From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web11.26501.1678727918179369115
 for <devel@edk2.groups.io>;
 Mon, 13 Mar 2023 10:18:38 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sWY1W+Kq;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 9613C61314;
	Mon, 13 Mar 2023 17:18:37 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id CE0D7C433A1;
	Mon, 13 Mar 2023 17:18:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1678727917;
	bh=PfibOSDmeeH7G63LbKOK2ZPXyGKLJqSdoBW0QNNbf/c=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=sWY1W+Kq9WmqmzaXy0/eiKcp0H49c/4zuF5gnBvAeQpQPyRr3wJBQum/hmSgk1Rqp
	 mPDelL3PCEIFd+C02f7rDWHH7IN2EhIwOjdwNSUrQiOZAg4beUwRjkH/zag/pcvSB/
	 IfbNiGiXwYVHp0x5SOKReipzP8nKdr96ltfnbhAdTWdyoPLv/0Ah/t4OsUAI44ATk0
	 jpJSNsG3ZQqL6gBo39RMDSTn410pELtra0v9bmJxMJl9ZJZVYKNdWzIsQbK7O9Dr1d
	 B4Ck2RpKa8sYgO4okYV1uZygzjj2dkkkZNvJns85w9oSXIrLZ8OhqeSQFIQ1hY6UVj
	 APKYRmnirBGiA==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>
Subject: [PATCH v5 24/38] ArmVirtPkg/ArmVirtQemu: Use XP memory mappings by default
Date: Mon, 13 Mar 2023 18:17:00 +0100
Message-Id: <20230313171714.3866151-25-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org>
References: <20230313171714.3866151-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Now that all the plumbing is in place, we can switch to a default policy
of XP for all memory mappings straight out of reset. This reduces the
risk of running with memory ranges mapped as both writable and
executable at the same time.

Note this this requires the overlay library to be added to the DXE core,
as otherwise, it will not be able to dispatch the CPU arch protocol DXE
driver (or any other DXE driver for that matter), as it would lack the
ability to grant executable permissions to those executables.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmVirtPkg/ArmVirtQemu.dsc                                 | 1 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc                           | 1 +
 ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 72a0cacab4a8..b9c244f16e04 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -372,6 +372,7 @@ [Components.common]
   #=0D
   MdeModulePkg/Core/Dxe/DxeMain.inf {=0D
     <LibraryClasses>=0D
+      NULL|ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.=
inf=0D
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32Gu=
idedSectionExtractLib.inf=0D
       DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf=
=0D
   }=0D
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne=
l.dsc
index 3cb9120e4e10..c09755e6e1b9 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -278,6 +278,7 @@ [Components.common]
   #=0D
   MdeModulePkg/Core/Dxe/DxeMain.inf {=0D
     <LibraryClasses>=0D
+      NULL|ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.=
inf=0D
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32Gu=
idedSectionExtractLib.inf=0D
       DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf=
=0D
   }=0D
diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c b/A=
rmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
index 9cf43f06c073..aa083cec2082 100644
--- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
+++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
@@ -91,7 +91,7 @@ ArmVirtGetMemoryMap (
   VirtualMemoryTable[0].PhysicalBase =3D PcdGet64 (PcdSystemMemoryBase);=0D
   VirtualMemoryTable[0].VirtualBase  =3D VirtualMemoryTable[0].PhysicalBas=
e;=0D
   VirtualMemoryTable[0].Length       =3D *(UINT64 *)GET_GUID_HOB_DATA (Mem=
orySizeHob);=0D
-  VirtualMemoryTable[0].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK;=0D
+  VirtualMemoryTable[0].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK_XP;=0D
 =0D
   DEBUG ((=0D
     DEBUG_INFO,=0D
--=20
2.39.2