From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.68453.1675722081932082835
 for <devel@edk2.groups.io>;
 Mon, 06 Feb 2023 14:21:22 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VYJDTnvH;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 729A261047;
	Mon,  6 Feb 2023 22:21:21 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B106FC433A1;
	Mon,  6 Feb 2023 22:21:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1675722080;
	bh=BYjXUcSOzPwyzMxUv7wsoEhxEN2DnUJ2yVDq8GOubOc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=VYJDTnvHhLBIcFLOavk3mi4f7ESeDVH5Kuo0Bf2Pmf+uhs4fKZJD2d6k+5br7hB2J
	 dSYFJubBSipsIHpFywB7RMMDcPP9aCL6ylGtriaN1O89r9yxm8YtdWMiG9NFN8ozTY
	 ARDegb4FXHaXbIRB+AErvvabXGo4Ou8uTLFjD4q041aUkxqcTtzPYJFcxmFbLErouv
	 AIdfxjXqxBHndz+9IGZTV8UrokjZmNrQQ3aveyF5JR6OGjQUHsWYppz6MH3u2CxFFz
	 QtnfH+ZRAfAg/bIbBk+gTF2tltDWyiyxhymbFZoh9MZmxVMZkuKJVWjBFYpqYf5Gdz
	 Fx79ay3pZwjWA==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>
Subject: [NOT FOR MERGE v3 5/5] MdeModulePkg/DxeCore: add DEBUG code for memory
 attribute handling
Date: Mon,  6 Feb 2023 23:21:00 +0100
Message-Id: <20230206222100.411169-6-ardb@kernel.org>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230206222100.411169-1-ardb@kernel.org>
References: <20230206222100.411169-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

NOT FOR MERGE=0D
=0D
Add some DEBUG code to double check that the memory attributes have been=0D
modified as expected by the code that manages read-only and/or non-exec=0D
permissions for page allocations and loaded images.=0D
---=0D
 MdeModulePkg/Core/Dxe/DxeMain.inf             |  1 +=0D
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 79 +++++++++++++++++++-=0D
 2 files changed, 77 insertions(+), 3 deletions(-)=0D
=0D
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeM=
ain.inf=0D
index 35d5bf0dee6f..87caff8289ee 100644=0D
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf=0D
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf=0D
@@ -154,6 +154,7 @@ [Protocols]=0D
   gEfiHiiPackageListProtocolGuid                ## SOMETIMES_PRODUCES=0D=0D
   gEfiSmmBase2ProtocolGuid                      ## SOMETIMES_CONSUMES=0D=0D
   gEdkiiPeCoffImageEmulatorProtocolGuid         ## SOMETIMES_CONSUMES=0D=0D
+  gEfiMemoryAttributeProtocolGuid               ## SOMETIMES_CONSUMES=0D=0D
 =0D=0D
   # Arch Protocols=0D=0D
   gEfiBdsArchProtocolGuid                       ## CONSUMES=0D=0D
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C=
ore/Dxe/Misc/MemoryProtection.c=0D
index b89ab046fa73..18b5a1d2b69d 100644=0D
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c=0D
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c=0D
@@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
 #include <Guid/MemoryAttributesTable.h>=0D=0D
 =0D=0D
 #include <Protocol/FirmwareVolume2.h>=0D=0D
+#include <Protocol/MemoryAttribute.h>=0D=0D
 #include <Protocol/SimpleFileSystem.h>=0D=0D
 =0D=0D
 #include "DxeMain.h"=0D=0D
@@ -66,6 +67,8 @@ extern LIST_ENTRY  mGcdMemorySpaceMap;=0D
 =0D=0D
 STATIC LIST_ENTRY  mProtectedImageRecordList;=0D=0D
 =0D=0D
+EFI_MEMORY_ATTRIBUTE_PROTOCOL  *mMemoryAttribute;=0D=0D
+=0D=0D
 /**=0D=0D
   Sort code section in image record, based upon CodeSegmentBase from low t=
o high.=0D=0D
 =0D=0D
@@ -226,6 +229,33 @@ SetUefiImageMemoryAttributes (=0D
 =0D=0D
   ASSERT (gCpu !=3D NULL);=0D=0D
   gCpu->SetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes);=
=0D=0D
+=0D=0D
+  DEBUG_CODE_BEGIN ();=0D=0D
+=0D=0D
+    UINT64                                OldAttributes;=0D=0D
+    EFI_STATUS                            Status;=0D=0D
+=0D=0D
+    if (mMemoryAttribute !=3D NULL) {=0D=0D
+      Status =3D mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute,=
=0D=0D
+                                                      BaseAddress,=0D=0D
+                                                      Length,=0D=0D
+                                                      &OldAttributes=0D=0D
+                                                      );=0D=0D
+      ASSERT_EFI_ERROR (Status);=0D=0D
+=0D=0D
+      FinalAttributes &=3D EFI_MEMORY_ATTRIBUTE_MASK;=0D=0D
+      if (FinalAttributes !=3D OldAttributes) {=0D=0D
+        DEBUG ((DEBUG_WARN,=0D=0D
+                "%a: Expected 0x%llx for new attributes, actual 0x%llx\n",=
=0D=0D
+                __FUNCTION__,=0D=0D
+                FinalAttributes,=0D=0D
+                OldAttributes=0D=0D
+                ));=0D=0D
+        ASSERT (FALSE);=0D=0D
+      }=0D=0D
+    }=0D=0D
+=0D=0D
+  DEBUG_CODE_END ();=0D=0D
 }=0D=0D
 =0D=0D
 /**=0D=0D
@@ -995,6 +1025,16 @@ MemoryProtectionCpuArchProtocolNotify (=0D
     goto Done;=0D=0D
   }=0D=0D
 =0D=0D
+  DEBUG_CODE_BEGIN ();=0D=0D
+    //=0D=0D
+    // Grab a reference to the EFI memory attributes table if it exists=0D=
=0D
+    //=0D=0D
+    CoreLocateProtocol (&gEfiMemoryAttributeProtocolGuid,=0D=0D
+                        NULL,=0D=0D
+                        (VOID **)&mMemoryAttribute=0D=0D
+                        );=0D=0D
+  DEBUG_CODE_END ();=0D=0D
+=0D=0D
   //=0D=0D
   // Apply the memory protection policy on non-BScode/RTcode regions.=0D=0D
   //=0D=0D
@@ -1246,8 +1286,9 @@ ApplyMemoryProtectionPolicy (=0D
   IN  UINT64                Length=0D=0D
   )=0D=0D
 {=0D=0D
-  UINT64  OldAttributes;=0D=0D
-  UINT64  NewAttributes;=0D=0D
+  UINT64      OldAttributes;=0D=0D
+  UINT64      NewAttributes;=0D=0D
+  EFI_STATUS  Status;=0D=0D
 =0D=0D
   //=0D=0D
   // The policy configured in PcdDxeNxMemoryProtectionPolicy=0D=0D
@@ -1313,5 +1354,37 @@ ApplyMemoryProtectionPolicy (=0D
     return EFI_SUCCESS;=0D=0D
   }=0D=0D
 =0D=0D
-  return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes);=
=0D=0D
+  Status =3D gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttribute=
s);=0D=0D
+  if (EFI_ERROR (Status)) {=0D=0D
+    return Status;=0D=0D
+  }=0D=0D
+=0D=0D
+  DEBUG_CODE_BEGIN ();=0D=0D
+=0D=0D
+    //=0D=0D
+    // If available, use the EFI memory attribute protocol to double=0D=0D
+    // check that the entire region has the expected attributes.=0D=0D
+    //=0D=0D
+    if (mMemoryAttribute !=3D NULL) {=0D=0D
+      Status =3D mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute,=
=0D=0D
+                                                      Memory,=0D=0D
+                                                      Length,=0D=0D
+                                                      &OldAttributes=0D=0D
+                                                      );=0D=0D
+      ASSERT_EFI_ERROR (Status);=0D=0D
+=0D=0D
+      if (OldAttributes !=3D NewAttributes) {=0D=0D
+        DEBUG ((DEBUG_WARN,=0D=0D
+                "%a: Expected 0x%llx for new attributes, actual 0x%llx\n",=
=0D=0D
+                __FUNCTION__,=0D=0D
+                NewAttributes,=0D=0D
+                OldAttributes=0D=0D
+                ));=0D=0D
+        ASSERT (FALSE);=0D=0D
+      }=0D=0D
+    }=0D=0D
+=0D=0D
+  DEBUG_CODE_END ();=0D=0D
+=0D=0D
+  return EFI_SUCCESS;=0D=0D
 }=0D=0D
-- =0D
2.39.1=0D
=0D