From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.16818.1676301536190477923
 for <devel@edk2.groups.io>;
 Mon, 13 Feb 2023 07:18:56 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SHeUT/vk;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 9C20961124;
	Mon, 13 Feb 2023 15:18:55 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 69347C433A0;
	Mon, 13 Feb 2023 15:18:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1676301535;
	bh=6LWzI2srW7MWghDOxweqAoGE3YmclpYTuTyp3sPSlKQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=SHeUT/vk/m0hg1G4shSwFEc0XGTTD48eWhIdcNSHLy2j7YInbT66uvOxQv0OlnkJm
	 vN7jNCjDJpWdXznGe/DQUV0vIEyz8HMdHB7KOrpT8Q9ScghF/BK1WY7hNkAuBLVbvL
	 inW2WdadSuiMQIO8vSEjzR0dMV0KDoKK/CXcH0DhyCnIUODXelY/1w0eeHJWHDxau1
	 sUO3rw0cXNRLGRyEjNx/99MniwPE5Q3b9fKQnVZkKshjdVYMN0S+gY+/en5V5+pSOC
	 Q8GnNA4UtiF7Ha4dqH+4JQ9JsLaEJ5B2zZODoIn+/P3upv04g4h0iMdBqB++jikv0+
	 lvpQIQQJUFwWQ==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Matthew Garrett <mjg59@srcf.ucam.org>,
	Peter Jones <pjones@redhat.com>,
	Kees Cook <keescook@chromium.org>
Subject: [RFC 09/13] ArmVirtPkg/ArmVirtQemu: Use XP memory mappings by default
Date: Mon, 13 Feb 2023 16:18:06 +0100
Message-Id: <20230213151810.2301480-10-ardb@kernel.org>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230213151810.2301480-1-ardb@kernel.org>
References: <20230213151810.2301480-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Now that all the plumbing is in place, we can switch to a default policy
of XP for all memory mappings straight out of reset. This reduces the
risk of running with memory ranges mapped as both writable and
executable at the same time.

Note this this requires the overlay library to be added to the DXE core,
as otherwise, it will not be able to dispatch the CPU arch protocol DXE
driver (or any other DXE driver for that matter), as it would lack the
ability to grant executable permissions to those executables.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmVirtPkg/ArmVirtQemu.dsc                                 | 1 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc                           | 1 +
 ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 0f1c6395488a..dd4c84ae6eb9 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -372,6 +372,7 @@ [Components.common]
   #=0D
   MdeModulePkg/Core/Dxe/DxeMain.inf {=0D
     <LibraryClasses>=0D
+      NULL|ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.=
inf=0D
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32Gu=
idedSectionExtractLib.inf=0D
       DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf=
=0D
   }=0D
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne=
l.dsc
index 807c85d48285..1ea49fd32e9c 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -278,6 +278,7 @@ [Components.common]
   #=0D
   MdeModulePkg/Core/Dxe/DxeMain.inf {=0D
     <LibraryClasses>=0D
+      NULL|ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.=
inf=0D
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32Gu=
idedSectionExtractLib.inf=0D
       DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf=
=0D
   }=0D
diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c b/A=
rmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
index 9cf43f06c073..aa083cec2082 100644
--- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
+++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
@@ -91,7 +91,7 @@ ArmVirtGetMemoryMap (
   VirtualMemoryTable[0].PhysicalBase =3D PcdGet64 (PcdSystemMemoryBase);=0D
   VirtualMemoryTable[0].VirtualBase  =3D VirtualMemoryTable[0].PhysicalBas=
e;=0D
   VirtualMemoryTable[0].Length       =3D *(UINT64 *)GET_GUID_HOB_DATA (Mem=
orySizeHob);=0D
-  VirtualMemoryTable[0].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK;=0D
+  VirtualMemoryTable[0].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK_XP;=0D
 =0D
   DEBUG ((=0D
     DEBUG_INFO,=0D
--=20
2.39.1