This fixes an issue reported by Marvin, where NX memory protections are

applied in a rather unreliable manner, resulting in the possibility that

memory mappings may exist that are using different attributes than

intended.



The reason for this approach was that applying memory protections

eagerly (i.e., after every alloc/free even if the memory attributes are

not expected to change as a result) may result in unbounded recursion in

the page table code, due to the fact that the page tables it allocates

need to be remapped with the correct attributes as well.



This has not been reported as being an issue on x86, but on ARM, this

needs a couple of fixes so that converting between EfiConventionalMemory

and EfiBootServicesData will never trigger a block entry split. With

that fixed, we can just remove the shortcut from DXE core and always

call SetMemoryAttributes.



Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3316



Cc: Michael Kinney <michael.d.kinney@intel.com>

Cc: Liming Gao <gaoliming@byosoft.com.cn>

Cc: Jiewen Yao <jiewen.yao@intel.com>

Cc: Michael Kubacki <michael.kubacki@microsoft.com>

Cc: Sean Brogan <sean.brogan@microsoft.com>

Cc: Rebecca Cran <quic_rcran@quicinc.com>

Cc: Leif Lindholm <quic_llindhol@quicinc.com>

Cc: Sami Mujawar <sami.mujawar@arm.com>

Cc: Taylor Beebe <t@taylorbeebe.com>

Cc: Marvin Häuser <mhaeuser@posteo.de>



Ard Biesheuvel (3):

  ArmPkg/ArmMmuLib: Avoid splitting block entries if possible

  ArmPkg/CpuDxe: Perform preliminary NX remap of free memory

  MdeModulePkg/DxeCore: Unconditionally set memory protections



 ArmPkg/Drivers/CpuDxe/CpuDxe.c                   | 77 ++++++++++++++++++++

 ArmPkg/Drivers/CpuDxe/CpuDxe.inf                 |  2 +

 ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c |  9 +++

 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c    | 29 --------

 4 files changed, 88 insertions(+), 29 deletions(-)



-- 

2.39.1