From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web11.7211.1675882624709323586 for ; Wed, 08 Feb 2023 10:57:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@taylorbeebe.com header.s=google header.b=K1rwI1tX; spf=pass (domain: taylorbeebe.com, ip: 209.85.215.177, mailfrom: t@taylorbeebe.com) Received: by mail-pg1-f177.google.com with SMTP id s8so11184424pgg.11 for ; Wed, 08 Feb 2023 10:57:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=taylorbeebe.com; s=google; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=+r4k3SNDDoNoV2JHgsYZrluTIm+yHydtOVRsFhpF054=; b=K1rwI1tXhxQkPae9z6koWALyjhvGDVFGO2qT30aDxMtwIDgoQAkNmschmfCjioOZwR /z1oTyJ/b7zVn500qD+88U7/se8yWt61MtCWAhAko12Z4qWhG+GC5TAhQOZirBwIISgW /3JyuLvaIn+B6zj8CWklm/53sK+ILbDVLFKTQeEuUD+xcr0E8n/C9l3frc1HuxAs6SEB XmfdjzxKTkc9ZEAvtUV7lg1j0ZrK9sDGSqhG5chSESVGfAe6u3+93u3dy0RBiKwgrCrq VGvFXsAFuMk5uUdJmA180J23jg9ET4kjZju5td5kvuZTSuEXB/qj6xUsQjC9vjlNzRix emJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+r4k3SNDDoNoV2JHgsYZrluTIm+yHydtOVRsFhpF054=; b=Lr+C23//lRfbb7Lz6eGUxxMT4tewD+dNWm/RRlq1zn5PvYMA0FS4KW3T25ehcACMNb 4z/a2FfIabWudEnQ/nf6Cgls1zFdJk5yC4uYYF4uRCvj6rMgFxkUVhuX3qG9/UzD2fvW id+NfObuQUzfr2F11X+SkJzdv4gLEMhnXbLTw/AsekRyyrfY6pxrhHJKUzsE17OgZYSs Tv4wut1qAXEYDLFmcBiDlhrlHB5d2TqWWgYE57a3Dsehmq5wsp4iFT/panZWcxYUza7+ oF3PKnQZiQhj3RbsO/+td4RfXo0uEfEW754GbGoN5zivKFp+CPggbO2pmpoKpBIExHnV VZSw== X-Gm-Message-State: AO0yUKWgMr7PhkvBP4wf48HxVT4BqbkbFjzu7QI/i6FBYGT0+qx0ddla HSOopxDU2NUi5oS14ZLIDFyBqQ== X-Google-Smtp-Source: AK7set/sWq76dOri2SQaMUWgt3IY4d7pUeqLDRbw4AYNC2Bqd9v81SaC4Apw8BVvLtud9lxYjm5wVA== X-Received: by 2002:aa7:8ed0:0:b0:5a8:4b70:885f with SMTP id b16-20020aa78ed0000000b005a84b70885fmr1584428pfr.18.1675882623736; Wed, 08 Feb 2023 10:57:03 -0800 (PST) Return-Path: Received: from [192.168.50.162] ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id r21-20020a62e415000000b005a831a42c86sm1838583pfh.72.2023.02.08.10.57.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Feb 2023 10:57:03 -0800 (PST) Message-ID: <2b7edb49-0c46-0654-ca78-23c56b6add92@taylorbeebe.com> Date: Wed, 8 Feb 2023 10:57:02 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: Re: [edk2-devel] [PATCH 2/3] ArmPkg/CpuDxe: Perform preliminary NX remap of free memory To: Ard Biesheuvel , devel@edk2.groups.io, mhaeuser@posteo.de Cc: Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar References: <20230208175812.700129-1-ardb@kernel.org> <20230208175812.700129-3-ardb@kernel.org> <97EEE177-AE23-47CD-946F-F8578988C5EF@posteo.de> From: "Taylor Beebe" In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2/8/2023 10:49 AM, Ard Biesheuvel wrote: > On Wed, 8 Feb 2023 at 19:32, Marvin Häuser wrote: >> >> Thanks!! :) Comments inline. >> >>> On 8. Feb 2023, at 18:58, Ard Biesheuvel wrote: >>> >>> The DXE core implementation of PcdDxeNxMemoryProtectionPolicy already >>> contains an assertion that EfiConventionalMemory and EfiBootServicesData >>> are subjected to the same policy when it comes to the use of NX >>> permissions. The reason for this is that we may otherwise end up with >>> unbounded recursion in the page table code, given that allocating a page >>> table would then involve a permission attribute change, and this could >>> result in the need for a block entry to be split, which would trigger >>> the allocation of a page table recursively. >>> >>> For the same reason, a shortcut exists in ApplyMemoryProtectionPolicy() >>> where, instead of setting the memory attributes unconditionally, we >>> compare the NX policies and avoid touching the page tables if they are >>> the same for the old and the new memory types. Without this shortcut, we >>> may end up in a situation where, as the CPU arch protocol DXE driver is >>> ramping up, the same unbounded recursion is triggered, due to the fact >>> that the NX policy for EfiConventionalMemory has not been applied yet. >>> >>> To break this cycle, let's remap all EfiConventionalMemory regions >>> according to the NX policy for EfiBootServicesData before exposing the >>> CPU arch protocol to the DXE core and other drivers. This ensures that >>> creating EfiBootServicesData allocations does not result in memory >>> attribute changes, and therefore no recursion. >>> >>> Signed-off-by: Ard Biesheuvel >>> --- >>> ArmPkg/Drivers/CpuDxe/CpuDxe.c | 77 ++++++++++++++++++++ >>> ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 2 + >>> 2 files changed, 79 insertions(+) >>> >>> diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c >>> index d04958e79e52..83fd6fd4e476 100644 >>> --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c >>> +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c >>> @@ -11,6 +11,8 @@ >>> >>> #include >>> >>> +#include >>> + >>> BOOLEAN mIsFlushingGCD; >>> >>> /** >>> @@ -227,6 +229,69 @@ InitializeDma ( >>> CpuArchProtocol->DmaBufferAlignment = ArmCacheWritebackGranule (); >>> } >>> >>> +STATIC >>> +VOID >>> +RemapUnusedMemoryNx ( >>> + VOID >>> + ) >>> +{ This feels somewhat hacky but it's strictly better than what we have right now and a value add so I'm all for this change. >>> + UINT64 TestBit; >>> + UINTN MemoryMapSize; >>> + UINTN MapKey; >>> + UINTN DescriptorSize; >>> + UINT32 DescriptorVersion; >>> + EFI_MEMORY_DESCRIPTOR *MemoryMap; >>> + EFI_MEMORY_DESCRIPTOR *MemoryMapEntry; >>> + EFI_MEMORY_DESCRIPTOR *MemoryMapEnd; >>> + EFI_STATUS Status; >>> + >>> + TestBit = LShiftU64 (1, EfiBootServicesData); >>> + if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & TestBit) == 0) { >>> + return; >>> + } >>> + >>> + MemoryMapSize = 0; >>> + MemoryMap = NULL; >>> + >>> + Status = gBS->GetMemoryMap ( >>> + &MemoryMapSize, >>> + MemoryMap, >>> + &MapKey, >>> + &DescriptorSize, >>> + &DescriptorVersion >>> + ); >>> + ASSERT (Status == EFI_BUFFER_TOO_SMALL); >>> + do { >>> + MemoryMap = (EFI_MEMORY_DESCRIPTOR *)AllocatePool (MemoryMapSize); >> >> nitpick: *If* there is a V2, maybe drop the cast? >> >>> + ASSERT (MemoryMap != NULL); >> >> I know ASSERTing for NULL is a common pattern for some reason, but I'd rather not have more code with this added. >> >>> + Status = gBS->GetMemoryMap ( >>> + &MemoryMapSize, >>> + MemoryMap, >>> + &MapKey, >>> + &DescriptorSize, >>> + &DescriptorVersion >>> + ); >> >> Another nitpick, isn't it common practice to call the Core* functions directly within *Core? I know there is code that doesn't, but the former should be more efficient. >> >>> + if (EFI_ERROR (Status)) { >>> + FreePool (MemoryMap); >>> + } >>> + } while (Status == EFI_BUFFER_TOO_SMALL); >> >> Is this guaranteed to terminate? I mean, I get the idea - try again with the larger size and when allocating the bigger buffer, its potential new entry will already be accounted for. However, I saw downstream code that tried something like this (they actually added a constant overhead ahead of time) bounded by something like 5 iterations. Might just have been defensive programming - probably was -, but it's not trivial to verify, I think, is it? >> >> Regarding the added constant, the spec actually says the following, which obviously is just to shortcut a second round of GetMemoryMap(), but still: >> "The actual size of the buffer allocated for the consequent call to GetMemoryMap() should be bigger then the value returned in MemoryMapSize" >> >> It appears the spec did not define a canonical way to call GetMemoryMap(), did it? :( >> > > This is all copy-pasted from MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > >>> + >>> + ASSERT_EFI_ERROR (Status); >>> + >>> + MemoryMapEntry = MemoryMap; >>> + MemoryMapEnd = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + MemoryMapSize); >>> + while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) { >>> + if (MemoryMapEntry->Type == EfiConventionalMemory) { >>> + ArmSetMemoryRegionNoExec ( >>> + MemoryMapEntry->PhysicalStart, >>> + EFI_PAGES_TO_SIZE (MemoryMapEntry->NumberOfPages) >>> + ); >>> + } >>> + >>> + MemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorSize); >>> + } >>> +} >>> + >>> EFI_STATUS >>> CpuDxeInitialize ( >>> IN EFI_HANDLE ImageHandle, >>> @@ -240,6 +305,18 @@ CpuDxeInitialize ( >>> >>> InitializeDma (&mCpu); >>> >>> + // >>> + // Once we install the CPU arch protocol, the DXE core's memory >>> + // protection routines will invoke them to manage the permissions of page >>> + // allocations as they are created. Given that this includes pages >>> + // allocated for page tables by this driver, we must ensure that unused >>> + // memory is mapped with the same permissions as boot services data >>> + // regions. Otherwise, we may end up with unbounded recursion, due to the >>> + // fact that updating permissions on a newly allocated page table may trigger >>> + // a block entry split, which triggers a page table allocation, etc etc >>> + // >>> + RemapUnusedMemoryNx (); >> >> Hmm. I might be too tired, but why is this not already done by InitializeDxeNxMemoryProtectionPolicy(), assuming BS_Data and ConvMem have the same XP configuration? >> >> This reassures me that the CPU Arch protocol producers should be linked into DxeCore rather than loaded at some arbitrary point in time... Unrelated to the patch, of course. >> > > The ordering here is a bit tricky. As soon as the CPU arch protocol is > exposed, every allocation will be remapped individually, resulting in > page table splits and therefore recursion. > > As Ard says, this is done in InitializeDxeNxMemoryProtectionPolicy(), but at that point the calls to ApplyMemoryProtectionPolicy() will cause the infinite recursion issue when you no longer skip applying attributes if the to-from types have the same NX policy. Yes, it is arbitrary that protection is linked to the CPU Arch Protocol. But, it would also be bad practice to apply the memory protection policy before the interface for manipulating attributes has been published for use by modules outside of the core. Page table and translation table manipulation is architecturally defined, so I think a good long term goal should be to allow the manipulation of attributes via a library rather than a protocol in DXE as ARM platforms currently do. >> >>> + >>> Status = gBS->InstallMultipleProtocolInterfaces ( >>> &mCpuHandle, >>> &gEfiCpuArchProtocolGuid, >>> diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf >>> index e732e21cb94a..8fd0f4133088 100644 >>> --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf >>> +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf >>> @@ -48,6 +48,7 @@ [LibraryClasses] >>> DefaultExceptionHandlerLib >>> DxeServicesTableLib >>> HobLib >>> + MemoryAllocationLib >>> PeCoffGetEntryPointLib >>> UefiDriverEntryPoint >>> UefiLib >>> @@ -64,6 +65,7 @@ [Guids] >>> >>> [Pcd.common] >>> gArmTokenSpaceGuid.PcdVFPEnabled >>> + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy >>> >>> [FeaturePcd.common] >>> gArmTokenSpaceGuid.PcdDebuggerExceptionSupport >>> -- >>> 2.39.1 >>> >> >> >> >> >> >>