMvAbLrEUns50mVJp55fjolPFIVjLJoXtOQ577mxGY=; h=Cc:Date:From:Reply-To:Subject:To; b=hDhj1M/utvsIobpGGAgZ3EdMQXoG4Sll8rkl13S5INwEOsANnV/Aj1S9QVYwcexiIER f3MiyknMyBtXlhpphGI0ojdhwoiYyUf5u6j81ulC/L158CEv6eElZiHFxMgM5NeYRHEQg e3IAZJTeTObQv8/yTylMCANgpa2Ka4u/oXs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727930344100001 Content-Type: text/plain; charset="utf-8" The AArch64 ARM architecture supports a hardware enforcement mode for mutual exclusion between code and data: any page that is mapped writable is implicitly non-executable as well. This means that remapping part of a runtime image for reapplying relocation fixups may result in any code sharing the same page to lose its executable permissions. Let's avoid this, by moving all quantities that are subject to relocation fixups to a separate page if the build is using 64k section alignment, which is only the case when building a runtime driver for AArch64. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- BaseTools/Scripts/GccBase.lds | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/BaseTools/Scripts/GccBase.lds b/BaseTools/Scripts/GccBase.lds index 83cebd29d599..63e097e0727c 100644 --- a/BaseTools/Scripts/GccBase.lds +++ b/BaseTools/Scripts/GccBase.lds @@ -21,9 +21,8 @@ SECTIONS { . =3D PECOFF_HEADER_SIZE; =20 .text : ALIGN(CONSTANT(COMMONPAGESIZE)) { - *(.text .text.* .stub .gnu.linkonce.t.*) + *(.text .text.* .stub .gnu.linkonce.t.* .plt) *(.rodata .rodata.* .gnu.linkonce.r.*) - *(.got .got.*) =20 /* * The contents of AutoGen.c files are mostly constant from the POV of= the @@ -34,6 +33,16 @@ SECTIONS { * emitted GUIDs here. */ *:AutoGen.obj(.data.g*Guid) + + /* + * AArch64 runtime drivers use 64k alignment, and may run in a mode wh= ere + * mutual exclusion of RO and XP mappings are hardware enforced. In su= ch + * cases, the input sections below, which carry any quantities that are + * subject to relocation fixups at runtime, must not share a 4 KiB page + * with any code content. + */ + . =3D ALIGN(CONSTANT(COMMONPAGESIZE) > 0x1000 ? 0x1000 : 0x20); + *(.got .got.* .data.rel.ro) } =20 /* --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101131): https://edk2.groups.io/g/devel/message/101131 Mute This Topic: https://groups.io/mt/97586036/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101132+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101132+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727931; cv=none; d=zohomail.com; s=zohoarc; b=lR2WrOJ+Kspu8tngzPvCru/uZZrIWF6e5oV9dzRJrcUnyALvf7CTEvilfSicHNs/xWBr4WFe9k4h4EVdVCJOi2KIcObdU7ul7Ly4FGnxaDF6Hiab6W7MZan3peqxEaKQ91/mioMtGE8K0yQkuRVGXSuS8d/HimW9T3PfJNiIOaA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727931; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=YmIMUwMjnqcB0HgbH05Xp79eK6qIj9/BvFSE9UBahls=; b=RUYCvJbo+Mh639dFC2dh+QlQRuLqT2EfMmBQEyrFmXfQSXWlaSbKyYZBR0PIjPt2ZaN+NmA9vdK9YhYFsOdDYz6yf6r1sQWy2n7d0POkeNTPn0Vl1mVrGqOx7tPfWS0uhp1RMSiCJN7hC0hPhJNBo4iNmVzCCsn9cjXpB5sJQcM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101132+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727931691911.5102234648052; Mon, 13 Mar 2023 10:18:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id XdHUYY1788612x13Rev10OxA; Mon, 13 Mar 2023 10:18:51 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web11.26508.1678727930370857584 for ; Mon, 13 Mar 2023 10:18:50 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id CE04AB811B3; Mon, 13 Mar 2023 17:18:48 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6423CC433A0; Mon, 13 Mar 2023 17:18:45 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 28/38] ArmVirtPkg/ArmVirtQemu: Enable hardware enforced W^X memory permissions Date: Mon, 13 Mar 2023 18:17:04 +0100 Message-Id: <20230313171714.3866151-29-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 430zVxmSCdZaUosnh6kUv5QPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727931; bh=123Mq8GE+1djZusyPCHc+tezngycZl0rttXXFcqy4rU=; h=Cc:Date:From:Reply-To:Subject:To; b=fX3kyC/xh+vezSLIlukIGsIu0bmwC9nU9qgoj452/2Ssi0Y546nw5xZDS5Bp7XvA4J5 O0u7oMxz+bbZvuT9E4ybNt3WhvPBU0Hkmu0kC9tFOk2PIpxWBgdcMXM2chatXyqVSjTJd SOK+HjNX8dC1LlxyudlGCcMM3mvBaCKrIEU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727932360100005 Content-Type: text/plain; charset="utf-8" Enable the WXN system control bit straight out of reset when running in EL1 with the initial ID map from flash. This setting will be inherited by the page table code after it sets up the permanent boot time page tables, resulting in all memory mappings that are not explicitly mapped as read-only to be non-executable. Note that this requires runtime drivers to be built with position independent codegen, to ensure that all absolute symbol references are moved into a separate section in the binary. Otherwise, unmapping the pages that are subject to relocation fixups at runtime (during the invocation of SetVirtualAddressMap()) could result in code mappings losing their executable permissions. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmVirtPkg/ArmVirt.dsc.inc | 1 + ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 5b18184be263..928dd6330edb 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -31,6 +31,7 @@ [BuildOptions.common.EDKII.DXE_CORE,BuildOptions.common.E= DKII.DXE_DRIVER,BuildOp =20 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS =3D -z common-page-size=3D0x1000 + GCC:*_*_AARCH64_CC_FLAGS =3D -fpie GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x10000 =20 [LibraryClasses.common] diff --git a/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelpe= r.S b/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S index 5ac7c732f6ec..51c089a45ffc 100644 --- a/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S +++ b/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S @@ -38,7 +38,7 @@ .set SCTLR_EL1_ITD, 0x1 << 7 .set SCTLR_EL1_RES1, (0x1 << 11) | (0x1 << 20) | (0x1 << 22) | (0= x1 << 28) | (0x1 << 29) .set sctlrval, SCTLR_ELx_M | SCTLR_ELx_C | SCTLR_ELx_SA | SCTLR_EL1_IT= D | SCTLR_EL1_SED - .set sctlrval, sctlrval | SCTLR_ELx_I | SCTLR_EL1_SPAN | SCTLR_EL1_RES1 + .set sctlrval, sctlrval | SCTLR_ELx_I | SCTLR_EL1_SPAN | SCTLR_EL1_RES= 1 | SCTLR_EL1_WXN =20 =20 ASM_FUNC(ArmPlatformPeiBootAction) --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101132): https://edk2.groups.io/g/devel/message/101132 Mute This Topic: https://groups.io/mt/97586039/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101133+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101133+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727932; cv=none; d=zohomail.com; s=zohoarc; b=ZExQrBtlB3Dviq287HtBG6ZDOSVFgA1Tgu/BW9vSGliowj3kJza2kD+QHwPlHgpufCKchJOKntD50cUT8yLBxDbReExOn7rhXArIUwho4Tgnto9UpZ+WWr/X8T8bo8uswuOEyaK57WFX+TyPvZ29gM5jZVelUat1k6FZ19M8soA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727932; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=oWXhRDu8Pi7FFjkhtq0gI9DJ6G4Yh+zh8IM2z1Agtu0=; b=RZGRaJrvZ+zdniEW4CcETqgT2+CwUM/a5BTR4gv67j165wX/nA0RziNoxA3kOqSD+vNFqlUG6yuC7JwkILKxvG6tNJ3zP62WoHaHLyJLEnq/AaP+LXZBzdtDxIQ9ODoQmGjUDtFf/lmo1i1enDDPACMGChCfOZ9ri5H1xrW4DcM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101133+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16787279322023.9855745670611213; Mon, 13 Mar 2023 10:18:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id vNF6YY1788612xyKwQa9x2YU; Mon, 13 Mar 2023 10:18:51 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26509.1678727931289257805 for ; Mon, 13 Mar 2023 10:18:51 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CD69D61365; Mon, 13 Mar 2023 17:18:50 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D0C4C4339B; Mon, 13 Mar 2023 17:18:47 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 29/38] MdePkg/PeCoffLib: Capture DLL characteristics field in image context Date: Mon, 13 Mar 2023 18:17:05 +0100 Message-Id: <20230313171714.3866151-30-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: le3wzFRP8V5bMowzzzMqtwRbx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727931; bh=gvxd86qxAP6IoxB2orbgAV+Qc+2jiwIquUgtV0ewy8E=; h=Cc:Date:From:Reply-To:Subject:To; b=ppIbkjoNITpLR589eZUtmckNwaOPFLDiHm6UDWVHmtoqkjTZ/eXcXNkFSCfuZMAHKaX lGJ7tPw4HapJTHyBB7FgugOQkX17MsvsHChqj8sVtXPkCnq7hMlJuS9JxRhtgH0A52Llg KZTFpRiPqfb2aGW78m1/ukJg4apE2pSM/xk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727934457100002 Content-Type: text/plain; charset="utf-8" When loading a PE/COFF image, capture the DLL characteristics field of the header into our image context structure so we can refer to it when mapping the image. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdePkg/Include/Library/PeCoffLib.h | 4 ++++ MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 23 +++++++++++--------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/MdePkg/Include/Library/PeCoffLib.h b/MdePkg/Include/Library/Pe= CoffLib.h index df2f7f5e5961..cb48b4a8f85c 100644 --- a/MdePkg/Include/Library/PeCoffLib.h +++ b/MdePkg/Include/Library/PeCoffLib.h @@ -171,6 +171,10 @@ typedef struct { /// UINT16 ImageType; /// + /// Set by PeCoffLoaderGetImageInfo() to the DLL flags stored in the PE/= COFF header. + /// + UINT16 DllCharacteristics; + /// /// Set by PeCoffLoaderGetImageInfo() to TRUE if the PE/COFF image does = not contain /// relocation information. /// diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/Bas= ePeCoffLib/BasePeCoff.c index 31e1f2035963..fb6847e62a8d 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c @@ -308,10 +308,11 @@ PeCoffLoaderGetPeHeader ( // // Use PE32 offset // - ImageContext->ImageType =3D Hdr.Pe32->OptionalHeader.Subsyste= m; - ImageContext->ImageSize =3D (UINT64)Hdr.Pe32->OptionalHeader.= SizeOfImage; - ImageContext->SectionAlignment =3D Hdr.Pe32->OptionalHeader.SectionA= lignment; - ImageContext->SizeOfHeaders =3D Hdr.Pe32->OptionalHeader.SizeOfHe= aders; + ImageContext->ImageType =3D Hdr.Pe32->OptionalHeader.Subsys= tem; + ImageContext->ImageSize =3D (UINT64)Hdr.Pe32->OptionalHeade= r.SizeOfImage; + ImageContext->SectionAlignment =3D Hdr.Pe32->OptionalHeader.Sectio= nAlignment; + ImageContext->SizeOfHeaders =3D Hdr.Pe32->OptionalHeader.SizeOf= Headers; + ImageContext->DllCharacteristics =3D Hdr.Pe32->OptionalHeader.DllCha= racteristics; } else if (Hdr.Pe32->OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL= _HDR64_MAGIC) { // // 1. Check FileHeader.NumberOfRvaAndSizes filed. @@ -429,10 +430,11 @@ PeCoffLoaderGetPeHeader ( // // Use PE32+ offset // - ImageContext->ImageType =3D Hdr.Pe32Plus->OptionalHeader.Subs= ystem; - ImageContext->ImageSize =3D (UINT64)Hdr.Pe32Plus->OptionalHea= der.SizeOfImage; - ImageContext->SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.Sect= ionAlignment; - ImageContext->SizeOfHeaders =3D Hdr.Pe32Plus->OptionalHeader.Size= OfHeaders; + ImageContext->ImageType =3D Hdr.Pe32Plus->OptionalHeader.Su= bsystem; + ImageContext->ImageSize =3D (UINT64)Hdr.Pe32Plus->OptionalH= eader.SizeOfImage; + ImageContext->SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.Se= ctionAlignment; + ImageContext->SizeOfHeaders =3D Hdr.Pe32Plus->OptionalHeader.Si= zeOfHeaders; + ImageContext->DllCharacteristics =3D Hdr.Pe32Plus->OptionalHeader.Dl= lCharacteristics; } else { ImageContext->ImageError =3D IMAGE_ERROR_INVALID_MACHINE_TYPE; return RETURN_UNSUPPORTED; @@ -545,8 +547,9 @@ PeCoffLoaderGetPeHeader ( Retrieves information about a PE/COFF image. =20 Computes the PeCoffHeaderOffset, IsTeImage, ImageType, ImageAddress, Ima= geSize, - DestinationAddress, RelocationsStripped, SectionAlignment, SizeOfHeaders= , and - DebugDirectoryEntryRva fields of the ImageContext structure. + DestinationAddress, RelocationsStripped, SectionAlignment, SizeOfHeaders, + DllCharacteristics, and DebugDirectoryEntryRva fields of the ImageContext + structure. If ImageContext is NULL, then return RETURN_INVALID_PARAMETER. If the PE/COFF image accessed through the ImageRead service in the Image= Context structure is not a supported PE/COFF image type, then return RETURN_UNSU= PPORTED. --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101133): https://edk2.groups.io/g/devel/message/101133 Mute This Topic: https://groups.io/mt/97586040/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101134+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101134+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727937; cv=none; d=zohomail.com; s=zohoarc; b=JDNw0R4Qz/uQ7DOXWdTFhU1KzjbTVsatGTbWllN4mjp4vspUIqqxec21SrLh/y+t8jYhyslkmbZBtmjuFsh8Q/CgFnSY/WggwULiC77PpiyhVkHO7ZL3utnnqJ2gN7iXN6Q4ZMv4od55A9aEra9W4lHIT6brS5R0hSHTII4Su5o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727937; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=a1g31OYKj1E3L4QT5m02FrWcnJBs4lAdX/lyWG+HqFU=; b=O49lMRA9klcU/0w2iUHNU/4DFxYw/Qbe957vvYSbMslEuqkhZvALus4WTw/IwAb+JWFOugKfrndo9eewSGPiaInFAqjmADWsgUKbdwIjBxetUFQcjYsB/UrR8XpLOVgwTpMl8RnuVT/+07yZ7x7zQzqTLBFPRJUj+fW7jOZ2Sn4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101134+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727937020507.7095569282791; Mon, 13 Mar 2023 10:18:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 7HiOYY1788612xvTaa8Af6Ut; Mon, 13 Mar 2023 10:18:56 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25825.1678727935644706118 for ; Mon, 13 Mar 2023 10:18:56 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 1DFE6B811C1; Mon, 13 Mar 2023 17:18:54 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id ACC72C4339E; Mon, 13 Mar 2023 17:18:50 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 30/38] MdePkg/IndustryStandard: PeImage.h: Import DLL characteristics Date: Mon, 13 Mar 2023 18:17:06 +0100 Message-Id: <20230313171714.3866151-31-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: ygBBbqogcMH8dwPPhZwjixL6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727936; bh=F1UMMuSfGA3YVj2fdQ04yP22E1LOcuXCbvcAQm/2W7o=; h=Cc:Date:From:Reply-To:Subject:To; b=YV8bGKtnRfvOuXFeqXWBb0H8tSR1W5XbqwYKghh8xYnXIfp97Q2mvrG9FhfJuO7FbtF jSikcHvWmZPTiGubF5M3ZD65UG+SqYAN+HvdNmgXW+rqZQ4q2DGFP1HKMvXWk7OlomdBF r4x85RxaJvh3Sd6s7TMqWbOo2bKTyY5d3rM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727938419100002 Content-Type: text/plain; charset="utf-8" Add the various symbolic constants that the PE/COFF spec v8.3 defines for the DllCharacteristics field of the PE optional header as preprocessor macros so we can test for them in C code. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdePkg/Include/IndustryStandard/PeImage.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/MdePkg/Include/IndustryStandard/PeImage.h b/MdePkg/Include/Ind= ustryStandard/PeImage.h index dd4cc25483bc..f8d726b88353 100644 --- a/MdePkg/Include/IndustryStandard/PeImage.h +++ b/MdePkg/Include/IndustryStandard/PeImage.h @@ -108,6 +108,21 @@ typedef struct { #define EFI_IMAGE_FILE_DLL BIT13 ///< 0x2000 File is = a DLL. #define EFI_IMAGE_FILE_BYTES_REVERSED_HI BIT15 ///< 0x8000 Bytes of= machine word are reversed. =20 +/// +/// DLL Characteristics +/// +#define EFI_IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA BIT5 ///< 0x= 0020 Image can handle a high entropy 64-bit VA space. +#define EFI_IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE BIT6 ///< 0x= 0040 DLL can be relocated at load time. +#define EFI_IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY BIT7 ///< 0x= 0080 Code Integrity checks are enforced. +#define EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT BIT8 ///< 0x= 0100 Image is NX compatible. +#define EFI_IMAGE_DLLCHARACTERISTICS_NO_ISOLATION BIT9 ///< 0x= 0200 Isolation aware, but do not isolate the image. +#define EFI_IMAGE_DLLCHARACTERISTICS_NO_SEH BIT10 ///< 0x= 0400 Does not use structured exception (SE) handling. +#define EFI_IMAGE_DLLCHARACTERISTICS_NO_BIND BIT11 ///< 0x= 0800 Do not bind the image. +#define EFI_IMAGE_DLLCHARACTERISTICS_APPCONTAINER BIT12 ///< 0x= 1000 Image must execute in an AppContainer. +#define EFI_IMAGE_DLLCHARACTERISTICS_WDM_DRIVER BIT13 ///< 0x= 2000 A WDM driver. +#define EFI_IMAGE_DLLCHARACTERISTICS_GUARD_CF BIT14 ///< 0x= 4000 Image supports Control Flow Guard. +#define EFI_IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE BIT15 ///< 0x= 8000 Terminal Server aware. + /// /// Header Data Directories. /// --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101134): https://edk2.groups.io/g/devel/message/101134 Mute This Topic: https://groups.io/mt/97586047/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101135+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101135+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727939; cv=none; d=zohomail.com; s=zohoarc; b=WW0h/KLa4WDlp846+bp1I9v7n4Zv6cI6DSAl0uzgygq7Azyt9Q2Rrzh8mVDZYbf3ba5Yg2UbbSSmNBfhGxz8RilK5I80tBStidxjUxfMii+FvYGuD84ZIVVc5bNzvJ8gX3otqQ0tqiGe6j1K4N4zyZFBH6YKMiFazJ4KtlVeHeE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727939; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=uxT6lhLbtapEVfO2QwNZghxQbfWXgvt5uQo5x4QAGoU=; b=I5o+r0MHxjII8TQfnaeKTcAjN5eD0cIFDOr2nBRCkM9RbdM4vXGA+1RroiLXdBEmSpke/a6YAG9gELX4jmcNIGN86jlmth5vUkdLcKgyuzyiEtxw4DQPJ9B5smPL2FpeM85aerAq05C2JxqeTA+01QuG3IA0+NSD7+fjBCKulcg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101135+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727939355546.3787307878492; Mon, 13 Mar 2023 10:18:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QbzEYY1788612xoeRu9g4C7M; Mon, 13 Mar 2023 10:18:59 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web11.26515.1678727938310544216 for ; Mon, 13 Mar 2023 10:18:58 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B7E25B811B3; Mon, 13 Mar 2023 17:18:56 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5451BC433A1; Mon, 13 Mar 2023 17:18:53 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 31/38] MdeModulePkg/DxeCore: Remove redundant DEBUG statements Date: Mon, 13 Mar 2023 18:17:07 +0100 Message-Id: <20230313171714.3866151-32-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: F5GQXI1HHyJgrcopnN7jCmbxx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727939; bh=qBRF4AgB+337fW5Qrvk1d530xOAQkPBv4x85IToY7sA=; h=Cc:Date:From:Reply-To:Subject:To; b=frkAh20dRG4FrpuqU3eIGhyQwXgrf+7hoVVhMmHrVTBtHPnAHCbyPD5VwNxZmFjAF1Y wruzx+YUYLw86S786rVqN8Mpwoxy4e0XWuYv6b1H3GqhXarlwV3fe00PgllE/3boePZLv qXms7b0Dw+qS1IJxbu/oIeZLTv+Cofc+/NA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727940405100005 Content-Type: text/plain; charset="utf-8" The image name is printed at DEBUG_VERBOSE level already when entering the routine that enables the memory protections, so printing it again after issuing a warning is unnecessary - let's remove it. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 8df3e881c5c4..85c5a6a7c758 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -477,11 +477,6 @@ ProtectUefiImage ( "!!!!!!!! ProtectUefiImageCommon - Section Alignment(0x%x) is incor= rect !!!!!!!!\n", SectionAlignment )); - PdbPointer =3D PeCoffLoaderGetPdbPointer ((VOID *)(UINTN)ImageAddress); - if (PdbPointer !=3D NULL) { - DEBUG ((DEBUG_VERBOSE, "!!!!!!!! Image - %a !!!!!!!!\n", PdbPointe= r)); - } - goto Finish; } =20 @@ -558,11 +553,6 @@ ProtectUefiImage ( // of course). // DEBUG ((DEBUG_WARN, "!!!!!!!! ProtectUefiImageCommon - CodeSegmentCou= nt is 0 !!!!!!!!\n")); - PdbPointer =3D PeCoffLoaderGetPdbPointer ((VOID *)(UINTN)ImageAddress); - if (PdbPointer !=3D NULL) { - DEBUG ((DEBUG_WARN, "!!!!!!!! Image - %a !!!!!!!!\n", PdbPointer)); - } - goto Finish; } =20 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101135): https://edk2.groups.io/g/devel/message/101135 Mute This Topic: https://groups.io/mt/97586049/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101136+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101136+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727942; cv=none; d=zohomail.com; s=zohoarc; b=ESwKcV+PBAXBbFWmxrynVdrpZ4LUpaMQrDMxd49t2F2qh8UrV+uU0GzQVi5VmMXBv1XUIxKpcysxfM2DJMrzS4KOMPiuoJOgl95E4d3qAsK3ON8qDU8oZ86iPEGXlKQk2rMFrVrdZBUOLOyCl3VjG4FvLxfErRmgqSMeaLbL1ho= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727942; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=eBP+kHjg9HytJV3MyZliIbZS7w9mutEnTS0r0Xi8WSQ=; b=hkxqpqOnaAOme75YEyrtBB7Wq24YhcDczqeiaHKFviqgGA3OwtuoQiyAqSKwceW3aMXOjzicwUy8Od6LzIH9ilLmNegoXHxiA67cYPva5sGzkg66IC2ZztQITeTFxQRk/cz6u8Bk/+6AD3TxZ3js01PQ4zdeZ/OSibcmJSyzL+4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101136+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727942222538.2362331581134; Mon, 13 Mar 2023 10:19:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bVGCYY1788612xiNTntzPlaS; Mon, 13 Mar 2023 10:19:01 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25828.1678727941027614545 for ; Mon, 13 Mar 2023 10:19:01 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 6EE60B8119D; Mon, 13 Mar 2023 17:18:59 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id EF414C433A7; Mon, 13 Mar 2023 17:18:55 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 32/38] MdeModulePkg/DxeCore: Update memory protections before freeing a region Date: Mon, 13 Mar 2023 18:17:08 +0100 Message-Id: <20230313171714.3866151-33-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: zLTHQL5RAvpH13roZTdX2uv3x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727941; bh=b1ukQ6NqIjTiIx859DwUi6cHyDdQMdrKFEFtRbNtiuw=; h=Cc:Date:From:Reply-To:Subject:To; b=GAI52XZEK3MvF6SytpXHadIbVxaEXe6STyfDXpKoQa+AstG+4zDgrwo6gCMQZ70q3HC 3zussx6kB/zUHZaY6xWAeYeZY+nTFAg7FIgIcbN+ZeR2rM7ZCH7YGultL4U5Z3Z3DOG0o nnl8PJAHGAx04w0FDaDlQkCkfNC//PxjbvQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727942424100009 Content-Type: text/plain; charset="utf-8" Currently, we invoke ApplyMemoryProtectionPolicy() after CoreInternalFreePages() has returned successfully, in order to update the memory permission attributes of the region to match the policy for EfiConventionalMemory. There are two problems with that: - CoreInternalFreePages() will round up the size of the allocation to the appropriate alignment of the memory type, but we only remap the number of pages that was passed by the caller, leaving the remaining pages freed but mapped with the old permissions; - in DEBUG builds, we may attempt to clear the entire region while it is still mapped with read-only or read-protect attributes. Let's address both issues, by updating the permissions before performing the actual conversion. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Mem/Page.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/P= age.c index 5903ce7ab525..f5b940bbc25b 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -1519,8 +1519,8 @@ CoreAllocatePages ( @return EFI_SUCCESS -Pages successfully freed. =20 **/ +STATIC EFI_STATUS -EFIAPI CoreInternalFreePages ( IN EFI_PHYSICAL_ADDRESS Memory, IN UINTN NumberOfPages, @@ -1574,6 +1574,13 @@ CoreInternalFreePages ( NumberOfPages +=3D EFI_SIZE_TO_PAGES (Alignment) - 1; NumberOfPages &=3D ~(EFI_SIZE_TO_PAGES (Alignment) - 1); =20 + ApplyMemoryProtectionPolicy ( + Entry->Type, + EfiConventionalMemory, + Memory, + EFI_PAGES_TO_SIZE (NumberOfPages) + ); + if (MemoryType !=3D NULL) { *MemoryType =3D Entry->Type; } @@ -1628,12 +1635,6 @@ CoreFreePages ( NULL ); InstallMemoryAttributesTableOnMemoryAllocation (MemoryType); - ApplyMemoryProtectionPolicy ( - MemoryType, - EfiConventionalMemory, - Memory, - EFI_PAGES_TO_SIZE (NumberOfPages) - ); } =20 return Status; --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101136): https://edk2.groups.io/g/devel/message/101136 Mute This Topic: https://groups.io/mt/97586052/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101137+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101137+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727945; cv=none; d=zohomail.com; s=zohoarc; b=F2LcLMekchRWdcnPXr5lzR9A9JmIWqtuyRGlQFH5Qt9sXsznFNKVMJ4w1QPotQGIiRvqijiajasvTQeGvwEXRTAtuw9tJ2q9mPKW/Ozaq9Zt4kWVUgvRqGbLDNhz4k2qqvFU6xhoFVhuZzVeMjtB8z4z0aZ4CJQO9dmQ37qaBAI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727945; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=bP+YQUUiydvmHKzufp84VWZogFZ+jot1M9dtNUTEP+0=; b=J9pglkEwWr42ZagvJKbNV37maSaajSVCREyKkYLO4bc9ZORQrPiIXM/ezlEavadtQyKZ1Sg/IjOHR2LWBs63y+F6BcGubkQN9oV9DqBwaxAOFwY2tl82l6hKepKVgxkFwOFBNJ31ID5qDA0NPLWpWutt0LiDscq4pJd5/zUYQss= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101137+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 167872794527285.2121678816103; Mon, 13 Mar 2023 10:19:05 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id g8f1YY1788612xX98gWu7Qe6; Mon, 13 Mar 2023 10:19:04 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25831.1678727943638246589 for ; Mon, 13 Mar 2023 10:19:04 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 22D52B811AC; Mon, 13 Mar 2023 17:19:02 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 96351C4339E; Mon, 13 Mar 2023 17:18:58 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 33/38] MdeModulePkg/DxeCore: Disregard runtime alignment for image protection Date: Mon, 13 Mar 2023 18:17:09 +0100 Message-Id: <20230313171714.3866151-34-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: ww74Tc5f42nvgX0kG6OmNRsqx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727944; bh=YJNtim0+vZ7yD/R2dtSudkHD3vEJpBwSzRu4qHTd1Ig=; h=Cc:Date:From:Reply-To:Subject:To; b=Lw9WxlW9OD0ubsIl9mpHqVKyaURrrTqIi3Di6ehkVb3k3KZQzmgDqqvUTF/NPCDyUXB 5nNfD8Tv4703yaIwKSJWeMvMbdtYNRCL5eOTfg66iwkpOhG++aZDqxci6o2uKZokNtT3N 8qKKT9zJWkF0jC39Gd99ZqsMLQXyoxFhW9Y= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727946478100014 Content-Type: text/plain; charset="utf-8" Image protection in DXE pertains to the memory permission attributes used at boot time, when the page size is guaranteed to be 4k. Whether or not the minimum section alignment is even higher when running under the OS is not relevant here, so just use the EFI page size as the minimum section alignment directly. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 49 +------------------- 1 file changed, 1 insertion(+), 48 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 85c5a6a7c758..045e2f391bc0 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -304,51 +304,6 @@ SetUefiImageProtectionAttributes ( return; } =20 -/** - Return if the PE image section is aligned. - - @param[in] SectionAlignment PE/COFF section alignment - @param[in] MemoryType PE/COFF image memory type - - @retval TRUE The PE image section is aligned. - @retval FALSE The PE image section is not aligned. -**/ -BOOLEAN -IsMemoryProtectionSectionAligned ( - IN UINT32 SectionAlignment, - IN EFI_MEMORY_TYPE MemoryType - ) -{ - UINT32 PageAlignment; - - switch (MemoryType) { - case EfiRuntimeServicesCode: - case EfiACPIMemoryNVS: - PageAlignment =3D RUNTIME_PAGE_ALLOCATION_GRANULARITY; - break; - case EfiRuntimeServicesData: - case EfiACPIReclaimMemory: - ASSERT (FALSE); - PageAlignment =3D RUNTIME_PAGE_ALLOCATION_GRANULARITY; - break; - case EfiBootServicesCode: - case EfiLoaderCode: - case EfiReservedMemoryType: - PageAlignment =3D EFI_PAGE_SIZE; - break; - default: - ASSERT (FALSE); - PageAlignment =3D EFI_PAGE_SIZE; - break; - } - - if ((SectionAlignment & (PageAlignment - 1)) !=3D 0) { - return FALSE; - } else { - return TRUE; - } -} - /** Free Image record. =20 @@ -404,7 +359,6 @@ ProtectUefiImage ( IMAGE_PROPERTIES_RECORD *ImageRecord; CHAR8 *PdbPointer; IMAGE_PROPERTIES_RECORD_CODE_SECTION *ImageRecordCodeSection; - BOOLEAN IsAligned; UINT32 ProtectionPolicy; =20 DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage)); @@ -470,8 +424,7 @@ ProtectUefiImage ( SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.SectionAlignment; } =20 - IsAligned =3D IsMemoryProtectionSectionAligned (SectionAlignment, Loaded= Image->ImageCodeType); - if (!IsAligned) { + if (SectionAlignment >=3D EFI_PAGE_SIZE) { DEBUG (( DEBUG_VERBOSE, "!!!!!!!! ProtectUefiImageCommon - Section Alignment(0x%x) is incor= rect !!!!!!!!\n", --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101137): https://edk2.groups.io/g/devel/message/101137 Mute This Topic: https://groups.io/mt/97586054/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101138+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101138+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727947; cv=none; d=zohomail.com; s=zohoarc; b=ixLzaxhfBnXW4/4mJz4ApfnRS3uywHru+1QJsKcvdzQSFQcEVEqKKGOjLIJazg3pztxqGLbV83TyEUHaaQuBH3jwTD+MQi4Xj43aTx3DK6CM4ntrng9VAhddWOXpJmiDV3ssOxG8q1phdSA1i3OF0Bq5ljsldd4gwN3shzUHSYM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727947; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=FwnXH+4QmvO/tSWx71EinFenJW0MJfFDY0sLilp4Qus=; b=EJGX9/oA+dn3n2YCrO1NqTZ9UzTK0EyOxO8XoheSYJuiadfEFPDTSh1m2jR266auNx4tcJXbQg+EbUuYM7wdg9s21IguYdLBT2g7+7bbijKm/BZWHTnd0sm2mQ9jJ93rPR/GSPzRzkERXW3z0DMxrzFc5soJPCh2NEhTJs0CjyU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101138+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727947578455.906052209354; Mon, 13 Mar 2023 10:19:07 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id sf9JYY1788612xgIg1TcAtYA; Mon, 13 Mar 2023 10:19:07 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25832.1678727946276263645 for ; Mon, 13 Mar 2023 10:19:06 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id BC02EB8119D; Mon, 13 Mar 2023 17:19:04 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D702C433D2; Mon, 13 Mar 2023 17:19:01 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 34/38] MdeModulePkg/DxeCore: Deal with failure in UefiProtectImage() Date: Mon, 13 Mar 2023 18:17:10 +0100 Message-Id: <20230313171714.3866151-35-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: mhG29P9WpPMkI81Jyn2TQdB9x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727947; bh=Iel7+u328a4uc01GiNW5wl99swg3XonUb1av+X9F35s=; h=Cc:Date:From:Reply-To:Subject:To; b=eXFmofMXst5LCqhM9n4b0FZwn4XFgH5SGRzZJ8HMe/4vrIjdEcuVWUVfOuJPKBw5Ebv JXBc4VIpNs5OLOKG7Ets9zaLrPD0alnl2WsIyP68gn1G1UfvWQjxgv1H2qMcf46tzSXFR C0ZB0ABlcmvFZBIXq4D8PXu3gnMOjFUGUBM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727948560100018 Content-Type: text/plain; charset="utf-8" In preparation for adding support for a more restrictive NX memory policy, update the prototype of UefiProtectImage() so it returns a EFI_STATUS, and deal with its failure in CoreLoadImage. This should never fail for the DxeCore itself or for drivers that are loaded before the CPU arch protocol is dispatched, so in those cases, an ASSERT() is sufficient. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/DxeMain.h | 6 +++++- MdeModulePkg/Core/Dxe/Image/Image.c | 8 ++++++-- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 21 ++++++++++++-------- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMai= n.h index 815a6b4bd844..b618feded39e 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -2733,8 +2733,12 @@ RemoveImageRecord ( =20 @param[in] LoadedImage The loaded image protocol @param[in] LoadedImageDevicePath The loaded image device path protoc= ol + + @return EFI_SUCCESS Image protection was configured according to t= he + applicable policy. + @return other Image protection could not be applied. **/ -VOID +EFI_STATUS ProtectUefiImage ( IN EFI_LOADED_IMAGE_PROTOCOL *LoadedImage, IN EFI_DEVICE_PATH_PROTOCOL *LoadedImageDevicePath diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Im= age/Image.c index 8704ebea9a7c..df2afbc299e3 100644 --- a/MdeModulePkg/Core/Dxe/Image/Image.c +++ b/MdeModulePkg/Core/Dxe/Image/Image.c @@ -270,7 +270,8 @@ CoreInitializeImageServices ( =20 InitializeListHead (&mAvailableEmulators); =20 - ProtectUefiImage (&Image->Info, Image->LoadedImageDevicePath); + Status =3D ProtectUefiImage (&Image->Info, Image->LoadedImageDevicePath); + ASSERT_EFI_ERROR (Status); =20 return Status; } @@ -1448,7 +1449,10 @@ CoreLoadImageCommon ( } } =20 - ProtectUefiImage (&Image->Info, Image->LoadedImageDevicePath); + Status =3D ProtectUefiImage (&Image->Info, Image->LoadedImageDevicePath); + if (EFI_ERROR (Status)) { + goto Done; + } =20 // // Success. Return the image handle diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 045e2f391bc0..301ddd6eb053 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -341,8 +341,12 @@ FreeImageRecord ( =20 @param[in] LoadedImage The loaded image protocol @param[in] LoadedImageDevicePath The loaded image device path protoc= ol + + @return EFI_SUCCESS Image protection was configured according to t= he + applicable policy. + @return other Image protection could not be applied. **/ -VOID +EFI_STATUS ProtectUefiImage ( IN EFI_LOADED_IMAGE_PROTOCOL *LoadedImage, IN EFI_DEVICE_PATH_PROTOCOL *LoadedImageDevicePath @@ -365,23 +369,23 @@ ProtectUefiImage ( DEBUG ((DEBUG_INFO, " - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(= UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize)); =20 if (gCpuSetMemoryAttributes =3D=3D NULL) { - return; + return EFI_SUCCESS; } =20 ProtectionPolicy =3D GetUefiImageProtectionPolicy (LoadedImage, LoadedIm= ageDevicePath); switch (ProtectionPolicy) { case DO_NOT_PROTECT: - return; + return EFI_SUCCESS; case PROTECT_IF_ALIGNED_ELSE_ALLOW: break; default: ASSERT (FALSE); - return; + return EFI_SUCCESS; } =20 ImageRecord =3D AllocateZeroPool (sizeof (*ImageRecord)); if (ImageRecord =3D=3D NULL) { - return; + return EFI_SUCCESS; } =20 ImageRecord->Signature =3D IMAGE_PROPERTIES_RECORD_SIGNATURE; @@ -481,7 +485,7 @@ ProtectUefiImage ( // ImageRecordCodeSection =3D AllocatePool (sizeof (*ImageRecordCodeSec= tion)); if (ImageRecordCodeSection =3D=3D NULL) { - return; + return EFI_SUCCESS; } =20 ImageRecordCodeSection->Signature =3D IMAGE_PROPERTIES_RECORD_CODE_S= ECTION_SIGNATURE; @@ -538,7 +542,7 @@ ProtectUefiImage ( InsertTailList (&mProtectedImageRecordList, &ImageRecord->Link); =20 Finish: - return; + return EFI_SUCCESS; } =20 /** @@ -988,7 +992,8 @@ MemoryProtectionCpuArchProtocolNotify ( LoadedImageDevicePath =3D NULL; } =20 - ProtectUefiImage (LoadedImage, LoadedImageDevicePath); + Status =3D ProtectUefiImage (LoadedImage, LoadedImageDevicePath); + ASSERT_EFI_ERROR (Status); } =20 FreePool (HandleBuffer); --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101138): https://edk2.groups.io/g/devel/message/101138 Mute This Topic: https://groups.io/mt/97586055/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101139+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101139+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727950; cv=none; d=zohomail.com; s=zohoarc; b=EjOg4V4ZKVmJV8hbLszMKwLoR8wdRPw8EE0xf5wQl19M+mxFgz31vHVK5ESVXaTA5r2hrbGxrAK67t28t7N8A+8ZIJyWdbGDDLnd05ZwoZf4S0J77bNZtyntOiWgyijdkv6Xza2+e/tm7nzOkjqnmUrFd1pHf/ca9hZIYO9y+6U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727950; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2PZMdU1wBIpj/H2q9pDp7vm8ET8dOZTkm2JZysj7QAg=; b=OyTVfCjEplBpS06TeJ9rvnAvWjMToR4QsY6JJ68ht5YNkU+iX/VEoHHsWvAD+4KfulUELnTmm228KUlvFNyYAFZ3CBE/LR10SNBKYnyPPSvcPxGz1TRwjEEZNiNU66cVzQkD3y+3FwH9A5xaRQmPkDn7Uhu4+2RN9nYinqK+BKI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101139+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727950292191.73202776719825; Mon, 13 Mar 2023 10:19:10 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id LEBgYY1788612xy8kWNvCYGu; Mon, 13 Mar 2023 10:19:09 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web11.26521.1678727948933130809 for ; Mon, 13 Mar 2023 10:19:09 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5D435B811B3; Mon, 13 Mar 2023 17:19:07 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id D84D4C433A0; Mon, 13 Mar 2023 17:19:03 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 35/38] MdeModulePkg/DxeCore: Clear NX permissions on non-protected images Date: Mon, 13 Mar 2023 18:17:11 +0100 Message-Id: <20230313171714.3866151-36-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: I0k6FzwqvxJsKqHNgWt8gPrbx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727949; bh=s0TuGQ/RT0pp9wDR6id2r0qvdbKL1Gu4sY8HZ5V3FrA=; h=Cc:Date:From:Reply-To:Subject:To; b=e5LAYFKzIhWJHdCqZzKObiDEIOFDKziXaU4B49bg5II3Itc1pv/ic7eos98kZp1+a91 ymJrCaTcjoWtQA3lHEypzQovhb79jqvcNMEHkCfm2C4ZYjjZDquiswT/tvjil8X2wO4Fn u3H1Em/IEaPa9jZlbKtUwNfSpRqJUq39fG8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727952526100004 Content-Type: text/plain; charset="utf-8" Currently, we rely on the memory type for loading images being executable by default, and only restrict the permissions if the policy says so, and the image sections are suitably aligned. This requires that the various 'code' memory types are executable by default, which is unfortunate. In order to be able to tighten this, let's update the image protection policy handling so that images that should not be mapped with strict separation of RW- and R-X are remapped RWX explicitly if the memory type used for loading the images is marked as NX by default. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 98 +++++++++++--------- 1 file changed, 54 insertions(+), 44 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 301ddd6eb053..7c7a946c1b48 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -373,11 +373,62 @@ ProtectUefiImage ( } =20 ProtectionPolicy =3D GetUefiImageProtectionPolicy (LoadedImage, LoadedIm= ageDevicePath); + + ImageAddress =3D LoadedImage->ImageBase; + + PdbPointer =3D PeCoffLoaderGetPdbPointer ((VOID *)(UINTN)ImageAddress); + if (PdbPointer !=3D NULL) { + DEBUG ((DEBUG_VERBOSE, " Image - %a\n", PdbPointer)); + } + switch (ProtectionPolicy) { - case DO_NOT_PROTECT: - return EFI_SUCCESS; case PROTECT_IF_ALIGNED_ELSE_ALLOW: - break; + // + // Check PE/COFF image + // + DosHdr =3D (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress; + PeCoffHeaderOffset =3D 0; + if (DosHdr->e_magic =3D=3D EFI_IMAGE_DOS_SIGNATURE) { + PeCoffHeaderOffset =3D DosHdr->e_lfanew; + } + + Hdr.Pe32 =3D (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress= + PeCoffHeaderOffset); + if (Hdr.Pe32->Signature !=3D EFI_IMAGE_NT_SIGNATURE) { + DEBUG ((DEBUG_INFO, "Hdr.Pe32->Signature invalid - 0x%x\n", Hdr.Pe= 32->Signature)); + // It might be image in SMM. + } else { + // + // Get SectionAlignment + // + if (Hdr.Pe32->OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HD= R32_MAGIC) { + SectionAlignment =3D Hdr.Pe32->OptionalHeader.SectionAlignment; + } else { + SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.SectionAlignme= nt; + } + + if (SectionAlignment >=3D EFI_PAGE_SIZE) { + break; + } + + DEBUG (( + DEBUG_VERBOSE, + "!!!!!!!! ProtectUefiImageCommon - Section Alignment(0x%x) is i= ncorrect !!!!!!!!\n", + SectionAlignment + )); + } + // fall through to unprotect image if needed + case DO_NOT_PROTECT: + if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & + LShiftU64 (1, LoadedImage->ImageCodeType)) !=3D 0) + { + SetUefiImageMemoryAttributes ( + (UINTN)LoadedImage->ImageBase, + (LoadedImage->ImageSize + EFI_PAGE_MASK) & ~(UINT64)EFI_PAGE_MAS= K, + 0 + ); + } + + return EFI_SUCCESS; default: ASSERT (FALSE); return EFI_SUCCESS; @@ -396,47 +447,6 @@ ProtectUefiImage ( ImageRecord->ImageBase =3D (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->Ima= geBase; ImageRecord->ImageSize =3D LoadedImage->ImageSize; =20 - ImageAddress =3D LoadedImage->ImageBase; - - PdbPointer =3D PeCoffLoaderGetPdbPointer ((VOID *)(UINTN)ImageAddress); - if (PdbPointer !=3D NULL) { - DEBUG ((DEBUG_VERBOSE, " Image - %a\n", PdbPointer)); - } - - // - // Check PE/COFF image - // - DosHdr =3D (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress; - PeCoffHeaderOffset =3D 0; - if (DosHdr->e_magic =3D=3D EFI_IMAGE_DOS_SIGNATURE) { - PeCoffHeaderOffset =3D DosHdr->e_lfanew; - } - - Hdr.Pe32 =3D (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + P= eCoffHeaderOffset); - if (Hdr.Pe32->Signature !=3D EFI_IMAGE_NT_SIGNATURE) { - DEBUG ((DEBUG_VERBOSE, "Hdr.Pe32->Signature invalid - 0x%x\n", Hdr.Pe3= 2->Signature)); - // It might be image in SMM. - goto Finish; - } - - // - // Get SectionAlignment - // - if (Hdr.Pe32->OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MA= GIC) { - SectionAlignment =3D Hdr.Pe32->OptionalHeader.SectionAlignment; - } else { - SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.SectionAlignment; - } - - if (SectionAlignment >=3D EFI_PAGE_SIZE) { - DEBUG (( - DEBUG_VERBOSE, - "!!!!!!!! ProtectUefiImageCommon - Section Alignment(0x%x) is incor= rect !!!!!!!!\n", - SectionAlignment - )); - goto Finish; - } - Section =3D (EFI_IMAGE_SECTION_HEADER *)( (UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset + --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101139): https://edk2.groups.io/g/devel/message/101139 Mute This Topic: https://groups.io/mt/97586058/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101140+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101140+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727951; cv=none; d=zohomail.com; s=zohoarc; b=KmpY8F83Pz3OAAaMt5SouD71wfEortJFZXTUzjhr3vORrtGb8AAvEXeRdYS2Kxze8wpTv6WRB5VIKXYXp1ZVa1vQ20my4+Y7RCjVT9VEz3LfWzbMMsjbzF5kxDOtp9u3TuZrFv0HPyAHOi35cS0xs2H3FqZggP8hrOG13nuV4Lw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727951; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=GXu8LwwZLLsbRajLhlPiessjyOUOUAIV1jj1klKcSMg=; b=jwRvce2CjEfFQTNzJdq36pT8IUGG+cgnNtCPqARDr4AqaQyA9oKu1j9Vgcjk9X+bH0WaKxQPyyIx2LlSbVglui5QCpC1APYt4k2Nc/JgtuKKh5dqQsdtiiSd/RhP/HakVyKU7oM7ijCqZzaf/TjF2LgxZXC/uVi3RgGWNMfHPsE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101140+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727951561994.7863700653368; Mon, 13 Mar 2023 10:19:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 2WljYY1788612x0VqPH1V0SP; Mon, 13 Mar 2023 10:19:11 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25836.1678727949761493594 for ; Mon, 13 Mar 2023 10:19:09 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4B97261365; Mon, 13 Mar 2023 17:19:09 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 83802C4339E; Mon, 13 Mar 2023 17:19:06 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 36/38] MdeModulePkg/DxeCore: Permit NX protection for code regions Date: Mon, 13 Mar 2023 18:17:12 +0100 Message-Id: <20230313171714.3866151-37-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 6x4oCcuirDdkCH0qlhGcXWaOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727951; bh=hPK+WrCBqQna+C6WdimMtY2/uVe3n5u//dVF7LXPQcg=; h=Cc:Date:From:Reply-To:Subject:To; b=jTX8Rd1MhRQa7DwQFgzphsNruF4wWj8wOxLtaNUrRyb+hq8MyqD033W+GR2W9IZlWWe RpGtJYyADJNAIHDy/KRWkXFdwEZSXwQTlVqwHoKkmcWKxEh8NHzXAUiqTIdLKrtaNAB51 7NOPaEDuSFNWWWM7CHgAKGi+vHFVga9T5SU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727952510100002 Content-Type: text/plain; charset="utf-8" We currently do not permit NX protection for code regions, as these regions are normally populated by the image loader, which will set different permissions for the code and data sections of the PE/COFF image, all of which will be covered by a single code region in the EFI memory map. However, this means that allocating pages of such a code type will always return memory that has both writable and executable permissions, and this is something we want to avoid. So let's rework the NX memory protection init code so it can deal with the NX policy including such code regions as well. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 35 +++++++++++++++----- MdeModulePkg/MdeModulePkg.dec | 3 +- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 7c7a946c1b48..bce211a09c3e 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -624,6 +624,29 @@ GetPermissionAttributeForMemoryType ( } } =20 +/** + Return the EFI memory permission attribute to be used for regions of type + 'MemoryType' when performing the initial remap of all active regions. Th= is + takes into account that code regions should be disregarded in this case. + + @param MemoryType Memory type. +**/ +STATIC +UINT64 +GetInitialPermissionAttributeForMemoryType ( + IN EFI_MEMORY_TYPE MemoryType + ) +{ + switch (MemoryType) { + case EfiBootServicesCode: + case EfiRuntimeServicesCode: + case EfiLoaderCode: + return 0; + default: + return GetPermissionAttributeForMemoryType (MemoryType); + } +} + /** Sort memory map entries based upon PhysicalStart, from low to high. =20 @@ -701,10 +724,10 @@ MergeMemoryMapForProtectionPolicy ( =20 do { MemoryBlockLength =3D (UINT64)(EFI_PAGES_TO_SIZE ((UINTN)MemoryMapEn= try->NumberOfPages)); - Attributes =3D GetPermissionAttributeForMemoryType (MemoryMap= Entry->Type); + Attributes =3D GetInitialPermissionAttributeForMemoryType (Me= moryMapEntry->Type); =20 - if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) && - (Attributes =3D=3D GetPermissionAttributeForMemoryType (NextMemo= ryMapEntry->Type)) && + if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) && (Attributes= !=3D 0) && + (Attributes =3D=3D GetInitialPermissionAttributeForMemoryType (N= extMemoryMapEntry->Type)) && ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) =3D=3D Next= MemoryMapEntry->PhysicalStart)) { MemoryMapEntry->NumberOfPages +=3D NextMemoryMapEntry->NumberOfPag= es; @@ -831,7 +854,7 @@ InitializeDxeNxMemoryProtectionPolicy ( MemoryMapEntry =3D MemoryMap; MemoryMapEnd =3D (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + Memory= MapSize); while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) { - Attributes =3D GetPermissionAttributeForMemoryType (MemoryMapEntry->Ty= pe); + Attributes =3D GetInitialPermissionAttributeForMemoryType (MemoryMapEn= try->Type); if (Attributes !=3D 0) { SetUefiImageMemoryAttributes ( MemoryMapEntry->PhysicalStart, @@ -1129,13 +1152,9 @@ CoreInitializeMemoryProtection ( =20 // // Sanity check the PcdDxeNxMemoryProtectionPolicy setting: - // - code regions should have no EFI_MEMORY_XP attribute // - EfiConventionalMemory and EfiBootServicesData should use the // same attribute // - ASSERT ((GetPermissionAttributeForMemoryType (EfiBootServicesCode) & EFI= _MEMORY_XP) =3D=3D 0); - ASSERT ((GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode) & = EFI_MEMORY_XP) =3D=3D 0); - ASSERT ((GetPermissionAttributeForMemoryType (EfiLoaderCode) & EFI_MEMOR= Y_XP) =3D=3D 0); ASSERT ( GetPermissionAttributeForMemoryType (EfiBootServicesData) =3D=3D GetPermissionAttributeForMemoryType (EfiConventionalMemory) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index e8058c8bfaec..720dec58dfc4 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1388,8 +1388,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # OEM Reserved 0x4000000000000000
# OS Reserved 0x8000000000000000
# - # NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServi= cesCode / EfiRuntimeServicesCode.
- # User MUST set the same NX protection for EfiBootServicesData and= EfiConventionalMemory.
+ # NOTE: User MUST set the same NX protection for EfiBootServicesData and= EfiConventionalMemory.
# # e.g. 0x7FD5 can be used for all memory except Code.
# e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserve= d.
--=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101140): https://edk2.groups.io/g/devel/message/101140 Mute This Topic: https://groups.io/mt/97586059/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101141+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101141+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727955; cv=none; d=zohomail.com; s=zohoarc; b=LGGBqheKXT76SGCvktmonbggUMhiusCKQsu/UahnN8VltwtkW3zC/tREvCq+v4sinN2kqDR7qOK2nCik/SUrVvDK64p3p07HSGPSYrmC1jNLHTp/GzJY/HyN4m//g+dW0YmKq6fPm1uYjvvyN3yqQJTRzzkn1O6qd2wV6g96lnU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727955; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=HA5o7gUzfTVb7sCYeLl3PUrDlTwkfCFTjOR9uJKdLHE=; b=lGEJ5aqZ9yZVUlRYLuXZN/pwywWBRxfwATNR4Ka5U7Tu4peBWjotFYtTjCfqSPRyZYtsDTGi50Lx3EhLWFGGBnPMJhF4uRYYkqf7XBTwVlZMHngfpXTtRWUlM4NvzrxrLy/Bb2FEqK751u4X/gK/T+nEgs95k5DghMgyIwZxc/o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101141+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16787279552667.668085190422403; Mon, 13 Mar 2023 10:19:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 5TgJYY1788612xXluFeiZy8m; Mon, 13 Mar 2023 10:19:14 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.25840.1678727954102829250 for ; Mon, 13 Mar 2023 10:19:14 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 950B1B811AB; Mon, 13 Mar 2023 17:19:12 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 29FDFC433EF; Mon, 13 Mar 2023 17:19:09 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 37/38] MdeModulePkg/DxeCore: Check NX compat when using restricted code regions Date: Mon, 13 Mar 2023 18:17:13 +0100 Message-Id: <20230313171714.3866151-38-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: tjPd9s70jbAwsFfJdat4i4ZWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727954; bh=NS98lKAGgUyjvhF38faGkHQvWGdOByRWSS93C58wWJs=; h=Cc:Date:From:Reply-To:Subject:To; b=lYC7a6zt5fQFcNNYLJplKfhzoSHb1Jd6PyXuWypFfL2CjXRzx/wQ3HprPoSj7pvY3+i ps4KjjYAi+sKzhIlP7e/gofB7VUPwjDiVFYxTmLOBhBI2bTeGV7pxpxCFgTnxgs7H6sLL sP5Pk/rI5hsobJ/EkFEnFkWwKxKnb07y0nk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727956529100003 Content-Type: text/plain; charset="utf-8" We currently do not permit the various 'code' type regions to be covered by the NX memory policy, and so allocations of such types are created as both writable and executable before being populated with executable code. Before adding the ability to protect those regions as well, let's make sure that the images in question are compatible with such a policy, and have the NX_COMPAT DLL flag set in the PE/COFF header. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 38 ++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index bce211a09c3e..91a04ac2ac0b 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -364,6 +364,7 @@ ProtectUefiImage ( CHAR8 *PdbPointer; IMAGE_PROPERTIES_RECORD_CODE_SECTION *ImageRecordCodeSection; UINT32 ProtectionPolicy; + UINT16 DllCharacteristics; =20 DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage)); DEBUG ((DEBUG_INFO, " - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(= UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize)); @@ -401,9 +402,34 @@ ProtectUefiImage ( // Get SectionAlignment // if (Hdr.Pe32->OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HD= R32_MAGIC) { - SectionAlignment =3D Hdr.Pe32->OptionalHeader.SectionAlignment; + SectionAlignment =3D Hdr.Pe32->OptionalHeader.SectionAlignment; + DllCharacteristics =3D Hdr.Pe32->OptionalHeader.DllCharacteristi= cs; } else { - SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.SectionAlignme= nt; + SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.SectionAlign= ment; + DllCharacteristics =3D Hdr.Pe32Plus->OptionalHeader.DllCharacter= istics; + } + + // + // If the NX memory policy applies to the code memory region type = used + // for this image, ensure that the image has the NX compat flag se= t, + // which means that the program's logic does not assume that memory + // allocations are mapped both writable and executable at the same= time. + // Also ensure that the section alignment is sufficient, as otherw= ise, + // the image's code and data sections might share a page that would + // require a mapping that is both writable and executable. + // + if ((LoadedImage !=3D gDxeCoreLoadedImage) && + (GetImageType (LoadedImageDevicePath) !=3D IMAGE_FROM_FV) && + (((DllCharacteristics & EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT= ) =3D=3D 0) || + (SectionAlignment < EFI_PAGE_SIZE)) && + (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & + LShiftU64 (1, LoadedImage->ImageCodeType)) !=3D 0) { + + DEBUG (( + DEBUG_VERBOSE, + "!!!!!!!! ProtectUefiImageCommon - Image does not comply with= NX policy for code memory region type !!!!!!!!\n" + )); + return EFI_UNSUPPORTED; } =20 if (SectionAlignment >=3D EFI_PAGE_SIZE) { @@ -1154,12 +1180,20 @@ CoreInitializeMemoryProtection ( // Sanity check the PcdDxeNxMemoryProtectionPolicy setting: // - EfiConventionalMemory and EfiBootServicesData should use the // same attribute + // - the image protection policy must cover 3rd party images if + // any code memory types are being mapped NX by default // ASSERT ( GetPermissionAttributeForMemoryType (EfiBootServicesData) =3D=3D GetPermissionAttributeForMemoryType (EfiConventionalMemory) ); =20 + if (((GetPermissionAttributeForMemoryType (EfiLoaderCode) | + GetPermissionAttributeForMemoryType (EfiBootServicesCode) | + GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode)) & EF= I_MEMORY_XP) !=3D 0) { + ASSERT ((mImageProtectionPolicy & BIT0) =3D=3D BIT0); + } + Status =3D CoreCreateEvent ( EVT_NOTIFY_SIGNAL, TPL_CALLBACK, --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101141): https://edk2.groups.io/g/devel/message/101141 Mute This Topic: https://groups.io/mt/97586060/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 14:00:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101142+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101142+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727956; cv=none; d=zohomail.com; s=zohoarc; b=WBKBB4JpFjfZ4Sv5Fr1h/zj5yTFmCZls91/vs0Z0L7q6VZgeIA6i7LSwIwXfDPNU2/7rfye8VARepjJJxQ9BZDVXEifQ9MA9N8ZyrOB0XSWQsQ+gs0YsXDgJjs9dn3s+1do9XAETjD79pvdVFwxRk3FCo0c32lqYwsvvcVrh23M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727956; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=lR8Ji3uno2dX9S2ae9QzZahmhz7MaNrmDbhkwmVAJW8=; b=PEwHcKMYNenswptNbJU3okT//KsZYUk7P2n/spF4cMP7HkkOVQijQonCjB6iOGo46ynm1DAm9Pt2QFfk5iKgITQNUYiQsARCya0U/f1aDjGyCK08OcxZN3t4nZtlX0fLYFzZPO1508IECcfD/c5xZOCai90u+5PFIa7on+eUkHM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101142+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727956097612.2391162573834; Mon, 13 Mar 2023 10:19:16 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id zty0YY1788612xKVKiwEvrQ2; Mon, 13 Mar 2023 10:19:15 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.26522.1678727954654687008 for ; Mon, 13 Mar 2023 10:19:14 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 30DA861365; Mon, 13 Mar 2023 17:19:14 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id C56E0C433A1; Mon, 13 Mar 2023 17:19:11 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 38/38] MdeModulePkg DEC: Remove inaccurate comment Date: Mon, 13 Mar 2023 18:17:14 +0100 Message-Id: <20230313171714.3866151-39-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: FaBTYYrYKBxHbSDsVz2rOA0vx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727955; bh=Yeb4hGJGIstac7H1Z7I/FaYG5nTDxXp49U3zPMSmx0Y=; h=Cc:Date:From:Reply-To:Subject:To; b=LNp1bOyJ72d1YwxXHlfIAtHnOo43UBp8+u5HcAvGlRxIG8i8DqeTfoFKgoRFhedLBwf yUO6rjrd5Z5OYLbKVN6N4ypl6YmvIZBnOas4HdZbkyuqKy30F2e1C9qcixaRcPTS5t88g 9XHd0Z3slVFlxDJfiEb0obhNzP+/DVj4Bms= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727956508100001 Content-Type: text/plain; charset="utf-8" The comment regarding the configured image protection policy states that data regions of a loaded image may be mapped NX based on the configured NX memory policy for boot/runtime services or loader data regions. This is inaccurate: all image sections will be covered by the same code region in the memory map, so the NX protection policy for data regions has no bearing on this whatsoever. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- MdeModulePkg/MdeModulePkg.dec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 720dec58dfc4..b42af1faee25 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1356,10 +1356,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # BIT0 - Image from unknown device.
# BIT1 - Image from firmware volume.
#
- # Note: If a bit is cleared, the data section could be still non-execut= able if - # PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootS= ervicesData - # and/or EfiRuntimeServicesData.
- #
# @Prompt Set image protection policy. # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT3= 2|0x00001047 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101142): https://edk2.groups.io/g/devel/message/101142 Mute This Topic: https://groups.io/mt/97586061/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-