From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.1817.1685719085029695977
 for <devel@edk2.groups.io>;
 Fri, 02 Jun 2023 08:18:05 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W5kJ3cj9;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 60BE460AB7;
	Fri,  2 Jun 2023 15:18:04 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2BA45C433EF;
	Fri,  2 Jun 2023 15:18:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1685719083;
	bh=5RPHap4QU2B0kfYQPzOwr0bQYMHlpJaDGiosBp37koo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=W5kJ3cj9kAM09jIj+LtWYo9Pk2Jzopvr6N2TSzaNbRjUmLlwP3l88P+NdaLNai6qP
	 nxCnDL8rldz7w3Sc7JK0YtRV4SQdjG6ocfShIWs322pVkQ2dB5HydF2BIulMQ0cdLC
	 Zy5oFmwFb41o2OCkCJkmnx/FJIqca3XwZ6ia3E/ghw9O/mi/ntTZtnr/yPbeCGXKmJ
	 ERNbzzLhJeoGHb/me+FAykJzGic6R5KysYzYrsl5lNIz6fzF6+P2fgqZ2Mq5ZPCWHC
	 Khth9rbceTym1mrzeCjNUtmeei4sxaXuubNN/iFmb1X31G4GLGt5WcEZ4FZ4LU6nAr
	 JTLjZjXcn2Yxw==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Ray Ni <ray.ni@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Oliver Smith-Denny <osd@smith-denny.com>,
	Dandan Bi <dandan.bi@intel.com>,
	Dun Tan <dun.tan@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Michael Kubacki <mikuback@linux.microsoft.com>
Subject: [PATCH v2 1/7] MdeModulePkg: Define memory attribute PPI
Date: Fri,  2 Jun 2023 17:17:33 +0200
Message-Id: <20230602151739.3600820-2-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230602151739.3600820-1-ardb@kernel.org>
References: <20230602151739.3600820-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Define a PPI interface that may be used by the PEI core or other PEIMs
to manage permissions on memory ranges. This is primarily intended for
restricting permissions to what is actually needed for correct execution
by the code in question, and for limiting the use of memory mappings
that are both writable and executable at the same time.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Include/Ppi/MemoryAttribute.h | 83 ++++++++++++++++++++
 MdeModulePkg/MdeModulePkg.dec              |  3 +
 2 files changed, 86 insertions(+)

diff --git a/MdeModulePkg/Include/Ppi/MemoryAttribute.h b/MdeModulePkg/Incl=
ude/Ppi/MemoryAttribute.h
new file mode 100644
index 0000000000000000..83bcc33a76719712
--- /dev/null
+++ b/MdeModulePkg/Include/Ppi/MemoryAttribute.h
@@ -0,0 +1,83 @@
+/** @file=0D
+=0D
+Copyright (c) 2023, Google LLC. All rights reserved.<BR>=0D
+=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#ifndef EDKII_MEMORY_ATTRIBUTE_PPI_H_=0D
+#define EDKII_MEMORY_ATTRIBUTE_PPI_H_=0D
+=0D
+#include <Uefi/UefiSpec.h>=0D
+=0D
+///=0D
+/// Global ID for the EDKII_MEMORY_ATTRIBUTE_PPI.=0D
+///=0D
+#define EDKII_MEMORY_ATTRIBUTE_PPI_GUID \=0D
+  { \=0D
+    0x1be840de, 0x2d92, 0x41ec, { 0xb6, 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51=
, 0xfb } \=0D
+  }=0D
+=0D
+///=0D
+/// Forward declaration for the EDKII_MEMORY_ATTRIBUTE_PPI.=0D
+///=0D
+typedef struct _EDKII_MEMORY_ATTRIBUTE_PPI EDKII_MEMORY_ATTRIBUTE_PPI;=0D
+=0D
+/**=0D
+  Set the requested memory permission attributes on a region of memory.=0D
+=0D
+  BaseAddress and Length must be aligned to EFI_PAGE_SIZE.=0D
+=0D
+  Attributes must contain a combination of EFI_MEMORY_RP, EFI_MEMORY_RO an=
d=0D
+  EFI_MEMORY_XP, and specifies the attributes that must be set for the=0D
+  region in question. Attributes that are omitted will be cleared from the=
=0D
+  region only if they are set in AttributeMask.=0D
+=0D
+  AttributeMask must contain a combination of EFI_MEMORY_RP, EFI_MEMORY_RO=
 and=0D
+  EFI_MEMORY_XP, and specifies the attributes that the call will operate o=
n.=0D
+  AttributeMask must not be 0x0, and must contain at least the bits set in=
=0D
+  Attributes.=0D
+=0D
+  @param[in]  This              The protocol instance pointer.=0D
+  @param[in]  BaseAddress       The physical address that is the start add=
ress=0D
+                                of a memory region.=0D
+  @param[in]  Length            The size in bytes of the memory region.=0D
+  @param[in]  Attributes        Memory attributes to set or clear.=0D
+  @param[in]  AttributeMask     Mask of memory attributes to operate on.=0D
+=0D
+  @retval EFI_SUCCESS           The attributes were set for the memory reg=
ion.=0D
+  @retval EFI_INVALID_PARAMETER Length is zero.=0D
+                                AttributeMask is zero.=0D
+                                AttributeMask lacks bits set in Attributes=
.=0D
+                                BaseAddress or Length is not suitably alig=
ned.=0D
+  @retval EFI_UNSUPPORTED       The processor does not support one or more=
=0D
+                                bytes of the memory resource range specifi=
ed=0D
+                                by BaseAddress and Length.=0D
+                                The bit mask of attributes is not supporte=
d for=0D
+                                the memory resource range specified by=0D
+                                BaseAddress and Length.=0D
+  @retval EFI_OUT_OF_RESOURCES  Requested attributes cannot be applied due=
 to=0D
+                                lack of system resources.=0D
+=0D
+**/=0D
+typedef=0D
+EFI_STATUS=0D
+(EFIAPI *EDKII_MEMORY_ATTRIBUTE_SET_PERMISSIONS)(=0D
+  IN  EDKII_MEMORY_ATTRIBUTE_PPI  *This,=0D
+  IN  EFI_PHYSICAL_ADDRESS        BaseAddress,=0D
+  IN  UINT64                      Length,=0D
+  IN  UINT64                      Attributes,=0D
+  IN  UINT64                      AttributeMask=0D
+  );=0D
+=0D
+///=0D
+/// This PPI contains a set of services to manage memory permission attrib=
utes.=0D
+///=0D
+struct _EDKII_MEMORY_ATTRIBUTE_PPI {=0D
+  EDKII_MEMORY_ATTRIBUTE_SET_PERMISSIONS    SetPermissions;=0D
+};=0D
+=0D
+extern EFI_GUID  gEdkiiMemoryAttributePpiGuid;=0D
+=0D
+#endif=0D
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 95dd077e19b3a901..d65dae18aa81e569 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -528,6 +528,9 @@ [Ppis]
   gEdkiiPeiCapsuleOnDiskPpiGuid             =3D { 0x71a9ea61, 0x5a35, 0x4a=
5d, { 0xac, 0xef, 0x9c, 0xf8, 0x6d, 0x6d, 0x67, 0xe0 } }=0D
   gEdkiiPeiBootInCapsuleOnDiskModePpiGuid   =3D { 0xb08a11e4, 0xe2b7, 0x4b=
75, { 0xb5, 0x15, 0xaf, 0x61, 0x6, 0x68, 0xbf, 0xd1  } }=0D
 =0D
+  ## Include/Ppi/MemoryAttribute.h=0D
+  gEdkiiMemoryAttributePpiGuid              =3D { 0x1be840de, 0x2d92, 0x41=
ec, { 0xb6, 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51, 0xfb } }=0D
+=0D
 [Protocols]=0D
   ## Load File protocol provides capability to load and unload EFI image i=
nto memory and execute it.=0D
   #  Include/Protocol/LoadPe32Image.h=0D
--=20
2.39.2