From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 85F2E803B6 for ; Mon, 13 Mar 2017 01:50:52 -0700 (PDT) Received: by mail-it0-x22c.google.com with SMTP id w124so8469884itb.1 for ; Mon, 13 Mar 2017 01:50:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bH4H3ZwfM9duCwsP3vSq4WazP78RKgSQYWdVH7RFkb0=; b=bPsYKPAW73vT4eQ16MJgekJCYt6y4mz7LsswEqGEh+Gi1rAYoRxAidJLRiXXjNHtiL u0oTDMbpSQE2vHFDjAmXei98neRBXscBGy0yJdGQeitwGdGHH7VHEpr8TFQB4H7YPEff hfEzmtSssrrfiC/5RPGwuK8FW1ATKuGb11chQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bH4H3ZwfM9duCwsP3vSq4WazP78RKgSQYWdVH7RFkb0=; b=siAqP/Iydv5JJyKph6HYth5dA+Ez0LYUzbPATDPBuLOcS34G24sIw0Wp9IjiDnUA8v PYj0IoR5MeLauyU6yIKEVdMc+BNEJ8wEDoJfXrm2SXIi6IXrJTB7xqI+qZ16+5HmLYGw Llv0hYsdnIB/m1dy7TuBGhRaIvRQIo4dk0YRGzu4sPoqHK2vwaix67DCKBphOHM1yk5D 0Uvi4mxQE5OvIJVg6QsT2/kI20WzRNzwyxzx/9EVIY7oilZU8UzSCldAlUJ0wUW0J0wi xhsUZWuGuW5rQX51a6ubjR1tRuXysUcMx4mRzV5iaxyOdWpK0TDkn7bojeONzGF4pQM3 tusA== X-Gm-Message-State: AFeK/H02j3fXfDVPaHg5nz0W8zV4UrGVew009Ge5Lk5jUyjulRGOh+z0N5dBkyzs8KbXX008KMMDGhBOdutGZDdG X-Received: by 10.36.137.4 with SMTP id s4mr9263471itd.63.1489395051892; Mon, 13 Mar 2017 01:50:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.10.27 with HTTP; Mon, 13 Mar 2017 01:50:51 -0700 (PDT) In-Reply-To: References: <1488206291-25768-1-git-send-email-ard.biesheuvel@linaro.org> <9677ecfd-ab2a-71ea-54e8-b30e6510b202@redhat.com> From: Ard Biesheuvel Date: Mon, 13 Mar 2017 09:50:51 +0100 Message-ID: To: Michael Zimmermann Cc: Laszlo Ersek , Leif Lindholm , "Tian, Feng" , "edk2-devel@lists.01.org" , "afish@apple.com" , "Gao, Liming" , "Yao, Jiewen" , "Kinney, Michael D" , "Zeng, Star" Subject: Re: [PATCH v4 0/7] MdeModulePkg/DxeCore: increased memory protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 08:50:52 -0000 Content-Type: text/plain; charset=UTF-8 On 13 March 2017 at 09:43, Michael Zimmermann wrote: > I fail to get this working on my target. I've enabled the following > Pcd's like in ArmVirt: > gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 > gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE > > but apparently, DxeCore removes the executable permission from it's own code. > after the BL instruction of the call to gCpu->SetMemoryAttributes I > get an instruction permission fault: > > InitializeDxeNxMemoryProtectionPolicy: applying strict permissions to > active memory regions > SetUefiImageMemoryAttributes - 0x0000000080200000 - 0x0000000008C00000 > (0x0000000000004000) > SetUefiImageMemoryAttributes - 0x0000000089000000 - 0x0000000004A00000 > (0x0000000000004000) > SetUefiImageMemoryAttributes - 0x000000008EC00000 - 0x0000000000400000 > (0x0000000000004000) > SetUefiImageMemoryAttributes - 0x000000008F700000 - 0x0000000000700000 > (0x0000000000004000) > SetUefiImageMemoryAttributes - 0x000000008FF00000 - 0x000000006E095000 > (0x0000000000004000) > SetUefiImageMemoryAttributes - 0x00000000FDFB9000 - 0x0000000000047000 > (0x0000000000004000) > SetUefiImageMemoryAttributes - 0x00000000FE400000 - 0x0000000001C00000 > (0x0000000000004000) > > Prefetch Abort Exception PC at 0xFEEA630E CPSR 0x20000033 nzCveaifT_svc > Build/LittleKernelPkg/DEBUG_GCC5/ARM/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll > loaded at 0xFEEA4000 (PE/COFF offset) 0x230E (ELF or Mach-O offset) 0x130E > 0xBF00 IT EQ > R0 0x00000000 R1 0x01C00000 R2 0x00000000 R3 0x00000000 > R4 0x00000000 R5 0x00026000 R6 0x00000000 R7 0xFE000214 > R8 0x80000000 R9 0xFE400000 R10 0xFFFEF000 R11 0x00000004 > R12 0x00000002 SP 0xFFFFEBA0 LR 0xFDF98B4D PC 0xFEEA630E > DFSR 0x00000000 DFAR 0x00000000 IFSR 0x0000000D IFAR 0xFEEA630E > Instruction Permission fault on Section at 0xFEEA630E > > ASSERT [ArmCpuDxe] > ArmPkg/Library/DefaultExceptionHandlerLib/Arm/DefaultExceptionHandler.c(268): > ((BOOLEAN)(0==1)) > > ---- > > so did I miss anything? > You are using PrePi, right?