From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by mx.groups.io with SMTP id smtpd.web10.16816.1676301531989068889
 for <devel@edk2.groups.io>;
 Mon, 13 Feb 2023 07:18:52 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=H4mLdtku;
 spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id 49167B8125E;
	Mon, 13 Feb 2023 15:18:50 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F967C433A1;
	Mon, 13 Feb 2023 15:18:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1676301528;
	bh=VT5I70zSQBSr7Qrw18DPm4L/7P7fYnduV5ESvFReyzI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=H4mLdtkueQy/45miVnoeb5/lIE4ITroXJsv798Wtows3oib/+HRVuJm8MyHokEgmr
	 nrc0Eqnq3VVpmRodvVnMbMMemSsU6b/f8aeH80GhAGKTe4EZqIByFXjIgEz7EOh9X4
	 2LvjSuxBzhsUE34za4cSEXrjhkl80d/goMzs6Ugv6XKXaRW/qNbgfGb5rLf8A/IMmH
	 rrixcr3qPSvG8lQu8MtyDdvITXwn7iu5jK7QNYcTXSagq3eA1NtfatnNEmtU9qmVx5
	 gW1PgQ3xuItSSVmXYmGPNrg+4xAS1lRy/HhEOH6z/LFB+EJ0QfWyDo8Bix2jeGa6MB
	 SPkmKGvS8OkpQ==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Matthew Garrett <mjg59@srcf.ucam.org>,
	Peter Jones <pjones@redhat.com>,
	Kees Cook <keescook@chromium.org>
Subject: [RFC 07/13] MdeModulePkg/DxeCore: Permit preliminary CPU arch fallback
Date: Mon, 13 Feb 2023 16:18:04 +0100
Message-Id: <20230213151810.2301480-8-ardb@kernel.org>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230213151810.2301480-1-ardb@kernel.org>
References: <20230213151810.2301480-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Store the address of the SetMemoryAttributes() member of the CPU arch
protocol in a global variable, and invoke it via this variable. This
by itself should have not result in functional changes, but it permits
platforms to provide an preliminary implementation of this member at
link time, allowing the DXE core to enforce strict memory permissions
even before dispatching the CPU arch protocol driver itself.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C=
ore/Dxe/Misc/MemoryProtection.c
index 854651556de4..c29985ad3116 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -66,6 +66,8 @@ extern LIST_ENTRY  mGcdMemorySpaceMap;
 =0D
 STATIC LIST_ENTRY  mProtectedImageRecordList;=0D
 =0D
+EFI_CPU_SET_MEMORY_ATTRIBUTES  gCpuSetMemoryAttributes;=0D
+=0D
 /**=0D
   Sort code section in image record, based upon CodeSegmentBase from low t=
o high.=0D
 =0D
@@ -224,8 +226,8 @@ SetUefiImageMemoryAttributes (
 =0D
   DEBUG ((DEBUG_INFO, "SetUefiImageMemoryAttributes - 0x%016lx - 0x%016lx =
(0x%016lx)\n", BaseAddress, Length, FinalAttributes));=0D
 =0D
-  ASSERT (gCpu !=3D NULL);=0D
-  gCpu->SetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes);=
=0D
+  ASSERT (gCpuSetMemoryAttributes !=3D NULL);=0D
+  gCpuSetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes);=0D
 }=0D
 =0D
 /**=0D
@@ -408,7 +410,7 @@ ProtectUefiImage (
   DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage));=0D
   DEBUG ((DEBUG_INFO, "  - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(=
UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));=0D
 =0D
-  if (gCpu =3D=3D NULL) {=0D
+  if (gCpuSetMemoryAttributes =3D=3D NULL) {=0D
     return;=0D
   }=0D
 =0D
@@ -995,6 +997,8 @@ MemoryProtectionCpuArchProtocolNotify (
     goto Done;=0D
   }=0D
 =0D
+  gCpuSetMemoryAttributes =3D gCpu->SetMemoryAttributes;=0D
+=0D
   //=0D
   // Apply the memory protection policy on non-BScode/RTcode regions.=0D
   //=0D
@@ -1278,7 +1282,7 @@ ApplyMemoryProtectionPolicy (
   // permission attributes, and it is the job of the driver that installs =
this=0D
   // protocol to set the permissions on existing allocations.=0D
   //=0D
-  if (gCpu =3D=3D NULL) {=0D
+  if (gCpuSetMemoryAttributes =3D=3D NULL) {=0D
     return EFI_SUCCESS;=0D
   }=0D
 =0D
@@ -1318,5 +1322,5 @@ ApplyMemoryProtectionPolicy (
   //=0D
   NewAttributes =3D GetPermissionAttributeForMemoryType (NewType);=0D
 =0D
-  return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes);=
=0D
+  return gCpuSetMemoryAttributes (gCpu, Memory, Length, NewAttributes);=0D
 }=0D
--=20
2.39.1