From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 863BC803BD for ; Mon, 20 Mar 2017 04:04:52 -0700 (PDT) Received: by mail-it0-x230.google.com with SMTP id w124so84243263itb.1 for ; Mon, 20 Mar 2017 04:04:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=P07KEara5vDy6rpUlp8uyZW1sQITy+DJmRTAdvOzK/Q=; b=kSozroo3hYfQRpmC9ktho4S0cwvGjjHA8pwj5xRYUFeDb/Zikg+RF7UaqJpuqV4x6S z56wyyVfp0IdKm4ZMRbeCTg79E3PVCclCCRVW4tK1NmFygV+H8TWKHOygzklatzLccf1 16T6e84da9wbtCMWA9YM9w7ZtU3YIlzpM8HeE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=P07KEara5vDy6rpUlp8uyZW1sQITy+DJmRTAdvOzK/Q=; b=Zr90U4AxD+YLR3SS/wkrNc6VxBtfLhCXTbxAVb8YCVtWCYRqO0h7y/9NFgX8qFGAzg hd3igvqCgjD/z0sNCqjTAXzdK50mDfQzKoSsrJ2zA0ja/eGJiXzcowyTLhEhRJUzSXgY +GH0YZY3Fu1m2pE/jpmQSBamvc33n/TmkH7gaG4qdl81R99yEdaKJmYvooXysidsJK+c miJ22e87i8snelG2dq4wjrKTvfjUQSBCY8gjTO5BNZQulRGTSX8Ziy7duSXkbtovsXcZ tVkLz1iYwzIgj+t7Td9k9CXixFnj+dE5R+5CDNchFZyRg1yds+q/NVOB1izP+QfjmVoX Gauw== X-Gm-Message-State: AFeK/H19jGxsf2H7qcotrkI0Ef8tqC0rSFI07kIsn5kJ42TyV2QNJ1IgMpPDciZur7t2i1BB0rbCHRmwWL8pb12R X-Received: by 10.107.168.21 with SMTP id r21mr24141293ioe.45.1490007891536; Mon, 20 Mar 2017 04:04:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.10.27 with HTTP; Mon, 20 Mar 2017 04:04:51 -0700 (PDT) In-Reply-To: References: From: Ard Biesheuvel Date: Mon, 20 Mar 2017 11:04:51 +0000 Message-ID: To: Michael Zimmermann Cc: edk2-devel-01 , Laszlo Ersek Subject: Re: SetMemorySpaceAttributes with EFI_MEMORY_XP X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2017 11:04:52 -0000 Content-Type: text/plain; charset=UTF-8 On 20 March 2017 at 10:32, Michael Zimmermann wrote: > Hi, > > I didn't test ArmVirtQemuKernel but I'm trying to use some of the code > for another platform. > So does this call ever succeed with PcdDxeNxMemoryProtectionPolicy > being enabled? > https://github.com/tianocore/edk2/blob/76874be3d411bf8daac051718e20932e0bf97d70/ArmVirtPkg/HighMemDxe/HighMemDxe.c#L95 > Status = gDS->SetMemorySpaceAttributes (CurBase, CurSize, Attributes); > > Neither the memory that was added by this Dxe nor the one added > automatically by GCD has the EFI_MEMORY_XP capability which causes > SetMemorySpaceAttributes to return EFI_UNSUPPORTED. > That is a very good point. I have been caught by this more than once already (and I did test this, but not as thoroughly as I should have, apparently) This is caused by the unfortunate situation in EDK2 that GCD permission attributes are ambiguous: it does not distinguish between 'the memory controller allows this range to be configured as non-executable' and 'the nature of the contents of this memory region allows it to be mapped without executable attributes', and therefore, RO/XP are never used in the GCD memory space map. The solution is to use the CPU_ARCH_PROTOCOL interface explicitly to set the XP attribute on the memory itself (but not on the descriptors in the GCD or UEFI memory maps). I will spin a patch to fix this. Thanks, Ard.