[PATCH 3/3] MdeModulePkg/DxeCore: Unconditionally set memory protections

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: "Ard Biesheuvel" <ardb@kernel.org>,
	"Michael Kinney" <michael.d.kinney@intel.com>,
	"Liming Gao" <gaoliming@byosoft.com.cn>,
	"Jiewen Yao" <jiewen.yao@intel.com>,
	"Michael Kubacki" <michael.kubacki@microsoft.com>,
	"Sean Brogan" <sean.brogan@microsoft.com>,
	"Rebecca Cran" <quic_rcran@quicinc.com>,
	"Leif Lindholm" <quic_llindhol@quicinc.com>,
	"Sami Mujawar" <sami.mujawar@arm.com>,
	"Taylor Beebe" <t@taylorbeebe.com>,
	"Marvin Häuser" <mhaeuser@posteo.de>
Subject: [PATCH 3/3] MdeModulePkg/DxeCore: Unconditionally set memory protections
Date: Wed,  8 Feb 2023 18:58:12 +0100	[thread overview]
Message-ID: <20230208175812.700129-4-ardb@kernel.org> (raw)
In-Reply-To: <20230208175812.700129-1-ardb@kernel.org>

Instead of relying on a questionable heuristic that avoids calling into
the SetMemoryAttributes () DXE service when the old memory type and the
new one are subjected to the same NX memory protection policy, make this
call unconditionally. This avoids corner cases where memory region
attributes are out of sync with the policy, either due to the fact that
we are in the middle of ramping up the protections, or due to explicit
invocations of SetMemoryAttributes() by drivers.

This requires the architecture page table code to be able to deal with
this, in particular, it needs to be robust against potential recursion
due to NX policies being applied to newly allocated page tables.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 29 --------------------
 1 file changed, 29 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index 36987843f142..503feb72b5d0 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -1263,9 +1263,7 @@ ApplyMemoryProtectionPolicy (
   IN  UINT64                Length
   )
 {
-  UINT64      OldAttributes;
   UINT64      NewAttributes;
-  EFI_STATUS  Status;
 
   //
   // The policy configured in PcdDxeNxMemoryProtectionPolicy
@@ -1320,32 +1318,5 @@ ApplyMemoryProtectionPolicy (
   //
   NewAttributes = GetPermissionAttributeForMemoryType (NewType);
 
-  if (OldType != EfiMaxMemoryType) {
-    OldAttributes = GetPermissionAttributeForMemoryType (OldType);
-    if (!mAfterDxeNxMemoryProtectionInit &&
-        (OldAttributes == NewAttributes)) {
-      return EFI_SUCCESS;
-    }
-
-    //
-    // If available, use the EFI memory attribute protocol to obtain
-    // the current attributes of the region. If the entire region is
-    // covered and the attributes match, we don't have to do anything.
-    //
-    if (mMemoryAttribute != NULL) {
-      Status = mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute,
-                                                      Memory,
-                                                      Length,
-                                                      &OldAttributes
-                                                      );
-      if (!EFI_ERROR (Status) && (OldAttributes == NewAttributes)) {
-        return EFI_SUCCESS;
-      }
-    }
-  } else if (NewAttributes == 0) {
-    // newly added region of a type that does not require protection
-    return EFI_SUCCESS;
-  }
-
   return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes);
 }
-- 
2.39.1

next prev parent reply	other threads:[~2023-02-08 17:58 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-08 17:58 [PATCH 0/3] Apply NX protections more strictly Ard Biesheuvel
2023-02-08 17:58 ` [PATCH 1/3] ArmPkg/ArmMmuLib: Avoid splitting block entries if possible Ard Biesheuvel
2023-02-08 17:58 ` [PATCH 2/3] ArmPkg/CpuDxe: Perform preliminary NX remap of free memory Ard Biesheuvel
2023-02-08 18:32   ` Marvin Häuser
2023-02-08 18:49     ` [edk2-devel] " Ard Biesheuvel
2023-02-08 18:57       ` Taylor Beebe
2023-02-08 22:52         ` Ard Biesheuvel
2023-02-08 17:58 ` Ard Biesheuvel [this message]
2023-02-08 18:25   ` [PATCH 3/3] MdeModulePkg/DxeCore: Unconditionally set memory protections Ard Biesheuvel
2023-02-08 18:55     ` Marvin Häuser
2023-02-08 19:12     ` Taylor Beebe
2023-02-08 22:08       ` Ard Biesheuvel
2023-02-08 22:24         ` Taylor Beebe

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:36987843f14 dfblob:503feb72b5d )
 OR (
bs:"[PATCH 3/3] MdeModulePkg/DxeCore: Unconditionally set memory protections" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230208175812.700129-4-ardb@kernel.org \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox