From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: "László Érsek" <lersek@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Oliver Steffen" <osteffen@redhat.com>,
"Alexander Graf" <graf@amazon.com>
Subject: Re: [edk2-devel] [PATCH] ArmVirtPkg: Allow EFI memory attributes protocol to be disabled
Date: Mon, 4 Dec 2023 10:59:58 +0100 [thread overview]
Message-ID: <CAMj1kXFgKcpQ3+_DJC8y_90rt3S6PQ_C6pWZ7guhx-TvZcrLcw@mail.gmail.com> (raw)
In-Reply-To: <20231204095215.1053032-1-ardb@google.com>
On Mon, 4 Dec 2023 at 10:52, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> From: Ard Biesheuvel <ardb@kernel.org>
>
> Shim's PE loader uses the EFI memory attributes protocol in a way that
> results in an immediate crash when invoking the loaded image unless the
> base and size of its executable segment are both aligned to 4k.
>
> If this is not the case, it will strip the executable permissions from
> the memory allocation, but fail to add them back for the executable
> region, resulting in non-executable code. Unfortunately, the PE loader
> does not even bother invoking the protocol in this case (as it notices
> the misalignment), making it very hard for system firmware to work
> around this by attempting to infer the intent of the caller.
>
> So let's introduce a QEMU command line option to indicate that the
> protocol should not be exposed at all.
>
> -fw_cfg opt/org.tianocore/DisableMemAttrProtocol,string=y
>
> Cc: L�szl� �rsek <lersek@redhat.com>
Apologies for the alphabet soup. The Google internal mailer appears to
have changed the content transfer encoding from 8bit to qp because it
spotted a long line (??)
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Oliver Steffen <osteffen@redhat.com>
> Cc: Alexander Graf <graf@amazon.com>
> Link: https://gitlab.com/qemu-project/qemu/-/issues/1990
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 2 +
> ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 56 ++++++++++++++++++++
> 2 files changed, 58 insertions(+)
>
> diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
> index 997eb1a4429f..facd81a5d036 100644
> --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
> +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
> @@ -46,6 +46,7 @@ [LibraryClasses]
> PcdLib
>
> PlatformBmPrintScLib
>
> QemuBootOrderLib
>
> + QemuFwCfgSimpleParserLib
>
> QemuLoadImageLib
>
> ReportStatusCodeLib
>
> TpmPlatformHierarchyLib
>
> @@ -73,5 +74,6 @@ [Guids]
> [Protocols]
>
> gEfiFirmwareVolume2ProtocolGuid
>
> gEfiGraphicsOutputProtocolGuid
>
> + gEfiMemoryAttributeProtocolGuid
>
> gEfiPciRootBridgeIoProtocolGuid
>
> gVirtioDeviceProtocolGuid
>
> diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
> index 85c01351b09d..e17899100e4a 100644
> --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
> +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
> @@ -16,6 +16,7 @@
> #include <Library/PcdLib.h>
>
> #include <Library/PlatformBmPrintScLib.h>
>
> #include <Library/QemuBootOrderLib.h>
>
> +#include <Library/QemuFwCfgSimpleParserLib.h>
>
> #include <Library/TpmPlatformHierarchyLib.h>
>
> #include <Library/UefiBootManagerLib.h>
>
> #include <Protocol/DevicePath.h>
>
> @@ -1111,6 +1112,49 @@ PlatformBootManagerBeforeConsole (
> FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
>
> }
>
>
>
> +/**
>
> + Uninstall the EFI memory attribute protocol if it exists.
>
> +**/
>
> +STATIC
>
> +VOID
>
> +UninstallEfiMemoryAttributesProtocol (
>
> + VOID
>
> + )
>
> +{
>
> + EFI_STATUS Status;
>
> + EFI_HANDLE Handle;
>
> + UINTN Size;
>
> + VOID *MemoryAttributeProtocol;
>
> +
>
> + Size = sizeof (Handle);
>
> + Status = gBS->LocateHandle (
>
> + ByProtocol,
>
> + &gEfiMemoryAttributeProtocolGuid,
>
> + NULL,
>
> + &Size,
>
> + &Handle
>
> + );
>
> +
>
> + if (EFI_ERROR (Status)) {
>
> + ASSERT (Status == EFI_NOT_FOUND);
>
> + return;
>
> + }
>
> +
>
> + Status = gBS->HandleProtocol (
>
> + Handle,
>
> + &gEfiMemoryAttributeProtocolGuid,
>
> + &MemoryAttributeProtocol
>
> + );
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> + Status = gBS->UninstallProtocolInterface (
>
> + Handle,
>
> + &gEfiMemoryAttributeProtocolGuid,
>
> + MemoryAttributeProtocol
>
> + );
>
> + ASSERT_EFI_ERROR (Status);
>
> +}
>
> +
>
> /**
>
> Do the platform specific action after the console is ready
>
> Possible things that can be done in PlatformBootManagerAfterConsole:
>
> @@ -1129,12 +1173,24 @@ PlatformBootManagerAfterConsole (
> )
>
> {
>
> RETURN_STATUS Status;
>
> + BOOLEAN FwCfgBool;
>
>
>
> //
>
> // Show the splash screen.
>
> //
>
> BootLogoEnableLogo ();
>
>
>
> + //
>
> + // Work around shim's terminally broken use of the EFI memory attributes
>
> + // protocol, by just uninstalling it when requested on the QEMU command line.
>
> + //
>
> + Status = QemuFwCfgParseBool (
>
> + "opt/org.tianocore/DisableMemAttrProtocol",
>
> + &FwCfgBool);
>
> + if (!RETURN_ERROR (Status) && FwCfgBool) {
>
> + UninstallEfiMemoryAttributesProtocol ();
>
> + }
>
> +
>
> //
>
> // Process QEMU's -kernel command line option. The kernel booted this way
>
> // will receive ACPI tables: in PlatformBootManagerBeforeConsole(), we
>
> --
> 2.43.0.rc2.451.g8631bc7472-goog
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112028): https://edk2.groups.io/g/devel/message/112028
Mute This Topic: https://groups.io/mt/102967690/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-12-04 10:00 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-04 9:52 [edk2-devel] [PATCH] ArmVirtPkg: Allow EFI memory attributes protocol to be disabled Ard Biesheuvel
2023-12-04 9:59 ` Ard Biesheuvel [this message]
2023-12-04 10:45 ` Alexander Graf via groups.io
2023-12-04 10:55 ` Ard Biesheuvel
2023-12-04 12:20 ` Gerd Hoffmann
2023-12-04 12:38 ` Alexander Graf via groups.io
2023-12-04 12:58 ` Ard Biesheuvel
2023-12-05 9:56 ` Marcin Juszkiewicz
2023-12-07 8:04 ` Ard Biesheuvel
2023-12-04 14:52 ` Gerd Hoffmann
2023-12-04 16:09 ` Ard Biesheuvel
2023-12-04 22:24 ` Gerd Hoffmann
2023-12-05 10:44 ` Alexander Graf via groups.io
2023-12-05 12:56 ` Gerd Hoffmann
2023-12-04 10:53 ` Gerd Hoffmann
2023-12-04 10:57 ` Ard Biesheuvel
2023-12-04 11:40 ` Gerd Hoffmann
2023-12-06 12:51 ` Gerd Hoffmann
2023-12-06 13:23 ` Ard Biesheuvel
2023-12-06 15:27 ` Gerd Hoffmann
2023-12-06 20:00 ` Taylor Beebe
2023-12-06 18:37 ` Oliver Smith-Denny
2023-12-07 7:59 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXFgKcpQ3+_DJC8y_90rt3S6PQ_C6pWZ7guhx-TvZcrLcw@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox