From nobody Wed Feb  5 10:55:12 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101138+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101138+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1678727947; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ixLzaxhfBnXW4/4mJz4ApfnRS3uywHru+1QJsKcvdzQSFQcEVEqKKGOjLIJazg3pztxqGLbV83TyEUHaaQuBH3jwTD+MQi4Xj43aTx3DK6CM4ntrng9VAhddWOXpJmiDV3ssOxG8q1phdSA1i3OF0Bq5ljsldd4gwN3shzUHSYM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1678727947;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=FwnXH+4QmvO/tSWx71EinFenJW0MJfFDY0sLilp4Qus=;
	b=EJGX9/oA+dn3n2YCrO1NqTZ9UzTK0EyOxO8XoheSYJuiadfEFPDTSh1m2jR266auNx4tcJXbQg+EbUuYM7wdg9s21IguYdLBT2g7+7bbijKm/BZWHTnd0sm2mQ9jJ93rPR/GSPzRzkERXW3z0DMxrzFc5soJPCh2NEhTJs0CjyU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101138+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1678727947578455.906052209354;
 Mon, 13 Mar 2023 10:19:07 -0700 (PDT)
Return-Path: <bounce+27952+101138+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id sf9JYY1788612xgIg1TcAtYA;
 Mon, 13 Mar 2023 10:19:07 -0700
X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by mx.groups.io with SMTP id smtpd.web10.25832.1678727946276263645
 for <devel@edk2.groups.io>;
 Mon, 13 Mar 2023 10:19:06 -0700
X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id BC02EB8119D;
	Mon, 13 Mar 2023 17:19:04 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D702C433D2;
	Mon, 13 Mar 2023 17:19:01 +0000 (UTC)
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>
Subject: [edk2-devel] [PATCH v5 34/38] MdeModulePkg/DxeCore: Deal with failure
 in UefiProtectImage()
Date: Mon, 13 Mar 2023 18:17:10 +0100
Message-Id: <20230313171714.3866151-35-ardb@kernel.org>
In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org>
References: <20230313171714.3866151-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
X-Gm-Message-State: mhG29P9WpPMkI81Jyn2TQdB9x1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1678727947;
 bh=Iel7+u328a4uc01GiNW5wl99swg3XonUb1av+X9F35s=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=eXFmofMXst5LCqhM9n4b0FZwn4XFgH5SGRzZJ8HMe/4vrIjdEcuVWUVfOuJPKBw5Ebv
 JXBc4VIpNs5OLOKG7Ets9zaLrPD0alnl2WsIyP68gn1G1UfvWQjxgv1H2qMcf46tzSXFR
 C0ZB0ABlcmvFZBIXq4D8PXu3gnMOjFUGUBM=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1678727948560100018
Content-Type: text/plain; charset="utf-8"

In preparation for adding support for a more restrictive NX memory
policy, update the prototype of UefiProtectImage() so it returns a
EFI_STATUS, and deal with its failure in CoreLoadImage.

This should never fail for the DxeCore itself or for drivers that are
loaded before the CPU arch protocol is dispatched, so in those cases, an
ASSERT() is sufficient.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/Dxe/DxeMain.h               |  6 +++++-
 MdeModulePkg/Core/Dxe/Image/Image.c           |  8 ++++++--
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 21 ++++++++++++--------
 3 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMai=
n.h
index 815a6b4bd844..b618feded39e 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -2733,8 +2733,12 @@ RemoveImageRecord (
=20
   @param[in]  LoadedImage              The loaded image protocol
   @param[in]  LoadedImageDevicePath    The loaded image device path protoc=
ol
+
+  @return EFI_SUCCESS       Image protection was configured according to t=
he
+                            applicable policy.
+  @return other             Image protection could not be applied.
 **/
-VOID
+EFI_STATUS
 ProtectUefiImage (
   IN EFI_LOADED_IMAGE_PROTOCOL  *LoadedImage,
   IN EFI_DEVICE_PATH_PROTOCOL   *LoadedImageDevicePath
diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Im=
age/Image.c
index 8704ebea9a7c..df2afbc299e3 100644
--- a/MdeModulePkg/Core/Dxe/Image/Image.c
+++ b/MdeModulePkg/Core/Dxe/Image/Image.c
@@ -270,7 +270,8 @@ CoreInitializeImageServices (
=20
   InitializeListHead (&mAvailableEmulators);
=20
-  ProtectUefiImage (&Image->Info, Image->LoadedImageDevicePath);
+  Status =3D ProtectUefiImage (&Image->Info, Image->LoadedImageDevicePath);
+  ASSERT_EFI_ERROR (Status);
=20
   return Status;
 }
@@ -1448,7 +1449,10 @@ CoreLoadImageCommon (
     }
   }
=20
-  ProtectUefiImage (&Image->Info, Image->LoadedImageDevicePath);
+  Status =3D ProtectUefiImage (&Image->Info, Image->LoadedImageDevicePath);
+  if (EFI_ERROR (Status)) {
+    goto Done;
+  }
=20
   //
   // Success.  Return the image handle
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C=
ore/Dxe/Misc/MemoryProtection.c
index 045e2f391bc0..301ddd6eb053 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -341,8 +341,12 @@ FreeImageRecord (
=20
   @param[in]  LoadedImage              The loaded image protocol
   @param[in]  LoadedImageDevicePath    The loaded image device path protoc=
ol
+
+  @return EFI_SUCCESS       Image protection was configured according to t=
he
+                            applicable policy.
+  @return other             Image protection could not be applied.
 **/
-VOID
+EFI_STATUS
 ProtectUefiImage (
   IN EFI_LOADED_IMAGE_PROTOCOL  *LoadedImage,
   IN EFI_DEVICE_PATH_PROTOCOL   *LoadedImageDevicePath
@@ -365,23 +369,23 @@ ProtectUefiImage (
   DEBUG ((DEBUG_INFO, "  - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(=
UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));
=20
   if (gCpuSetMemoryAttributes =3D=3D NULL) {
-    return;
+    return EFI_SUCCESS;
   }
=20
   ProtectionPolicy =3D GetUefiImageProtectionPolicy (LoadedImage, LoadedIm=
ageDevicePath);
   switch (ProtectionPolicy) {
     case DO_NOT_PROTECT:
-      return;
+      return EFI_SUCCESS;
     case PROTECT_IF_ALIGNED_ELSE_ALLOW:
       break;
     default:
       ASSERT (FALSE);
-      return;
+      return EFI_SUCCESS;
   }
=20
   ImageRecord =3D AllocateZeroPool (sizeof (*ImageRecord));
   if (ImageRecord =3D=3D NULL) {
-    return;
+    return EFI_SUCCESS;
   }
=20
   ImageRecord->Signature =3D IMAGE_PROPERTIES_RECORD_SIGNATURE;
@@ -481,7 +485,7 @@ ProtectUefiImage (
       //
       ImageRecordCodeSection =3D AllocatePool (sizeof (*ImageRecordCodeSec=
tion));
       if (ImageRecordCodeSection =3D=3D NULL) {
-        return;
+        return EFI_SUCCESS;
       }
=20
       ImageRecordCodeSection->Signature =3D IMAGE_PROPERTIES_RECORD_CODE_S=
ECTION_SIGNATURE;
@@ -538,7 +542,7 @@ ProtectUefiImage (
   InsertTailList (&mProtectedImageRecordList, &ImageRecord->Link);
=20
 Finish:
-  return;
+  return EFI_SUCCESS;
 }
=20
 /**
@@ -988,7 +992,8 @@ MemoryProtectionCpuArchProtocolNotify (
       LoadedImageDevicePath =3D NULL;
     }
=20
-    ProtectUefiImage (LoadedImage, LoadedImageDevicePath);
+    Status =3D ProtectUefiImage (LoadedImage, LoadedImageDevicePath);
+    ASSERT_EFI_ERROR (Status);
   }
=20
   FreePool (HandleBuffer);
--=20
2.39.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101138): https://edk2.groups.io/g/devel/message/101138
Mute This Topic: https://groups.io/mt/97586055/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-