From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105301+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105301+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025066; cv=none; d=zohomail.com; s=zohoarc; b=LLz6dEPo5bHd5ick8M6S5eqml9BPqr99739rRFPrsc8yACMvdEhOGr1zzai5fZv7CJVGKTdyZj0zvY1cMnpROafc5kGgAPlJQB3Unz5LsmwrRQHMxdkoqKjK0BVyeu918022Wxm16St4JUrbtBKijc4qnnpDNQmt/P6Jzm9vEro= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025066; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=G0WHnj2XgRu0uAURzqBVkk/G20/rLXjsqW3Jr0oWjGE=; b=KkIPYRLYi8ggOibzvEtF2LtIMmkPn+4v1tdEOyqBJJ8VsULeTpSzajHH/+KSxcloMg1FTrj/u0z9QAdIDFqPFafdnxPMzxYkBcq3UyXHXolEoKdtIjc9Qys5nJS0gb76as8EvNUBZx6VjXFbdf+rHGu2tpbqdsY4yKL/uf/B0nk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105301+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025066508250.33998375056387; Thu, 25 May 2023 07:31:06 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jVUBYY1788612xk9TiXvE80s; Thu, 25 May 2023 07:31:06 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.13269.1685025062370989750 for ; Thu, 25 May 2023 07:31:02 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C1754645F3; Thu, 25 May 2023 14:31:01 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id A71BBC4339C; Thu, 25 May 2023 14:30:58 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 01/10] ArmPkg/ArmMmuLib: Extend API to manage memory permissions better Date: Thu, 25 May 2023 16:30:32 +0200 Message-Id: <20230525143041.1172989-2-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 9ujUK79cldbLu6PNksHC3NuOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025066; bh=tlxHqLgyk1XYCpkjB5P5UOAeM7tpl4hCnUPfD3vo1xI=; h=Cc:Date:From:Reply-To:Subject:To; b=DcwETW5yPHIUoZS69YVxJ2RfAvUxtTHmIDhS4d2O+LAeE1fZAHJ90qFqrxsOqUKXBuf IxHZzYZPmuNY3hiOq90JsYEiZouJ5LD2butG0VycN4Yq1UQEh7tqOfcL6cwMjkTDzvI2S wZfwa68NiX1rr92FXU6UHq6l+7whbjv+8eU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025068620100006 Content-Type: text/plain; charset="utf-8" Currently, ArmSetMemoryAttributes () takes a combination of EFI_MEMORY_xx constants describing the memory type and permission attributes that should be set on a region of memory. In cases where the memory type is omitted, we assume that the memory permissions being set are final, and that existing memory permissions can be discarded. This is problematic, because we aim to map memory non-executable (EFI_MEMORY_XP) by default, and only relax this requirement for code regions that are mapped read-only (EFI_MEMORY_RO). Currently, setting one permission clears the other, and so code managing these permissions has to be aware of the existing permissions in order to be able to preserve them, and this is not always tractable (e.g., the UEFI memory attribute protocol implements an abstraction that promises to preserve memory permissions that it is not operating on explicitly). So let's add an AttributeMask parameter to ArmSetMemoryAttributes(), which is permitted to be non-zero if no memory type is being provided, in which case only memory permission attributes covered in the mask will be affected by the update. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c | 2 +- ArmPkg/Include/Library/ArmMmuLib.h | 36 +++++++- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 52 +++++++++++- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 88 +++++++++++++++++--- ArmPkg/Library/OpteeLib/Optee.c | 2 +- 5 files changed, 165 insertions(+), 15 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c b/ArmPkg/Drivers/CpuDxe/C= puMmuCommon.c index 2e73719dce04ceb5..2d60c7d24dc05ee9 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c +++ b/ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c @@ -217,7 +217,7 @@ CpuSetMemoryAttributes ( if (EFI_ERROR (Status) || (RegionArmAttributes !=3D ArmAttributes) || ((BaseAddress + Length) > (RegionBaseAddress + RegionLength))) { - return ArmSetMemoryAttributes (BaseAddress, Length, EfiAttributes); + return ArmSetMemoryAttributes (BaseAddress, Length, EfiAttributes, 0); } else { return EFI_SUCCESS; } diff --git a/ArmPkg/Include/Library/ArmMmuLib.h b/ArmPkg/Include/Library/Ar= mMmuLib.h index 4cf59a1e376b123c..91d112314fdf4859 100644 --- a/ArmPkg/Include/Library/ArmMmuLib.h +++ b/ArmPkg/Include/Library/ArmMmuLib.h @@ -92,11 +92,45 @@ ArmReplaceLiveTranslationEntry ( IN BOOLEAN DisableMmu ); =20 +/** + Set the requested memory permission attributes on a region of memory. + + BaseAddress and Length must be aligned to EFI_PAGE_SIZE. + + If Attributes contains a memory type attribute (EFI_MEMORY_UC/WC/WT/WB),= the + region is mapped according to this memory type, and additional memory + permission attributes (EFI_MEMORY_RP/RO/XP) are taken into account as we= ll, + discarding any permission attributes that are currently set for the regi= on. + AttributeMask is ignored in this case, and must be set to 0x0. + + If Attributes contains only a combination of memory permission attributes + (EFI_MEMORY_RP/RO/XP), each page in the region will retain its existing + memory type, even if it is not uniformly set across the region. In this = case, + AttributesMask may be set to a mask of permission attributes, and memory + permissions omitted from this mask will not be updated for any page in t= he + region. All attributes appearing in Attributes must appear in AttributeM= ask + as well. (Attributes & ~AttributeMask must produce 0x0) + + @param[in] BaseAddress The physical address that is the start addre= ss of + a memory region. + @param[in] Length The size in bytes of the memory region. + @param[in] Attributes Mask of memory attributes to set. + @param[in] AttributeMask Mask of memory attributes to take into accou= nt. + + @retval EFI_SUCCESS The attributes were set for the memory reg= ion. + @retval EFI_INVALID_PARAMETER BaseAddress or Length is not suitably alig= ned. + Invalid combination of Attributes and + AttributeMask. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. + +**/ EFI_STATUS ArmSetMemoryAttributes ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, - IN UINT64 Attributes + IN UINT64 Attributes, + IN UINT64 AttributeMask ); =20 #endif // ARM_MMU_LIB_H_ diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index 7ed758fbbc699732..22623572b9cb931c 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -469,11 +469,45 @@ GcdAttributeToPageAttribute ( return PageAttributes; } =20 +/** + Set the requested memory permission attributes on a region of memory. + + BaseAddress and Length must be aligned to EFI_PAGE_SIZE. + + If Attributes contains a memory type attribute (EFI_MEMORY_UC/WC/WT/WB),= the + region is mapped according to this memory type, and additional memory + permission attributes (EFI_MEMORY_RP/RO/XP) are taken into account as we= ll, + discarding any permission attributes that are currently set for the regi= on. + AttributeMask is ignored in this case, and must be set to 0x0. + + If Attributes contains only a combination of memory permission attributes + (EFI_MEMORY_RP/RO/XP), each page in the region will retain its existing + memory type, even if it is not uniformly set across the region. In this = case, + AttributesMask may be set to a mask of permission attributes, and memory + permissions omitted from this mask will not be updated for any page in t= he + region. All attributes appearing in Attributes must appear in AttributeM= ask + as well. (Attributes & ~AttributeMask must produce 0x0) + + @param[in] BaseAddress The physical address that is the start addre= ss of + a memory region. + @param[in] Length The size in bytes of the memory region. + @param[in] Attributes Mask of memory attributes to set. + @param[in] AttributeMask Mask of memory attributes to take into accou= nt. + + @retval EFI_SUCCESS The attributes were set for the memory reg= ion. + @retval EFI_INVALID_PARAMETER BaseAddress or Length is not suitably alig= ned. + Invalid combination of Attributes and + AttributeMask. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. + +**/ EFI_STATUS ArmSetMemoryAttributes ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, - IN UINT64 Attributes + IN UINT64 Attributes, + IN UINT64 AttributeMask ) { UINT64 PageAttributes; @@ -490,6 +524,22 @@ ArmSetMemoryAttributes ( PageAttributes &=3D TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK | TT_AF; PageAttributeMask =3D ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AP_MASK | TT_PXN_MASK | TT_XN_MASK | TT_AF); + if (AttributeMask !=3D 0) { + if (((AttributeMask & ~(UINT64)(EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMO= RY_XP)) !=3D 0) || + ((Attributes & ~AttributeMask) !=3D 0)) + { + return EFI_INVALID_PARAMETER; + } + + // Add attributes omitted from AttributeMask to the set of attribute= s to preserve + PageAttributeMask |=3D GcdAttributeToPageAttribute (~AttributeMask) & + (TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK | TT_AF= ); + } + } else { + ASSERT (AttributeMask =3D=3D 0); + if (AttributeMask !=3D 0) { + return EFI_INVALID_PARAMETER; + } } =20 return UpdateRegionMapping ( diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index 299d38ad07e85059..61405965a73eaeb8 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -10,6 +10,7 @@ #include =20 #include +#include #include #include #include @@ -451,31 +452,96 @@ SetMemoryAttributes ( } =20 /** - Update the permission or memory type attributes on a range of memory. + Set the requested memory permission attributes on a region of memory. =20 - @param BaseAddress The start of the region. - @param Length The size of the region. - @param Attributes A mask of EFI_MEMORY_xx constants. + BaseAddress and Length must be aligned to EFI_PAGE_SIZE. =20 - @retval EFI_SUCCESS The attributes were set successfully. - @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + If Attributes contains a memory type attribute (EFI_MEMORY_UC/WC/WT/WB),= the + region is mapped according to this memory type, and additional memory + permission attributes (EFI_MEMORY_RP/RO/XP) are taken into account as we= ll, + discarding any permission attributes that are currently set for the regi= on. + AttributeMask is ignored in this case, and must be set to 0x0. + + If Attributes contains only a combination of memory permission attributes + (EFI_MEMORY_RP/RO/XP), each page in the region will retain its existing + memory type, even if it is not uniformly set across the region. In this = case, + AttributesMask may be set to a mask of permission attributes, and memory + permissions omitted from this mask will not be updated for any page in t= he + region. All attributes appearing in Attributes must appear in AttributeM= ask + as well. (Attributes & ~AttributeMask must produce 0x0) + + @param[in] BaseAddress The physical address that is the start addre= ss of + a memory region. + @param[in] Length The size in bytes of the memory region. + @param[in] Attributes Mask of memory attributes to set. + @param[in] AttributeMask Mask of memory attributes to take into accou= nt. + + @retval EFI_SUCCESS The attributes were set for the memory reg= ion. + @retval EFI_INVALID_PARAMETER BaseAddress or Length is not suitably alig= ned. + Invalid combination of Attributes and + AttributeMask. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. =20 **/ EFI_STATUS ArmSetMemoryAttributes ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, - IN UINT64 Attributes + IN UINT64 Attributes, + IN UINT64 AttributeMask ) { + UINT32 TtEntryMask; + + if (((BaseAddress | Length) & EFI_PAGE_MASK) !=3D 0) { + return EFI_INVALID_PARAMETER; + } + + if ((Attributes & EFI_MEMORY_CACHETYPE_MASK) =3D=3D 0) { + // + // No memory type was set in Attributes, so we are going to update the + // permissions only. + // + if (AttributeMask !=3D 0) { + if (((AttributeMask & ~(UINT64)(EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMO= RY_XP)) !=3D 0) || + ((Attributes & ~AttributeMask) !=3D 0)) + { + return EFI_INVALID_PARAMETER; + } + } else { + AttributeMask =3D EFI_MEMORY_RP | EFI_MEMORY_RO | EFI_MEMORY_XP; + } + + TtEntryMask =3D 0; + if ((AttributeMask & EFI_MEMORY_RP) !=3D 0) { + TtEntryMask |=3D TT_DESCRIPTOR_SECTION_AF; + } + + if ((AttributeMask & EFI_MEMORY_RO) !=3D 0) { + TtEntryMask |=3D TT_DESCRIPTOR_SECTION_AP_MASK; + } + + if ((AttributeMask & EFI_MEMORY_XP) !=3D 0) { + TtEntryMask |=3D TT_DESCRIPTOR_SECTION_XN_MASK; + } + } else { + ASSERT (AttributeMask =3D=3D 0); + if (AttributeMask !=3D 0) { + return EFI_INVALID_PARAMETER; + } + + TtEntryMask =3D TT_DESCRIPTOR_SECTION_TYPE_MASK | + TT_DESCRIPTOR_SECTION_XN_MASK | + TT_DESCRIPTOR_SECTION_AP_MASK | + TT_DESCRIPTOR_SECTION_AF; + } + return SetMemoryAttributes ( BaseAddress, Length, Attributes, - TT_DESCRIPTOR_SECTION_TYPE_MASK | - TT_DESCRIPTOR_SECTION_XN_MASK | - TT_DESCRIPTOR_SECTION_AP_MASK | - TT_DESCRIPTOR_SECTION_AF + TtEntryMask ); } =20 diff --git a/ArmPkg/Library/OpteeLib/Optee.c b/ArmPkg/Library/OpteeLib/Opte= e.c index 48e33cb3d5ee4ab6..46464f17ef06653e 100644 --- a/ArmPkg/Library/OpteeLib/Optee.c +++ b/ArmPkg/Library/OpteeLib/Optee.c @@ -86,7 +86,7 @@ OpteeSharedMemoryRemap ( return EFI_BUFFER_TOO_SMALL; } =20 - Status =3D ArmSetMemoryAttributes (PhysicalAddress, Size, EFI_MEMORY_WB); + Status =3D ArmSetMemoryAttributes (PhysicalAddress, Size, EFI_MEMORY_WB,= 0); if (EFI_ERROR (Status)) { return Status; } --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105301): https://edk2.groups.io/g/devel/message/105301 Mute This Topic: https://groups.io/mt/99131174/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105302+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105302+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025066; cv=none; d=zohomail.com; s=zohoarc; b=H6CQif60rw1UIvqglci06aHV/rh//ZDCM+oH1a4wc5KHWq89MLOU2wjHPG4/5N8bvf6+ApIpUnE5z5LKMlvGy/M5J/owto9BjFObuwhnL1PWw4efEjuYCT7RpJMC/nPCpsC/TR20OFMosfQOLV0pphK8ZZc2WGm7O6Yt/oNqZKU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025066; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=e1lKI05EPaA+rGSAirlP69AUjYN3iNEOsiI6nJvgQdA=; b=CcCCrruAWKH9A9e1DOJlCwHFrk0GGBcbYwcfyYwXRF7w0ik5MOkUyDP1+BxwhWee9Tpq8op9VegJmJRFCqcDeg4ig4c0E6y0wO1SzVlIrFgXz8tcnWrFlOB07EeORD+qEDi5g78sF0Yn2m7DMcj6HFQMYRdncnxd4hPZR4lsfLI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105302+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16850250668161010.9479531378819; Thu, 25 May 2023 07:31:06 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id LESBYY1788612xkRZVC5Iwus; Thu, 25 May 2023 07:31:06 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.13270.1685025065227322485 for ; Thu, 25 May 2023 07:31:05 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BAA8C64629; Thu, 25 May 2023 14:31:04 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id A10DFC4339B; Thu, 25 May 2023 14:31:01 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 02/10] ArmPkg/CpuDxe: Simplify memory attributes protocol implementation Date: Thu, 25 May 2023 16:30:33 +0200 Message-Id: <20230525143041.1172989-3-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: anZf9uPckvoIKJLM3oMnIIv9x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025066; bh=JphNO4ajj24XaD2gWb1N3GBLw+/j6XPGBgpAhaqUpOQ=; h=Cc:Date:From:Reply-To:Subject:To; b=Y60VCM89zZsm9strx+AY18klclMy+8je+J3+FapGdl+PuNLfr9UQRCnUtyFcFkFhnQX Hhg0B2GB9wqH4PS4f4Q8ONbV1XU+1UlUSPjrM4nSIIgaup6+d+SrXT4HQf6x4D8Uofr3S ObV/isgBg3X57d4ZEVs5DW43LYbTD+u41Vw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025068587100005 Content-Type: text/plain; charset="utf-8" Now that ArmSetMemoryAttributes() permits a mask to be provided, we can simplify the implementation the UEFI memory attribute protocol substantially, and just pass on the requested mask to be set or cleared directly. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/MemoryAttribute.c | 50 +------------------- 1 file changed, 2 insertions(+), 48 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/MemoryAttribute.c b/ArmPkg/Drivers/CpuDx= e/MemoryAttribute.c index 61ba8fbbae4ee795..16cc4ef474f9772b 100644 --- a/ArmPkg/Drivers/CpuDxe/MemoryAttribute.c +++ b/ArmPkg/Drivers/CpuDxe/MemoryAttribute.c @@ -183,8 +183,6 @@ SetMemoryAttributes ( IN UINT64 Attributes ) { - EFI_STATUS Status; - DEBUG (( DEBUG_INFO, "%a: BaseAddress =3D=3D 0x%lx, Length =3D=3D 0x%lx, Attributes =3D=3D = 0x%lx\n", @@ -204,28 +202,7 @@ SetMemoryAttributes ( return EFI_UNSUPPORTED; } =20 - if ((Attributes & EFI_MEMORY_RP) !=3D 0) { - Status =3D ArmSetMemoryRegionNoAccess (BaseAddress, Length); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } - } - - if ((Attributes & EFI_MEMORY_RO) !=3D 0) { - Status =3D ArmSetMemoryRegionReadOnly (BaseAddress, Length); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } - } - - if ((Attributes & EFI_MEMORY_XP) !=3D 0) { - Status =3D ArmSetMemoryRegionNoExec (BaseAddress, Length); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } - } - - return EFI_SUCCESS; + return ArmSetMemoryAttributes (BaseAddress, Length, Attributes, Attribut= es); } =20 /** @@ -267,8 +244,6 @@ ClearMemoryAttributes ( IN UINT64 Attributes ) { - EFI_STATUS Status; - DEBUG (( DEBUG_INFO, "%a: BaseAddress =3D=3D 0x%lx, Length =3D=3D 0x%lx, Attributes =3D=3D = 0x%lx\n", @@ -288,28 +263,7 @@ ClearMemoryAttributes ( return EFI_UNSUPPORTED; } =20 - if ((Attributes & EFI_MEMORY_RP) !=3D 0) { - Status =3D ArmClearMemoryRegionNoAccess (BaseAddress, Length); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } - } - - if ((Attributes & EFI_MEMORY_RO) !=3D 0) { - Status =3D ArmClearMemoryRegionReadOnly (BaseAddress, Length); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } - } - - if ((Attributes & EFI_MEMORY_XP) !=3D 0) { - Status =3D ArmClearMemoryRegionNoExec (BaseAddress, Length); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } - } - - return EFI_SUCCESS; + return ArmSetMemoryAttributes (BaseAddress, Length, 0, Attributes); } =20 EFI_MEMORY_ATTRIBUTE_PROTOCOL mMemoryAttribute =3D { --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105302): https://edk2.groups.io/g/devel/message/105302 Mute This Topic: https://groups.io/mt/99131176/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105303+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105303+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025069; cv=none; d=zohomail.com; s=zohoarc; b=EZWBlvEJ0qGTc/dIBmFVcW4/8ilqoiGcr6ttRLAyTiWqLO+ok1gj9GDccIsCiC0HkHAlMXSxap4XWsTrRwGgozC+TxPrzRd3oOjKR8nrYmYk78yB5c/nyvqR8ta0jmOu/ZJOScVI9H0Mpn6mvlYAfENeUyfYv7nzxq+BDwmtw08= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025069; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=fSx8YSNKRgPVRo3AxPiLvImhNPF3ki44XbdNKBJ+1lA=; b=geu7pfa2AIHIwp+IenOEon7P8igiwC64MdHNUEtRp4R5//KJ2IhSa4fpP09ArA6hJ9FhB5N15E9J/nev4iHstnsfRU9TiTXJ01j98Ta4XqAexKBvLQlEoUwCQEBsTpHWUvnQ513tUys437MYlt0+siF+xy863ZXY9EmTbBnFRPY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105303+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025069204645.8559175461963; Thu, 25 May 2023 07:31:09 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8MroYY1788612xsOs9S0Yghq; Thu, 25 May 2023 07:31:08 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.13273.1685025068218918432 for ; Thu, 25 May 2023 07:31:08 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C131D645DC; Thu, 25 May 2023 14:31:07 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9A246C433EF; Thu, 25 May 2023 14:31:04 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 03/10] ArmPkg/CpuPei: Drop bogus DEPEX on PEI permanent memory Date: Thu, 25 May 2023 16:30:34 +0200 Message-Id: <20230525143041.1172989-4-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: EkgMkoKMU5A9WrWukWnNrFhSx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025068; bh=LZkmAFktlXA1SJc57zZP8aZFDqrrWUHXB02Xyl01e48=; h=Cc:Date:From:Reply-To:Subject:To; b=GhLxM4xgDoQWS/HqeZR5TI4Y5DHDeZSlmKUgTx/4wDyji5j4yzgU1XMoOA6NUzx6Nt+ N6VA+AOkjriuIaUCHsFmia14slnPHYYPXqFo+hhYvy5njIDfJnO4fykI2ryF1DZLuS8re I/TChMBCT79uQ0scA0IRCQ+ts4Ay5ECKNCE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025070531100011 Content-Type: text/plain; charset="utf-8" Currently, ARM's CPU PEIM depexes on PEI permanent memory being installed, but functionally, it does not actually depend on that at all. So let's drop the DEPEX. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuPei/CpuPei.inf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ArmPkg/Drivers/CpuPei/CpuPei.inf b/ArmPkg/Drivers/CpuPei/CpuPe= i.inf index a9f85cbc68b1c52e..648f27adf9402435 100644 --- a/ArmPkg/Drivers/CpuPei/CpuPei.inf +++ b/ArmPkg/Drivers/CpuPei/CpuPei.inf @@ -48,5 +48,4 @@ [FixedPcd] gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize =20 [Depex] - gEfiPeiMemoryDiscoveredPpiGuid - + TRUE --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105303): https://edk2.groups.io/g/devel/message/105303 Mute This Topic: https://groups.io/mt/99131179/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105304+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105304+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025072; cv=none; d=zohomail.com; s=zohoarc; b=XgkS9M61kCIPtreADm8y9FtUV1ntOomLSvidSgvtEAWkqpN5eg4a+Bls4iXKTIxTzO+F6focR2crYH9DZ2vPOL384+7cVGwZp5tnby0Xpx2aTkK/+D7AeQw58qK9BPP9dAePw30NTe8l2D0hmD68MaoR/geGaM9UtflxA/xvo8I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025072; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KvL2vSb5Jsbl9FV2nb5zoI5omM2bXi1NE2tq7KDyc3M=; b=O5l5mV0Nm++eo3v57hunffdVeCUYkElnlP0GaGsSwPJr9IBll0/uiXC6aqBXJZnfLIMXYMkerRMnMAq4Z1rsf3NgABB6h/WXrFB5M7bBsXhAM2xJvinOuSb+pG1cS08wmTA5sCmmWKuzeTK3uNxzMAHtucFFumZFNur89+LnTcM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105304+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025072098528.7036256648717; Thu, 25 May 2023 07:31:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QIIMYY1788612xXLy1pbNsYI; Thu, 25 May 2023 07:31:11 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.13276.1685025071221832890 for ; Thu, 25 May 2023 07:31:11 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BC8B36463D; Thu, 25 May 2023 14:31:10 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9DA6DC433A0; Thu, 25 May 2023 14:31:07 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 04/10] OvmfPkg/RiscVVirt: Remove unimplemented NxForStack configuration Date: Thu, 25 May 2023 16:30:35 +0200 Message-Id: <20230525143041.1172989-5-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: eLZnEErrmJzibARg0s1IITCGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025071; bh=uzcVPEib7VwyyjOLOd8UlO+NtMX29Enj09thmpFM0dA=; h=Cc:Date:From:Reply-To:Subject:To; b=tek0a//NkpUxP2DU8/3K8bb6hcVl8Cd3h8HsyLPDCggOx8CB4xGRZyoSHhmWE1TXmpe 04KRnHPj77t65QeytZ2/Hvju/GvCbQgISFbLPqpEH+HLmRARu2hBDyHxETGRFgjJfRceu 4hjK+3tJMIfsZJjk2hWFGMsOzq2Ggt4EJjk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025073250100001 Content-Type: text/plain; charset="utf-8" The RISC-V version of the DXE IPL does not implement setting the stack NX, so before switching to an implementation that will ASSERT() on the missing support, drop the PCD setting that enables it. Signed-off-by: Ard Biesheuvel Reviewed-by: Sunil V L --- OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc b/OvmfPkg/RiscVVirt/RiscVV= irtQemu.dsc index 28d9af4d79b9cc35..414d186179fb16e8 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc +++ b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc @@ -172,12 +172,6 @@ [PcdsFixedAtBuild.common] gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FAL= SE gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c= , 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0= x31 } =20 - - # - # Enable the non-executable DXE stack. (This gets set up by DxeIpl) - # - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE - !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE # override the default values from SecurityPkg to ensure images from all= sources are verified in secure boot gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105304): https://edk2.groups.io/g/devel/message/105304 Mute This Topic: https://groups.io/mt/99131182/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105305+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105305+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025075; cv=none; d=zohomail.com; s=zohoarc; b=e0raf/B92R7vEichUL7N32BzJS2+ysu+MtpPKMmpvcpeZlftbatbXMlhhkXwum70msfnAi0AykkpTUmLnJGX01xfJCSqLWKbl+JLB9zqgcm7CO599jnxnASAJILNoMT6/sb8hyB9oSupWCWQMwgJToJ0wSooYNzHcXJFCfTxzes= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025075; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=l7kEuTSaaXba6zL7IrEebTY44FuNDBQNmyqs/am9voA=; b=bLo9jmy8l5iqqpXEuT53rRevuxpjPAjMCBGKbgMxluxjlMTqXuSptYmSgeerlAxdg94iPs+HIaNBmDjiZuq3k8KuN4qkSXYRM+P1eb6fkkD6XOKY8/1I+/vRdIjPVFslq0G17w3qhEGcbtdNv79n9Wfx6VRZfuGH688lS68hlPw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105305+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025075070915.8731589632764; Thu, 25 May 2023 07:31:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id blDzYY1788612xTgSesBMd5J; Thu, 25 May 2023 07:31:14 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.13534.1685025074169821637 for ; Thu, 25 May 2023 07:31:14 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B39CB61489; Thu, 25 May 2023 14:31:13 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 98803C433EF; Thu, 25 May 2023 14:31:10 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 05/10] MdeModulePkg: Define memory attribute PPI Date: Thu, 25 May 2023 16:30:36 +0200 Message-Id: <20230525143041.1172989-6-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: CjOVyNdj2KEeaq3PsLzwN1jVx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025074; bh=3+Ydrhw9Y2QuLRzty6lTsvLETB3ITW2t2IdsjBR7DBw=; h=Cc:Date:From:Reply-To:Subject:To; b=aT7Sb8W7a8IDuWDHPB7aa/MXvYMtai8HFb0ZxEmJvjrx+trKhslQB3JyEpruh/uW8iZ CegEararaiN+faEmu6xC2gBIZtM/Q4Auivhrrb6FBbnt669nMov3dxow6Qlm3FTBiNro3 Pr27iRyn/WOQOEzrbgPYmlR8L6sQMqu62C8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025075863100005 Content-Type: text/plain; charset="utf-8" Define a PPI interface that may be used by the PEI core or other PEIMs to manage permissions on memory ranges. This is primarily intended for restricting permissions to what is actually needed for correct execution by the code in question, and for limiting the use of memory mappings that are both writable and executable at the same time. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Include/Ppi/MemoryAttribute.h | 78 ++++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 3 + 2 files changed, 81 insertions(+) diff --git a/MdeModulePkg/Include/Ppi/MemoryAttribute.h b/MdeModulePkg/Incl= ude/Ppi/MemoryAttribute.h new file mode 100644 index 0000000000000000..5ff31185ab4183f8 --- /dev/null +++ b/MdeModulePkg/Include/Ppi/MemoryAttribute.h @@ -0,0 +1,78 @@ +/** @file + +Copyright (c) 2023, Google LLC. All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef EDKII_MEMORY_ATTRIBUTE_PPI_H_ +#define EDKII_MEMORY_ATTRIBUTE_PPI_H_ + +#include + +/// +/// Global ID for the EDKII_MEMORY_ATTRIBUTE_PPI. +/// +#define EDKII_MEMORY_ATTRIBUTE_PPI_GUID \ + { \ + 0x1be840de, 0x2d92, 0x41ec, { 0xb6, 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51= , 0xfb } \ + } + +/// +/// Forward declaration for the EDKII_MEMORY_ATTRIBUTE_PPI. +/// +typedef struct _EDKII_MEMORY_ATTRIBUTE_PPI EDKII_MEMORY_ATTRIBUTE_PPI; + +/** + Set the requested memory permission attributes on a region of memory. + + BaseAddress and Length must be aligned to EFI_PAGE_SIZE. + + Both SetMask and ClearMask may contain any combination of EFI_MEMORY_RP, + EFI_MEMORY_RO and EFI_MEMORY_XP, with the following restrictions: + - each constant may appear in either SetMask or ClearMask, but not in bo= th; + - SetMask or ClearMask may be 0x0, but not both. + + @param[in] This The protocol instance pointer. + @param[in] BaseAddress The physical address that is the start addre= ss of + a memory region. + @param[in] Length The size in bytes of the memory region. + @param[in] SetMask Mask of memory attributes to set. + @param[in] ClearMask Mask of memory attributes to clear. + + @retval EFI_SUCCESS The attributes were set for the memory reg= ion. + @retval EFI_INVALID_PARAMETER Length is zero. + Invalid combination of SetMask and ClearMa= sk. + BaseAddress or Length is not suitably alig= ned. + @retval EFI_UNSUPPORTED The processor does not support one or more + bytes of the memory resource range specifi= ed + by BaseAddress and Length. + The bit mask of attributes is not supporte= d for + the memory resource range specified by + BaseAddress and Length. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_MEMORY_ATTRIBUTE_SET_PERMISSIONS)( + IN EDKII_MEMORY_ATTRIBUTE_PPI *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 SetMask, + IN UINT64 ClearMask + ); + +/// +/// This PPI contains a set of services to manage memory permission attrib= utes. +/// +struct _EDKII_MEMORY_ATTRIBUTE_PPI { + EDKII_MEMORY_ATTRIBUTE_SET_PERMISSIONS SetPermissions; +}; + +extern EFI_GUID gEdkiiMemoryAttributePpiGuid; + +#endif + diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 95dd077e19b3a901..d65dae18aa81e569 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -528,6 +528,9 @@ [Ppis] gEdkiiPeiCapsuleOnDiskPpiGuid =3D { 0x71a9ea61, 0x5a35, 0x4a= 5d, { 0xac, 0xef, 0x9c, 0xf8, 0x6d, 0x6d, 0x67, 0xe0 } } gEdkiiPeiBootInCapsuleOnDiskModePpiGuid =3D { 0xb08a11e4, 0xe2b7, 0x4b= 75, { 0xb5, 0x15, 0xaf, 0x61, 0x6, 0x68, 0xbf, 0xd1 } } =20 + ## Include/Ppi/MemoryAttribute.h + gEdkiiMemoryAttributePpiGuid =3D { 0x1be840de, 0x2d92, 0x41= ec, { 0xb6, 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51, 0xfb } } + [Protocols] ## Load File protocol provides capability to load and unload EFI image i= nto memory and execute it. # Include/Protocol/LoadPe32Image.h --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105305): https://edk2.groups.io/g/devel/message/105305 Mute This Topic: https://groups.io/mt/99131184/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105306+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105306+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025078; cv=none; d=zohomail.com; s=zohoarc; b=LW80HeRhpEs7oAkhBFG4x42ZU3PyFjXyrBwH//LvvWGQB0oiEPfn9n/eskmPZdz5iJKwRr7uMdBS3kS+q6wJhAgsw6+9Xlb0GehYqFsAEz9GoslTRyTfdQhjAwROiLOYhann9wVG4548oyfdVmlHZi2ljWAivavCnBav44NKkek= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025078; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=BXL8XF6PG75V+vCTnWU+uCdo+/F1ES7D/mzKrmu6BzU=; b=DUUMaMyEkjNsmsGh8D3049A72WQFFo37lRMFCWDSWNRzr9WWqMv8W7tLqkEEEY6XiIpynLh4c7p/3t+xKSDUPtGBBIYd9S8+QW5I/uiMq6lMhNvuAZHP+QvJhyglJ+ibUvcdGVWbd8OuHlDnY3YR4ODReZNT5MC13RUDtvmJS3U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105306+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025078307206.64222416825328; Thu, 25 May 2023 07:31:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 1oaOYY1788612xZRnPyPAIEf; Thu, 25 May 2023 07:31:17 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.13537.1685025077145265617 for ; Thu, 25 May 2023 07:31:17 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AD34864623; Thu, 25 May 2023 14:31:16 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9298EC4339B; Thu, 25 May 2023 14:31:13 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 06/10] ArmPkg/CpuPei: Implement the memory attributes PPI Date: Thu, 25 May 2023 16:30:37 +0200 Message-Id: <20230525143041.1172989-7-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 3vbdXUAJdHt7mTmjjKCUh3IRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025077; bh=RAGg27twRNVupyuwDtwLXqQaRlGY4fz6HTi3ummX6ck=; h=Cc:Date:From:Reply-To:Subject:To; b=EkJ0UkeXZzZyDl9RiJS4T+GxiyRu+iZbh4+SB+SU9JMgn6Jf3KDholBas/D0Vqahrzn HIjPFPUDOv86yc9gGfXLk2m82qiO7XyVClRUe3WU2IKaPUHKJBpDG3DN4ou2ovqKa2NnG NsR6JdL7ic8UMBwBoX9ix3n1t+POMvVazz4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025078603100009 Content-Type: text/plain; charset="utf-8" Implement the newly defined PPI that permits the PEI core and DXE IPL to manage memory permissions on ranges of DRAM, for doing things like mapping the stack non-executable, or granting executable permissions to shadowed PEIMs. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuPei/CpuPei.c | 78 ++++++++++++++++++-- ArmPkg/Drivers/CpuPei/CpuPei.inf | 4 + 2 files changed, 74 insertions(+), 8 deletions(-) diff --git a/ArmPkg/Drivers/CpuPei/CpuPei.c b/ArmPkg/Drivers/CpuPei/CpuPei.c index 85ef5ec07b9fdafa..d5996673260544c8 100644 --- a/ArmPkg/Drivers/CpuPei/CpuPei.c +++ b/ArmPkg/Drivers/CpuPei/CpuPei.c @@ -3,17 +3,10 @@ Copyright (c) 2006, Intel Corporation. All rights reserved.
Copyright (c) 2011 Hewlett Packard Corporation. All rights reserved.
Copyright (c) 2011-2013, ARM Limited. All rights reserved.
+Copyright (c) 2023, Google, LLC. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 -Module Name: - - MemoryInit.c - -Abstract: - - PEIM to provide fake memory init - **/ =20 // @@ -24,6 +17,7 @@ Module Name: // The protocols, PPI and GUID definitions for this module // #include +#include =20 // // The Library classes this module consumes @@ -34,6 +28,71 @@ Module Name: #include #include #include +#include + +/** + Set the requested memory permission attributes on a region of memory. + + BaseAddress and Length must be aligned to EFI_PAGE_SIZE. + + Both SetMask and ClearMask may contain any combination of EFI_MEMORY_RP, + EFI_MEMORY_RO and EFI_MEMORY_XP, with the following restrictions: + - each constant may appear in either SetMask or ClearMask, but not in bo= th; + - SetMask or ClearMask may be 0x0, but not both. + + @param[in] This The protocol instance pointer. + @param[in] BaseAddress The physical address that is the start addre= ss of + a memory region. + @param[in] Length The size in bytes of the memory region. + @param[in] SetMask Mask of memory attributes to set. + @param[in] ClearMask Mask of memory attributes to clear. + + @retval EFI_SUCCESS The attributes were set for the memory reg= ion. + @retval EFI_INVALID_PARAMETER Length is zero. + Invalid combination of SetMask and ClearMa= sk. + BaseAddress or Length is not suitably alig= ned. + @retval EFI_UNSUPPORTED The processor does not support one or more + bytes of the memory resource range specifi= ed + by BaseAddress and Length. + The bit mask of attributes is not supporte= d for + the memory resource range specified by + BaseAddress and Length. + @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due= to + lack of system resources. + +**/ +STATIC +EFI_STATUS +EFIAPI +SetMemoryPermissions ( + IN EDKII_MEMORY_ATTRIBUTE_PPI *This, + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 SetMask, + IN UINT64 ClearMask + ) +{ + if ((Length =3D=3D 0) || + ((SetMask & ClearMask) !=3D 0) || + (((SetMask | ClearMask) & (EFI_MEMORY_RP | EFI_MEMORY_RO | EFI_MEMOR= Y_XP)) =3D=3D 0) || + (((SetMask | ClearMask) & ~(UINT64)(EFI_MEMORY_RP | EFI_MEMORY_RO | = EFI_MEMORY_XP)) !=3D 0) || + (((BaseAddress | Length) & EFI_PAGE_MASK) !=3D 0)) + { + return EFI_INVALID_PARAMETER; + } + + return ArmSetMemoryAttributes (BaseAddress, Length, SetMask, SetMask | C= learMask); +} + +STATIC CONST EDKII_MEMORY_ATTRIBUTE_PPI mMemoryAttributePpi =3D { + SetMemoryPermissions +}; + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mMemoryAttributePpiDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEdkiiMemoryAttributePpiGuid, + (VOID *)&mMemoryAttributePpi +}; =20 /*++ =20 @@ -79,5 +138,8 @@ InitializeCpuPeim ( } } =20 + Status =3D PeiServicesInstallPpi (&mMemoryAttributePpiDesc); + ASSERT_EFI_ERROR (Status); + return EFI_SUCCESS; } diff --git a/ArmPkg/Drivers/CpuPei/CpuPei.inf b/ArmPkg/Drivers/CpuPei/CpuPe= i.inf index 648f27adf9402435..2ca4f795c62de394 100644 --- a/ArmPkg/Drivers/CpuPei/CpuPei.inf +++ b/ArmPkg/Drivers/CpuPei/CpuPei.inf @@ -3,6 +3,7 @@ # # This module provides platform specific function to detect boot mode. # Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
+# Copyright (c) 2023, Google, LLC. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -28,6 +29,7 @@ [Sources] CpuPei.c =20 [Packages] + MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec EmbeddedPkg/EmbeddedPkg.dec ArmPkg/ArmPkg.dec @@ -37,9 +39,11 @@ [LibraryClasses] DebugLib HobLib ArmLib + ArmMmuLib =20 [Ppis] gArmMpCoreInfoPpiGuid + gEdkiiMemoryAttributePpiGuid =20 [Guids] gArmMpCoreInfoGuid --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105306): https://edk2.groups.io/g/devel/message/105306 Mute This Topic: https://groups.io/mt/99131185/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105307+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105307+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025081; cv=none; d=zohomail.com; s=zohoarc; b=F2ZNYjY0xpx5g2N7LNB3Ed9Ol9q6K1XAxDGae3Dbv42uGENUfcM+a+DnOpTwwXT49keQcCHG0oSbfXwHulFgw1bFBc41eKAF0Ylg1LWvYXgtVjK4gOcM/zo7EQYlpU2CeJesMxITi3KsG5tgb4cckSLVCoKjFRDNSHSfvoZiryc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025081; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=e70mDWug1izz44+XjHrqPJ6wIxlrSNnSxz0VONNq8bU=; b=fh9RXUoZMLD1SLee+GW9N2Y0cptqkLCLvW9tIoiUwkaw/2dm+I+vosI9s4vVyDudM4M7Xv7dPy7uVMiGwFuyRCTJ2mf7fQU+rZA/kL21Lv50iPT6mOKY32YatQ1oFCfl9ytANhJpco1kCvMq/b1mkGoZriHYRO1TbC93lONW1G0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105307+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025081243425.682169394806; Thu, 25 May 2023 07:31:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id mBGLYY1788612xL7NdqNhMln; Thu, 25 May 2023 07:31:20 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.13286.1685025080172823124 for ; Thu, 25 May 2023 07:31:20 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A620064629; Thu, 25 May 2023 14:31:19 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8CC95C433EF; Thu, 25 May 2023 14:31:16 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 07/10] MdeModulePkg/PeiCore: Apply restricted permissions in image loader Date: Thu, 25 May 2023 16:30:38 +0200 Message-Id: <20230525143041.1172989-8-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: Rwyc7DhrWEXPd7wpc0528Uk4x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025080; bh=SHmfgaNdH3aJ/xq3CKfs7/zPN0YekGTIYHlmPir/tWQ=; h=Cc:Date:From:Reply-To:Subject:To; b=RDt6TX7QSH9+IgUq8K1aKnWCbGzz4tPEajTXFOF1iMvlnbIV8y2eIn4Ef6RPenL6uUf nguu7u+hoLJ9tEeKp7hKy276klRbwmfm/dCgZA0hKahUBjISI2cZSCRWA1pCPxqQEgF5m qAcEwG4mKtl3Rjg005kEkyyXnDOiRqNWizo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025081894100014 Content-Type: text/plain; charset="utf-8" Add a notification callback to the PEI core to grab a reference to the memory attributes PPI as soon as it is registered, and use it in the image loader to set restricted memory permissions after loading the image if the image was loaded into memory. There are two use cases for this: - when the DXE IPL loads the DXE core using the PEI image services, its mappings will be set according to the PE section permission attributes if the image was built with 4k section alignment; this means DXE core will never run with mappings that are both writable and executable. - when PEIMs are shadowed to memory, they will not only be mapped read-only, but any non-exec permissions will also be removed. (Note that this requires the component that installs PEI permanent memory to depex on the memory attributes PPI, to ensure that it is available to manage permissions on permanent memory before it is used to load images) With this logic in place *, there is no longer a need for system memory to be mapped with both write and execute permissions out of reset. Instead, all memory can be mapped with non-executable permissions by default, which means that the stack and other allocations used in PEI or early in DXE will no longer need to be mapped non-exec explicitly. * the DXE core will also need its own method for clearing non-exec permissions on memory ranges, but this is being addressed in a separate series. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Pei/Image/Image.c | 160 ++++++++++++++++++++ MdeModulePkg/Core/Pei/PeiMain.h | 6 + MdeModulePkg/Core/Pei/PeiMain.inf | 1 + 3 files changed, 167 insertions(+) diff --git a/MdeModulePkg/Core/Pei/Image/Image.c b/MdeModulePkg/Core/Pei/Im= age/Image.c index cee9f09c6ea61e31..3a7de45014b8f772 100644 --- a/MdeModulePkg/Core/Pei/Image/Image.c +++ b/MdeModulePkg/Core/Pei/Image/Image.c @@ -18,6 +18,50 @@ EFI_PEI_PPI_DESCRIPTOR gPpiLoadFilePpiList =3D { &mPeiLoadImagePpi }; =20 +/** + Provide a callback for when the memory attributes PPI is installed. + + @param PeiServices An indirect pointer to the EFI_PEI_SERVICES ta= ble + published by the PEI Foundation. + @param NotifyDescriptor The descriptor for the notification event. + @param Ppi Pointer to the PPI in question. + + @return Always success + +**/ +STATIC +EFI_STATUS +EFIAPI +MemoryAttributePpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + PEI_CORE_INSTANCE *PrivateData; + + // + // Get PEI Core private data + // + PrivateData =3D PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices); + + // + // If there isn't a memory attribute PPI installed, use the one from + // notification + // + if (PrivateData->MemoryAttributePpi =3D=3D NULL) { + PrivateData->MemoryAttributePpi =3D (EDKII_MEMORY_ATTRIBUTE_PPI *)Ppi; + } + + return EFI_SUCCESS; +} + +STATIC CONST EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList =3D { + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH | EFI_PEI_PPI_DESCRIPTOR_TERMINAT= E_LIST, + &gEdkiiMemoryAttributePpiGuid, + MemoryAttributePpiNotifyCallback +}; + /** =20 Support routine for the PE/COFF Loader that reads a buffer from a PE/COF= F file. @@ -243,6 +287,106 @@ GetPeCoffImageFixLoadingAssignedAddress ( return Status; } =20 +/** + Remap the memory region covering a loaded image so it can be executed. + + @param ImageContext Pointer to the image context structure that descr= ibes the + PE/COFF image that needs to be examined by this f= unction. + @param FileType The FFS file type of the image + @param ImageAddress The start of the memory region covering the image + @param ImageSize The size of the memory region covering the image + + @retval EFI_SUCCESS The image is ready to be executed + @retval EFI_OUT_OF_RESOURCES Not enough memory available to update the = memory + mapping + +**/ +STATIC +EFI_STATUS +RemapLoadedImageForExecution ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + IN EFI_FV_FILETYPE FileType, + IN PHYSICAL_ADDRESS ImageAddress, + IN UINT64 ImageSize + ) +{ + PEI_CORE_INSTANCE *Private; + EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; + EFI_IMAGE_SECTION_HEADER *Section; + PHYSICAL_ADDRESS SectionAddress; + EFI_STATUS Status; + UINT64 Permissions; + UINTN Index; + + Private =3D PEI_CORE_INSTANCE_FROM_PS_THIS (GetPeiServicesTablePointer (= )); + + if (Private->MemoryAttributePpi =3D=3D NULL) { + return EFI_SUCCESS; + } + + // + // PEI phase executables must be able to execute in place from read-only= NOR + // flash, and so they can be mapped read-only in their entirety. + // + if ((FileType =3D=3D EFI_FV_FILETYPE_PEI_CORE) || + (FileType =3D=3D EFI_FV_FILETYPE_PEIM) || + (FileType =3D=3D EFI_FV_FILETYPE_COMBINED_PEIM_DRIVER)) + { + return Private->MemoryAttributePpi->SetPermissions ( + Private->MemoryAttributePpi, + ImageAddress, + ImageSize, + EFI_MEMORY_RO, + EFI_MEMORY_XP + ); + } + + // + // Only PE images with minimum 4k section alignment can be remapped with + // restricted permissions. + // + if (ImageContext->IsTeImage || + (ImageContext->SectionAlignment < EFI_PAGE_SIZE)) + { + return EFI_UNSUPPORTED; + } + + Hdr.Union =3D (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((UINT8 *)ImageContext-= >Handle + + ImageContext->PeCoffHead= erOffset); + ASSERT (Hdr.Pe32->Signature =3D=3D EFI_IMAGE_NT_SIGNATURE); + + Section =3D (EFI_IMAGE_SECTION_HEADER *)((UINT8 *)Hdr.Union + sizeof (UI= NT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + Hdr.Pe32->FileHeader.SizeOfOption= alHeader + ); + + for (Index =3D 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++= ) { + SectionAddress =3D ImageContext->ImageAddress + Section[Index].Virtual= Address; + Permissions =3D 0; + + if ((Section[Index].Characteristics & EFI_IMAGE_SCN_MEM_WRITE) =3D=3D = 0) { + Permissions |=3D EFI_MEMORY_RO; + } + + if ((Section[Index].Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) =3D= =3D 0) { + Permissions |=3D EFI_MEMORY_XP; + } + + Status =3D Private->MemoryAttributePpi->SetPermissions ( + Private->MemoryAttributePpi, + SectionAddress, + Section[Index].Misc.VirtualSiz= e, + Permissions, + Permissions ^ EFI_MEMORY_RO ^ = EFI_MEMORY_XP + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + return EFI_SUCCESS; +} + /** =20 Loads and relocates a PE/COFF image into memory. @@ -456,9 +600,24 @@ LoadAndRelocatePeCoffImage ( =20 // // Flush the instruction cache so the image data is written before we ex= ecute it + // Also ensure that the pages are mapped for execution // if (ImageContext.ImageAddress !=3D (EFI_PHYSICAL_ADDRESS)(UINTN)Pe32Data= ) { InvalidateInstructionCacheRange ((VOID *)(UINTN)ImageContext.ImageAddr= ess, (UINTN)ImageContext.ImageSize); + + Status =3D RemapLoadedImageForExecution ( + &ImageContext, + FileInfo.FileType, + ImageContext.ImageAddress & ~(UINT64)EFI_PAGE_MASK, + ALIGN_VALUE ( + AlignImageSize + (ImageContext.ImageAddress & EFI_PAGE_MA= SK), + EFI_PAGE_SIZE + ) + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } } =20 *ImageAddress =3D ImageContext.ImageAddress; @@ -972,6 +1131,7 @@ InitializeImageServices ( // PrivateData->XipLoadFile =3D &gPpiLoadFilePpiList; PeiServicesInstallPpi (PrivateData->XipLoadFile); + PeiServicesNotifyPpi (&mNotifyList); } else { // // 2nd time we are running from memory so replace the XIP version with= the diff --git a/MdeModulePkg/Core/Pei/PeiMain.h b/MdeModulePkg/Core/Pei/PeiMai= n.h index 556beddad533989f..5499d53b0bbaf641 100644 --- a/MdeModulePkg/Core/Pei/PeiMain.h +++ b/MdeModulePkg/Core/Pei/PeiMain.h @@ -26,6 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include #include @@ -302,6 +303,11 @@ struct _PEI_CORE_INSTANCE { // EFI_GUID *TempFileGuid; =20 + // + // Pointer to the memory attribute PPI + // + EDKII_MEMORY_ATTRIBUTE_PPI *MemoryAttributePpi; + // // Temp Memory Range is not covered by PeiTempMem and Stack. // Those Memory Range will be migrated into physical memory. diff --git a/MdeModulePkg/Core/Pei/PeiMain.inf b/MdeModulePkg/Core/Pei/PeiM= ain.inf index 0cf357371a16d872..55d8eb3e862d6418 100644 --- a/MdeModulePkg/Core/Pei/PeiMain.inf +++ b/MdeModulePkg/Core/Pei/PeiMain.inf @@ -100,6 +100,7 @@ [Ppis] gEfiPeiReset2PpiGuid ## SOMETIMES_CONSUMES gEfiSecHobDataPpiGuid ## SOMETIMES_CONSUMES gEfiPeiCoreFvLocationPpiGuid ## SOMETIMES_CONSUMES + gEdkiiMemoryAttributePpiGuid ## SOMETIMES_CONSUMES =20 [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeiStackSize = ## CONSUMES --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105307): https://edk2.groups.io/g/devel/message/105307 Mute This Topic: https://groups.io/mt/99131192/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105308+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105308+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025084; cv=none; d=zohomail.com; s=zohoarc; b=Db7hzSP4Ff9Hvs3lFedafML7/CH9g9Tr/Eq6r5DAkYlEilEIRPhMPuKno9I2CHBfGqyBTeuyNDyUoggWiTdg1RbvzrGY5/Mvosg2ANFgJ7GancBI1v6nOY544ecwqa62dWIkp3lvpZgQT8dCj8tzSDva6WEuhK9VWKtoQtE+Hfg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025084; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=LaysgQ9UTPCE6qcEBUm+f3mhHOQpX4AipNWwff6sJEk=; b=TkHkPytupanFi8UZkHZ6l4ekyw82FB9qlWrm3/rpQ4nMziRUu/MvoLCq9wJoNm08aImeQUXnF8yCMEEhy1ncKoLpd4me143WaQZQII4OEP8K18AJ/e54fl2WPQVHyBos4Mq4zE4Vytq1Fdip3ZP2jeWULKXOZfDEJI/53VWZXYQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105308+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025084097124.24235031895546; Thu, 25 May 2023 07:31:24 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bTR0YY1788612xRz0v4iyyzY; Thu, 25 May 2023 07:31:23 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.13543.1685025083096221352 for ; Thu, 25 May 2023 07:31:23 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A1745645F3; Thu, 25 May 2023 14:31:22 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85DF0C433A1; Thu, 25 May 2023 14:31:19 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 08/10] MdeModulePkg/DxeIpl: Merge EBC, RISCV64 and LOONGARCH code Date: Thu, 25 May 2023 16:30:39 +0200 Message-Id: <20230525143041.1172989-9-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: eOo6AEZGnuWoViPL05TrsxbYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025083; bh=WD+W68DVwKd31ccl/To9VLK3KCiEfr04HhHbK1Tk2uo=; h=Cc:Date:From:Reply-To:Subject:To; b=WR4mzNPn5qf2HP58+uYhx113faaH/PHZRVWIs+lPlMvdPsPIM1FX6qST6BlzMFYt61g +LDm8ihBeX1+hmkE2a1O9lEjoxZjyaSTeHoU9tQw6AlKw3fSvn/oLMPWhXO4rCVP7j2ks dUUnFeuc/pfxPTRTl3IwrK1OqlWjm8g4xWo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025085883100001 Content-Type: text/plain; charset="utf-8" The Risc-V and LoongArch specific versions of the DXE core handoff code in DxeIpl are essentially copies of the EBC version (modulo the copyright in the header and some debug prints in the code). In preparation for introducing a generic PPI based method to implement the non-executable stack, let's merge these versions, so we only need to add this logic once. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/{Ebc/DxeLoadFunc.c =3D> DxeHandoff.c} | 2 +- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 10 +-- MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c | 63 ----= ------------ MdeModulePkg/Core/DxeIplPeim/RiscV64/DxeLoadFunc.c | 75 ----= ---------------- 4 files changed, 3 insertions(+), 147 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/Ebc/DxeLoadFunc.c b/MdeModulePkg/= Core/DxeIplPeim/DxeHandoff.c similarity index 92% rename from MdeModulePkg/Core/DxeIplPeim/Ebc/DxeLoadFunc.c rename to MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c index c1a16b602452218e..a0f85ebea56e6cba 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Ebc/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c @@ -1,5 +1,5 @@ /** @file - EBC-specific functionality for DxeLoad. + Generic version of arch-specific functionality for DxeLoad. =20 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 052ea0ec1a6f2771..60c998be6c1bad01 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -45,17 +45,11 @@ [Sources.X64] X64/VirtualMemory.c X64/DxeLoadFunc.c =20 -[Sources.EBC] - Ebc/DxeLoadFunc.c - [Sources.ARM, Sources.AARCH64] Arm/DxeLoadFunc.c =20 -[Sources.RISCV64] - RiscV64/DxeLoadFunc.c - -[Sources.LOONGARCH64] - LoongArch64/DxeLoadFunc.c +[Sources.LOONGARCH64,Sources.RISCV64,Sources.EBC] + DxeHandoff.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c b/MdeMo= dulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c deleted file mode 100644 index 95d3af19ea4c9f00..0000000000000000 --- a/MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c +++ /dev/null @@ -1,63 +0,0 @@ -/** @file - LoongArch specifc functionality for DxeLoad. - - Copyright (c) 2022, Loongson Technology Corporation Limited. All rights = reserved.
- - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "DxeIpl.h" - -/** - Transfers control to DxeCore. - - This function performs a CPU architecture specific operations to execute - the entry point of DxeCore with the parameters of HobList. - It also installs EFI_END_OF_PEI_PPI to signal the end of PEI phase. - - @param[in] DxeCoreEntryPoint The entry point of DxeCore. - @param[in] HobList The start of HobList passed to Dxe= Core. - -**/ -VOID -HandOffToDxeCore ( - IN EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint, - IN EFI_PEI_HOB_POINTERS HobList - ) -{ - VOID *BaseOfStack; - VOID *TopOfStack; - EFI_STATUS Status; - - // - // Allocate 128KB for the Stack - // - BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE)); - ASSERT (BaseOfStack !=3D NULL); - - // - // Compute the top of the stack we were allocated. Pre-allocate a UINTN - // for safety. - // - TopOfStack =3D (VOID *)((UINTN)BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SI= ZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT); - TopOfStack =3D ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); - - // - // End of PEI phase signal - // - Status =3D PeiServicesInstallPpi (&gEndOfPeiSignalPpi); - ASSERT_EFI_ERROR (Status); - - // - // Update the contents of BSP stack HOB to reflect the real stack info p= assed to DxeCore. - // - UpdateStackHob ((EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack, STACK_SIZE); - - SwitchStack ( - (SWITCH_STACK_ENTRY_POINT)(UINTN)DxeCoreEntryPoint, - HobList.Raw, - NULL, - TopOfStack - ); -} diff --git a/MdeModulePkg/Core/DxeIplPeim/RiscV64/DxeLoadFunc.c b/MdeModule= Pkg/Core/DxeIplPeim/RiscV64/DxeLoadFunc.c deleted file mode 100644 index b3567d88f73467e7..0000000000000000 --- a/MdeModulePkg/Core/DxeIplPeim/RiscV64/DxeLoadFunc.c +++ /dev/null @@ -1,75 +0,0 @@ -/** @file - RISC-V specific functionality for DxeLoad. - - Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All right= s reserved.
- - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "DxeIpl.h" - -/** - Transfers control to DxeCore. - - This function performs a CPU architecture specific operations to execute - the entry point of DxeCore with the parameters of HobList. - It also installs EFI_END_OF_PEI_PPI to signal the end of PEI phase. - - @param DxeCoreEntryPoint The entry point of DxeCore. - @param HobList The start of HobList passed to DxeCore. - -**/ -VOID -HandOffToDxeCore ( - IN EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint, - IN EFI_PEI_HOB_POINTERS HobList - ) -{ - VOID *BaseOfStack; - VOID *TopOfStack; - EFI_STATUS Status; - - // - // - // Allocate 128KB for the Stack - // - BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE)); - if (BaseOfStack =3D=3D NULL) { - DEBUG ((DEBUG_ERROR, "%a: Can't allocate memory for stack.", __func__)= ); - ASSERT (FALSE); - } - - // - // Compute the top of the stack we were allocated. Pre-allocate a UINTN - // for safety. - // - TopOfStack =3D (VOID *)((UINTN)BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SI= ZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT); - TopOfStack =3D ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); - - // - // End of PEI phase signal - // - Status =3D PeiServicesInstallPpi (&gEndOfPeiSignalPpi); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a: Fail to signal End of PEI event.", __func__)= ); - ASSERT (FALSE); - } - - // - // Update the contents of BSP stack HOB to reflect the real stack info p= assed to DxeCore. - // - UpdateStackHob ((EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack, STACK_SIZE); - - DEBUG ((DEBUG_INFO, "DXE Core new stack at %x, stack pointer at %x\n", B= aseOfStack, TopOfStack)); - - // - // Transfer the control to the entry point of DxeCore. - // - SwitchStack ( - (SWITCH_STACK_ENTRY_POINT)(UINTN)DxeCoreEntryPoint, - HobList.Raw, - NULL, - TopOfStack - ); -} --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105308): https://edk2.groups.io/g/devel/message/105308 Mute This Topic: https://groups.io/mt/99131195/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105309+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105309+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025087; cv=none; d=zohomail.com; s=zohoarc; b=GoSVQMaXcF+MhLnYw1kx8TPp+/NfCQJmyFlz2XRzP++5bfxOUaRelh34zg+OcziQp6fqjCy5w1fmNZsASefrXvbOU8z77USc22OfihreuQbqGeFGy2mD1IjYi9ghfPOnX4aloQ/WYWpXu5lGMD1TeBhl+T1O5czesUR3TuRoNtE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025087; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KVR+Dze/z2KzRjoYricb6/vW9ka60dzh9rdGDnFrpuo=; b=Iv97AikOYcmt96z0MfFNqsQ8EtK0BnkqL/lmhEmJpwP1MExtZeCAo11n17WrEzQNHSSbDbxQDOsUykZ4vho/yHHZkc5dRsZcdM5TZPdL/H47V9ABOKb4ipQKQ1D2HWtn2Z0+7kEclmssmxkpgavi4/s0qtn2btAcCj7fMYb4UPY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105309+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025087014878.9724256059196; Thu, 25 May 2023 07:31:27 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id JSEIYY1788612xsoyPyaoaSC; Thu, 25 May 2023 07:31:26 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.13287.1685025086076089494 for ; Thu, 25 May 2023 07:31:26 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9B02561489; Thu, 25 May 2023 14:31:25 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 802A8C433EF; Thu, 25 May 2023 14:31:22 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX Date: Thu, 25 May 2023 16:30:40 +0200 Message-Id: <20230525143041.1172989-10-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 1gFpiHQMBFwxRfrH7isTtc5cx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025086; bh=YLtSY9DmL/ntmG/tyK9FbLc37CmYBtHQs7H6snmCfdg=; h=Cc:Date:From:Reply-To:Subject:To; b=axK0/FD0dM/J59VHmfWLpfzD+okytfOezbExWZRDWxEvQPW5DpYp+dyYaenY7jd7FgN KtU3/8e8SwrI0thVJSNEayRXfUHsaWBq63/5lNAht7WJN1J8LQJF/+IlpcK4098WacDXZ 8p8Q7dQ5BD0y8G0cVBSuqVhXt4E3dFOmnlo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025088652100007 Content-Type: text/plain; charset="utf-8" If the associated PCD is set to TRUE, use the memory attribute PPI to remap the stack non-executable. This provides a generic method for doing so, which will be used by ARM and AArch64 as well once they move to the generic DxeIpl handoff implementation. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 29 ++++++++++++++++++-- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +++- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c b/MdeModulePkg/Core/= DxeIplPeim/DxeHandoff.c index a0f85ebea56e6cba..22caabb02840ba88 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c @@ -2,12 +2,15 @@ Generic version of arch-specific functionality for DxeLoad. =20 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2023, Google, LLC. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 #include "DxeIpl.h" =20 +#include + /** Transfers control to DxeCore. =20 @@ -25,9 +28,10 @@ HandOffToDxeCore ( IN EFI_PEI_HOB_POINTERS HobList ) { - VOID *BaseOfStack; - VOID *TopOfStack; - EFI_STATUS Status; + VOID *BaseOfStack; + VOID *TopOfStack; + EFI_STATUS Status; + EDKII_MEMORY_ATTRIBUTE_PPI *MemoryPpi; =20 // // Allocate 128KB for the Stack @@ -35,6 +39,25 @@ HandOffToDxeCore ( BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE)); ASSERT (BaseOfStack !=3D NULL); =20 + if (PcdGetBool (PcdSetNxForStack)) { + Status =3D PeiServicesLocatePpi ( + &gEdkiiMemoryAttributePpiGuid, + 0, + NULL, + (VOID **)&MemoryPpi + ); + ASSERT_EFI_ERROR (Status); + + Status =3D MemoryPpi->SetPermissions ( + MemoryPpi, + (UINTN)BaseOfStack, + STACK_SIZE, + EFI_MEMORY_XP, + 0 + ); + ASSERT_EFI_ERROR (Status); + } + // // Compute the top of the stack we were allocated. Pre-allocate a UINTN // for safety. diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 60c998be6c1bad01..7126a96d8378d1f8 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -91,6 +91,7 @@ [Ppis] gEfiPeiMemoryDiscoveredPpiGuid ## SOMETIMES_CONSUMES gEdkiiPeiBootInCapsuleOnDiskModePpiGuid ## SOMETIMES_CONSUMES gEdkiiPeiCapsuleOnDiskPpiGuid ## SOMETIMES_CONSUMES # Consume= d on firmware update boot path + gEdkiiMemoryAttributePpiGuid ## SOMETIMES_CONSUMES =20 [Guids] ## SOMETIMES_CONSUMES ## Variable:L"MemoryTypeInformation" @@ -117,10 +118,12 @@ [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES =20 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM= ES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES =20 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES + [Depex] gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid =20 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105309): https://edk2.groups.io/g/devel/message/105309 Mute This Topic: https://groups.io/mt/99131196/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 08:53:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105310+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105310+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025090; cv=none; d=zohomail.com; s=zohoarc; b=R0mq+J173ZE+x2N7e1cENP9Cu4GjSEljYncibjKsvem/ZK5MkV2Q/hx/3sZjp+kJf6NYhxLQlEEpgGt5Ay0FbhkDRF0bIMjh0paFnMVUkgX372wErw8j0uGfZvLoTnL4J/TSTidjtEdh6sfvEgnjIlxjkOdgSwILFj/kfmyPyC8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025090; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=gHY08XtmWLCNrceIA5jLGA1rwATQiLCV41Ccuas+3xg=; b=UwHWwy3ZOULIxv4kaqDTK4+FttPYXpvJD0FUQjtvXuk7SE5AJ+L6EWiXf1gMp/zQbnFNGfhFQfAQ/yZ9UsHeC5Fw5En4MH408xUE8fyWDjYntVMZH5S+zfkZ3p1niUAUC1GFpI12u4PxQXL72xfk0EYNmfh/pn3WGw7o7nGphRo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105310+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025090152537.1455200330721; Thu, 25 May 2023 07:31:30 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ScMyYY1788612x5X3RBpaqWz; Thu, 25 May 2023 07:31:29 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.13289.1685025089047176997 for ; Thu, 25 May 2023 07:31:29 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 93F23645DC; Thu, 25 May 2023 14:31:28 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 79C24C4339B; Thu, 25 May 2023 14:31:25 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 10/10] MdeModulePkg/DxeIpl ARM AARCH64: Switch to generic handoff code Date: Thu, 25 May 2023 16:30:41 +0200 Message-Id: <20230525143041.1172989-11-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: pxUT6n8PsYc1y9Pji7fvbVsWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025089; bh=pKBQd0ZPk5aDEXgV4thkO2Zroc9e0g974vuIs7FXZvk=; h=Cc:Date:From:Reply-To:Subject:To; b=rctmOpBKPXSL9IhaBO7FfCEWCmI36gWBDygCdiUYS4Qdj8rbU4RqnzwfcWwiER//4B4 mM8aTuvF64wmhltxK3etcxCL+vmxf0dbAYLrYpR6MEj0YUY34c7zHOSOr+r/DtavYTMM5 Iei+DOq4NGZnCiYc20SnFTPdX7iQRqCwC2U= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025090731100009 Content-Type: text/plain; charset="utf-8" Now that we have a generic method to manage memory permissions using a PPI, we can switch to the generic version of the DXE handoff code in DxeIpl, and drop the ARM specific version. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c | 71 -------------------- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 11 +-- 2 files changed, 1 insertion(+), 81 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c b/MdeModulePkg/= Core/DxeIplPeim/Arm/DxeLoadFunc.c deleted file mode 100644 index f62b6dcb38a702d7..0000000000000000 --- a/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c +++ /dev/null @@ -1,71 +0,0 @@ -/** @file - ARM specifc functionality for DxeLoad. - -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
-Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
- -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "DxeIpl.h" - -#include - -/** - Transfers control to DxeCore. - - This function performs a CPU architecture specific operations to execute - the entry point of DxeCore with the parameters of HobList. - It also installs EFI_END_OF_PEI_PPI to signal the end of PEI phase. - - @param DxeCoreEntryPoint The entry point of DxeCore. - @param HobList The start of HobList passed to DxeCore. - -**/ -VOID -HandOffToDxeCore ( - IN EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint, - IN EFI_PEI_HOB_POINTERS HobList - ) -{ - VOID *BaseOfStack; - VOID *TopOfStack; - EFI_STATUS Status; - - // - // Allocate 128KB for the Stack - // - BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE)); - ASSERT (BaseOfStack !=3D NULL); - - if (PcdGetBool (PcdSetNxForStack)) { - Status =3D ArmSetMemoryRegionNoExec ((UINTN)BaseOfStack, STACK_SIZE); - ASSERT_EFI_ERROR (Status); - } - - // - // Compute the top of the stack we were allocated. Pre-allocate a UINTN - // for safety. - // - TopOfStack =3D (VOID *)((UINTN)BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SI= ZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT); - TopOfStack =3D ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); - - // - // End of PEI phase singal - // - Status =3D PeiServicesInstallPpi (&gEndOfPeiSignalPpi); - ASSERT_EFI_ERROR (Status); - - // - // Update the contents of BSP stack HOB to reflect the real stack info p= assed to DxeCore. - // - UpdateStackHob ((EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack, STACK_SIZE); - - SwitchStack ( - (SWITCH_STACK_ENTRY_POINT)(UINTN)DxeCoreEntryPoint, - HobList.Raw, - NULL, - TopOfStack - ); -} diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 7126a96d8378d1f8..f1990eac77607854 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -45,19 +45,13 @@ [Sources.X64] X64/VirtualMemory.c X64/DxeLoadFunc.c =20 -[Sources.ARM, Sources.AARCH64] - Arm/DxeLoadFunc.c - -[Sources.LOONGARCH64,Sources.RISCV64,Sources.EBC] +[Sources.LOONGARCH64,Sources.RISCV64,Sources.EBC,Sources.ARM,Sources.AARCH= 64] DxeHandoff.c =20 [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec =20 -[Packages.ARM, Packages.AARCH64] - ArmPkg/ArmPkg.dec - [LibraryClasses] PcdLib MemoryAllocationLib @@ -74,9 +68,6 @@ [LibraryClasses] PeiServicesTablePointerLib PerformanceLib =20 -[LibraryClasses.ARM, LibraryClasses.AARCH64] - ArmMmuLib - [Ppis] gEfiDxeIplPpiGuid ## PRODUCES gEfiPeiDecompressPpiGuid ## PRODUCES --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105310): https://edk2.groups.io/g/devel/message/105310 Mute This Topic: https://groups.io/mt/99131200/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-