From nobody Mon Sep 16 19:20:44 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101140+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101140+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1678727951; cv=none;
	d=zohomail.com; s=zohoarc;
	b=KmpY8F83Pz3OAAaMt5SouD71wfEortJFZXTUzjhr3vORrtGb8AAvEXeRdYS2Kxze8wpTv6WRB5VIKXYXp1ZVa1vQ20my4+Y7RCjVT9VEz3LfWzbMMsjbzF5kxDOtp9u3TuZrFv0HPyAHOi35cS0xs2H3FqZggP8hrOG13nuV4Lw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1678727951;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=GXu8LwwZLLsbRajLhlPiessjyOUOUAIV1jj1klKcSMg=;
	b=jwRvce2CjEfFQTNzJdq36pT8IUGG+cgnNtCPqARDr4AqaQyA9oKu1j9Vgcjk9X+bH0WaKxQPyyIx2LlSbVglui5QCpC1APYt4k2Nc/JgtuKKh5dqQsdtiiSd/RhP/HakVyKU7oM7ijCqZzaf/TjF2LgxZXC/uVi3RgGWNMfHPsE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101140+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1678727951561994.7863700653368;
 Mon, 13 Mar 2023 10:19:11 -0700 (PDT)
Return-Path: <bounce+27952+101140+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 2WljYY1788612x0VqPH1V0SP;
 Mon, 13 Mar 2023 10:19:11 -0700
X-Received: from dfw.source.kernel.org (dfw.source.kernel.org
 [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.25836.1678727949761493594
 for <devel@edk2.groups.io>;
 Mon, 13 Mar 2023 10:19:09 -0700
X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 4B97261365;
	Mon, 13 Mar 2023 17:19:09 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 83802C4339E;
	Mon, 13 Mar 2023 17:19:06 +0000 (UTC)
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>
Subject: [edk2-devel] [PATCH v5 36/38] MdeModulePkg/DxeCore: Permit NX
 protection for code regions
Date: Mon, 13 Mar 2023 18:17:12 +0100
Message-Id: <20230313171714.3866151-37-ardb@kernel.org>
In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org>
References: <20230313171714.3866151-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
X-Gm-Message-State: 6x4oCcuirDdkCH0qlhGcXWaOx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1678727951;
 bh=hPK+WrCBqQna+C6WdimMtY2/uVe3n5u//dVF7LXPQcg=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=jTX8Rd1MhRQa7DwQFgzphsNruF4wWj8wOxLtaNUrRyb+hq8MyqD033W+GR2W9IZlWWe
 RpGtJYyADJNAIHDy/KRWkXFdwEZSXwQTlVqwHoKkmcWKxEh8NHzXAUiqTIdLKrtaNAB51
 7NOPaEDuSFNWWWM7CHgAKGi+vHFVga9T5SU=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1678727952510100002
Content-Type: text/plain; charset="utf-8"

We currently do not permit NX protection for code regions, as these
regions are normally populated by the image loader, which will set
different permissions for the code and data sections of the PE/COFF
image, all of which will be covered by a single code region in the EFI
memory map.

However, this means that allocating pages of such a code type will
always return memory that has both writable and executable permissions,
and this is something we want to avoid.

So let's rework the NX memory protection init code so it can deal with
the NX policy including such code regions as well.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 35 +++++++++++++++-----
 MdeModulePkg/MdeModulePkg.dec                 |  3 +-
 2 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C=
ore/Dxe/Misc/MemoryProtection.c
index 7c7a946c1b48..bce211a09c3e 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -624,6 +624,29 @@ GetPermissionAttributeForMemoryType (
   }
 }
=20
+/**
+  Return the EFI memory permission attribute to be used for regions of type
+  'MemoryType' when performing the initial remap of all active regions. Th=
is
+  takes into account that code regions should be disregarded in this case.
+
+  @param MemoryType       Memory type.
+**/
+STATIC
+UINT64
+GetInitialPermissionAttributeForMemoryType (
+  IN EFI_MEMORY_TYPE  MemoryType
+  )
+{
+  switch (MemoryType) {
+  case EfiBootServicesCode:
+  case EfiRuntimeServicesCode:
+  case EfiLoaderCode:
+    return 0;
+  default:
+    return GetPermissionAttributeForMemoryType (MemoryType);
+  }
+}
+
 /**
   Sort memory map entries based upon PhysicalStart, from low to high.
=20
@@ -701,10 +724,10 @@ MergeMemoryMapForProtectionPolicy (
=20
     do {
       MemoryBlockLength =3D (UINT64)(EFI_PAGES_TO_SIZE ((UINTN)MemoryMapEn=
try->NumberOfPages));
-      Attributes        =3D GetPermissionAttributeForMemoryType (MemoryMap=
Entry->Type);
+      Attributes        =3D GetInitialPermissionAttributeForMemoryType (Me=
moryMapEntry->Type);
=20
-      if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&
-          (Attributes =3D=3D GetPermissionAttributeForMemoryType (NextMemo=
ryMapEntry->Type)) &&
+      if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) && (Attributes=
 !=3D 0) &&
+          (Attributes =3D=3D GetInitialPermissionAttributeForMemoryType (N=
extMemoryMapEntry->Type)) &&
           ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) =3D=3D Next=
MemoryMapEntry->PhysicalStart))
       {
         MemoryMapEntry->NumberOfPages +=3D NextMemoryMapEntry->NumberOfPag=
es;
@@ -831,7 +854,7 @@ InitializeDxeNxMemoryProtectionPolicy (
   MemoryMapEntry =3D MemoryMap;
   MemoryMapEnd   =3D (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + Memory=
MapSize);
   while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) {
-    Attributes =3D GetPermissionAttributeForMemoryType (MemoryMapEntry->Ty=
pe);
+    Attributes =3D GetInitialPermissionAttributeForMemoryType (MemoryMapEn=
try->Type);
     if (Attributes !=3D 0) {
       SetUefiImageMemoryAttributes (
         MemoryMapEntry->PhysicalStart,
@@ -1129,13 +1152,9 @@ CoreInitializeMemoryProtection (
=20
   //
   // Sanity check the PcdDxeNxMemoryProtectionPolicy setting:
-  // - code regions should have no EFI_MEMORY_XP attribute
   // - EfiConventionalMemory and EfiBootServicesData should use the
   //   same attribute
   //
-  ASSERT ((GetPermissionAttributeForMemoryType (EfiBootServicesCode) & EFI=
_MEMORY_XP) =3D=3D 0);
-  ASSERT ((GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode) & =
EFI_MEMORY_XP) =3D=3D 0);
-  ASSERT ((GetPermissionAttributeForMemoryType (EfiLoaderCode) & EFI_MEMOR=
Y_XP) =3D=3D 0);
   ASSERT (
     GetPermissionAttributeForMemoryType (EfiBootServicesData) =3D=3D
     GetPermissionAttributeForMemoryType (EfiConventionalMemory)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index e8058c8bfaec..720dec58dfc4 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1388,8 +1388,7 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
   #  OEM Reserved       0x4000000000000000<BR>
   #  OS Reserved        0x8000000000000000<BR>
   #
-  # NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServi=
cesCode / EfiRuntimeServicesCode. <BR>
-  #       User MUST set the same NX protection for EfiBootServicesData and=
 EfiConventionalMemory. <BR>
+  # NOTE: User MUST set the same NX protection for EfiBootServicesData and=
 EfiConventionalMemory. <BR>
   #
   # e.g. 0x7FD5 can be used for all memory except Code. <BR>
   # e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserve=
d. <BR>
--=20
2.39.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101140): https://edk2.groups.io/g/devel/message/101140
Mute This Topic: https://groups.io/mt/97586059/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-