From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: "Ard Biesheuvel" <ardb@kernel.org>,
"Michael Kinney" <michael.d.kinney@intel.com>,
"Liming Gao" <gaoliming@byosoft.com.cn>,
"Jiewen Yao" <jiewen.yao@intel.com>,
"Michael Kubacki" <michael.kubacki@microsoft.com>,
"Sean Brogan" <sean.brogan@microsoft.com>,
"Rebecca Cran" <quic_rcran@quicinc.com>,
"Leif Lindholm" <quic_llindhol@quicinc.com>,
"Sami Mujawar" <sami.mujawar@arm.com>,
"Taylor Beebe" <t@taylorbeebe.com>,
"Marvin Häuser" <mhaeuser@posteo.de>
Subject: [PATCH 0/3] Apply NX protections more strictly
Date: Wed, 8 Feb 2023 18:58:09 +0100 [thread overview]
Message-ID: <20230208175812.700129-1-ardb@kernel.org> (raw)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1975 bytes --]
This fixes an issue reported by Marvin, where NX memory protections are
applied in a rather unreliable manner, resulting in the possibility that
memory mappings may exist that are using different attributes than
intended.
The reason for this approach was that applying memory protections
eagerly (i.e., after every alloc/free even if the memory attributes are
not expected to change as a result) may result in unbounded recursion in
the page table code, due to the fact that the page tables it allocates
need to be remapped with the correct attributes as well.
This has not been reported as being an issue on x86, but on ARM, this
needs a couple of fixes so that converting between EfiConventionalMemory
and EfiBootServicesData will never trigger a block entry split. With
that fixed, we can just remove the shortcut from DXE core and always
call SetMemoryAttributes.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3316
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Rebecca Cran <quic_rcran@quicinc.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Taylor Beebe <t@taylorbeebe.com>
Cc: Marvin Häuser <mhaeuser@posteo.de>
Ard Biesheuvel (3):
ArmPkg/ArmMmuLib: Avoid splitting block entries if possible
ArmPkg/CpuDxe: Perform preliminary NX remap of free memory
MdeModulePkg/DxeCore: Unconditionally set memory protections
ArmPkg/Drivers/CpuDxe/CpuDxe.c | 77 ++++++++++++++++++++
ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 2 +
ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 9 +++
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 29 --------
4 files changed, 88 insertions(+), 29 deletions(-)
--
2.39.1
next reply other threads:[~2023-02-08 17:58 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-08 17:58 Ard Biesheuvel [this message]
2023-02-08 17:58 ` [PATCH 1/3] ArmPkg/ArmMmuLib: Avoid splitting block entries if possible Ard Biesheuvel
2023-02-08 17:58 ` [PATCH 2/3] ArmPkg/CpuDxe: Perform preliminary NX remap of free memory Ard Biesheuvel
2023-02-08 18:32 ` Marvin Häuser
2023-02-08 18:49 ` [edk2-devel] " Ard Biesheuvel
2023-02-08 18:57 ` Taylor Beebe
2023-02-08 22:52 ` Ard Biesheuvel
2023-02-08 17:58 ` [PATCH 3/3] MdeModulePkg/DxeCore: Unconditionally set memory protections Ard Biesheuvel
2023-02-08 18:25 ` Ard Biesheuvel
2023-02-08 18:55 ` Marvin Häuser
2023-02-08 19:12 ` Taylor Beebe
2023-02-08 22:08 ` Ard Biesheuvel
2023-02-08 22:24 ` Taylor Beebe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230208175812.700129-1-ardb@kernel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox