From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 11A558216A for ; Tue, 28 Feb 2017 15:46:48 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx16.intmail.prod.int.phx2.redhat.com [10.5.11.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8EFE48047B; Tue, 28 Feb 2017 23:46:48 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-21.phx2.redhat.com [10.3.116.21]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6D44C2D655; Tue, 28 Feb 2017 23:46:46 +0000 (UTC) To: Ard Biesheuvel , Leif Lindholm References: <1488206291-25768-1-git-send-email-ard.biesheuvel@linaro.org> Cc: "edk2-devel@lists.01.org" , "afish@apple.com" , "Kinney, Michael D" , "Gao, Liming" , "Yao, Jiewen" , "Tian, Feng" , "Zeng, Star" From: Laszlo Ersek Message-ID: <9677ecfd-ab2a-71ea-54e8-b30e6510b202@redhat.com> Date: Wed, 1 Mar 2017 00:46:44 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.74 on 10.5.11.28 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 28 Feb 2017 23:46:48 +0000 (UTC) Subject: Re: [PATCH v4 0/7] MdeModulePkg/DxeCore: increased memory protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2017 23:46:48 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 02/28/17 11:59, Ard Biesheuvel wrote: > On 28 February 2017 at 10:52, Ard Biesheuvel wrote: >> On 28 February 2017 at 10:46, Laszlo Ersek wrote: >>> I regression-tested this series for x86 / OVMF as under v3, with the zero PCD default, and experienced no issues. >>> >>> However, v4 breaks booting Fedora 24 on my Mustang (aarch64/KVM): >> Hmm, that is disappointing. This is probably due to GRUB's modular >> nature, which means it allocates memory and loads executable code into >> it, under the assumption that memory is always executable in UEFI. >> >> The short term fix is to remove the NX bit from LoaderData regions, >> but in the mean time, I will work with Leif to get this fixed properly >> (assuming there is a proper way to fix this) >> > > Care to have a quick go at using 0xC000000000007FD1 instead? (if you > are not already doing so) With the following patch on top: > commit ef6be33275e45045a15201a15a2be26e6fbabcaa > Author: Laszlo Ersek > Date: Wed Mar 1 00:06:37 2017 +0100 > > ArmVirtPkg: remove the NX bit from LoaderData regions > > msgid > > Suggested-by: Ard Biesheuvel > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Laszlo Ersek > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > index 23b601a199ed..4d3ae5d0bc80 100644 > --- a/ArmVirtPkg/ArmVirt.dsc.inc > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > @@ -386,7 +386,7 @@ [PcdsFixedAtBuild.AARCH64] > # Enable NX memory protection for all non-code regions, including OEM and OS > # reserved ones. > # > - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5 > + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 > > [Components.common] > # all three guests mentioned previously boot okay. (I also made sure that the "applying strict permissions..." messages showed up in the firmware log for each.) Thanks Laszlo